Daily Archives: May 7, 2019

With Great Freedom Comes Great Cloud Responsibility

Modern digital and cloud technology underpins the shift that enables businesses to implement new processes, scale quickly and serve customers in a whole new way. Historically, organisations would invest in their own IT infrastructure to support their business objectives, and the IT department’s role would be focused on keeping the “lights on.” To minimize the […]… Read More

The post With Great Freedom Comes Great Cloud Responsibility appeared first on The State of Security.

What’s Behind the Wolters Kluwer Tax Outage?

Early in the afternoon on Friday, May, 3, I asked a friend to relay a message to his security contact at CCH, the cloud-based tax division of the global information services firm Wolters Kluwer in the Netherlands. The message was that the same file directories containing new versions of CCH’s software were open and writable by any anonymous user, and that there were suspicious files in those directories indicating some user(s) abused that access.

Shortly after that report, the CCH file directory for tax software downloads was taken offline. As of this publication, several readers have reported outages affecting multiple CCH Web sites. These same readers reported being unable to access their clients’ tax data in CCH’s cloud because of the ongoing outages. A Reddit thread is full of theories.

One of the many open and writable directories on CCH’s site before my report on Friday.

I do not have any information on whether my report about the world-writable file server had anything to do with the outages going on now at CCH. Nor did I see any evidence that any client data was exposed on the site.

What I did see in those CCH directories were a few odd PHP and text files, including one that seemed to be promoting two different and unrelated Russian language discussion forums.

I sent Wolters Kluwer an email asking how long the file server had been so promiscuous (allowing anyone to upload files to the server), and what the company was doing to validate the integrity of the software made available for download by CCH tax customers.

Marisa Westcott, vice president of marketing and communications at Wolters Kluwer, told KrebsOnSecurity on Friday that she would “check with the team to see if we can get some answers to your questions.”

But subsequent emails and phone calls have gone unreturned. Calls to the company’s main support number (800-739-9998) generate the voice message, “We are currently experiencing technical difficulties. Please try your call again later.”

On Tuesday morning, Wolters Kluwer released an update on the extensive outage via Twitter, saying:

“Since yesterday, May 6, we are experiencing network and service interruptions affecting certain Wolters Kluwer platforms and applications. Out of an abundance of caution, we proactively took offline a number of other applications and we immediately began our investigation and remediation efforts. The secure use of our products and services is our top priority. we have ben able to restore network and services for a number – but not all — of our systems.”

Accounting Today reports today that a PR representative from Wolters Kluwer Tax & Accounting, which makes the CCH products, confirmed the outage was the result of a malware attack:

“On Monday May 6, we started seeing technical anomalies in a number of our platforms and applications,” the statement given to Accounting Today reads. “We immediately started investigating and discovered the installation of malware. As a precaution, in parallel, we decided to take a broader range of platforms and applications offline. With this action, we aimed to quickly limit the impact this malware could have had, giving us the opportunity to investigate the issue with assistance from third-party forensics consultants and work on a solution. Unfortunately, this impacted our communication channels and limited our ability to share updates. On May 7, we were able to restore service to a number of applications and platforms.”

Accounting Today says the limited ability to share updates angered CCH users, many of whom took to social media to air their grievances against a cloud partner they perceive to be ill-prepared for maintaining ongoing service and proper security online.

“Despite CCH stating that a number of applications and platforms were up and running today, May 7, several users on a Reddit thread on the topic have stated that as of this morning in Florida, Maine, Texas, Pittsburgh and South Carolina, their CCH systems are still down,” Accounting Today wrote.

Special thanks to Alex Holden of Hold Security for help in notifying CCH.

Update, May 9, 10:26 a.m. ET: Updated this story to include the latest statement from Wolters Kluwer:

“On Monday May 6, our monitoring system alerted us to technical anomalies in a few of our applications and platforms. We immediately started investigating and detected the installation of malware. When we detected the malware, we proactively took a broad range of platforms, specifically including the CCH tax software applications, offline to protect our customers’ data and isolate the malware. The service interruptions our customers experienced are the result of our aggressive, precautionary efforts.”

“On May 7, we were able to begin restoring service to a number of applications and platforms. At this time, we have brought CCH Axcess, CCH SureTax, CCH AnswerConnect, and CCH Intelliconnect back online. Our process and protocols assure a high degree of confidence in the security of our applications and platforms before they are brought back online. We have seen no evidence that customer data and systems were compromised or that there was a breach of confidentiality of that data.”

“At this time, we have notified law enforcement and our investigation is ongoing. We regret any inconvenience this has caused, and we are fully committed to restoring remaining services as quickly as possible for our customers.”

How to Secure your PC after a Fresh Windows Installation [Updated 2019]


You chose to install Windows operating system on your computer or, maybe, for various technical reasons, you had to reinstall it. No matter your reasons, it’s important to keep in mind various security layers after this procedure, so your computer is safe from threats.

How to secure your PC after a fresh Windows installation

After finishing the Windows installation, whether it’s Windows 7, 10 or another operating system, we encourage you to follow these security measures below to enhance protection:

1. Keep your Windows operating system up to date

Probably the most important step to do is checking for the latest security updates and patches available for your Windows operating system.

To get the security updates automatically, go to “Control Panel” and check if your automatic updating system is enabled or follow these steps:

  1. Access the search box in your Windows operating system, type Windows Update.
  2. Select Advanced options.
  3. Click on Automatically download updates in case it is not already selected/turned on.

After checking for available updates for your Windows operating system, keep the automatic update turned on in order to download and install the important updates that can help protect your PC against new viruses or next-generation malware.

Always remember to keep your OS up to date with the latest security available. Software patching remains an essential key to improve online safety and security experts make a good case of emphasizing its importance. Cybercriminals still try to benefit from security holes found in users’ systems and PCs. That’s one of the reasons why cyber attacks still work and they make a lot of money of it.

 2. Update your software

You don’t have to update only the Windows operating system, but your software as well. Therefore, make sure all the latest updates and security patches for your main programs and apps are installed.

Needless to say that most popular pieces of software (such as Java, Adobe Flash, Adobe Shockwave, Adobe Acrobat Reader), especially the outdated ones, are always under threat from malicious actors who exploit them to get easier access to your sensitive data.

Since these pieces of software are always under threat from criminal minds, don’t just rely on your memory to manually update every program or application you have installed.

A better option would be to start using a dedicated cyber security solution for you and keep your software program up to date.

3. Create a restore point

If you already installed the security updates for Windows OS, the next step recommended is to create a restore point in Windows.

You can do this by clicking on the Start button, then select Control Panel -> System and Maintenance (or System and Security) -> System. Then select System protection and click the Create button.

After installing Windows, you can create the Restore Point and name it Clean installation, and continue installing drivers and applications.

If one of the drivers causes issues on the system, you can always go back to the Clean installation restore point.


 4. Install a traditional antivirus product

When you consider installing an antivirus program on your PC, make sure you use one from a legitimate company, because there can be fake software programs out there. It is important to have a reliable security solution on your system, which should include real-time scanning, automatic update, and a firewall.

To find the best antivirus that suits your needs, read this ultimate guide that will teach you more about antiviruses, its main features and what should you look for.

If you choose to install a security product that doesn’t have a firewall, make sure you have turned on the Windows firewall.

To turn it on, go to Control Panel, select System and Security, then Windows Defender Firewall and turn it on or off.

Super useful guide on how to secure your PC after a fresh Windows installation:
Click To Tweet

5. Install a proactive security solution for multi-layered protection

On our blog, we explained on many occasions why traditional antivirus is no longer the go-to solution, simply because it cannot keep up with the rise of new and advanced online threats. Financial malware especially is created to steal sensitive data and confidential information and it uses sophisticated methods to do so.

Next-gen malware usually has the ability to evade detection and bypass antivirus software that users have installed on their PCs to keep their data safe. We recommend reading these 12 examples of spam campaigns behind the scenes indicating a low detection rate for AV engines during the first stages of a cyber attack.

With the help of a proactive cybersecurity solution, you get the best protection against financial and data-stealing malware, such as Zeus or Cryptolocker.

To improve the financial control of your online banking account, you can always set banking alerts to track your account activity and apply these simple and effective financial protection tips.


6. Back up your system

You updated the operating system and your system applications, you have installed additional security products for your system safe and even created a Clean installation restore point for your Windows.

The steps above are meant to keep you safe from malicious software and online threats, but you may still encounter hardware issues that could endanger your private information.

To make sure your data stays safe, you should be using a twofold strategy, which should include combining an external hard drive usage with an online backup service.

We need to emphasize the importance of having a backup solution which provides stability (look for a big company name), it’s easy to use (so you won’t have a headache backing up from files), allows you to synchronize your files with the online backup servers and provides some sort of security, such as encryption capabilities.

Online Backup

Our guide on how to do a data backup includes more information on most popular backup solutions available and what the best ways to keep your data safe are.

At the same time, you could simply use your Windows Backup system. To set it up, access your Windows Control Panel and then click Backup and Restore to access the location. From this place, you can set an automatic backup, create a schedule and even choose a network location for your backup files.

7. Use a standard user account

Windows provides a certain level of rights and privileges depending on what kind of user account you have. You may use a standard user account or an administrator user account.

To secure your PC, it is recommended to have a standard account to prevent users from making changes that affect everyone who uses the computer, such as deleting important Windows files necessary for the system.

With a Standard user account, you have limited rights and cannot do things like changing system settings, or installing new software apps, hardware or changing the username and passwords. Here’s why you should use an account like this one and how to create it.

If you want to install an application or make security changes, remember that you will need an administrator account.

We also recommend that you set a strong password for your Windows user account.

Use this security guide that will help you set unique and strong passwords and manage them like an expert.

Top Security Tip:
Using a standard account ensures that a piece of malware which infects a limited-user account won’t do much damage as one infecting an administrator account.

Windows account

8. Keep your User Account Control enabled

User Account Control (UAC) is an essential security feature of Windows that prevents unauthorized changes to the operating system. Many users have the tendency to disable it after installing/reinstalling the Windows operating system.

We don’t recommend to turn it off. Instead of disabling the UAC, you can decrease the intensity level using a slider in the Control Panel.

UAC monitors what changes are going to be made to your computer. When important changes appear, such as installing a program or removing an application, the UAC pops up asking for an administrator-level permission.

In case your user account is infected with malware, UAC helps you by keeping suspicious programs and activities from making changes to the system.




9. Secure your web browser before going online

Here’s another thing to do after installing Windows: pay attention to browser security. Since our web browser is the main tool used to access the Internet, it is important to keep it safe before going online.

The vulnerabilities in your web browser are like open door invitations to cybercriminals who find creative ways to harvest your most important data. For example, if you are using Adobe Flash, be aware of its security flaws and how it can expose you to attacks.

To stay safe while accessing various web pages, follow these steps:

  1. Choose the latest version for your browser.
  2. Keep it updated.
  3. Choose a private browsing session when you access a website you are not sure about. Choosing this mode will prevent authentication credentials (or cookies) from being stored and steal by attackers.
  4. Since data-stealing malware spreads through malicious code embedded in pop-up windows even in legitimate websites, make sure your web browser can block pop-ups:

And there’s, even more, you can do. Use these step-by-step instructions to enjoy the best secure browsing.

On my next Windows install, I’ll follow these security tips to improve my data safety:
Click To Tweet

10. Use an encryption software tool for your hard drive

Even if you set a password to your Windows account, malicious actors can still get unauthorized access to your private files and documents. They can do this by simply booting into their own operating system – Linux, for example – from a special disc or USB flash drive.

A solution for this case is to encrypt your hard drive and protect all your sensitive files. It is recommended to use this level of security if you have a laptop, which can be very easily stolen. The same thing applies to a computer.

A free encryption tool you can use is BitLocker, which is available on the latest Windows operating systems and you can enable it at any moment. Even after you have enabled the BitLocker protection, you won’t notice any difference because you don’t have to insert anything else but your normal Windows user account password. The benefits of using this encryption tool:

  • It encrypts your entire drive, which makes it impossible for malicious actors stealing your laptop to remove the hard drive and read your files.
  • It’s also a great encryption software if it happens to lose your PC/laptop or get it stolen.
  • Easy to use and already integrated into your Windows OS, so there’s no need to add another encryption software.

If you’d rather want to use another solution, here’s a full list of encryption software tools you can choose to protect your data.

 11. Be careful online and don’t click on suspicious links

To make sure you won’t be infected by clicking on dangerous links, hover the mouse over the link to see if you are directed to a legitimate location. If you were supposed to reach your favorite news website, such as “www.cnn.com”, but the link indicates “hfieo88.net“, then you probably shouldn’t access it. Chances are you’ll be infected with malware and cybercriminals steal your sensitive data.

It’s worth trying shortening services, such as goo.gl or tinyurl. But in some cases, an unknown link may send you to a malicious site that can install malware on the system.

So, how can you know where you’ll arrive if you click it?

To make sure you are going to the right direction, use a free tool such as Redirect Detective that will allow you to see the complete path of a redirected link. Another tool which can provide very helpful in checking suspicious links is the reliable URL checker, VirusTotal.

For more information on how to maximize your financial data protection, check out this article.


It’s not just about staying safe. 

This guide above is meant to keep you safe online. But, at the same time, following these security measures mean that you also set up your system to work smoothly for online browsing and financial operations, activities you do every day.

Since there are many other solutions to protect a system after a Windows installation, we would like to know your opinion on this.

How do you increase your security after a Windows installation?
Do you have a particular routine?
We’d love to add your tips to the list, so share them in the comments below.

Spend time with your family, not updating their apps!
Thor Foresight Home anti malware and ransomware protection heimdal security
Let THOR FREE Silently and automatically update software Close security gaps Works great with your favorite antivirus


Download Thor FREE

The post How to Secure your PC after a Fresh Windows Installation [Updated 2019] appeared first on Heimdal Security Blog.

We Are Ready on Day One for Our Linux Customers

Our customers look to McAfee to ensure that their enterprises are protected from the changing threat landscape. That’s why we’ve worked with Red Hat, the world’s leading provider of open source solutions for Linux, to ensure that we were part of the entire process leading up to today’s announcement of Red Hat Enterprise Linux 8 (RHEL8). We’ve been working extensively with Red Hat throughout the pre-release process to ensure that you get the threat protection you desire on the day the new operating system is released.

If you’re already one of our McAfee Endpoint Security for Linux customers, this means you can take advantage of vast hardware and virtualization support as well as cloud integration support on whether you’re using on-prem ePO or McAfee MVISION.

McAfee Endpoint Security for Linux 10.6.2 now provides zero-day support for RHEL8. Red Hat Enterprise Linux is a significant proportion of the install base among our customers. It’s important that we provide timely and crucial support for the latest release of RHEL8 so our customers can take advantage of the improvements and efficiencies available on the platform.

McAfee Endpoint Security for Linux 10.6 provides three important features that benefit our customers:

  • Support for Docker containers
  • CPU throttling
  • Centralized management capabilities of native firewall

Container adoption has been rising steadily among our customer base. By supporting McAfee Endpoint Security for Linux on docker containers, our customers can be confident that their container deployments are protected with the same solution that they currently deploy on their servers.

CPU throttling limits the consumption of CPU resources, allowing our customers to efficiently manage when an on-demand scan deploys, thus enhancing the usability of the solution in a low-resource environment.

Centralizing and simplifying management capabilities of native functionality, such as the firewall, through a familiar interface allows administrators to quickly react and enforce firewall policies, reducing the time to deploy and gain operational efficiency.

To learn more about McAfee Endpoint Security, visit our website.

The post We Are Ready on Day One for Our Linux Customers appeared first on McAfee Blogs.

Why Simplified Security Awareness Training Matters for MSPs and SMBs

Reading Time: ~3 min.

In a recent report by the firm 451 Research, 62 percent of SMBs reported having a security awareness training program in place for their employees, with half being “homegrown” training courses. The report also found that most complained their programs were difficult to implement, track, and manage.

Like those weights in the garage you’ve been meaning to lift or the foreign language textbook you’ve been meaning to study, even our most well-intentioned efforts flounder if we’re not willing to put to use the tools that can help us achieve our goals.

So it goes with cybersecurity training. If it’s cumbersome to deploy and manage, or isn’t able to clearly display its benefits, it will be cast aside like so many barbells and Spanish-language dictionaries. But unfortunately, until now, centralized management and streamlined workflows across client sites have eluded the security awareness training industry.

The Importance of Effective Security Awareness Training

The effectiveness of end user cybersecurity training in preventing data breaches and downtime has been demonstrated repeatedly. Webroot’s own research found security awareness training cut clicks on phishing links by 70 percent, when delivered with regularity. And according to the 2018 Data Breach Investigation Report by Verizon, 93 percent of all breaches were the result of social engineering attacks like phishing.

With the average cost of a breach at around $3.62 million, low-overhead and effective solutions should be in high demand. But while 76 percent of MSPs reported using some type of security awareness tool, many still rely on in-house solutions that are siloed from the rest of their cybersecurity monitoring and reporting.

“MSPs should consider security awareness training from vendors with cybersecurity focus and expertise, and who have deep visibility and insights into the changing threat landscape,” says 451 Research Senior Analyst Aaron Sherrill.

“Ideally, training should be integrated into the overall security services delivery platform to provide a unified and cohesive approach for greater efficacy.”

Simple Security Training is Effective Security Training

Security awareness training that integrates with other cybersecurity solutions—like DNS and endpoint protection—is a good first step in making sure the material isn’t brushed aside like other implements of our best intentions.

Global management of security awareness training—the ability to initiate, monitor, and report on the effectiveness of these programs from a single pane of glass across all of your customers —is the next.

When MSPs can save time by say, rolling out a simulated phishing campaign or training course to one, many or allclient’s sites across the globe with only a few clicks, they both save time and money in management overhead, and are more likely to offer it as a service to their clients. Everyone wins.

With a console that delivers intuitive monitoring of click-through rates for phishing campaigns or completion rates for courses like compliance training, across all client sites, management is simplified. And easily exportable phishing and campaign reports help drive home a client’s progress.

“Automation and orchestration are the force multipliers MSPs need to keep up with today’s threats and provide the best service possible to their clients,” says Webroot SVP of Product Strategy and Technology Alliances Chad Bacher.”

So as a growing number of MSPs begin to offer security awareness training as a part of their bundled services, and more small and medium-sized businesses are convinced of its necessity, choosing a product that’s easy to implement and manage becomes key.

Otherwise, the tool that could save a business from a breach becomes just another cob-webbed weight bench waiting for its day.

To learn about security training that’s effective, efficient, and easy to use, read about our new Webroot® Security Awareness Training release.

The post Why Simplified Security Awareness Training Matters for MSPs and SMBs appeared first on Webroot Blog.

15 Things Every Customer Should Know About Core Impact

Just like in any good relationship, it takes time to get to know one another. Even when you’ve been together for a while, you still may learn new things that surprise you. It’s no different when you begin a relationship with a new product or solution. Over time, you will discover new features and tricks you didn’t even know existed. With this in mind, we’ve compiled a list of the top 15 things every customer should know about Core Impact. Take a look and see what you may have been missing.

#1: The Core Impact Customer Community

The Core Impact Customer Community is a place you can go to ask and answer questions about Impact and penetration testing, chat real-time with other Impact users, and take training courses to better leverage Impact for multiple types of testing. It also serves as a repository where you can post or download custom modules. This invaluable community resource exists to empower you to continue to get the most out of Impact.

#2: Flexible Licensing

Did you know that Impact has a flexible licensing model? We have many different license types that enable flexible use of the product, and ensure we can support multiple use cases, including:

  •     Machine-based unlimited licenses for those with a small, rotating team
  •     Named user unlimited licenses for those with dedicated, full time users
  •     Educational and lab licenses for those who want to use Impact in an educational capacity or tightly controlled lab environments

Our goal is to make sure you get the right combination of licenses that will work best for you and your team.

#3: Encrypting Agent Communications

All communication between Impact and its agents is both encrypted and authenticated. These robust protections allow us to provide secure communications between Impact and its agents. Other solutions have a higher risk of potential attackers ‘breaking in’ to the communications or hijacking their agents for nefarious purposes. Perform better, more detailed testing with the peace of mind that your communications will remain secure.

#4: Command and Control Options

Core Impact has a variety of command and control options that you can leverage. Whether connecting to or from a target or hiding the communications in DNS traffic, Impact has a variety of communication methods to better support different ways you might want to test. For example, using the DNS channel allows you to mask and disguise the communications inside DNS packets. All you have to do is select the type of communication you want the agents to use, and then deploy them. Every communication method features encryption and mutual authentication between Impact and its agents.

#5: Self-Terminating Agents

With Impact, you never have to worry about an agent hanging around longer than you want. Impact agents are configured to automatically clean themselves up at a time you set. Plus, Impact gives you the ability to set an expiration time when you deploy an agent, giving you control and minimizing artifacts left by your test. Even if a target is hibernated during a test, and misses the cleanup signal, Impact agents will see that it’s past due and clean itself up. You can pen test with confidence and know that Impact won’t let you be the reason for an incident response.

#6: Rapid Penetration Tests

Another great feature is that Impact can quickly find ‘low hanging fruit’ for you to act upon. Impact’s rapid penetration testing wizards can automatically find common weaknesses, while letting you choose how risky you want to be. This will free up time for you to do more in-depth testing and can even provide a short list of items to quickly prioritize for remediation.

#7: Intelligently Exploit Identities

Were you aware that Impact also enables you to easily leverage identities found during a test? With many identities in any given network, chances are you will come across them during testing. Impact enables you to securely store these identities. With Impact’s central identity store, it’s simple to use these identities to further your testing, allowing you to easily move and get access to more information.

#8: Stealthy PowerShell Attacks

Did you know that Impact can natively leverage PowerShell on remote hosts? Not just that, it can also do it stealthily, without using the PowerShell executable. PowerShell is a very powerful management framework for Windows machines and Impact’s ability to easily interface with it opens state-of-the-art attack methods preferred by advanced adversaries.

#9: Phishing Built for Pen Testers

Impact actually evolved from the suite of tools used by one of the first teams to offer third-party pen testing. In fact, Impact was created by a team of pen testing professionals to help make them more effective and efficient at their job. They recognized that there was great value in standardizing the process of how to conduct a pen test, and built this into their tools. As a result, Impact emphasizes an easy-to-use, repeatable, and consistent methodology.

Impact also has extensive phishing capabilities, built from the beginning with pen testing in mind, so you can do more than just report on who is susceptible to phishing. You can also gather additional information to help plan further testing and exploitation activities. Impact’s phishing functionality is often leveraged to ‘trick’ victims into giving you access to the network. If you are looking for pen testing with focused phishing capabilities, Impact is definitely the solution for you.

#10: A Python Framework

Here is something you may not know either: Impact is actually a Python framework. All modules, exploits, and tools are written in Python and are user customizable. You can write your own modules for things like integrations with third party tools, or modify existing ones to better suit your specific needs. This gives you a significant amount of flexibility to extend and enhance the value of investments you have already made.

#11: Ongoing Logging and Reporting

Another key feature to be aware of is that Impact automatically logs everything you do over the course of your pen test. This includes all the modules you run, all the files you upload or download, and even all the commands you run on remote hosts. Impact automatically captures this input and output, providing an audit trail and ensuring that you do not have to keep your own detailed notes during the test.

Impact also has a powerful and flexible built-in reporting engine that allows you to create reports for any type of audience, whether they are Chief Executives, the Patching Team or even the Audit Team. These reports are also fully customizable and the templates can be saved for future use.

#12: Validating Vulnerability Scans

Impact automatically validates the results of a vulnerability scan. You can import the results from the most vulnerable scanners and Impact will automatically attempt to validate the scanner’s findings by attempting to exploit the vulnerabilities that were reported. You will then get a report of what Impact was and was not able to exploit. Confirming exploitations can help speed up remediation processes by having Impact prioritize the list of vulnerabilities that your scanners are spitting out.

#13: Validating Remediation

With the remediation validation option, you can have Impact automatically re-run a previous pen test that can provide a change report on any differences between the two. Impact will execute exactly as you did on the previous test, including info gathering, exploitation, and pivoting. You can use this to easily test if remediation efforts have been successful rather than having to do the entire test over again, saving tremendous time in re-testing.

#14: Multi-Vector Pivoting

Impact also enables you to pivot from one vector to another, dramatically improving your capabilities and efficiency through multi-vector pivoting. For example, when you exploit a weakness in a web application, you can then leverage it to pivot to the network.  Or you can even leverage Impact to trick victims into giving you access to the network.

#15: Moving from One Host to Another

And last, but definitely not least, Impact makes it easy to pivot from one host to another. It is as simple as a right click. Impact has a wealth of additional features, like the Remote Interface, which you can leverage with the pivoting capabilities to make you more efficient and effective during your testing.

Getting the Most Out of Core Impact

This list will help you more intelligently manage your vulnerabilities and get the most out of Impact.  After all, the more you get to know Core Impact, the more it can do to secure your business.

Penetration testing
Big text: 
Resource type: 

How personal social media use can become a corporate problem

Most of us use social media to keep in touch with friends, read interesting content or share photos, but we also know it comes with risk. How private our data really is and whether or not “they” are listening is constantly in the news, but do you know the risks of personal social media use to your business?

In Techworld’s recent article summarising some of the most infamous data breaches in the UK, Facebook, Google+ and Reddit are all featured. Even though your staff may be using social media in their private time, the associated risks could lead to problems for your organisation.

Why your employee’s social media use is an information security risk


Many people don’t think twice before sharing something about themselves, but staff should take a moment to consider the repercussions of their posts or whether the content of a post is meant for public consumption.

Does a photo taken at work reveal something confidential in the background? Are the thoughts or interests being shared aligned with company values? There are abundant examples of people’s tweets coming back to haunt them years later.

Staff should also be careful not to include too much personal information on social media profiles. In addition to their name and date of birth being on their profile, location tags may reveal addresses, and even who clients are. Employees may think nothing of revealing they are on-site with a client, but the client may not appreciate this information being made public.

Staff should be educated about the possible consequences of sharing their activities or location.


Malicious attackers often set up scams using social media, deliberately preying on naive users and luring them in with something attractive. False investment opportunities, lotteries and online romances are often used to pique a victim’s interest, before tricking them into clicking malicious links. If the victim is using a company device at the time, such scams can be used to gain access to company information or to install malware.

Teach staff that if something looks too good to be true, it probably is.

Mitigate social media risk

It is possible to prevent such incidents from occurring. By educating staff members on the dangers of social media, your company assets (including your employees) are likely to stay safe.

Our new Social Media Staff Awareness Human Patch E-learning Course is designed to combat the information security risks of social media use by employees. It provides staff with the knowledge required to prevent common social media mistakes and malicious attacks. Such mishaps include accidental sharing of private company information on social media profiles, and inadvertently sending log-in details to a malicious third party.

Course contents

The course consists of four modules covering:

  1. Social media as a concept;
  2. Social media risks and their consequences;
  3. Mitigation techniques; and
  4. Recognising, reporting and managing social media risks.

At the end of the course, employees are asked ten random questions based on the content, which they can retake until they reach the pass mark of 8/10.

Using this engaging, informative and relevant content to educate employees will greatly reduce your organisation’s risk relating to social media usage.

This is the third in the “Human Patch” series of courses, which are designed to be short, easy-to-follow online learning courses preventing common staff-related incidents or mistakes.

The other courses in the series are Misuse of Cc and Bcc when emailing, and Phishing and Ransomware.

The Social Media Human Patch Staff Awareness E-learning Course is available to buy online.

Read more and purchase >>

The post How personal social media use can become a corporate problem appeared first on IT Governance Blog.

Malicious Forces Cracking your SD-WAN Concrete? Reinforce your Network with Cisco SD-WAN Security

Security must be deep-rooted into every software-defined WAN (SD-WAN) solution rather than bolted on as an afterthought, much like the process of planting reinforcement steel in concrete.

Concrete has been used in construction for more than a thousand years. It has excellent compressive strength which allows it to endure heavy weights but little to no strength in tension forces, which are concrete’s tolerance against pressing and stretching. Most of the current SD-WAN solutions in the market, like concrete, have some notable attributes. They can provide WAN optimization, Zero-touch deployment, centralized management, basic segmentations, and perhaps limited security functionalities like stateful firewalling and VPN. But are they also able to protect your branch network against all internal and external threats in Direct Internet Access (DIA)?

Thousands of new complex cybersecurity threats emerge every day. Similar to concrete tension forces, these threats will eventually crack and break your SD-WAN branch network. These malicious forces are more potent when connecting your branch directly to the cloud using a common internet highway bridge.

SD-WAN Security: Built-in or Bolted-on?

In almost every area of life, compared with a “built-in” option, it’s hard to imagine someone would choose a “bolted-on” as their first resort. Security is not so different. Yet many enterprises are using external security appliances to secure their directly connected SD-WAN branches to the cloud. This bolted-on security norm comes as no surprise. In the current market, there are simply not enough SD-WAN solutions with a substantial level of integrated security.

The process of bolting on legacy security tools often creates unnecessary complexity and overhead because these standalone products were never truly designed for an SD-WAN deployment. These bolted-on tools do not share the WAN tenets and have a difficult time adapting to today’s agile and scalable SD-WAN solutions.

Having distinct security and networking domains at each branch not only increases the total cost of ownership but also complicates deployment, monitoring, and manageability.  A simple policy update, for example, necessitates jockeying back and forth between two different monitoring dashboards. Managing integrated security and networking controls from a single console saves time and money and makes for an overall more efficient and effective system, just as using reinforced steel bars speeds up construction.

Cisco SD-WAN security reinforcing your WAN Network

Unlike other SD-WAN vendors’ solutions in which customers have to compromise on security, application experience or advanced routing, Cisco offers an integrated industry-leading SD-WAN with best-in-class security solution. This “no compromise” solution connects any device and any user to any cloud and delivers consistent threat protection from branch locations to the cloud edge.

With Cisco SD-WAN, multiple layers of enterprise-level security capabilities – such as application-aware firewall, intrusion prevention, URL filtering, file reputation, and simplified cloud security – can be deployed and managed through single interface dashboard, at scale.

Gaining additional protection with Cisco Umbrella, a secure internet gateway, is as simple as checking a box within the Cisco SD-WAN unified management console. Umbrella protects users across your Cisco SD-WAN from threats such as malware, ransomware, and C2 callbacks with no added latency

These integrated security capabilities are powered by Cisco Talos security engine, one of the largest threat-intelligence organizations in the world, to block sources with suspicious behaviors before they proliferate across the network.

To meet today’s highly flexible and scalable demands of an SD-WAN solution, a built-in security approach needs to be part of any SD-WAN architectural design to better detect and prevent evolving threats, while simplifying management and improving performance.

It’s time to reinforce your old network construction with Cisco SD-WAN security.

Aren’t you tired of spending time patching your cracked network?

To learn more about Cisco SD-WAN security, please visit cisco.com/go/sdwan-security.

The post Malicious Forces Cracking your SD-WAN Concrete? Reinforce your Network with Cisco SD-WAN Security appeared first on Cisco Blog.

Episode 487 – Do Not Forget About Your Open Source Compoents In Your Development Cycles

Application development has become more open and flexible through the use of open source components. However most aren’t managing those components properly and are introducing security risks into the applicaitons. This episode talks about the importance and necessity for keeping an eye on your open source components. Source Report. Be aware, be safe. *** Support […]

The post Episode 487 – Do Not Forget About Your Open Source Compoents In Your Development Cycles appeared first on Security In Five.

Cybersecurity Leaders Are Talking A Lot About Counterfeit Devices

Malice Vs Greed

Most discussion about security in the supply chain has been focused on detecting tampering, or preventing backdoors or sneaky things being inserted into components and software. There’s another aspect emerging and will dwarf the tampering: devices that are counterfeited for profit indirectly causing security problems. Counterfeit devices are ones that either by design not what you think you are buying, or are mislabeled intentionally to make an older or different model appear to be a more desirable one. Like money, if it is printed by the forger or has a zero added to the number on a legitimate note neither is what you expected or paid for. The motivation is greed but there is a significant impact on security.

Counterfeit Devices Already A Big Issue in Healthcare and Hurt Security

Last year we studied the security of medical devices market. There’s a healthy and legitimate market for used medical devices. Not surprisingly newer devices command a higher price than older ones. The medical community wisely pushed for a universal barcode that formed a Unique Device Identifier (UDI), so devices can be inventoried, their ownership lineage known, and information about them collected (e.g. location). UDI should be a useful tool for security operations, such as patching. If the UDI tells me that this device is an XYZ version 2014 monitoring device, then I can make sure it is patched using the most recent accepted update.

So here is where greed, safety and security collide. Unscrupulous resellers can have counterfeit UDIs applied, making the older medical devices appear to be a newer vintage. Making that XYZ v2014 appear to be a more valuable v2018 can be big money with clear problems related to product recalls and paying too much. But applying a v2018 patch to a v2014 device can have unintended consequences such as bricking the device, leaving vulnerabilities open, or causing the device to malfunction. Desktop operation systems are robust, with dialogues and checks to minimize and usually avoid the misapplication of patches and updates. But almost all of IoT and a lot of medical devices don’t have that robustness. If you’ve ever ‘flashed the CMOS’ of a device, such as a router or camera you know it generally to be a black box process with little if no feedback. Swapped UDIs are part of the problem, with the other part being outright counterfeit devices that may or not have the same software.

This sounds kind of like a rare issue? Nuh uh. The World Health Organization estimates that about 8% of medical devices are counterfeit.

The Trends Making Counterfeiting A Bigger Temptation in Enterprise IT

Several forces are colliding and making this a concern. IoT growth is the big one. The proliferation of more devices joining enterprise networks and at a continually increasing rate means more new devices are being added, and more ‘dumb’ devices that are already on premises are becoming connected or ‘smart.’. Scale is an issue because the growth of IoT challenges traditional network inventory, SIEM, and patch management tools. So inventory and patch management is being strained and a lot slips through the cracks in most companies, and that aids the counterfeiters’ jobs.

The second change is Increased reliance on the ‘smartness’ IoT means that the IT aspects of Things are becoming a core capability: for example, the flow reporting via wireless of a pump is as valued as the function of the pump itself, and the electronic displays in cars are no longer only for entertainment but are now required for critical function such as speedometer and vehicle controls.

The third change is heterogeneity. There’s more brands of products and a faster rate of change in networks. Most enterprises have a multi-vendor network for their switches and routers already. Opening up branch offices to local internet has meant more brands and models. And there’s always more security appliances in the racks, especially in enterprises. Supply chain change means decreasing traditional procurement for enterprises, and the increased complexity of components sourcing for IT appliances and devices.

Why Is This A Bigger Security Concern Now?

All this scale, smartness and complexity means that there is an increased temptation and security impact for counterfeiting. Scale means falsely satisfying demand with older devices can be profitable but those devices may not operate correctly when patched, or cannot be patched at all. Counterfeit devices that are not patched or are designed less securely than the intended mean that smarter devices have a greater impact than when less interaction was the norm. Heterogeneity of components and supply chain means that there is a greater opportunity for counterfeiting, with it being harder to detect counterfeit components and there are more links in the supply chain involving more people with more potential for tampering.

Network and Security Devices Are the Next Wave of Counterfeiting

Counterfeit It and IoT components are bad enough, but there is an emerging greater threat. There have been recent cases seen where counterfeit security and networking devices have been sold: the very things that are the best line of defense against counterfeit devices and the security impact they can have are themselves being counterfeited. Using the counterfeit currency analogy, this is the equivalent of having counterfeits of the devices that scan currency to detect forgeries.

What Enterprises Need to Do

The best change that can be made is to make supply chain integrity includes counterfeit detection. In other words, whereas most supply chain integrity is not losing links in the chain, making sure those are valid links needs to be re-emphasized or added. High capability organizations are likely already doing this, but this is frankly rare. Changes in procurement can be a big part of this, including asking vendors what supply chain integrity steps they themselves take. It may mean “lowest cost” has to be amended to ‘lowest cost authentic.”

Most vulnerability management includes the inventory step (find what we have), and patch management. Increasing validation of inventory results can be a great first step. When the inventory is assumed, or based upon procurement it needs to have a validation step, i.e. we have 20 type Xv2 routers in the inventory let’s make sure those are really type X and v2.

Although the impacts of counterfeiting-for-greed won’t be only security related (e.g. malfunctioning medical devices), security organizations are the best positioned to lead these efforts.

The post Cybersecurity Leaders Are Talking A Lot About Counterfeit Devices appeared first on .

A False Sense of Cybersecurity: The Riskiest States in America

Reading Time: ~5 min.

Like many Americans, you might think your online habits are safe enough—or, at least, not so risky as to put you in danger for cybercrime. As it happens, most of us in the U.S. are nowhere near as secure as we think we are.

As part of our recent survey to better understand people’s attitudes, perspectives, and behaviors relating to online cyber-safety (or “cyber-hygiene”), we calculated each state’s cyber-hygiene score, which you can think of like a test score on people’s understanding and practice of good online habits. I’ve repaired computers and worked in the cybersecurity business for almost 15 years now, and I was shocked by some of the results.

Cut to the chase: just how bad were the results?

Bad. The average across all 50 states was only 60% (that’s a D in letter grades) on our scale. In fact, only 10% of Americans got a 90% or higher (i.e. an A). The riskiest states—Mississippi, Louisiana, California, Alaska, and Connecticut— combined for an average score of 56%. So what made their scores so low?

  • In Mississippi, almost 1 in 4 people don’t use any kind of antivirus and don’t know if they’ve ever been infected by malware.
  • Only 44% of Louisiana residents take any precautions before clicking links in emails leaving themselves vulnerable. (This is a great way to get scammed by a phishing email and end up with a nasty infection on your computer.)
  • Over 43% of Californians and Alaskans share their passwords with friends or family.

What does people’s perception vs. reality look like?

Americans in every state were overconfident. An astounding 88% feel they take the right steps to protect themselves. But remember, only 10% of people scored an A on our test, and the highest scoring state (New Hampshire) still only got an average of 65% (that’s still only a D).

While the average American has a surface level understanding of common cyber threats, there’s a lot of room for education. Many of those interviewed have heard of malware (79%), phishing (70%), and ransomware (49%), but few could explain them. Defending against the most common online threats in today’s landscape requires a basic understanding of how they work. After all, the more cyber aware you are of an attack such as phishing, the greater chance you have to spot and avoid it.

Along with understanding common cyberattacks, it’s also important to recognize threats to your online privacy. An alarming amount of Americans don’t keep their social media accounts private (64%) and reuse their passwords across multiple accounts (63%).

Given the number of news reports involving major companies getting breached, huge worldwide ransomware attacks, etc., we were pretty surprised by these numbers. As you’re reading these, you might be checking off a mental list of all the things you do and don’t know, the actions you do and don’t take when it comes to cybersecurity. What’s important here is that this report should act as a reminder that understanding what kinds of threats are out there will help you take the proper precautions. And, following a few simple steps can make a huge difference in your online safety.

How about some good news?

There is good news. There are some who scored a 90% or above on our test. We call them Cyber-Hygiene Superstars, because they not only take all the basic steps to protect themselves and their data online, but they go above and beyond. Cyber-Hygiene Superstars are evenly spread across the entirety of the U.S., and they help demonstrate to the rest of us that it’s easy to raise our own cyber-hygiene scores.  

Some of the standout behavior of superstars included regularly backing up their data in multiple ways always using antivirus, and using a VPN when connecting to public WiFi Hotspots.

Superstars can also explain common attacks and are less likely to fall victim of phishing attacks and identity theft. They frequently monitor their bank and credit card statements and regularly check their credit scores.

What can you do to improve your cyber-hygiene score?

All in all, it’d be pretty easy for the average American to take their score from a D to at least a B, if not higher. You won’t have to do anything drastic. But just making a few small tweaks to your regular online behavior could work wonders to keep you and your family safe from cybercrime.

  1. Use antivirus/antimalware software.
    There are a lot of free solutions out there. While you typically get what you pay for in terms of internet security, even a free solution is better than no protection at all.
  2. Keep all your software and your operating system up to date.
    This one’s super easy. Most applications and operating systems will tell you when they need an update. All you have to do is click OK instead of delaying the update to a later date.
  3. Don’t share or reuse passwords, and make sure to use strong ones.
    You might think password sharing is no big deal, especially when it comes to streaming or gaming sites, but the more you share, the more likely it is that your passwords could end up being misused. And if the password to just one of your accounts is compromised, then any of your other accounts that use that password could also become compromised. If you’re concerned about having to create and remember a lot of unique passwords, use a secure password manager.
  4. Lock down your social media profiles.
    Making your posts and personal details public and searchable means scammers can find your details and increase their chances of successfully stealing your identity or tricking you into handing over money or sensitive personal information.
  5. If you connect to public WiFi, use a VPN.
    Antivirus software protects the device, but a VPN protects your actual connection to the internet, so what you do and information you send online stays private.
  6. Back up your data.
    Cloud storage is a great solution. But it’s a good idea to do a regular physical backup to an external drive, too, particularly for important files like tax documents.
  7. Don’t enable macros in Microsoft® Office documents.
    If you’re ever trying to open a document and it tells you to enable macros, don’t do it. This is a common tactic for infections.
  8. Use caution when opening email attachments.
    Only open attachments from people you know and trust, and, even then, be extra careful. If you’re really not sure, call the person and confirm that they really sent the file.

Want to see where your state ranks? See the full list or read more about our study and findings here.

Test your knowledge and see where the Webroot Community stacks up against the rest of America: Join our daily contest for a chance to win prizes! Contest ends at 4:00pm MT on May 21, 2019.

Webroot partnered with Wakefield Research to survey 10,000 Americans, ages 18 and up, with 200 interviews in each of the 50 states. This survey was conducted between February 11 and February 25, 2019, using an email invitation and an online survey instrument. The margin of error is +/- 0.98 percentage points for the total audience of this study and +/- 6.9 percentage points for each state at the 95% confidence level.

The post A False Sense of Cybersecurity: The Riskiest States in America appeared first on Webroot Blog.

Online Tutoring Program Reveals Customer Data Breach

An online tutoring program has revealed that it suffered a data breach in which an unauthorized individual might have compromised customers’ information. The Hacker News received a copy of a notice sent out by Wyzant to its customers informing them about the data breach. According to this letter, the online tutoring program detected the security […]… Read More

The post Online Tutoring Program Reveals Customer Data Breach appeared first on The State of Security.