Improve company productivity with a Business Account.Sign Up

x

Security

24K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

0
Easily Design & Build Your Next Website
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

CloudFlare and APNIC have launched a free DNS service @ 1.1.1.1 that claims to prevent your ISP from selling your data:
https://blog.cloudflare.com/dns-resolver-1-1-1-1/

The claim to be the "fastest" comes with the caveat of "privacy-first" -- I wonder how it stacks up against DNS services that don't provide any inherent perceived privacy?

On a related note, the service is being hammered by multiple gbps of trash data:
https://www.zdnet.com/article/1-1-1-1-cloudflares-new-dns-attracting-gigabits-per-second-of-rubbish/

Personally, I've used Google's public DNS for years now, since it's always seemed to be more stable than my ISPs, but this CloudFlare option is really tempting. Handing over literally all of my browsing data to Google is probably not the best idea.
1
 
LVL 42

Expert Comment

by:noci
IPv6 patterns:
Google:
google-public-dns-a.google.com. 21599 IN AAAA   2001:4860:4860::8888

Cloudflare:
1dot1dot1dot1.cloudflare-dns.com. 299 IN AAAA   2606:4700:4700::1001
1dot1dot1dot1.cloudflare-dns.com. 299 IN AAAA   2606:4700:4700::1111

Quad9:
dns.quad9.net.          119     IN      AAAA    2620:fe::fe

level3 has no  ipv6...???
0
 
LVL 18

Expert Comment

by:Kyle Santos
I need an ELI5 version of what this does.  What am I doing by doing what they said here?
See https://1.1.1.1/ because it's that simple!
0
MyFitnessPal breach exposes data of an estimated 150 million users

Got an account at MyFitnessPal?  Change your Password!

MyFitness Pal, a fitness and nutrition app owned by Under Armour, announced on March 29th that a recent data breach impacts 150 million of their users.
 
What happened? According to a press release from Under Armour , they became aware of a potential security issue on March 25th when they discovered an unauthorized party had accessed user data from MyFitnessPal in February.

What data was compromised? The current investigation is ongoing but so far, indicates that the compromised data included hashed passwords, usernames and email addresses.

I'm a MyFitnessPal user. What should I do? The company is urging users to change their MyFitnessPal password immediately. Dashlane also recommends changing passwords for any accounts that share exact or similar passwords with your MyFitnessPal account.

Source: https://dashlane.com
0
In 2017, the number of vulnerabilities detected in applications rose 33%. Is your company prepared to deal with these risks? Train to become a Certified Penetration Testing Engineer today! There are only two days left to enroll in this month’s Course of the Month.
2
Have you been following the ransomware attack against Atlanta? They were threatened with a bitcoin ransom, due yesterday. As of this morning, city courts were shut down and residents have been unable to pay their bills.

In an NPR report, there was a previous audit of Atlanta's IT department and they were warned this could happen.

What can we learn from this?

http://www.businessinsider.com/atlanta-cyberattack-cripples-city-operations-2018-3

https://www.npr.org/sections/thetwo-way/2018/03/28/597758947/time-is-running-out-for-atlanta-in-ransomware-attack
7
 
LVL 19

Expert Comment

by:Lucas Bishop
What can we learn from this?

Daily backups.

Atlanta seems to have dodged a bullet in that the attack isn't targeting infrastructure that could harm citizens (sewer, water, traffic, etc.). The fact that the attackers are only extorting roughly $51k, is astonishing. I guess they figure that price is a sweet spot; not too high, not too low. Question is whether enabling this kind of thing, by paying out, is worth it.

I'm betting that the city wants to pay the ransom, but can't figure out how to...
0
 
LVL 16

Expert Comment

by:Andrew Leniart
Cripes you'd think a governmental organization would have the sense to make daily (or even 2 or 3 a day) backups and store them in the cloud. It's not like they can't afford a backup regime for crying out loud!

What can we learn from this? - That whoever the IT Support department they've hired (if they've hired one at all) aught to be sacked!
1

[Free Webinar] Ten Security Controls for effective Cybersecurity


cyber-webinar-1200x627.jpgWith cyberattacks evolving everyday organizations are forced to build a strong security layer to keep their data safe and maintain user privacy. With so much touch points to improve organization security, ManageEngine is here to facilitate things for you, by hand picking 10 primary security controls which you need to practice to keep the attackers at bay.

Attend our webinar about cybersecurity on April 24th, 11 am BST and make sure you have the best security measures in place for 2018.

Register Now: https://goo.gl/R16u4f
0
Did you know it only takes 2 hours for a security patch to be reversed engineered? Don’t let your company’s vulnerabilities go unsupervised. Enroll in March’s Course of the Month to begin training for your Certified Penetration Testing Engineer Certification today.
1

iStock_000048177382XXXLarge.jpgMicrosoft Patch Tuesday March 2018 updates

This Patch Tuesday comes with 74 security updates, including fixes for two known vulnerabilities (CVE-2018-0808 and CVE-2018-0940); luckily this release arrives in a more timely fashion, as there have been no known exploitations of these vulnerabilities like we’ve seen in the past.

Read more:  https://blogs.manageengine.com/desktop-mobile/desktopcentral/2018/03/14/microsoft-patch-tuesday-march-2018-updates.html
0
NEW Internet Security Report Now Available!
LVL 1
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

The US DoD recently released (via FOIA request) footage of an F18 SuperHornet tracking a UFO:
https://coi.tothestarsacademy.com/2015-go-fast-footage/

Kind of surprising this type of information doesn't create a maelstrom of headlines.

The tracking system used to capture the footage was Raytheon's Advanced Targeting Forward Looking Infrared pod: https://www.raytheon.com/capabilities/products/atflir

Interestingly, this isn't the first time UFO footage has been released:
https://www.nytimes.com/2017/12/16/us/politics/pentagon-program-ufo-harry-reid.html
0
http://www.newsweek.com/best-buy-geek-squad-fbi-informants-834846

There are bound to be varying opinions on the legality and/or morality of Geek Squad's practice of turning over client data to the FBI; especially considering that at least one instance allegedly led to the GS employee being paid for the info. I am intrigued to hear what others think about this.
2
Obtain real-world security knowledge that allows you to recognize vulnerabilities, exploit system weaknesses, and safeguard threats. Enroll in March's Course of the Month to ensure you attain a higher level of cyber security.
0
We talk to business owners about the GDPR. Quite often they say,‘ I have a department that deals with all that legal stuff, they will sort it out.’ As a business owner when it comes to a data breach, you are libel, not your department. Know your data!  http://bit.ly/2CdtRAM
BCA512F8-ADC8-4100-915A-283D13E8013.jpeg
0
onsite.jpgIntroducing our March Course of the Month: Certified Penetration Testing Engineer Series
Enroll today to learn from a cybersecurity expert with more than 20 industry-recognized certifications and add this invaluable training to your resume. Bonus: This series, valued at $3,000, is free for Premium Members, Qualified Experts, and Team Accounts.
0
 
LVL 42

Expert Comment

by:noci
lookat bugtraq   and look for "Defense in depth the microsoft way" a now 52 part series.
... of microsoft not following their own advise. (With a side step of 30 something installer failures).
0
2
vSphere 5.5 and vSAN 5.5 End of General Support Reminder
Dear Valued Customer,

We would like to remind you that the End of General Support (EOGS) for VMware vSphere® 5.5 and vSAN™ 5.5 is September 19, 2018.
•      To maintain your full level of Support and Subscription Services, VMware recommends upgrading to vSphere 6.5. Note that by upgrading to vSphere 6.5 you not only get all the latest capabilities of vSphere but also the latest vSAN release and capabilities.
•      vCloud Suite 5 and vSphere with Operations Management™ (vSOM) customers running vSphere 5.5 are also recommended to upgrade to vSphere 6.5.
For more information on the benefits of upgrading and how to upgrade, visit the VMware vSphere Upgrade Center. VMware has extended general support for vSphere 6.5 to a full five years from date of release, which will end on November 15, 2021.

If you require assistance upgrading to a newer version of vSphere, VMware's vSphere Upgrade Service is available. This service delivers a comprehensive guide to upgrading your virtual infrastructure including recommendations for planning and testing the upgrade, the actual upgrade itself, validation guidance, and rollback procedures. For more information, contact your VMware account team, VMware Partner, or visit VMware Professional Services.

If you are unable to upgrade from vSphere 5.5 before EOGS and are active on Support and Subscription Services, you may purchase Extended Support in one-year increments for up to two years …
1
 
LVL 126

Author Comment

by:Andrew Hancock (VMware vExpert / EE MVE^2)
buy new hardware!
1
 

Expert Comment

by:vibinsathyan
:) Thank you
0
I am sharing an Office 365 Calendar using a Security Group. When the calendar was initially shared, it sent invitation emails to the group members. How do I manage invitations when I add someone to the group? It doesn't appear to do it automatically.
0
 
LVL 35

Expert Comment

by:Rob Henson
djstewart - you have created a post here. You will get better results if you raise a question. Use the big blue button at the top of the screen or this link:
https://www.experts-exchange.com/askQuestion.jsp
0
 

Author Comment

by:djstewartnc
Thanks Rob. First time in since they changed the format .... still fumbling my way around.

Will do.

David
0
Free Tool: Subnet Calculator
LVL 12
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

For those interested, AV-Comparatives Summary Report for 2017 has just been released.

https://www.av-comparatives.org/wp-content/uploads/2018/02/avc_sum_201712_en.pdf

Last Revision - 6th February 2018
1
2B42C08B-62FB-4CA6-AF79-1E33240CFD7.jpeg
Don't put it in the bin! How many of your employees are aware of the new data regulations? Ask them. http://bit.ly/2GBbhl2

Have a go!

Read the article, then tell me what and how many potential breaches you can spot?
0
After this morning's debacle with Malwarebytes, I got to thinking about another package that I recently discovered — Emsisoft. They seem to be pitching the product as both anti-malware and anti-virus. Anyone have personal experience with it to share? Thanks much, Joe
0
 
LVL 102

Expert Comment

by:John
Malwarebytes is neither the first vendor nor the last to make mistakes like this. You said in another post that they have issued a fix. So I suggest you not make a hasty exit. The next one along will make the same mistake in due course.
0
 
LVL 59

Author Comment

by:Joe Winograd, Fellow&MVE
Thanks for the comment, John, but I do not plan to stop using Malwarebytes...sorry if my post implied that. The incident simply triggered my thinking about A-M/A-V products and caused me to remember that I received a free, one-year subscription to Emsisoft when I upgraded my SyncBackPro from V7 to V8. But I never heard of Emsisoft and am hoping to get some feedback from fellow EE members about it. Regards, Joe
0
Malwarebytes is gobbling up all physical memory! Started about an hour ago here. It also turned off real-time protection. Must be a bad MBAM update. Anyone else seeing this? Only choice right now is to uninstall it, as far as I can tell.  Regards, Joe
0
 
LVL 16

Expert Comment

by:Andrew Leniart
Thanks for your update Joe.  I just re-enabled the Malwarebytes service and started it. Did an update and can confirm the issue has indeed been resolved. It's why I don't go to all the trouble of uninstalling.

Just about any software vendor will royally screw up like this at least once, so instead of uninstalling, I just disable and get on with my day. It also perfectly illustrates why I never rely on a single security package to keep me safe :)
0
 
LVL 59

Author Comment

by:Joe Winograd, Fellow&MVE
You're welcome, Andrew, I'm glad it's resolved for you, too.

I also don't rely on a single security package, although you have to be very careful when running more than one...in some cases, they can conflict with each other and cause a lot of grief. That's why you hear the popular caveat of not running more than one anti-virus product on the same machine. Cheers, Joe
0
0
0

Security

24K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.