Saturday, March 30, 2013

Free eBook: 9 Steps to Cybersecurity

Explanation of Cybersecurity and How to Properly Integrate it into Your Organization

9 Steps to Cybersecurity from expert Dejan Kosutic is a free eBook designed specifically to take you through all cybersecurity basics in an easy-to-understand and easy-to-digest format.

You will learn how to plan cybersecurity implementation from top-level management perspective. Additionally, Kosutic covers all of your options and how to choose the ones that ultimately will work best.

President Obama issued “Executive Order - Improving Critical Infrastructure Cybersecurity" on February 12, 2013. 9 Steps to Cybersecurity will inform you of what you need to know at this timely and critical juncture. The goal of this book is to give you the essential information you need to make decisions that are crucial for the future of your organization. Simply fill out the short form on the right-hand side of the screen to download 9 Steps to Cybersecurity today.

Why is this Book Essential for You?

  • Learn how to use risk management to make your cybersecurity a profitable investment
  • Find out how cybersecurity can give your company an invaluable marketing edge
  • Learn how to comply with various information security laws and regulations, including U.S. Executive Order - Improving Critical Infrastructure Cybersecurity Discover the invaluable tips for persuading upper management to act immediately
  • Uncover the key elements of the CIA triad (Confidentiality, Integrity and Availability) and why it is vital to your company
  • Learn everything you need to know in order to develop a cybersecurity plan and monitor the implementation by setting measurable targets

Who Should Read this Timely, Free eBook on Cybersecurity?

Anyone interested in the cutting edge of cybersecurity and what is necessary to secure information should download 9 Steps to Cybersecurity, which can be read in less than 2 hours. This free eBook will be of tremendous interest to any executives wishing to be well versed in the latest cyber safety information. CEOs, CFOs, Chief Information Security Officers and other managers will find this detailed and informative examination of the current state of cybersecurity to be a must-read book. Additionally, 9 Steps to Cybersecurity is written in completely non-technical language - Kosutic's goal was for the book to be easily accessible to all executives, regardless of whether they have technical knowledge.

Once you’ve read Dejan Kosutic's book, you will have a clear concept of cybersecurity, and the direction that your company should take. You will be able to properly implement cybersecurity and comply with the regulations and relevant deadlines. 9 Steps to Cybersecurity was specifically written to provide much-needed clarity and help you chart the most direct and most effective path for your company, period.

Download this free book today and go well beyond the jargon and the confusion.

Thursday, March 28, 2013

Hackers steal photos, turn Wi-Fi cameras into remote surveillance device

Electronic manufacturers need to start putting some real thought into securing the devices and protecting privacy!

With so many people seizing the convenience of using their smartphone cameras to point, shoot and share, embedded GPS location and all, digital camera manufacturers have been offering more "social" options such as built-in Wi-Fi capabilities and camera apps to quickly share photos and videos.

In fact, if a digital single-lens reflex (DSLR) camera isn't Wi-Fi enabled, some photographers go the Wi-Fi SD card route and others create hacks to give that camera wireless file transfer capabilities.

While there have been plenty of researchers working on ways to exploit smartphones for remote spying, such as the scary PlaceRaider, an Android app that remotely exploits the camera and secretly snaps a picture every two seconds, there has not been as much research into exploiting DSLR Wi-Fi-enabled cameras. However, security researchers from ERNW changed that by showing how to exploit vulnerabilities in order to steal photos and turn a DSLR camera into a spying device.

In the presentation Paparazzi over IP, Mende and Turbing explained that there are four ways that the Canon EOS-1D X can communicate with a network via FTP, DLNA (Digital Living Network Alliance), WFT (Wireless File Transmitter) and the EOS Utility Mode.

They were able to attack and exploit all four, saying, "Not only did we discover weak plaintext protocols used in the communication, we've also been able to gain complete control of the camera, including modification of camera settings, file transfer and image live stream. So in the end the 'upload to the clouds' feature resulted in an image stealing Man-in-the-Imageflow."

 

Refer here to read further details.

Saturday, March 23, 2013

7 Key Duties Of CISOs

CISO's Responsibilities 

The CISO's responsibilities would include: 

  1. Overseeing the establishment and maintenance of a security operation that through automated and continuous monitoring can detect, contain and mitigate incidents that impair information security and enterprise information systems;
  2. Developing, maintaining and overseeing an enterprise-wide information security program;
  3. Developing, maintaining and overseeing information security policies, procedures and control techniques to address all applicable requirements;
  4. Training and overseeing personnel with significant responsibilities for information security;
  5. Assisting senior agency officials on cybersecurity matters;
  6. Ensuring the enterprise has a sufficient number of trained and security-cleared personnel to assist in complying with cybersecurity law and procedures;
  7. Reporting at least annually to enterprise executives the effectiveness of the agency information security program; information derived from automated and continuous monitoring, including threat assessments; and progress on actions to remediate threats.
The CISOs should posses the necessary qualifications, including education, training, experience and the security clearance needed to do the job.

Thursday, March 21, 2013

Beware of "Facebook Black"

"Facebook Black" malware spreading fast on Facebook

A new virus is hitting Facebook users with an Fake Facebook Black template which would allow the users to use an black template instead of the known white template.

The malware is spreading crazy on Facebook as it asks the users to click on a link that will install an application. This Black Facebook scam uses the trust of the Facebook users and then forwards the malware to their network and friends.

So please be warned do not click on the Facebook black template.


Revoke access

This malware uses an Facebook API to gain information. If you wish to revoke the access of the Facebook Black template virus then you have to do the following:

  • Navigate to the following url: http://www.facebook.com/settings?tab=applications
  • Search for the Facebook Black malware and delete it.

Sunday, March 17, 2013

STORM (Secure Tool for Risk Management)

Designs and keeps updated the ICT Security Policy, Disaster Recovery plans

STORM (Secure Tool for Risk Management) is a collaborative environment offering a buddle of services in order to help your business to securely manage your Information and Communication Technology (ICT) Systems.

STORM is based on web 2.0 technologies and its main characteristics are:

  • Compliance with Standards
  • Collaboration
  • User Friendliness
  • Reduces complexity
  • Scalability



Some of the key features are:

Cartography:
  • Identify and depict the ICT infrastructure
  • ICT assets (software and hardware) identification


Impact Assessment Service:
  • Recognize the impacts (business, economical, technological, legal) of upcoming incidents on the operations of the ICT

Threat Assessment Service:
  • Identify threats Evaluate threats

Vulnerability Assessment Service:
  • Identify Vulnerabilities
  • Evaluate Vulnerabilities

Risk Assessment service:
  • Collaborative support towards identifying and evaluating the impact, threat and vulnerability of each ICT asset (i.e. software, hardware, data asset).

Risk Management service:
  • Select the appropriate countermeasures according to the STORM-RM algorithm in order to protect ICT assets.

Refer here for more information or here for demo.

Saturday, March 9, 2013

Are Personal Password Database Sites Safe & Secure?

Basic tips & techniques for your daily password management!

Earlier this month, there was an expert on a popular U.S. morning news show advising people to use personal password database sites to keep track of their passwords. I couldn't disagree more.

While I commend the expert for advising people to use multiple, diverse and difficult-to-guess passwords for their different online accounts, I do not believe storing these passwords in the cloud is the best idea.

Here are four password-keeper services I saw recently being promoted for use within this Payment Systems post. Here are my thoughts on each of the four: 

KeePass: If you want to use this service, use it with a USB instead of Dropbox, which has had some security breaches in the past year. Although Dropbox recently announced improved security, I still don't want to entrust my passwords to a cloud service of any kind (Keep in mind lots of folks working for the cloud service have access to the info, simply as a matter of supporting the service.)

1Password: I'm leery. If someone else gets my computer, will the service's web integration allow them to access all my accounts? I pass on 1Password. 

LastPass and RoboForm: Many security folks approve of LastPass and RoboForm. Indeed, the services have been around for a few years. But I do not like the lack of information about how they secure their sites. I would not use these services, as they are cloud-based, and I simply do not want to share my passwords with others in this way. If you want to use them for managing the passwords for your websites with non-sensitive information, that's an option. However, keep your banking and other financial passwords with you and don't share with an online site.

It continues to be important to have multiple and varied passwords. At a minimum, your social networking passwords should be vastly different from your financial and banking passwords.

As for how to keep a record of these sites, if you don't want to use a password management service like KeePass to store your passwords on your own devices, try an encrypted Excel file, or even a good old-fashioned notebook that you keep locked away.

These alternatives may not be high-tech, but given the password management cloud services sites' vulnerabilities, it's much safer right now than relying on cloud-based services, which are major targets for hackers.

Friday, March 8, 2013

Is It Safe & Secure To Use Free Email Service?

If a government wants to peek into your Web-based e-mail account, it is surprisingly easy, most of the time not even requiring a judge’s approval

Ever wonder what Google has planned for all of the information it's collecting on its users? Well, their intentions may be completely irrelevant. As it turns out, Google has been compelled to give over their user data by law enforcement at an increasing and alarming rate.

In the second half of 2012, the tech giant received more than 21,000 requests for information, which represents a 70-percent increase over three years. The majority of the requests came from the federal government, who was hoping for a peek into users' email accounts. In most cases, the Feds didn't need a judge's okay.

Google is fighting back, trying to rally support against government access to personal data. In this professional's opinion, however, that's a bit ironic considering Google's own policies on collecting user information.

Just remember, anytime you are using a webmail site like Gmail for communication, understand your email is absolutely not protected and is not private.

Do not send sensitive information or conduct business using these types of free webmail services.

If you must use these sites, gather the emails through an off-cloud software system, like Microsoft Outlook. Then, configure your Outlook settings to delete the emails from Gmail, Yahoo, Hotmail or whatever cloud email service they are coming from, as soon as Outlook downloads them.

Wednesday, March 6, 2013

Sex Tape Scam Featuring Rihanna and `His’ Boyfriend Hits Facebook

Popular celebrities used by cyber-criminals for hoaxes and fraud

BEWARE! Facebook users are being hit by yet another alleged sex tape featuring Rihanna, one of the most popular celebrities used by cyber-criminals for hoaxes and fraud on the social network.

This time, the scam alleges the American singer was caught with `his boyfriend’ [sic] during sexy times.

Check out how the #scam works and how to protect your Facebook account here: http://bit.ly/Rihanna_Sex_Tape_Scam


Monday, March 4, 2013

Dishing-Off Your Old Device?

Did you know that in the wrong hands that "old" device can mean "new" problems for you?

Have you, like many adults, given a child in your life a hand-me-down mobile device? Maybe it's a "disabled" cell phone or your old iTouch that you let them play around on.

Savvy criminals are increasingly targeting mobile devices (even outdated ones) because they are very often loaded with personal data, including bank and credit cards numbers cached on mobile browsers, passwords, contact information, email and GPS histories.

If you are dead-set on letting your children play with these devices, be sure they have been wiped completely clean of your personal and business information. For tips on how to do this, give this eHow Tech post a thorough read.