Ransomware is not going anywhere. Here, we’ve rounded up vital tips and advice from three ESET experts: Lysa Myers, Stephen Cobb and David Harley.
The post Ransomware: Key insights from infosec experts appeared first on WeLiveSecurity
Tag Archives: Security
WordPress 4.7.2 Update Fixes XSS, SQL Injection Bugs
WordPress fixed three security issues, including a XSS and SQL injection, with WordPress 4.7.2 this week.
Worrying about data privacy isn’t enough: Here’s how to own your online presence
ESET’s Ondrej Kubovič: “Worrying about privacy isn’t enough” – here’s how to control your data privacy and online presence.
The post Worrying about data privacy isn’t enough: Here’s how to own your online presence appeared first on WeLiveSecurity
Doxware, the Scary New Evolution of Digital Hijacking
Ransomware is one of the most frequent forms of cyberattack that a company can face. Through an infected email or by some other means, criminals can lock a computer, encrypt files, or sequester an entire corporate network. The main goal: ransom money, usually in the form of cryptocurrency, in exchange for freeing up the virtually hijacked computer or mobile device.
The FBI calculates that cybercriminals using ransomware have made off with up to $1 billion over the last year. However, many companies have learned how to combat this kind of attack. In addition to having the right protection, it’s possible to avoid paying the ransom by completely erasing the system and recovering it with a backup.
This particular kind of malware has evolved, and cybercriminals have honed their attacks against companies and individuals, making them more profitable. The future of ransomware is already here, and it’s called doxware.
This type of threat starts off in the same way as ransomware: cybercriminals take a company computer hostage and seek a ransom for its safe return. However, the risk is far greater. The cybercriminal threatens to make public the archives, confidential information, and conversations saved on the sequestered device. So, out of fear of having enormous quantities of corporate data put out there for all the world to see, victims will most likely pay the ransom.
It may be the case that this attack is practically a brand new, but some companies have already been infected. And it’s just the beginning. In fact, the malware is expected to continue evolving and cybercriminals will continue to perfect it until it becomes a global threat.
Just as Sony Pictures suffered in late 2014 a chain of cyberattacks followed by the leakage of some of the company’s confidential data, any other company in the world could suffer the same fate. If you’re not adequately protected against all kinds of threats, your devices could be hijacked and their secrets unveiled. Doxware is here, and it doesn’t bode well. Better be prepared.
The post Doxware, the Scary New Evolution of Digital Hijacking appeared first on Panda Security Mediacenter.
WordPress 4.7.2 Security Release
WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.7.1 and earlier are affected by three security issues:
- The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive.
WP_Queryis vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo).- A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.
Thank you to the reporters of these issues for practicing responsible disclosure.
Download WordPress 4.7.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.2.
Thanks to everyone who contributed to 4.7.2.
How to Hide Information with Ordinary Office Printers
The printer you have in your office may be less innocent than you thought. Some experts have already shown that they can even become a steganographic tool, the art, well-known in computer security, of hiding information from prying eyes.
A few years ago, the Electronic Frontier Foundation, an organization that defends civil liberties on the internet, reported that some laser printers included a code on the documents they printed that could be viewed with a certain light and a microscope. Manufacturers later had to admit that the US secret services had, apparently, reached an agreement with them so as to identify counterfeiters with that hidden code.
Researchers at the University of Utah have now shown that a conventional inkjet printer such as the one above your desktop can be used to print hidden images invisible to the human eye.
Messages hidden with silver and charcoal
Experts have used a silver and carbon ink to print an image formed by small rods of a millimeter in length and a few hundred microns in width. By varying the proportion of silver and coal, the conductivity of each bar also changes. The human eye is unable to perceive this modification. Using harmless terahertz radiation, which is located in the electromagnetic spectrum between infrared and microwave and is able to traverse opaque objects, the information encoded in the conductivity can be unveiled.
In a study published in the journal of the Optical Society (OSA), researchers demonstrated their new method by hiding QR codes in an image. At first glance, they looked just like an array of identical lines, but, thanks to terahertz radiation, the QR code was discovered. With this method, they have even camouflaged color QR codes.
“Our very easy-to-use method can print complex patterns of rods with varying conductivity,” explained Ajay Nahata, one of the authors of the study. “An added benefit to our technique is that it can be performed very inexpensively.”
Printers used for espionage?
Although they performed this test using relatively simple and small QR codes, they believe the technique could be used to conceal information in more detailed and complex images.
In World War I, the Germans used lemon juice in their letters as invisible ink to escape censorship. Now, the researchers at the University of Utah have shown that there are far more sophisticated ways of hiding information, and there is no need to dig too deep into your pockets to use it.
They also plan to develop inks that need to be heated or exposed to light at a given wavelength to uncover information. Will invisible inks for printers become a new way of hiding confidential information? We may never know.
The post How to Hide Information with Ordinary Office Printers appeared first on Panda Security Mediacenter.
The 25 worst passwords of them all
With all the data breaches that happened during 2016 – just think back to the 32 million Twitter passwords on the Dark Web or the time we found out that Mr. Zuckerberg’s password was ‘dadada’ –one should think that people have managed to notice that password security is a good idea and somewhat important. Think […]
The post The 25 worst passwords of them all appeared first on Avira Blog.
Yahoo faces SEC probe into its two record-breaking data breaches
The US Securities and Exchange Commission is looking into whether Yahoo could have been quicker to tell investors about two record-breaking data breaches.
The post Yahoo faces SEC probe into its two record-breaking data breaches appeared first on WeLiveSecurity
Quantum Computers and the Change in Cybersecurity
The next revolution in computer science already has a name: quantum computing. Computers capable of working with the superposition of ones and zeros (using qubits, which can take both values, unlike bits, which take one or the other) are still a laboratory animal, but research is increasingly approaching the dream of developing a machine with these characteristics capable of revolutionizing everything from medicine to computer security.
The quantum era will usher in a new phase in the eternal race between defenders and attackers of our privacy. Cryptography will be the battlefield in which this war of the future will be fought, the contenders of which are already preparing for a confrontation that could take place in the coming years.
Theoretically, a quantum computer would be able to break most of the current encryption algorithms, especially those based on public keys. A quantum computer can factor at a much higher speed than a conventional one. A brute-force attack (testing all possible passwords at high speed until you get the right one) would be a piece of cake with a machine that boasts these characteristics.
On the other hand, with this paradigm shift in computing will also come the great hope for privacy. Quantum cryptography will make things very difficult for spies and cybercriminals. While current encryption systems are secure because intruders who attempt to access information can only do so by solving complex problems, with quantum cryptography they would have to violate the laws of quantum mechanics, which, as of today, is impossible.
A quantum computer would be able to break most of the current encryption algorithms.
In any case, it is still early to fear or await with enthusiasm the arrival of these algorithms. Quantum computers are neither going to start decoding passwords tomorrow, nor will they be so dangerous when, within a few years, they are finally able to do so. Predictably, the security systems that would be most vulnerable to these machines will no longer be in use when, five years from now at least, they’ve become a more everyday reality.
Until then, and as a special precaution to protect the documents and some of the more confidential conversations of a company, it wouldn’t hurt to follow some tips. The most important thing is to avoid asymmetric key encryptions such as RSA, EIGamal, or one that’s based on the Diffy-Hellman protocol. Quantum computers would be able to solve relatively easily the mathematical problems at the core of their security.
The post Quantum Computers and the Change in Cybersecurity appeared first on Panda Security Mediacenter.
Why Your Business Needs a Security Strategy for Social Networks
In 2017, it’s not easy to find a company that doesn’t have any sort of presence on social networks. A Twitter account, a Facebook page, and a lot of Instagram photos come standard in any business’s digital communications pack.
Added to this are all of the employees who access their own accounts during work hours. Despite all this activity, there are still plenty of corporations that don’t regulate it, putting their own security at risk.
According to a recent study by the Pew Research Center, around 50% of the companies analyzed have no briefing for social media use within the company.
Businesses that don’t take this security issue seriously are exposing themselves to a diversity of threats. First, they may witness their own employees leaving negative posts about the company from their work stations. Worse still, they could publish confidential corporate data.
Aside from avoiding potential scenarios in which lead to a corporate crisis, the main goal of a social network strategy should be too clearly define what your employees are permitted to do on them during work hours. One of the premises that should be clearly established is to not follow links whose origin is unknown or untrusted.
In that way, and with the right protection, it is possible to avoid some of the risks hiding in the deepest corners of social networks. Phishing attacks, spam, or any type of malware could jeopardize corporate secrets. A clear policy for Twitter & Company is critical.
Best social network practices could also increase productivity. This is demonstrably true, according to the same Pew Research study, as we see that 40% of employees at a company with no such policy use social platforms to relax a bit.
On the other hand, when a clear policy is in fact in place we see the number drop to 30%. Not only, then, are we avoiding risks, but also promoting a more professional work environment. Does your business have rules for the use of social networks in the workplace?
The post Why Your Business Needs a Security Strategy for Social Networks appeared first on Panda Security Mediacenter.