Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x

Cybersecurity

333

Solutions

692

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Share tech news, updates, or what's on your mind.

Sign up to Post

Don't Get Hooked!

September-Consumer-Blog_Phishing_800.png
Another day, another phishing attack. From businesses to consumers, phishing attacks are becoming a more widespread and dangerous online threat every year. One wrong click could quickly turn into a nightmare if you aren’t aware of the current techniques cyber scammers are using to get access to your valuable personal information.

Stay safe with these tips.

1
Learn Veeam advantages over legacy backup
LVL 1
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Cyber News Rundown: Edition 9/29/17

CyberNewsRundown.jpg
Showtime Site Found Using Cryptocurrency Miner

Following the discovery last week that ThePirateBay has been using a Monero miner to experiment with revenue alternatives for the site, researchers have found that both Showtime.com and ShowtimeAnytime.com have embedded code for similar cryptocurrency mining. The code itself runs only while the user is on the site, and ceases once they navigate away. The main concern, however, was the high CPU usage users experienced. The script in question was removed after several days of testing, but Showtime has yet to comment on their implementation of the crypto-miner or its intended outcome.

Massive Stash of Credit Card Info Linked to Sonic Breach

In the past few days, researchers have found a trove of credit card data that could be tied to a recent breach at Sonic, the popular drive-in restaurant. The data is organized by the location of each card, and currently contains nearly 5 million unique card numbers and related info. While Sonic has not yet determined the cause of the breach, they have been working with their credit processing company to identify the compromised store locations and implement credit monitoring for affected customers.

More cybersecurity news you might have missed from the week on our blog.
2
 
LVL 7

Expert Comment

by:Nicholas
I was thinking can they really make that much money from it, as I remembered it it was like pennies if even that
Then I read https://www.lifewire.com/cryptocoin-mining-for-beginners-2483064 and it seems there could be big money to be made where popular sites like this are using it. Why invest money when you can get your customers to make you money

But on the flip side if I am giving away a few CPU cycles that meant no ads then is it really a bad thing...
0
Thoughts from Webroot’s new President and CEO, Mike Potts

800x600_Blog_Feature_Image.2-nezvn84.jpg
Mike Potts, Webroot's new President and CEO, shares his thoughts on why he joined Webroot and where he sees the cybersecurity industry going.

I’m delighted to join the Webroot team officially today as CEO. We helped define the cybersecurity field in our first 20 years, but I believe our best days are ahead. With this introductory post, I thought I’d let you know where I intend to focus in my first months at Webroot, with the goal of taking our customers, partners, and company to the next level of success.

More from Mike on our blog about his plans for the future of Webroot.
2
Another day, another cyber-attack! Back in March, Deloitte discovered that hackers gained access to an administrator account that didn't utilize two step verification. Compromised information includes emails and their attachments, usernames, passwords, IP addresses,  architectural diagrams for businesses and health information.

https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails
1
 
LVL 7

Expert Comment

by:Brian Matis
Starting to feel like we need a "sadface" option in addition to the endorse icon... I'm glad you posted the info, but I'm not endorsing that it happened!
1
 
LVL 17

Expert Comment

by:Kyle Santos
inb4 the CEO, CIO resign.
0
Ransomware Spares No One: How to Avoid the Next Big Attack

Ransomware-Blog_Image-800x650-1-ner8.png
With global ransomware attacks, such as WannaCry and not-Petya, making big headlines this year, it seems the unwelcomed scourge of ransomware isn’t going away any time soon. While large-scale attacks like these are most known for their ability to devastate companies and even whole countries, the often under-reported victim is the average home user.

We sat down with Tyler Moffit, senior threat research analyst at Webroot, to talk ransomware in plain terms to help you better understand how to stop modern cybercriminals from hijacking your most valuable data.
0
Protect DNS: A Conversation With Dave Dufour of Webroot

DNS is one of the basic services on which the web is based and it has proven to be robust and scalable to an astounding degree. Unfortunately, it's also vulnerable to hacking and can be a serious attack vector if left unprotected. Dave Dufour, director of cybersecurity and engineering at Webroot, is an expert on DNS and its implications in network security. Security Now talked with Dufour about the issues with DNS and what organizations should be doing to protect their networks, employees and customers from DNS-based threats.

Read more of the interview on Security Now.
2
3
4
 
LVL 7

Expert Comment

by:Nicholas
Accountability - what's that all about it.

Makes you wonder what they know that they get off with a nice retirement package...
0
 
LVL 17

Author Comment

by:Kyle Santos
Seriously.  They're like 'peace out y'all!'  *vacations in Maui*
0
CyberNewsRundown.jpg
Cyber News Rundown: Edition 9/15/17

German Voting Software Raises Concerns

With German elections only a couple weeks away, researchers have been working to determine how secure the voting systems really are. Per a recent study, the software being used contains multiple vulnerabilities that could lead to devastating results if the election is compromised. Meanwhile, the software creator maintains there is nothing wrong with the system and any tampering would only lead to confusion, rather than truly affecting the vote’s outcome.

Upgraded Android OS Slows Tide of Overlay Attacks

While overlay attacks are nothing new to Android™ users, the Toast window is a surprisingly fresh take on this technique. Google has already patched the issue being exploited, but many users unintentionally fell victim and gave permissions to a malicious app using the Toast window overlay on a legitimate page to spoof the users input. This type of attack can range from simply installing an annoying piece of malware on the device, all the way up to locking the device down and demanding a ransom.
2
1
Looking for the Wi-Fi vendor that's right for you?
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

2
Useful guide in recovery from Ransomware attack.
Nice work on the "C" part of the document: Data Integrity: Recovering from Ransomware and Other Destructive Events, Volume C.

This NIST Cybersecurity Practice Guide demonstrates how organizations can develop and implement appropriate actions following a detected cybersecurity event. The solutions outlined in this guide encourage monitoring and detecting data corruption in commodity components—as well as custom applications and data composed of open-source and commercially available components.

https://nccoe.nist.gov/publication/1800-11/index.html
2
Capture.JPG
Cyber News Rundown: Edition 9/8/17

The Cyber News Rundown brings you the latest happenings in cyber news weekly.
If you have any other questions, just ask!





Consumer Credit Reporting Agency Equifax Suffers Cyberattack Affecting 143 Million Customers

Equifax announced hackers gained access to sensitive company data that potentially compromised information for 143 million American consumers, including Social Security numbers, driver’s license information, and credit card details. This is the third major cybersecurity incident for the agency since 2015. Most concerning, Equifax knew of the breach on June 29 but waited until September 7 to disclose the information.

Instagram Hack Exposes Millions of Accounts
A group of hackers recently gained access to a large number of Instagram accounts for high-profile celebrities and other victims. The attackers were able to use an exploit in the Insta app to retrieve the email addresses and phone numbers for millions of account holders. They then used this information to take control of more valuable accounts and posted the credentials for sale on the dark web. While Instagram was quick to fix the bug, it is still unclear just how many accounts were compromised.

Customer Databases Belonging to Time Warner Cable Publicly Exposed
1
New Leadership at Webroot

Dick Williams has decided to retire after 8 years at Webroot, and more than five decades in the business world. Webroot has named a new CEO, Mike Potts, who will start September 25. Dick will remain on Webroot’s Board of Directors.
 
Mike brings more than 25 years of experience as a seasoned technology industry veteran spanning the application and security sectors. He most recently served as an integration executive in the security business group at Cisco after the acquisition of Lancope, where he served as president and CEO. Prior to Lancope, Mike was president and CEO of Air Defense, which was acquired by Motorola in 2008. He has a long history of driving innovation and growth and is the right person to continue our path to success at Webroot.

Dick expresses his sincere thanks and appreciation to all of our customers and advocates for helping Webroot achieve its current success, and for being incredible partners over the years.

Check out Dick's blog and our press release for more information on this announcement.
5
CyberNewsRundown.jpg
Cyber News Rundown: 9/1/17

IRS-Themed Ransomware Using Old-School Tactics

Over the past week, researchers have discovered a new ransomware variant that attempts to impersonate both the IRS and the FBI, similar to the FBI lockscreen malware that was popular several years ago. By tricking the victim into opening a link to a fake FBI questionnaire, the ransomware is downloaded onto the machine and begins encrypting. Fortunately, both the FBI and the IRS are taking great measures to alert possible victims and to catalog any scam emails that are being sent out.

History Repeats Itself at UK NHS District

Back in May, the UK’s National Health Services fell victim to a large WannaCry ransomware attack. While most of the districts have since regained full functionality, the district of Lanarkshire has once again been targeted. A cyberattack on its staffing and telephone systems left the district with only emergency services for several days. This event just reinforces the importance of updating security on critical systems before an attack, and even more so after one as devastating as WannaCry.

To read all of the stories, visit the Webroot Threat Blog.
3
In response to your need for cybersecurity and privacy, we developed the ability to ask questions anonymously! Check out our latest video explaining this feature available to Premium members, Qualified Experts, and Team Accounts.
2
Capture.JPG
Cyber News Rundown: Edition 8/25/17

The Cyber News Rundown brings you the latest happenings in cyber news weekly.
If you have any other questions, just ask!





UK NHS Database Exposes Over 1 Million Patient Records
During the past week, a breach was discovered in patient booking system SwiftQueue, which is widely used by several National Health Service (NHS) facilities. The database may have contained patient information for up to 1.2 million UK citizens, though the actual data has yet to be fully examined. Even worse, attackers now claim they have found additional SwiftQueue vulnerabilities and are in possession of all 11 million records stored by the company.

Booking Provider’s Data Found in Public Data Dump
Researchers recently discovered a large customer data dump in a publicly-facing Amazon S3 bucket. The data in question belongs to Groupize, a groups and meetings solution, and contains everything from customer interactions to full credit card information used to book hotels and other meeting spaces. Fortunately for anyone who has used the service, the data was properly secured within a week of the discovery.

Phishing Site Hosted on .fish Domain
1
OwnYourId.jpg
Your Identity Is Yours. Here’s How To Keep It That Way.

Have you ever been out with friends, had a little too much to drink, and left your credit card in a bar? Or maybe you thought you’d stowed your child’s social security card safely away in your desk drawer, but now you can’t find it. It may seem like losing these items is just an inconvenience, but the reality is that simple slip-ups like these can spell disaster for you and your family.
 
We recently took to the streets of Denver to get a feel for how average Americans are staying safe from identity theft. Their responses were not so surprising.  
 
How are you protecting your identity?
3
 
LVL 7

Expert Comment

by:Brian Matis
How are you protecting your identity?
I'm with you on the credit monitoring and credit freeze. Although, full disclosure, I did spend many years working for one of the major credit bureaus on their consumer credit monitoring products and wrote the business requirements for my team's portion of the credit lock feature—still one of my favorite projects from when I was there. We made it so much easier for customers to manage their freeze status through our service. :-)
1
 

Author Comment

by:Drew Frey
The credit piece is a big one that I think many don't pay enough attention to. It's important to know where you stand and stay up to date with your credit score and in some cases, freeze when needed.

That project sounds really interesting! Fun that you got to work on that Brian!
0
Locky ransomware rises from the crypt

Lockys_Back.jpg
New variants of Locky—Diablo and Lukitus—have surfaced from the ransomware family presumed by many to be dead. After rising to infamy as one of the first major forms of ransomware to achieve global success, Locky’s presence eventually faded. However, it appears this notorious attack is back with distribution through the Necurs botnet, one of the largest botnets in use today.
 
Webroot protects against Diablo and Lukitus
 
For the initial list of MD5s and more detail on Locky.
3
Free Tool: Port Scanner
LVL 10
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Beware - Variant of the well known locky (Diablo6) and mamba (DiskCryptor) are back.

Currently, there is no decryptor available to decrypt data locked by Mamba and Locky as well;
So watch out and educate your users to stay vigilant - old trick in phishing still valid hence detect those red flags to avoid being penetrated. Keep a disciplined cyber hygiene.
 
http://thehackernews.com/2017/08/locky-mamba-ransomware.html
3
Capture.JPG
Webroot Acquires Securecast, Launches Webroot Security Awareness Training

Beta Program Available Immediately to Help Businesses Reduce the Risks and Costs of Cyber Threats with End User Education

Webroot has acquired the assets of Securecast, a security awareness training platform. Building on Securecast, Webroot Security Awareness Training will give managed service providers (MSPs) and businesses a solution to reduce the risks and costs of phishing, ransomware, and other cyber threats with end-user education.

Webroot Security Awareness Training is available today as a beta program, with general availability scheduled for later this fall. The beta will allow participants to operate phishing simulations and provide a test course to address the weakest link in an organization’s security posture: the human factor. By combining the latest threat intelligence, technology, and training, Webroot enables businesses to reduce their security risks by continually educating their users and testing their awareness on cybersecurity best practices.

Explore Webroot Security Awareness Training

Webroot Security Awareness Training Beta Key Facts:
  • Webroot Security Awareness Training is a fully hosted Awareness-as-a-Service platform with an end user training program and a sophisticated phishing simulator.
  • The phishing
2
The Future of Cyber Security - Facts & Predictions


Ransomware, one of today's biggest security threats, has become a massive growth opportunity for our channel. As key stakeholders fear now that their organisation will eventually be hit by a ransomware attack, they are willing to spend more on IT security solutions.
 
Join our Live Webinar on 24th August 2017
 
  • Why is NHS spending 50 million pounds to improve its cyber security?
  • Why are schools and top universities the perfect targets for the file-encrypting attacks?
  • How much are businesses willing to invest after their first ransomware attack?
  • How to remain competitive and win the cyber security market?


Register Now and Secure your Spot!
2
What technology do you think is a fad that won’t last?

Not sure it really qualifies as a "fad" because it's been around so long, but I'd say that a lot of existing password guidelines (special characters, changing them every 90 days, capitalization rules, etc.) are on their way out. Don't believe me? Even the creator of those rules now regrets them.

Although, I'm really looking forward to the day when passwords can just go away almost completely...
2
 
LVL 17

Expert Comment

by:Kyle Santos
Meanwhile, I just got this.  xD

Screenshot_2.png
Arrrggghhhhhh!
1
 
LVL 17

Expert Comment

by:Kyle Santos
Come to think of it.  After I graduated high school and started using computers more often I realized how difficult it was to remember passwords that had all those wacky requirements, so I started choosing last names of random people which is kind of similar to what xkcd had mentioned about four random words.  Admittedly, I was doing my best to try and work around difficult password requirements by making it easier for me to remember!  Take that, Bill Burr!
1
What is your favorite password manager?  I use the hell out of LastPass.  Love it's versatility and reliability, especially across multiple platforms.  It's ease of use and short learning curve has made it a valuable part of helping my clientele manage access to specific resources with fantastic results.  What are your go to's?
4
 
LVL 9

Expert Comment

by:Brandon Lyon
LastPass is the one I prefer. It's easy to use on most browsers & major platforms.
1
 
LVL 13

Expert Comment

by:Brian Murphy
Agree, as of this writing.  LastPass.
0
2

Cybersecurity

333

Solutions

692

Contributors

The Cybersecurity specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. Cybersecurity focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.