Security

23K

Solutions

23K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

BecomingMalwaretech-SocialMedia-Nati.pngEver wondered what it takes to become a threat intel expert like Malwaretech? Check out our first Q&A release where Marcus discusses his background and predictions for the next threat in malware.
2
The Eight Noble Truths of Backup and Recovery
LVL 4
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

QTT2017.PNG
In This Issue:
Streaming Malware Detection and Trends

More information here.

Although malware and potentially unwanted applications (PUAs) such as spyware and adware have been a top concern for years, many organizations still find themselves overwhelmed by the abundance of modern threats. This quarter, we examine malware trends, get insight from Webroot CTO Hal Lonas on dissolving security perimeters, and present findings from two recent surveys on how security professionals will focus their security efforts over the next year.

Get the latest Threat Trends Report now!
2
1
 
LVL 18

Author Comment

by:Lucas Bishop
The acquiring company inserts adware into thousands of people's browsers and they begin earning revenue from ad-clicks and affiliate sales. Eventually people notice and uninstall the extension.

It's a pump and dump scheme. Short term they multiply profits. Long term the extension goes in the trash.
0
 
LVL 6

Expert Comment

by:Brian Matis
This is why we can't have nice things... :-(
0
Experts Exchange got the opportunity to interview MalwareTech, the 22yr old who discovered the WannaCry kill switch. Check out his advice on security and future security threats, as well as his comments on the importance of tech communities.
5
 
LVL 31

Expert Comment

by:Zoppo
Once a customer called me and told our software tells him 'Hardlock not found' - after 10 minutes verifying everything (driver, service, client) was installed fine and running, just for fun and coz I was a little bit frustrated, I aksed if he really plugged in the hardlock - the customer was a bit surprised and answered "No, it's here, laying in front of me, on my desktop - do I have to plug it somewhere?"

Another time I sent a PDF docu to a customer - he answered with a mail asking me what to do with this PDF. I wrote 'just open it to read or print it' - he answered he doesn't know what 'open' means and asked me if it would be possible that I open the PDF and send it to him 'opened'.

And one of my favorites, allthough it wasn't directly me: Once surprisingly I heard my colleague (usually a relaxed guy) yelling loud into the telephone "NO! STOP! Stop EVERYTHING! DON'T TOUCH the mouse! DON'T TOUCH ANYTHING! When I tell you 'click', click EXACTLY ONCE with the LEFT mouse button! WHEN I TELL YOU 'double click', click EXACTLY TWICE with the LEFT mouse button! As long as I don't tell you anything DON'T TOUCH ANYTHING!!!"
0
Does someone have experience with SaaS solution for network security management?
0
 
LVL 16

Expert Comment

by:Kyle Santos
Hi Asher,

Welcome to Experts Exchange.

Do you have a project in mind that you need someone to work on for you?
If yes, check out our Gigs platform.
https://www.experts-exchange.com/gigs/

If you want to look at members on the site you can go to navigation menu > Browse > Members.  There you can filter what type of expert you're looking for.
3
Skyport2-SocialMedia-LinkedInV2.pngDid you miss our co-branded webinar with Skyport Systems yesterday? Check out the recorded webinar available on-site to learn how to secure your Active Directory against security threats.
1
5
 
LVL 7

Author Comment

by:Nicholas
Change your passwords
1
 
LVL 6

Expert Comment

by:Craig Kehler
The report will detail which kinds of breaches and whether passwords were compromised or not. Sometimes it just means they got your spam info (job title, email, industry) other times they got your password like when LinkedIn was compromised.
1
Yesterday, cyber resilience startup, UpGuard, issued a report that as many as 14 million U.S. Verizon customers have fallen victim to a hack that stole their names, addresses, account details, and PINs. The startup claims to have first notified Verizon on June 13th of the hack, citing a "misconfigured cloud-based file repository" as the cause.

In reply, Verizon has stated that there has been no loss or theft of customer information and that only 6 million customers may be at risk due to an informational cloud storage move where a third-party employee made external access available. Latest reports urge Verizon customers to update their Verizon PINs in order to safeguard their accounts.

Stay tuned for more information on what happened in this attack and how to safeguard your accounts.
5
Need some insight on Amazon Quicksight and AWS.

-Word press Capabilities to pre existing web pages?
-Does it allow dashboard embedding?
-report embedding?
-able to embed dashboard on website with low level security?

Thanks for any advice
0
W3C Approves EME DRM Standard for the Web, Security Researchers Worried About Flaws
0
Want Experts Exchange at your fingertips?
LVL 9
Want Experts Exchange at your fingertips?

With Experts Exchange’s latest app release, you can now experience our most recent features, updates, and the same community interface while on-the-go. Download our latest app release at the Android or Apple stores today!

As if you needed another reason to own your own tld, some poor guy who's been using Eastlink.ca as his email account provider for 20 years is getting his address revoked.

He said he picked the handle "noreply" because he wanted an unusual address — and back in the '90s, it was.

http://www.cbc.ca/news/canada/nova-scotia/eastlink-email-address-steve-morshead-halifax-1.4186249
2
 
LVL 11

Expert Comment

by:Andrew Leniart
Yet another tick supporting the argument to own your own domain from the get go if you don't want others to have control over things like this.
1
Our community newsletter releases tomorrow highlighting our community health updates, expert and member articles, and a trending topics report. Don't miss the chance to receive tech and tEEm news in your inbox. Sign up today!
4
1
0
0
 
LVL 11

Expert Comment

by:Andrew Leniart
This reminded me of a MythBuster episode where they defeated an expensive and high tech door fingerprint scanning lock with nothing more than a photocopy of a fingerprint.  A YouTube link to an upload of the episode here.  If you don't want to watch the whole episode, just skip to 4:35 in the video :)
1
Today is the last day to enroll in June’s Course of the Month. With ransomware attacks on the rise this year, we encourage all members of our community to enroll and avoid becoming part of 2017's statistics. Premium members, Team Account members, and Qualified Experts will have 30 days after enrollment to complete the course. Don’t miss this opportunity to enhance your security!
3
netNeutralityArticleNativeAd.pngCheck out our new article about our stance on a user's right to net neutrality and why it's an important issue. Join us in this initiative by signing the petition and leaving a comment with the FCC on why you support Title II. (Click the "+Express" link to leave your comment.)
3
Today's update on Petya
Previously, it was believed that the ransomware would not begin encrypting until an hour after the initial infection. It is now been discovered that it begins encrypting the first 1MB of the below file types upon infection. Therefore turning off your device when viewing the reboot message, will not stop encryption.

It is also now being disputed if the goal of this attack was to collect Bitcoin or cause mass destruction in the devices it infects.

Files types:
.3ds .7z .accdb .ai .asp .aspx .avhd .back .bak .c .cfg .conf .cpp .cs .ctl .dbf .disk .djvu .doc .docx .dwg .eml .fdb .gz .h .hdd .kdbx .mail .mdb .msg .nrg .ora .ost .ova .ovf .pdf .php .pmf .ppt .pptx .pst .pvi .py .pyc .rar .rtf .sln .sql .tar .vbox .vbs .vcb .vdi .vfd .vmc .vmdk .vmsd .vmx .vsdx .vsv .work .xls .xlsx .xvd .zip
6
I watched the Free "GDPR Attack Plan: What You Need To Know" course created by Troy Hunt the other day.  It was quite interesting.

If you're in an organisation who stores personal data of EU citizens/users then you will want to be aware of what GDPR is.  There are some regulation changes coming up in 2018 that will probably affect your business.  I've placed a link below to the free course.

https://info.varonis.com/gdpr-attack-plan
0
[Live Webinar] The Cloud Skills Gap
LVL 4
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Update on Petya Attack
As noted by our on-site expert, krakatoa, the current vaccine for Petya involves creating a file called perfc in the C://Windows folder and making it read only.  No kill-switch has been discovered, only a local vaccine.  
If you see the reboot notification below, your device has been infected. Turn off your device to prevent future encryption. Petya begins encrypting the device an hour after the initial infection.
**Update: Petya begins encrypting your the first 1MB of your files prior to the reboot. See new post for the updated information. **petyareboot.JPG
6
 

Expert Comment

by:Phillip Monk
.dat
1
 
LVL 9

Author Comment

by:Experts Exchange
According to our knowledge, file extensions .dat and .dll for perfc. Check out this article for more info!
0
Gain the added security of knowing you are prepared and properly protected against future ransomware attacks, such the Petya attack, with this free course! Premium members, Team Account members, and Qualified Experts have 3 days to enroll for June’s Course of the Month. Once you enroll, you have 30 days to complete the course.

5
0
2
 
LVL 96

Expert Comment

by:Experienced Member
Because:

1. People do not update their systems still.
2. People go to dodgy sites.
3. People open emails from complete strangers.

I am in no way surprised.
1
Portland with some ftp advice.
ftpsecurity
6
Today's ransomware attack is spreading by SMB through the local network according to Marcus,
 @MalwareTech, who stopped the last attack—known as WannaCry—and is working to stop this one.
malware-tech.JPGPost your advice or news on the currently named "Petya" attack and be sure to ask any questions by tagging the topic "ransomware"  to get solutions fast!
4
 
LVL 16

Expert Comment

by:krakatoa
To vaccinate your computer so that you are unable to get infected with the current strain of NotPetya/Petya/Petna simply create a file called perfc in the C:\Windows folder and make it read only.
1

Security

23K

Solutions

23K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.