Tag Archives: encryption

14 cybersecurity terms you need to know

Posted on May 31, 2016 | Leave a comment

Cyber_Security

Taking a proactive approach to your online security can help you avoid becoming a victim. Start by familiarizing yourself with these computer security terms. Understanding them can help you recognize a cyber threat — and can also help you protect your computer from one.

1. Adware

Adware is software that displays advertisements on your computer. It can take various forms, but is often a popup ad or an ad displayed in a sidebar in your browser. Typically, adware is more of an annoyance than a security risk, but in some cases it could be monitoring your online browsing activities and relaying that data to a third party.

2. Antivirus software

Antivirus software monitors your computer to find and block malicious programs like viruses. McAfee and Norton are two popular antivirus software packages. To protect your computer against new viruses, it’s important to regularly update your antivirus software.

3. Encryption

Encryption transforms plaintext (readable data) into ciphertext — which is unreadable without an encryption password. Once the user enters the correct encryption password, the text is decoded. Consider using a secure email service like GhostMail to encrypt the content of your sensitive messages.

4. Firewall

A firewall creates a barrier between the internet and your computer to help block hackers, viruses and other threats. Many security suites — like Symantec, Norton, Security Premium and Bitdefender Total Security — include firewall protection.

5. Hacker

A hacker is any unauthorized user who gains access to private data. While hacking can be used for many purposes, some criminal hackers purposefully disrupt or permanently damage an individual computer or an entire network of computers. Hacking attacks cost the average American company more than $7 million per year.

6. Keylogger software

Keylogger software is a type of spyware that records information about your computer keyboard activities — such as your internet browsing, emails, and instant messages — and then sends the data to a third party.

7. Malware

Short for “malicious software,” malware is an umbrella term used to describe software or code that’s designed to damage a computer or collect information from it. Adware, Trojans, and spyware are examples of malware.

8. Phishing

Phishing is a scam where cyber criminals send victims an email that appears to be from a legitimate business or organization. The email convinces the victim to disclose sensitive information such as their date of birth or account numbers, which the criminal often uses to steal their identity. SMiShing is a fraud that’s similar to phishing, but the victim is baited through bogus text messages rather than through email.

9. Security patch

A security patch is used to fix software or operating-system vulnerabilities that hackers could use to infect computers with a virus or another type of malware. It’s best to set up your computer to check for security patches automatically, but you can also go to the software maker’s website and manually download them.

10. Spyware

Spyware is a type of malware that’s used to monitor your activities, collect specific data, and communicate this information to a third party. Spyware can capture everything from screenshots to passwords and emails.

11. Secure Sockets Layer

SSL is a network security protocol that secures information traveling over the internet. Websites that start with “https” use an SSL connection to help keep user information safe.

12. Trojan

A Trojan is a type of malware that appears legitimate or useful — but once it’s installed, a Trojan can allow cyber criminals to do things like delete or modify your data, steal sensitive information, or disrupt your computer’s performance. Most Trojans are delivered through emails, online services, and downloads such as free games and music.

13. Virus

A virus is a self-replicating type of malware designed to corrupt or modify your computer’s programs and files. In some cases, a virus can slow your computer’s performance or stop it from working altogether. Viruses are spread in various ways, but one of the most common is through infected email attachments. Before opening any email attachment (even one from someone you know), contact the sender and confirm its legitimacy.

14. Personally identifiable information

PII, also referred to as sensitive personal information , is any information that can be used on its own — or in tandem with other information — to identify, locate, or contact a person. Driver’s license numbers, Social Security numbers, and home addresses are a few examples of PII that are often used to perpetrate identify theft. Use extreme caution when providing PII online, and, for extra security, disable auto-fill settings on your web browser.

 

 

Once you’ve familiarized yourself with these terms, protect yourself further by following basic computer security practices and learning about current online threats and scams.

 

Leave a comment

Posted in Cyber Security, Data Breach, Encryption, Hacking, Security

Tagged , , , ,

Apple hires Encryption Expert to Beef Up Security on its Devices

Posted on May 27, 2016 | Leave a comment

 

Apple
The FBI and other law enforcement agencies have waged legal war on encryption and privacy technologies.

You may have heard many news stories about the legal battle between Apple and the FBI over unlocking an iPhone that belonged to the San Bernardino shooter. However, that was just one battle in a much larger fight.

Now, in an effort to make its iPhone surveillance-and-hack proof, Apple has rehired security expert and cryptographer Jon Callas, who co-founded the widely-used email encryption software PGP and the secure-messaging system Silent Circle that sells the Blackphone.

This is not Apple’s first effort over its iPhone security.

Just a few months back, the company hired Frederic Jacobs, one of the key developers of Signal — World’s most secure, open source and encrypted messaging application.

Now Apple has rehired Callas, who has previously worked for Apple twice, first from 1995 to 1997 and then from 2009 to 2011.

During his second joining, Callas designed a full-disk encryption system to protect data stored on Macintosh computers.

Apple’s decision to rehire Callas comes after rumors that the company is working on improving the security of its iOS devices in such a way that even Apple can’t hack.

“Callas has said he is against companies being compelled by law enforcement to break into their own encrypted products,” the report reads.

“But he has also said he supports a compromise proposal under which law enforcement officials with a court order can take advantage of undisclosed software vulnerabilities to hack into tech systems, as long as they disclose the vulnerabilities afterward so they can be patched.”

Earlier this year, Apple was engaged in a battle with the US Department of Justice (DoJ) over a court order asking the company to help the FBI unlock iPhone 5C of San Bernardino shooter Syed Farook.

Basically, the company was deliberately forced to create a special, backdoored version of its iOS, so that the FBI may be able to Brute Force the passcode on Farook’s iPhone without losing the data stored in it.

Although Apple refused to do so, and now the Apple wanted to remove its own ability to break its iPhone security in future iPhone models, thereby eliminating the chances for government and intelligence agencies for demanding backdoors.

 

Leave a comment

Posted in Cyber Security, Encryption, Hacking, Security

Tagged , ,

Do Not Respond To This Kind Of Email. It’s A Scam!

Posted on March 31, 2016 | 1 comment

Criminals are tricking corporate employees into giving them payroll information. Here is how the scam works – and how you can prevent yourself from falling prey to it.

getty_462568451_86094

IMAGE: Getty Images

Over the past couple months there have multiple well-publicized cases of criminals tricking corporate employees into giving them payroll information that the crooks then use to commit various crimes: commonly, employees’ identities are stolen and phony tax returns are filed in order to obtain illegal “refunds” of “overpayments,” but thieves continue to find other ways to monetize the data including filing fraudulent unemployment claims.

Here is how the scam works – and how you can prevent yourself (and your business) from falling prey to it.

In the first stage of the attack criminals perform reconnaissance – often checking social media for information that employees have “overshared.” Criminals love it when employees post nonpublic information about some work-related endeavor, for example, because anyone who later claims to be an employee of the company and refers to this information when contacting a real employee will be far more likely to be believed than someone who simply claims to work for the firm but does not know any “insider” information. Criminals also search social media and the Internet in general to find the right “target” employees within the firm whose data they are trying to steal.

After performing reconnaissance, criminals contact their targets – often via a “spear phishing” type email message, but sometimes through other media such as via social media, texting, or telephone. Spear phishing refers to communications targeting a specific intended victim and which impersonates a party whom the receiver is expected to trust. Several recent attacks have involved communications in which the “CEO” or other high level executive of a firm asks an employee with access to payroll information to send him or her the W2s for all employees of the firm; others forms of the attack ask an employee with authorization to make wire transfers to pay some particular party, others may ask the employee to visit some website for some purpose, when, in fact, the site actually installs malware.

Snapchat, Mercy Housing, and Sprouts Farmers Market have all fallen prey to the W2 scam within the last couple months, thereby exposing their employees to all sorts of risks. Other firms have been duped by similar attacks and sent out spreadsheets with personnel information, and the Federal Reserve Bank of New York is believed to have recently issued about $100-Million in fraudulent wire transfer payments as a result of receiving instructions fraudulent to do so.

Here are some ways to help prevent this problem from harming you and your business:

1.       Train employees not to overshare on social media and provide them with technology that warns them if they are doing so.

2.       Train employees not to respond to email requests for sensitive data without picking up the phone and speaking with the person requesting the data to be sent.

3.       Understand — and make sure your employees understand — how phishing works, and why it is a serious problem that is not getting better with time.

4.       Train employees to think about the risk level of requests. As Jonathan Sander, Vice President at Lieberman Software, noted, “If a payroll employee wants one W2, then maybe you just let them have it. If that same employee wants all of them all at once, then there should be something that triggers to say this is a different sort of request that deserves more scrutiny.”

5.       Utilize encryption – if a sensitive document is sent encrypted, an unauthorized party receiving it will have difficulty opening it. As Brad Bussie, Director of Product Management at STEALTHbits Technologies, phrased it: “As a best practice, personal identifiable information should never be transmitted in an un-encrypted format.” I agree.

6.       Use secure email – If a firm has the resources to do so, email security technology can help – but, do not rely on such technology to prevent problems since social engineering can come in through other channels (texting, social media messages, phone calls, etc.), and, sometimes problematic emails can still make it through. Nonetheless, reducing the threat via email can be useful; as Craig Young, Computer Security Researcher at Tripwire, noted “The use of cryptographically signed emails and securely configured mail services with advanced spam filters, sender policy framework (SPF), and DomainKeys Identified Mail (DKIM) configurations can also greatly reduce the likelihood of a successful e-mail scam.” Keep in mind that by reducing the number of problematic emails that reach users, email security technology can cause people to become less vigilant – so make sure to reinforce the need for vigilance via training.

7.       Utilize Data Loss Prevention systems – these types of systems can block certain types of files and attachments from going out to external email addresses.

These are just a few ideas to think about, there are several others !!!

1 Comment

Posted in Data Breach, Encryption, Malware, Security

Tagged , ,

Security Predictions 2016: Ransomware will continue to evolve and become increasingly complicated

Posted on February 27, 2016 | 3 comments

26884181_m-750x410

As we start each year, the team at thedigitalageblog looks into the crystal ball and makes predictions for the year.  Sometimes we’re right and sometimes we’re wrong, but we find it useful to look to the future and document what we see.

Our Prediction centers on the ongoing Ransomware attacks:

Ransomware will continue to evolve and become increasingly complicated.  We continue to be shocked at the amount of ransomware attacks where the “victim” actually pays the ransom.  The FBI said it received 992 CryptoWall complaints from April 2014 to June 2015, representing total losses of $18 million—and that is just reported cases. Because criminals are finding this scheme lucrative, hackers will continue to work on producing virus variants that are harder to detect and decrypt. Ransomware depends on human error; it is usually activated by a user clicking on a link in a phishing email. Encryption of sensitive data combined with regular back-ups onto external devices or cloud services are an excellent defense against these schemes. If you have a current copy of your data or web site, business can continue with minimal disruption. Paying the ransom does not, after all, guarantee full restoration of your data or web site. It’s important to note that mobile devices can also be overtaken by ransomware, and often the accompanying threat is to ruin one’s reputation.

3 Comments

Posted in Encryption, Forensic, Hacking, Hacks, Malware, Security

Tagged , , ,

FBI wants $38 million in new funding to break encryption

Posted on February 17, 2016 | 2 comments

The funding bid will help the agency “develop and acquire tools” that break encryption.

FBI-large

The FBI is looking to spend an additional $38.3 million in the coming year to “counter the threat” of encryption.

That’s on top of $31 million already spent on the initiative, according to the agency’s fiscal 2017 budget request published earlier this week by the Justice Department.

The budget request will not be used to hire any new staffers on top of the 39 staffers (including 11 agents), but will be used to “develop and acquire tools for electronic device analysis, cryptanalytic capability, and forensic tools.”

In other words: the feds want access to your encrypted communications, and it’s willing to throw money at doing exactly that.

According to the document, the additional funding will “counter the threat of Going Dark, which includes the inability to access data because of challenges related to encryption, mobility, anonymization, and more.”



8 Ways Technology Is Improving Your Health

The FBI refers to “going dark” as a metaphor for not being able to read the communications and messages of suspected criminals and terrorists.

The FBI did not immediately respond to a request for comment asking what exactly the combined $69.3 million on anti-encryption efforts would entail.

The FBI is known to buy exploits from private intelligence companies, like the Milan, Italy-based Hacking Team, which last year was hit by hackers who leaked documents detailing the company’s work and global government partners.

Encryption, and other privacy tools are increasingly troublesome for the agency, something FBI director James Comey has repeatedly claimed in the past year.

The U.S. government is crying foul over Apple and Google’s efforts to bolster smartphone encryption. Because accusations that they’re going “beyond the law” goes both ways.

The agency chief has been on a tear trying to convince lawmakers and technology giants alike that locking the agency out is making it harder to catch criminals, despite reports suggesting the complete opposite.

Comey’s anti-encryption rhetoric intensified after Apple rolled out encryption in its iPhones and iPads in iOS 8, thought to be in response to claims in documents leaked by whistleblower Edward Snowden that said Apple was a participant in the notorious PRISM surveillance program. In doing so, Apple put encryption in the hands of its users, cutting even itself out of the loop, which riled the FBI which would regularly ask for the company’s help in unlocking criminals’ phones.

The bump in funding comes as the agency continues to realign its efforts to keep ahead of the technological curve.

The document also said the agency would spend an additional $85.1 million on its cyber offensive and defensive operation.

“The FBI will obtain updated and sophisticated IT hardware, IT software, and contractors to expand the foundation of its offensive and defensive operations,” the report said.

2 Comments

Posted in Encryption, Forensic, Hacking, Hacks, Law Enforcement, Security, Technology

Tagged , , , , ,