Category Archives: tips

Expand vulnerability and risk management programs to eliminate security misconfigurations

In this podcast recorded at RSA Conference 2018, Tim White, Director of Product Management, Policy Compliance at Qualys, discusses how expanding vulnerability and risk management programs can eliminate security misconfigurations. Many don’t realize misconfigurations can be exploited just as easily as a vulnerable piece of software to result in compromise. Here’s a transcript of the podcast for your convenience. Hi, my name is Tim White with Qualys. I am the Director of Product Management for … More

The post Expand vulnerability and risk management programs to eliminate security misconfigurations appeared first on Help Net Security.

GDPR: It’s an issue of transparency

The General Data Protection Regulation (GDPR) has been on the lips of security professionals for a long time now – but in just over a month, it will become a reality. While it is easy to get stuck with reviewing the potential fines or setting up efficient security procedures to ensure compliance, many are still overlooking what is at the heart of the regulation: transparency. Getting the bigger picture It goes without saying that transparency … More

The post GDPR: It’s an issue of transparency appeared first on Help Net Security.

Organizations are becoming more resilient to focused cyber attacks

Accenture has polled 4,600 security decision makers at US$1B+ companies in 15 countries to understand the effectiveness of security efforts and the adequacy of existing investments. The survey has shown that, while the average number of focused cyberattacks per organization has more than doubled this year compared to the previous 12 months (232 vs 106), organizations are demonstrating far more success in detecting and blocking them. They are now preventing 87 percent of all focused … More

The post Organizations are becoming more resilient to focused cyber attacks appeared first on Help Net Security.

1-in-4 orgs using public cloud has had data stolen

McAfee has polled 1,400 IT professionals across a broad set of countries (and continents), industries, and organization sizes and has concluded that lack of adequate visibility and control is the greatest challenge to cloud adoption in an organization. However, the business value of the cloud is so compelling that some organizations are plowing ahead. Cloud services nearly ubiquitous According to the survey, the results of which have been unveiled at RSA Conference 2018, 97 percent … More

The post 1-in-4 orgs using public cloud has had data stolen appeared first on Help Net Security.

Niche dating apps can still be dangerous

Pressures at work and home mean that many people struggle to find time to make new friends. As a result, we are increasingly reliant on Internet services to meet people – and find love.

As some of the most popular dating services, apps like Tinder and Grindr have managed to hog the limelight for years. But the generic nature of these apps makes them unsuitable for some people – the suggested matches can be extremely inaccurate for example, mismatching interests, location or personality.

Farmder – dating becomes more specific

Aware of these limitations, and with a desire to help people find better potential love matches, Michelle Li has built a new mobile app. Named “Farmder”, the app is targeted at a specific group of people – those living in rural areas.

Speaking to the Daily Mirror, Li explained the importance of Farmder, which has been described as “Tinder for farmers”;

“It’s very difficult to find the right one on Tinder if you have any specific requirements.

“For example, if you are a biker, it’s likely that you want to only date other bikers.

“So a dating app specifically for bikers and riders would be better than Tinder in this scenario.

“There are many niche dating apps in different fields. Why not one for single farmers?”

Although targeted at farmers, Li hopes that Farmder will help anyone living in rural areas make new friends – or find love.

New app, same old rules apply

Because it is targeted at a smaller group of users, Farmder will inevitably be used by fewer people. Despite this, users will still need to exercise caution to protect themselves from fraud, identity theft and harassment.

More specifically, Farmder users should:

1. Secure their personal data

Farmder provides a range of settings designed to protect your personal data. Make sure that you fully understand these features and they are set to maximum wherever possible. You should also choose a strong password for your account to keep hackers out.

2. Share information carefully

As you connect with other Farmder users, use your common sense before sharing personal information. Always arrange to meet in a public place to protect your home address for instance. And never, ever share details like bank accounts or passwords – even if the contact claims to work for Farmder.

3. Install antivirus

Ensure that data stored in the app is properly protected from loss and theft by installing mobile anti-malware. As an added bonus, you will be protected from receiving malware sent by other users that could compromise your phone.

4.Common sense is king

Whether you are using Farmder, Tinder, or any other dating app, you must exercise caution. Your personal data is hugely valuable to criminals, and they will use any trick they can to steal it. Always think very carefully before sharing information publicly, or you could become a victim of cybercrime.

Protect yourself – and your phone – today by downloading a free trial of our new Panda Dome anti-malware software.

Download Panda Mobile Security

The post Niche dating apps can still be dangerous appeared first on Panda Security Mediacenter.

How security researchers deal with risks stemming from their activities

Broad and inconsistent interpretations of behind the times laws, new anti-infosec legislation, lawsuits and criminal prosecutions are having a chilling effect on security research. It’s difficult to quantify the effect, but Joseph Lorenzo Hall and Stan Adams of the US-based non-profit Center for Democracy & Technology have attempted to reveal the worries and choices of security researchers in the current climate by interviewing twenty of them. “We used a qualitative methods research design to understand … More

The post How security researchers deal with risks stemming from their activities appeared first on Help Net Security.

How to minimize healthcare supply chain threats

There are many reasons why healthcare institutions have poor cybersecurity: most resources go towards providing patient care and not enough is left for cybersecurity; not all hospitals have a dedicated cybersecurity team; cybersecurity policies and authentication procedures are difficult to implement due to many users who rotate within the hospital, and more. In a recent paper, though, Trend Micro researchers zeroed in on two particular risks these organizations are susceptible to and they don’t feel … More

The post How to minimize healthcare supply chain threats appeared first on Help Net Security.

Security teams are under resourced, overwhelmed by attackers

A new report conducted by the Ponemon Institute uncovered security’s “patching paradox” – hiring more people does not equal better security. While security teams plan to hire more staffing resources for vulnerability response – and may need to do so – they won’t improve their security posture if they don’t fix broken patching processes. Firms struggle with patching because they use manual processes and can’t prioritize what needs to be patched first. The study found … More

The post Security teams are under resourced, overwhelmed by attackers appeared first on Help Net Security.

How to Stay Safe During This Tax Season?

The deadline for individual tax returns is approaching – unless you get an extension from the IRS, this year’s returns will be due by April 17th. The deadline is sooner than later, and this is the time when scammers become very active. Criminals know that if you’ve waited that long to file your tax return you are probably under time-pressure right now, and prone to make impulsive decisions – they want to take advantage of your situation.

Troublemakers are fully aware that when people are under time-pressure, regular taxpayers are susceptible to make irrational decisions and not be as careful as they are supposed to. This is why here at Panda Security we’ve decided to create a top five tips on how to stay safe during tax season.

Top five tips on how to stay safe during tax season

Ignore the IRS scam calls

One of the most popular tax-scams are the calls we all get from people claiming to be from the IRS. They usually threaten you with a lawsuit or an arrest and require immediate payment. Keep in mind that IRS never calls you out of the blue and if they wanted to get you touch with you, they would have sent you multiple letters before they pick-up the phone to call you.

If you are not expecting a call from the IRS, the person on the other side of the phone claiming to be an IRS officer is most likely a fraud. If you get such a call, it is important not to engage at all and resist the pressure to act quickly. Instead of panicking go ahead and report the contact to TIGTA at http://www.treasury.gov/tigta by clicking on the red button, “IRS Impersonation Scam Reporting.”

Beware of phishing emails

Arguably the second most popular IRS related scam that flourishes every Aprils is the phishing campaigns executed by cybercriminals. As you know phishing scams are typically carried out through unsolicited email and websites that pose as legitimate sites and rely on luring unsuspecting victims to provide personal and financial information. If you have antivirus software installed on all your connected device those emails will not even reach you.

However, you always have to be extra careful and not to open unsolicited emails. If a suspicious email makes it to your inbox, just delete it without opening it or clicking on any links in it. IRS also encourages everyone who receives such emails to forward them to phishing@irs.gov.

Be self-aware

We know that there isn’t that much time until the individual tax return deadline, but this is not a good excuse to believe that you’ve somehow miraculously qualified for an immediate IRS tax relief. If it seems too good to be true, it probably isn’t. If someone claiming to be from the IRS is on the phone demanding personal information such as your Social Security Number, just hang up.

Avoid giving them information by just not letting them communicate with you anymore. Scammers do not deserve your time explaining why you are not feeling confident into sharing personal information with them – just stop talking to them, block the number and continue with your day. If you are concerned about IRS and that you might owe them something, you can call them directly on a contact number listed on https://www.irs.gov/ or get in touch with a tax advisor.

Keep your information secure

While personal information such as DOB, address, cell number and full name can easily be found online, your Social Security Number isn’t readily available on online directory service providers such as White Pages. Avoid sharing your full SSN over the phone with anyone unless necessary and always keep all documents that have it, such as W2, safely locked in a secure place at home or on a connected device secured with antivirus software.

Keeping an eye on your credit report is a good practice too. Making sure there are no irregularities on your credit report will mean that institutions that hold your sensitive information are doing an excellent job protecting it from cyber criminals.

Don’t wait until the end

Filing your tax returns early guarantees you quicker tax refunds! Yes, you do not have to wait until the end of April to get your returns, you can do it as soon as mid-January and get an almost instant payback from the IRS. The longer you wait, the more prone you will be to be lured by a criminal. Bear in mind that filing your taxes early not only allows you to get the money you are owed but also gives you more time to pay any taxes you might owe. By knowing how much you owe to Uncle Sam, you will be able to create a better game plan, avoid penalties, and deal with your debt without the need to file for a tax extension. The chances of becoming a victim of identity theft also decrease significantly when you submit early.

Over the last couple years, we’ve seen an unprecedented amount of major data leaks. The information of millions of Americans is probably still up for grabs on the dark web. Staying safe in this digital world could be tricky and making sure all your connected devices are secured with anti-virus software is a must. The only way to keep yours and your families’ identities intact is to prevent them from getting stolen in a first place.

Download your Antivirus

The post How to Stay Safe During This Tax Season? appeared first on Panda Security Mediacenter.

Are legacy technologies a threat to EU’s telecom infrastructure?

Telecommunications is a key infrastructure based on how our society works. It constitutes the main instrument that allows our democracy and our EU core values such as freedom, equality, rule of law and human rights to function properly. Common types of attacks There are currently over 5 billion unique mobile subscribers and over 2000 mobile operators worldwide. In Europe, we have 456 million unique mobile subscribers, which is equivalent to 84% of the population. Mobile … More

The post Are legacy technologies a threat to EU’s telecom infrastructure? appeared first on Help Net Security.

Secure software development practices for developers, organizations and technology users

SAFECode announced today the publication of the Fundamental Practices for Secure Software Development: Essential Elements of a Secure Development Life Cycle Program (Third Edition). The authoritative best practices guide was written by SAFECode members to help software developers, development organizations and technology users initiate or improve their software assurance programs and encourage the industry-wide adoption of fundamental secure development practices. The best practices in the guide apply to cloud-based and online services, shrink-wrapped software and … More

The post Secure software development practices for developers, organizations and technology users appeared first on Help Net Security.

The College Student’s Complete Guide to Cybersecurity

Learning good cybersecurity habits is as important to your college experience as the groups you join or the classes your take. Computer viruses can delete your term paper, hackers can hijack your Facebook account, cyberthieves can steal your identity, and vengeful exes can ruin your reputation. These are real consequences of cybercrime—they can happen to anyone from 8 to 80.

Cybersecurity Myths 101

Lies, half-truths, and distortions around cybersecurity are as plentiful as cat videos on YouTube. Let’s debunk them first before drilling down to the truth.

“The IT department takes care of cybersecurity.” — mostly false

Yes, the IT guy keeps the network from crashing, thwarts hack attacks, and counters data breaches. But cybersecurity is everyone’s responsibility—simply because it’s also everyone’s problem. Computer viruses work like real biological diseases. If your device gets sick, chances are it’ll infect others.

“I can just unplug from the internet.” — mostly false

Let’s be honest, it’s impossible to disconnect from the internet and still graduate. You might try the “air gap” approach by disconnecting from Wi-Fi when you’re not online. But this actually makes you less safe over time. You’re devices need updates to their operating systems, apps, and antivirus software to keep them secure. They can’t update if they’re not connected to the internet. By unplugging, you create update lag times when your devices are more vulnerable to cyberattacks.

“I don’t have anything worth stealing.” — uber false

You’re social security number alone is worth loads of cash to a hacker who can sell it on the dark web to identity thieves. These nefarious digital ninjas can use your stolen personal credentials to apply for a new credit card or banking account in your name.

Hackers can also use your personal data to extort money from you. Consider that online video game character that’s taken you four years to perfect. How much would you pay to not to have them turn to digital vapor? The more emotionally connected you are to your data, the more valuable it is to a cyberthief.

“Cybercrime is all about making money.” — super duper false

Yes, making money motivates many hackers, but many do it for other reasons. Hackers with an anarchist bent just want to watch the chaos erupt when the electrical grid goes down. Those with political agendas hack elections or campaign emails. Still others, like “ethical hackers” fight against government overreach, corporate greed, or attempts to stifle freedom of speech.
There are probably as many motivations for hacking as there are hackers. Getting rich is only one part of the equation.

Protecting your devices

You’re at the campus library alone. It’s late, and two double Americanos haven’t kept your eyes from glazing over. You’re exhausted from trying to BS your way through the last three hundred words of your English 1113 essay.

Now, all that java is making its way through you. The “Call of Nature” screams out. You look at your laptop. It looks back at you. “You’re not thinking about leaving me alone are you? [blink, blink]” it seems to ask.

You spy a sketchy-looking lurker in the corner of the room. Your legs involuntarily cross as the pressure builds. It’s decision time…

Every year an average of 11,000 robberies and burglaries occur on college campuses. And that’s just the ones that are reported reported.

However, brazen thievery is only one physical cybersecurity threat. Students also lose their devices. A sizeable number of student phones never make it home from the house party or sporting event. All it takes is the wrong person finding your device to make identity theft part of your college experience. And don’t count on your iPhone’s passcode saving your data. It’s much easier to guess than you think.

But enough with the scare tactics. Here are some things to do before and after you lose your devices. (And if you’re reading this in the bathroom, don’t leave your phone sitting on the TP dispenser.)

Back it up

First things first. Back up the data you can’t live without on a external hard drive. Backups protect you against file corruption, ransomware, and beer spills.

Lock it up

Physical protection takes physical solutions. Laptop locks are inexpensive and work well. Just like bicycle locks, laptop locks let your attach your precious hardware to something sturdy while it’s out of sight. You can also use a locked security box in your dorm room, especially if you’re not 100% about your roommate.

Track it down

If physical restraints aren’t your thing, try a digital tether like laptop or phone tracking software. These apps will let you track your device if it’s stolen. Some even allow you to remotely lock down your device or erase sensitive data before thieves can get to it.

Register it

Register your electronic devices with your campus police. If a security officer finds your lost or stolen tablet, it’s more likely to find its way back to you if the police already have your name, address, phone number and the tablet’s serial number. Registration also makes filing a police report easier. Find directions for registering your devices on your school’s website.

Protecting Your Data

Now that you’ve secured your physical devices, let’s talk about protecting your data. We’ll replace your dark web surfing and bad device disposal habits with data-saving, cybersecurity best practices.

Passwords

Think about your password right now. Got it? Now, check to see if it appears on last year’s Top 25 most common passwords

Welcome back. Well, was it on there? If it was, hopefully you realize how simple it would be for a hacker to access your data or social media accounts. Passwords like “123456” and “passw0rd” are so easy to guess, you might as well tattoo them on your forehead.

What’s even more sobering is that those 25 “passwords” make up more than 10% of all of the passwords created! Let that sink in for a moment: one in every ten people use words like “princess” and “football” to block access to their most private information. If you’re a cyberthief, that’s a awesome stat. If you’re a victim of data theft, not so cool.

Hopefully, when asked to remember your password, you thought, “Which one?”. If so, good for you. Many people use only one password for all of their accounts, which, if guessed, opens the door to their social media accounts, bank accounts, email accounts. Create different passwords for every important account, and make them strong. Here’s how:

Password Managers

There’s a simple reason why people use only one bad password. It’s because remembering is hard. Password managers can be your virtual memory. With one master password, you can access, create, and store strong passwords for an infinite number of accounts.

Most password managers let you automatically log into a website, so you don’t even need to type out your username and password. This protects you from “keyloggers”, a form of malware records your keystrokes for hackers to see. Download a free version of a password manager and kick “qwerty” to the curb.

Password Tips

If password managers aren’t your jam, at least make sure the passwords you have are hard for hackers to heist. Here are some tips for creating strong passwords.

  • Uniqueness. Good passwords have the same traits you want in a significant other: strength, uniqueness, and unpredictability—a good sense of humor doesn’t hurt either.
  • 8’s Enough. The powers that be suggest passwords be at least eight characters long, but longer is better.
  • $p3c!^L Characters. Capital letters and special character substitutions are required parts of a strong password. But don’t use common substitutions like $ for S or ! for 1. We all do that. It’s too predictable. Be un~que.
  • A.C.R.O.N.Y.M.S. You can substantially increase the length and memorability of your passwords if you build them from acronyms. First, choose a phrase that describes something only you would know: “Before I die I want to sing in front of a crowd.” Next, build your acronym: bidiwtsifoac. Finally, add a few uncommon subs and caps. b3dIwtsif#ac. Now, you’ve got a long password that’s easy to remember.

Two-Factor authentication

Did you know the President always carries a plastic card that contains the nuclear launch codes? A new one arrives each day. Somehow, it got the nickname “the biscuit.” Each card also contains fake codes, and the President must memorize which ones are the real launch codes. The reason: so he or she can prove they’re the real President of the United States.

This is an example of two-factor authentication (TFA), which you can also use to prevent data thieves from impersonating you and launching your data toward other countries. TFA requires two factors of information: what you have and what you know.

When you sign onto a social media site with your username and password (i.e. what you know), the site texts your phone an authentication code (i.e. what you have). Steam asks, “Is it really you?”, and, by entering the code sent to your phone, you say, “Yes, it is”.

For a cyberthief to sign into your account, they would need your credentials AND your phone—maybe not as hard as impersonating the President, but still a pretty tough trick to pull off.

Public WiFi

You just got back to your dorm room after a long morning of tests. You open your laptop to catch up on social media. A few rooms over, a hacker stares at the phony Facebook login page he’s created. He’s been intercepting all of your floor’s internet traffic for two hours now.

You open your browser and go to Facebook. The hacker now watches the forms fill up—his keylogging software recording your every keystroke. You hit enter, but nothing happens.

Frustrated, you refresh the page. Now, the real Facebook page appears and you try again. Success! After a few minutes of scrolling through your feed, you’re suddenly kicked out of your own account.

Public WiFi hotspots are great. They’re free, don’t require a password, and keep your mobile data plan from exploding. But there’s a data security cost to connecting to them. Whether it’s the coffee shop across the street or your own dorm room, public WiFi spots can house hackers who want to steal your data or invade your privacy.

Hackers use open networks to launch man-in-the-middle attacks, so called because they position the cyberthief between you and the network’s router. From this position, cyberthieves can create fake login pages to steal your credentials or capture the data sent from your device.

You can protect against man-in-the-middle attacks by getting a virtual private network or VPN. A VPN routes your internet traffic through smaller, private networks. It also encrypts your data and hides your location. When you’re surfing public networks, data encryption makes your private info useless to cyberthieves even if they’re able to intercept it.

If you’re planning an overseas visit for study or fun, consider getting a VPN for extra security. No one checking their Facebook should have to worry about account theft.

Torrents of trouble

When you illegally torrent Black Panther for the watch party tonight, you’re risking more than just a copyright troll sending you a nasty letter. You’re also putting your data and devices at risk from malware infection. One study showed you’re 28 times more likely to get malware downloading from content theft sites than from licensed content providers.

Torrents are peer-to-peer networks that let you download small parts of a file from many different users. As a result, everyone else can see your IP address. When hackers aren’t offering malware-infested media for download, they’re trolling these IP addresses for vulnerable devices.

To torrent safely and legally, download only from sites that offer public domain or user-generated content. VPN data encryption also helps protect you while torrenting, but here are a few things to keep in mind.

  • Connection reliability can vary depending on the VPN.
  • If the VPN encounters a problem during download, it will default to your regular ISP and leave your data unencrypted. Make sure your VPN has a “kill switch” feature to stop the download if this happens.
  • Netflix and Hulu don’t allow you to stream their content with all VPNs, but some have permission.

Protect your data. Destroy it.

So grandma came through on your birthday and you’ve got some cash for a new phone. But what about that old brick of yours? You could keep it as a backup, sell it on Craigslist, trade it in or make it a hand-me-down for your little sister.

Whatever you choose to do, wipe everything first. That includes those embarrassing selfies and that checking account number you added as a “contact”. Factory resetting your devices keeps your data out of the greedy clutches of cyberthieves—and your little sister’s. Follow these tips:

  • Back up your data to the cloud or external drive.
  • Remove or erase any storage devices. Don’t sell your laptop with a DVD or SD card still inside. That goes for your SIM card too.
  • Follow the steps for resetting your phone to factory settings. For Android phones, encrypt your data before resetting. Cyberthieves can still get to some data even after a factory reset.
  • Double-check that your data is gone. Look through your contacts, voicemails, and downloads folder.
  • Before selling, consider a recycling and donation program from your phone manufacturer.
  • Update your serial number and registration information with campus police.

If you opt for destroying your device to keep your data safe, at least do it right, and that doesn’t mean throwing it off the Student Union. Remember the mantra: “Data is hard to destroy,” and repeat it every time you swing the hammer.

The same rules for digital data destruction go for analog too. Invest in a paper shredder and run your old receipts, credit card offers, insurance forms, bank statements, doctor bills, and old credit cards through it. Cyberthieves aren’t above digging through the dorm dumpster.

Protecting your identity

In February 2013, Ohio resident Amy Krebs got a call from her credit company saying someone was applying for a credit card in her name. Amy explained it wasn’t her, hung up, assuming someone had stolen her card and “gone out to eat.” What Amy didn’t know was that the call was only the beginning of a two-year long nightmare to prove her own identity to the world.

In six months, an identity thief used Amy’s Social Security number, birthday, and former addresses to open more than 50 accounts. Many were for purchases, some for utilities, and some even for doctor’s visits. Amy soon realized her credit report was wrecked. It would take many months of phone calls and emails to lenders, filling out government forms, and some of her own sleuthing before Amy could get things back to a new normal.

“When you are a victim of identity theft,” she explains, “you are put in the position of having to prove who you are to a greater extent than the criminal had to to get goods and services.”

In 2013, victims like Amy were created every two minutes. Today, identity fraud and theft continues to ruin the credit scores and identities of millions of people every year — 1.3 million in 2016. Before diving into how to protect yourself, let’s look at some concepts you need to know.

Fraud vs. identity

Identity fraud is when someone steals your credit card and buys a $2,000 big screen with it. You see the TV on your credit bill, call the company and say, “Hey, I didn’t buy that!”. After proving you’re the victim of fraud, you’ll probably be charged $50 — the liability limit of most credit card companies.

Identity theft is when someone uses your SSN, DOB, and other personal info to get a new credit card, get an ID, or file taxes all in your name. In short, they’re creating another you, not just using the existing you. The liability limit doesn’t exist for identity theft. If the thief had bought the TV with an new credit card in your name, you’d likely be on the hook for the entire two grand. If given the choice, you want to be defrauded not thefted, but both suck.

Phishing attacks

Phishing attacks are how cyberthieves get you to hand over your personal information voluntarily. That’s right. No hacking needed, just a few social engineering tricks. Here’s a common phishing email tactic:

You receive an email from your bank that says, “Attention needed: You’re account is overdrawn. Please sign into account and resolve the issue or your account will be closed.” After several minutes of hyperventilating, you click the link to find out what’s going on. You’re now at your bank’s website and you sign in. There’s a problem. Despite looking official, that email wasn’t from your bank and you didn’t just sign into the website. Instead, you just gave your account credentials to a cyberthief. You can start hyperventilating again.

How did this happen? Because in all of the fear and excitement, you hyper-focused on the consequences of the message and not the message itself. For example, you may not have noticed that “You’re” and “over-drawn” are misspelled. Bad spelling and grammar are two signs you’ve got a phishing email on your hands. Here are some others:

  • Suspicious links. Don’t ever sign into your accounts by following a link in an email. Your bank will never ask you to do that. Before clicking any email link, check to see if it’s taking you to the right URL. Hover your cursor over the link and check the lower left-hand corner of your browser to see the address. If they’re different, be extremely cautious. To check a URL on a smartphone, long press the link and a window will open to reveal the address.
  • Bad logos. If you suspect a phishing email, go over the company’s branding. Do the logos look legit? Are they bad quality versions? Does the font match? Pro Tip: Screen capture authentic emails from your account holders so you can compare them to suspected phishing emails later.
  • Body image. To bypass spam filters, cyberthieves make the body of their phishing emails from images rather than text files.
  • Tough tone. Just like in the above example, phishing emails often use threatening tones to scare their victims.

Cyberthieves don’t just phish with email. They use websites as bait, too. One common website scam is to buy a domain name similar to a popular one so you can trick people into visiting it. (Example: reddit.com and reddit.co). If you’re not sure an email or website represents a legitimate online company, look up its email sender score.

What kind of consumer are you?

Identity thieves target some consumers more than others. Know what kind of consumer your are and adjust your habits to lessen your risk of identity theft or fraud.

  • Offline consumers don’t go on Facebook or Twitter, and they don’t buy things online . It’s hard to steal their identity, but when you do, they don’t notice it for a long time. That means there’s more damage done to their credit scores.
  • Social consumers are people who are very active on social media, but never buy online. Identity thieves love them because they over-post personal info and are highly susceptible to phishing and other social engineering tricks. These consumers are 46% more likely to have their credit card account taken over.
  • E-commerce consumers spend a lot of money online. They share their credit card info with e-com stores. Although they’re at higher risk for credit card fraud, they detect it quicker than other consumer types.
  • Digitally-connected consumers are a mashup of social and e-com consumers. They’re on social media and they shop online, which puts them 36% higher risk of fraud.

These consumer types show that specific online activities, like oversharing information on social media and account inattention, raise the risks for and damages from fraud and identity theft.

Don’t overshare on social media

Of course, everyone wants to see adorable pics of your dachshund, Bark Obama, wearing a hot dog costume, but you might want to keep his name out of the post. Personal information like your first dog’s name are common security questions for your financial accounts. Check your account’s privacy settings to make sure your profile is visible only to friends and people you trust

Be careful what sites you “like” or “favorite”. If you like a specific bank or credit card company, a cybercriminal can use that information to send you a phishing email from that institution.

Also, be skeptical of online quizzes. Yes, it’s tough to resist the call of the “What type of Nutella lover are you?” quiz, but taking it may land you on a phishing site or get you to reveal sensitive information. Before sharing any personal information, think about how others could misuse it.

Monitor your accounts

Identity thieves make a living from people who don’t check their accounts regularly. Sign up for regular alerts from your credit card company or bank. These companies will alert you to suspicious activities, like large cash or out of state purchases, via text or email.

Your credit report needs watching, too. The three major credit reporting agencies are Equifax, Experian, and TransUnion. Federal law requires each of these reporting agencies to give you a free credit report upon request once per year. AnnualCreditReport.com is the only authorized website to get free credit reports. Pro tip: Request a report from all three agencies throughout the year—Equifax in January, Experian in May, and TransUnion in August. That way, you can get a free report every four months. Boom! Working the system.

If you suspect identity theft or fraud, lock or freeze your credit report. Both will make it impossible for anyone to open a credit card, apply for a loan, or get a mortgage using your identity.

Protecting your reputation

Just like cyberthieves, cyberbullies and online con artists can steal your reputation and peace of mind — which is more valuable than your credit score. Playground name calling and verbal abuse have moved online to social media and text messages. Internet trolls or ex-girlfriends can do permanent damage to someone’s reputation. The embarrassing pics or videos never go away. Cruel tweets are screen captured and shared. The damage goes on and on. Here are some common online threats and ways to deal with them.

Cyberbullying

Cyberbullying isn’t just a middle and high school issue. It carries over into college. Research shows that 22% of undergraduate students reported being cyberbullied.

 The best way to prevent cyberbullying is to follow the cybersecurity guidelines above. Protect your passwords, set your social media accounts to private, and don’t share anything online you wouldn’t want to see become an internet meme. If you’re the victim of cyberbullying, here are some guidelines:

  • Don’t retaliate. That’s exactly what the cyberbully wants. Take away that part of their motivation.
  • Ask for help. You’re not alone. Reach out to your school’s student services, counseling center, or campus police. They can help you report the abuse.
    Know the law. Most states have laws on the books for prosecuting cyberbullies. Know them.
  • Record every incident and when it happens. Screenshot harmful posts or content. When you keep a consistent record, it helps prove the cyberbullying is a pattern of behavior.
  • Block the bully. Use all of the services available on your phone or apps to block the person. It may not solve the problem completely, but you will be less tempted to retaliate, and it will lower your stress levels.

You don’t need to be a victim to act. If you see anyone being cyberbullied, take action. Give them this guide, encourage them to report the abuse, and help them stay positive.

Dating scams

Have you got the Friday night blues? Is finding a date in college a little harder than you thought? If so, you may be considering joining the online dating scene. But before you swipe right on your new long distance relationship with “Tanya32,” consider that the FTC gets thousands of complaints every year concerning “romance scammers.” And dating scams reports have tripled over the last five years.

Yes, Tanya32 may actually be a 35-year-old Russian male with a goatee who’s less interested in “going to the gun show” than going to the ATM. And if you’re not careful, “she” may talk you into sending her money before you actually meet. Here are some signs you’re being sucked into an online dating scam:

  • Your online other professes their love for you a little too soon. Real love is a marathon, not a sprint. Don’t fall for it.
  • Says she’s from the U.S. but is currently “overseas”.
  • Plans to come for a visit, but can’t because of an emergency.
  • Asks for money to pay for the “emergency”.

Don’t be fooled by these flimsy attempts to make a long distance love connection. Slow your roll. Don’t wire money, and if you already have, [facepalm] contact your bank ASAP. You can also file a report to the FTC and the FBI.

Sexting

There’s really no reason to ever text images of your naughty bits or explicit descriptions of said bits to anyone else. Maybe if you had a fishing accident and needed medical advice it would be okay to text the ER a pic of the affected area. Otherwise, just don’t do it. Those explicit images and messages may eventually find their way to a wider audience.

If you receive explicit text messages of someone’s private parts or nude photos, don’t pass them on to others. If that person is under the age of 18, you could be charged with distributing child pornography. People motivated by money or revenge resort to “revenge porn” tactics or sextortion to get what they want. Don’t encourage or aid that activity by sharing the evidence. Delete any nude photos immediately from your phone and the cloud. Then block the sender.

Conclusion

You don’t need to become a conspiracy theorist or super distrustful of people to practice good cybersecurity. It’s true that most people are honest. But you do need to change your attitude about your data and your online habits. It’s easy to forget how people can misuse what is otherwise just innocent information about yourself, but it’s a fact of life with the internet. That’s why it’s best to start building good habits right now. In college, you’re already open to new experiences and discovering who you are. Don’t let a cyberthief ruin your newly-formed identity by handing it over to them.

Cybersecurity: 5 things to do before the day is done

Update your OS

Your operating system is the James Bond of your devices. That’s why cybercriminals want to kidnap it, tie it to a chair, and torture it until it gives up your data. Hackers target out-of-date operating systems because their security is weaker — they lack the latest security patches and virus signatures to defeat spyware, ransomware, and even dinnerware! Can’t remember to update? Just set your OS to update automatically and you’ll never have to.

Create timeouts and login screens for your devices

Like most college students today, you’re probably awash in a sea of digital screens. Each one is an access point to your private info, which is why you should set screen timeouts and logins for all your devices. Just as screen protectors guard your phone against breaks, screen logins guard it against break-ins. They keep prying eyes off your data when you’re distracted and make it harder for cyberthieves to hack.

Encrypt your data

Data encryption turns your personal data into an encoded message only you can read. Even if a hacker swipes your data or device, they can’t use the information because they don’t have the encoding key. Encryption software is easy to find. Choose one and use it to scramble your bank statements and those sext messages you can’t part with.

Back up your data

Yes, you should back up your data in case your hard drive croaks, but you also need backups for cybersecurity reasons. Hackers use ransomware to encrypt your data and hold it for ransom. Depending on the sensitivity of the data, you might be find yourself begging your roommate for a few hundred dollars to payoff a cyberthief who’s heisted your 2,000-word essay on George Washington Carver. But with your data backed up, you can save that cash for something more essential, like a house party.

Change your attitude about cybersecurity

It’s tempting to feel immune from cyberthieves. After all, you’re a college student. You don’t have anything worth stealing, right? Wrong. Consider these stats: 1.3 million people fall victim to identity theft every year, ransomware attacks in the US are up 250%, 22% of college students report being cyberbullied. Make surfing the internet as important as driving your car. Adopting a new attitude towards cybersecurity keeps your data, devices, and reputation safer.

The post The College Student’s Complete Guide to Cybersecurity appeared first on Panda Security Mediacenter.

Compliance functions make a turn towards innovation-fueled strategies

Faced with growing threats of ‘industry shocks’ such as cyber fraud, cryptocurrency, quantum computing and open banking, financial institutions expect to increase their compliance investments over the next two years as they seek new approaches to strengthening compliance capabilities, according to a new report from Accenture. Compliance investments increase Based on a survey of 150 compliance executives at financial services institutions, Accenture’s fifth annual compliance risk report, “Comply and Demand,” found that 89 percent of … More

The post Compliance functions make a turn towards innovation-fueled strategies appeared first on Help Net Security.

Soledad Antelada: “In the US, cybersecurity is a national priority”

Despite new intrusion methods and the spread of attacks, for Soledad Antelada, what’s really changed in cybersecurity is people’s awareness and how the media treats the topic. Systems Engineer at the cybersecurity department at the Lawrence Berkeley National Laboratory and an expert in the sector, she believes that cybersecurity has evolved from a small underground movement to entering the collective consciousness to become a global phenomenon.

Soledad Antelada, one of the most influential Hispanic women in the technology world, has a key task: guaranteeing security of a system in which thousands of people work. The Berkeley Lab is a prestigious scientific research center which has produced 12 Nobel Prize winners. It is a United States national laboratory managed by the University of California. The department of cybersecurity is in charge of protecting the laboratory and the entire network of institutions dependent on the US Department of Energy. An expert in cybersecurity, she tells us what the keys are to protecting these kinds of institutions.

Pentesting to stay ahead of cybercriminals

Soledad works as an external agent, that’s to say, she pretends to be an attacker to penetrate a network to get into a system and jump from one network to another. “I always act as an intruder”, she adds. To do this, she uses scanning and exploit tools or develops her own. Among her favorites are Python, SSH Brute Force, Nessus for scanning systems, and Burp and Netsparker for scanning web applications. To exploit, she uses “a lot of manual scanning or metasploit and SQL injection”.

Antelada stresses the importance of penetration testing at Berkeley Lab: “This type of tool is a priority for us. We want to find out about vulnerabilities first and take care of them, before attackers discover them”. She also says that at the Department of Energy, cybersecurity audits are performed to evaluate the security of the lab. According to Soledad, “during the audit period, they evaluate the general vulnerability of the lab. If they don’t find anything, then we are doing our job”.

“Patience is the best virtue in pentesting”, she adds. “It takes a lot of trial and error to discover on your shift what the bad guys are trying to do 24/7. And then have to fix it to boot.”

Soledad Antelada, Systems Engineer at Lawrence Berkeley National Laboratory

Tips for security professionals in a connected world

Soledad thinks the sector has to “invest more in highly qualified people than in teams”. By supporting experts and strengthening cybersecurity departments, both companies and public institutions can stay ahead of the curve and don’t have to wait for an attack to defend themselves. Antelada adds that, in the US, greater importance is given to the sector. “Regardless of the government in power, cybersecurity is a priority for the entire country.”

For Soledad, employee education is also a priority. According to her, this will become more important as the Internet of Things grows. She explains the case at Berkeley Lab: “There we’ve got all kinds of instruments connected to the network, such as lasers and microscopes, which are also attack vectors.” If the security of these devices is compromised, “the scientists that use this equipment need to be contacted and shown how to fix the vulnerability.”  It’s not just about fixing the problem, but educating users about the vulnerability, how they found it, and how to fix it. This, says Soledad, “helps users adopt the right mindset regarding cybersecurity and from then on they can be on the lookout for suspicious behavior.”

Also, to protect institutions, cooperation of different areas in an organization is fundamental. “There should be real support between employees of the departments. Among those in charge of storing and managing data, system managers, software developers, etc., all should be connected with the cybersecurity department because they cannot work on their own, they depend on the administrators to protect them.

Women in the cybersecurity sector

At Girls Can Hack, Soledad tries to get women interested in technology to encourage them to get involved in what has traditionally  been a masculine sector. “I’m the first and only woman at the Berkeley Lab cybersecurity department, says Antelada, “and even though the number of women at companies is still very low, I’ve seen a change and women are now beginning to take an interest in the field.”

To change this, what does Soledad suggest that to women who want to get involved in the sector? “Just do it. It’s a very dynamic field that needs a lot of people and diversity. Cybersecurity departments are monotonous, which is a flaw. Security problems are diverse, and the more varied the departments are, the easier and more creative the solutions will be. 

The post Soledad Antelada: “In the US, cybersecurity is a national priority” appeared first on Panda Security Mediacenter.

Using deception to gain enterprise IoT attack visibility

The main lessons from attacks against Internet of Things (IoT) devices are to change default usernames and passwords, use longer passphrases to avoid brute force attacks, and make sure devices have enough memory for firmware and kernel updates to remove vulnerabilities or service backdoors, plus implement strong encryption for communications. Also, having IoT devices connected to standard PC platforms is not advised given endpoints are often the foothold in most attacks. Case in point with … More

The post Using deception to gain enterprise IoT attack visibility appeared first on Help Net Security.

Do you have what it takes to withstand modern DDoS attacks?

As the latest record DDoS attack hit GitHub and threatened to overwhelm its edge network, the popular Git-repository hosting service quickly switched to routing the attack traffic to their DDoS mitigation service. In the end, GitHub ended up completely unavailable for five minutes and intermittently unavailable for four. But while the effect of the attack could have been worse, GitHub’s engineering team aims to do better next time they are hit. Robert Hamilton, Director of … More

The post Do you have what it takes to withstand modern DDoS attacks? appeared first on Help Net Security.

12 tips on how to stop cybercriminals from ruining your next vacation

Even though the winter is not officially over yet, the weather is getting better by the day, and the spring is starting to take over. When you ignore the facts that spring is when tornadoes start being active and floods are usually on the rise, it is the season of spring break and love, and students are not the only ones wanting to take a fresh breath of air after the long winter nights! No matter what your plans are, long vacation or just a weekend gateway, you have to stay safe when you are away from home. This is the reason why we decided to create a list with top 12 tips on how to stop cybercriminals from ruining your next vacation.

Top 12 tips on how to stop cybercriminals from ruining your next vacation.

1. Be smart when using public WiFi

We are aware that you cannot stop using public WiFi networks on your trips, especially the ones abroad, but we wanted to highlight the fact that you need to be cautious when doing so. Try to keep the sessions brief and never check the auto-connect box on those WiFi networks. We recommend you to have anti-virus software installed on all of your connected devices. Don’t be shy on using VPN too – these hotspots are public and you never know who is monitoring the network traffic.

2. Avoid sharing location and travel plans on social media

One of the worst things that could happen while you are on vacation is to get a call from the neighbors saying that you might have been robbed. Limiting the amounts of information that you post on social media will decrease the chances of having your home burglarized while you are away. Instead, collect all your fantastic images and upload them after you are back from vacation. Burglars are known to monitor social media for tips.

3. Keep an eye on your connected devices

There is no doubt, your connected devices contain a lot of information about you. It is likely you have your internet banking on there, and perhaps your email where you’ve been sharing login details and other personal information with peers, friends and family. Make sure that such data stays safe by locking your device into a hotel safe, or by keeping it close to you at all times. At the end of the day you don’t leave your wallet unprotected, why would you do the same with your cell phone or a tablet? Keep an eye on them!

4. Take sensitive data off your devices

When you go to cities such as Rio de Janeiro, the locals strongly suggest tourists not to carry anything that they are not willing to lose in case they get mugged. You should treat your connected devices the same way – would you be sleeping well if your phone disappears tonight and ends in the hands of the criminals? Make sure you clean up your phones and tablets from sensitive imagery and information so that you don’t have to worry about anything but just to claim a new device from your insurance provider when you get back home.

5. Update your OS

One of the reasons why people fall victims to ransomware such as NotPetya and WannaCry is the fact that sometimes people and businesses do not update their OS. Keeping your devices updated is particularly important while you are away from home. Firstly, you will be protected from any exploits known for previous versions of the OS that you are using, and secondly, you will not have to use your mobile data to run a 1GB+ update on your cell phone – we all know how expensive data could get.

6. Stay alert

If you are not a big fan of privacy screens, keeping your eyes open when you are away from home might be very important for you! Cybercriminals are known to lurk around tourist melting pots and hunt for sensitive information. It only takes a second to have a quick look around you before you type your next password or pull up your banking app on your phone – make sure there isn’t anyone trying to record your steps, password or sensitive information.

7. Leave home prepared

Updating your OS is crucial, but it is not the only step you should take before you go on your next dreamed vacation – installing antivirus software is arguably one of the most critical steps. While it is excellent to have antivirus software all the time, it is vital for you to be protected while you are away. You will be exposed to more threats than usual just because you will be using unsecured WiFi networks. Also, the chances of misplacing your connected device are much higher when you are on vacation.

8. Use Bluetooth only when needed

We suggest you keep your Bluetooth off and use it only when you need it. Using your Bluetooth can present risks and hackers might be able to connect to your cellphone or tablet. Keeping your Bluetooth off will not only save you from the dangers of getting hacked, but you will also be able to enjoy your connected device longer – keeping your Bluetooth on decreases the battery life of your device. We all know the importance of having enough charge on your devices when you are on the go.

9. Change your passwords

Changing your passwords needs to happen at least once every three months but is necessary after you are back from vacation, especially if you’ve used public access PCs, or you were using unsecured WiFi networks. You never know if the PC that you used to print out your return airplane ticket was not infected with a keylogger malware, nor that no one was monitoring the traffic that goes through the public WiFi networks you kept using while you were away.

10. Know where you are going

Border patrol agents are known to review Facebook timelines and the content on people’s computers, tablets, and cell phones. If you are traveling aboard, make sure that you are not breaking any laws of the country that you are about to enter. Clean up your device from anything that might be offensive or illegal for the state that you are visiting. For example, it is unlawful to use VPN while you are in China, and having LGBT content on your laptop might get you in trouble with the local authorities on your next trip to the United Arab Emirates.

11. Keep an eye on your internet banking

No matter if you are planning a trip to Taj Mahal in India, or to Mardi Gras in New Orleans, you will be using your credit card a lot. And those touristy places are full of people who are trying to take your money one way or another. Due to the large number of visitors that such sites get, skimming devices are known to be used to steal credit card information. Keep an eye on your internet banking and make sure you report any suspicious activity when you notice it!

12. Be insured

It is a fact – people tend to make more cellphone and tablet insurance claims after they are back from vacation. Things happen while you are out and about and phones and tablets get stolen and misplaced. While we suggest you always have insurance on your devices, we are aware that cell phone insurance is sometimes unreasonably high. Even though it is not cost effective on a permanent basis, you might be able to start an insurance cover the day before you leave and cancel it once you are back – when pro-rated, the coverage you had during your vacation will most likely cost you a only a few bucks. Call your carrier before you leave home!

We are confident you will have a fantastic time away if you follow the tips above and practice the usual safety tips, i.e., not opening suspicious emails, changing your passwords frequently, and having proper protection on all your connected devices. Don’t let cybercriminals ruin your vacation or a business trip – getting prepared and cautious only takes a few minutes.

The post 12 tips on how to stop cybercriminals from ruining your next vacation appeared first on Panda Security Mediacenter.

How Cybercriminals Target Freelancers – And What You Can Do About It

Whoever coined the adage “time is money” was probably a freelancer. It’s tough for the self-employed to enjoy the financial or emotional benefits of paid time off. Any hour you’re not writing, designing, or programming is an hour you’re not getting paid. There’s also the non-billable time you spend communicating with clients, tracking down late payments, and promoting yourself. You simply can’t afford extra downtime from a computer virus or a data breach. Unfortunately, your career choice makes you a tantalizing target for cybercriminals.

Malware makers and hackers know you handle private client data, that you work from home, that you likely use public WiFi, and that you probably haven’t downloaded cybersecurity software. It’s not an ideal situation … except for enterprising cybercriminals.

Take the time now to study these cybersecurity tips, and you’ll save money later when you don’t become a victim of ransomware.

Modernize your OS


Operating systems work their best to protect you against malware when they contain the latest security patches. The sooner you update, the better your chances of avoiding a hack. Set your OS to update automatically and check it regularly. Update all of your apps, too. Hackers exploit antiquated app architectures to make their way to your clients’ private data.

Also consider moving your work flow to the developer’s latest operating system. Many people still like working in Windows XP, and Microsoft still offers security updates. But if you just can’t part with Windows 7, at least make sure you’ve installed the correct Windows Service Pack.

Passwords: On-point protection

If hackers know the passwords for your clients’ accounts, nabbing their data is pretty simple. That’s why creating strong passwords is a cybersecurity must. Never use the same password for multiple accounts or create conspicuous ones like “123456” or “password”. Follow these steps for creating secure passwords and install a password manager to help …

  • Automatically generate strong passwords
  • Remember your passwords more easily
  • Protect you from phishing attacks
  • Make changing your passwords a breeze
  • Use your passwords on mobile devices

Beware phishing scams

Phishing is a popular online scam cybercriminals use to steal login credentials. With phishing scams, cybercriminals don’t need complex malware and sophisticated algorithms to infiltrate your laptop and steal your data. They trick you into voluntarily supplying your own passwords, credit card numbers, and SSN. The trick to defeating a phishing scam is understanding how phishing emails work and looking for common characteristics like these:

  • Suspicious links. Before clicking, check to see if any email link is taking you to the right URL. On a Mac or PC, hover your cursor over the link and check the lower left-hand corner of your browser to see the address. If they’re different, be extremely cautious. To check a URL on a smartphone, long press the link, and a window will open to reveal the address.
  • Grammar bad is. A common trait of many phishing emails is broken English, misspellings, and bad grammar.
  • Bad Body Image. Phishing scammers often use entire images for the body of their emails to bypass spam filters. If an email’s body is a .jpg or .png file, it may be a scam.
  • Click or Else! If the email has a threatening tone and asks you to sign into your account through a link in the email, you’re likely dealing with a phishing attempt.

With phishing attacks, you can’t be too cautious. Cybercriminals are constantly upping their email game, even using emails from legitimate websites like YouTube to launch their attacks. And scammers don’t limit themselves to just emails. The two websites reddit.com and reddit.co (don’t go here!) both exist, but they have vastly different content. If you’re not sure a website is legitimate, you can use online tools to look up a domain’s reputation for safety.

Cloak your data in a VPN

Virtual Private Networks encrypt the data you transmit over the internet by routing it through smaller, private networks. As a result, you can make it impossible for cyberthieves to identity you as the sender and receiver of the data or to locate your physical location.

VPNs offer encryption at every step of the browsing process, which makes them ideal for remote work and surfing public WiFi networks like cafes, hotels, or libraries. They’re also useful during work trips to countries with strict internet censorship.

The best VPNs are paid services, but research before you buy. Not all VPNs are created equal. You can run a compliance test to make sure a VPN adheres to standard encryption methods.

Working off-site isn’t a time to let your guard down

That Starbucks around the corner you consider your “off-site office” has free WiFi, but don’t assume it’s safe to surf. Using open WiFi networks leaves your clients’ data more vulnerable to hackers who can intercept your communications with a man-in-the-middle attack.

Cybercriminals also conspire in the physical world, stealing devices, swiping USB drives, or taking pics of laptop screens. Don’t make your clients pay for your mistakes. Follow these tips when using public WiFi:

  • Never leave your devices unattended.
  • Lock your laptop screen when your computer is idle.
  • Sit with your back against the wall when possible.
  • Get a privacy screen for your laptop.
  • Remove USB drives and DVDs from your computer when not using them.
  • Install tracking software for your devices in case of physical theft.
  • Encrypt sensitive files with encryption software.
  • Look for trusted local spots to get your work done.

Treat a public workspace like a phishing email: Scrutinize it well. You don’t need to be the roving Eye of Sauron — just practice common sense, and you’ll go a long way in protecting your clients’ data.

More copies of your data makes it safer

Backing up your files protects you from crashed drives and malware attacks. Data backups neutralize ransomware attacks. When people only have one copy of their high-priority data, cyberthieves can demand large sums of money for its return. If you have copied data to an external hard drive, ransomware popups become empty threats.

Ideally, you should make two backups: one on a physical hard drive and one online. Cloud storage services are inexpensive services that have the added benefit of letting you access the data anywhere there’s an internet connection. A little investestment is also a selling point for your services. Clients feel safer knowing you’re protecting their data. That translates into more contracts for you!

Download antivirus software

It’s takes effort to watch out for phishing scams and manage passwords, but downloading antivirus software helps take some of the burden off of you. Antivirus software is like hiring a 280-pound MMA badass to stand guard outside your apartment door. It scans for and eliminates common computer viruses and other malware, warning you if they try to break into your devices and kicking them out if they do. Paid versions of AV software often come with added features like password managers and firewalls.

Time is actually more than money

When you protect your clients’ data, you’re saving more than just your money, you’re saving the a business’s lifeblood — the thing that ensures their success. These tips prove you don’t need to get an online computer science degree to protect your clients’ data from cybercriminals. You also don’t need to take out a second mortgage to protect your devices. A sizeable chunk of good cybersecurity habits are just common sense and resourcefulness, two qualities, as a freelancer, you demonstrate every day.

Download your Free Antivirus

The post How Cybercriminals Target Freelancers – And What You Can Do About It appeared first on Panda Security Mediacenter.

RIPE 72 – Copenhagen

While in Copenhagen during May, I had the opportunity to attend my first RIPE event. As a self-confessed non-geek, I wasn’t entirely sure what I was letting myself in for at RIPE 72. What I found, was a group of passionate technologists, as demonstrated by the pride with which the delegates immediately donned the obligatory, ‘Super Geek’ emblazoned, promotional t-shirts. The event presented a chance to meet with network engineers from across the globe, some of the people who make the Internet tick (or at least know where the clock is and how to adjust the hands) and participate in discussions both practical and policy related.

The schedule for Tuesday covered a wide variety of topics, ranging from “IoT isn’t going to make your company rich and the importance of the Internet community overcoming the hurdles of compatibility, obsolescence and security”, to “An in-depth look at Comcast’s impressive IPv6 service and deployment“. The latter being an impactful presentation by John Jason Brzozowski of COMCAST, describing where they’re at with their IPv6 offering. The numbers certainly are impressive, 98+% of the 40m devices on the network are managed using IPv6 only (trending towards 100%). Additionally, by APNIC’s measurements, 87% of COMCAST’s broadband customers have native IPv6 enabled.

Another interesting presentation (by Andrew Owens of Teraco, South Africa) focused on the state of Internet provision in Africa. Andrew recounted a great anecdote, of a race to transfer 4GB of data, over a distance of 60 miles. On one side, the fastest available ISP, on the other, a memory card strapped to a carrier pigeon. The ISP managed to deliver 4% of the data by the time the pigeon landed. It was thought-provoking to consider that fast Internet access is only available via sea cables, as cabled infrastructure to central African countries is still very poor. It seems there is a need for both political and economic stability, and major investment in infrastructure, before the situation will improve.

By Friday, the total number of attendees checked-in had hit 676 – very impressive. However, I was stuck by one worrying observation: the age of those present. Those who can rightly consider themselves guardians of the Internet from its inception, were by far the most well represented demographic. Whilst these people are certainly young in mind and thought, there is a definite need to identify the future leaders and innovators amongst us. Those who will steer us beyond IPv6, IoT and the concerns of today, and navigate the next new technology to hit the World Wide Web, changing how we will use the Internet in the years to come.

For me, the most valuable aspect of RIPE 72, was the chance to spend a week immersed in a community that I do not interact with regularly. These are the influencers around Internet policy, infrastructure and use. As a group, they did not want to be preached to (or directed by) governments, particularly regarding control of the Internet. Whilst they may be perceived as anti-regulation, in some cases anti-legislation, what stuck me was the passion of the delegates; not only knowledgeable, but ardent defenders and true guardians of a free and open Internet.

Authored by Kevin Williams

 

Additional subjects covered over the week included the future activity of RIPE and ICANN, discussions around ITU (centered on policy and regulation). There was also time devoted to the topic of enabling free and unhindered access to the Internet for all. On the flip-side, there were some conversations on abuse as well. Video recordings and transcripts for all of the presentations can be found at: https://ripe72.ripe.net/archives/.

A shortened version of this article has also been published in the LINX (London Internet Exchange) online magazine, and can be found on Page 18 at: https://www.linx.net/documents/www.linx.net/uploads/hotlinx/hotlinx-46.pdf


UTRS_logo
At Team Cymru, we’re offering the Unwanted Traffic Removal Service (UTRS), free to the online community. UTRS is a system that allows cooperating BGP speakers to distribute verified BGP-based filter rules. DDoS victims are able to alleviate attacks by preventing the malicious traffic reaching their network. UTRS operators also benefit as unnecessary packets are blocked at source, freeing up network resources for legitimate traffic.