[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Security

25K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

Ransomware is the next big security threat. Don’t be a victim. Prepare your business for fast and easy backup now https://bit.ly/2O0FO34 
1
OWASP: Avoiding Hacker Tricks
LVL 12
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

0
Bankrupt Company's Data Resold on Craigslist

Heads up for any members who have ever purchased through NCIX. Looks like their server equipment was sold off without being scrubbed.
This is a good reminder about letting a third party store your credit card data.
https://nakedsecurity.sophos.com/2018/09/24/bankrupt-ncix-customer-data-resold-on-craigslist/
2
LVL 46

Expert Comment

by:noci
They can sell the data to any company that continues the business (as a whole)  in one part.  (restart of business with new owners)...
(that is data that will still be used for what it was provided for.... ) Data is NOT provided for anything else then conducting business with THIS company.   (If EU customers are part of the data GDPR is important here, or even if non-EU citizens did business from the EU).
So there is no license on the data for a lot of different things.
0
LVL 46

Expert Comment

by:noci
The new  owner of the data ALSO inherrits this license/restriction on the data is not that  the data is free for all after it has been flogged off... (In legal theory...,  i am afraid it will be a free for all in practice).
0
TIP  SECURITY  ENCRYPTION & CERTIFICATES

In-place upgrade of encrypted Windows systems using reflectdrivers

Apparently since Win10 v1607 there exists a parameter "/reflectdrivers" in the Windows setup (setup.exe on the DVD / USB stick) see https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-command-line-options

This can be used to tell Setup the location of the encryption drivers (eg Veracrypt) and finally be able to perform upgrades without decrypting!

The Veracrypt developer shares this in a forum post and gives a syntax example for his product:

setup.exe /ReflectDrivers "C:\Program Files\VeraCrypt" /PostOOBE C:\ProgramData\VeraCrypt\SetupComplete.cmd

Open in new window

1
Andy's VMware vSphere tip#8: Spectre and Meltdown....Have you patched your server yet? It's almost 5 months since this Security Flaw was found in Intel CPUs, and we are still finding many VMs, and Hosts in the wild which are still not patched!

Remember this actually requires a little bit of work... To successfully patch against Spectre and Meltdown, you must:-

1. Update the BIOS and Firmware, and maybe CPU microcode in the Host ESXi Server. Some BIOS updates update the microcode for you. Check with your Server Vendor, some server vendor have been very slow to release new BIOS/Firmware/Microcode updates, and some servers may be now end of life, as server vendor may not release new code.

2. Update vCenter Server to 6.5 U1g, 6.0 U3e or 5.5 U3h.

3. Update the ESXi Build to the latest versions

ESXi 6.5: ESXi650-201803401-BG* and ESXi650-201803402-BG**
ESXi 6.0: ESXi600-201803401-BG* and ESXi600-201803402-BG**
ESXi 5.5: ESXi550-201803401-BG* and ESXi550-201803402-BG**

4. Update VMware Tools and all virtual machine hardware versions to 11.

5. Update Guest VM with latest updates.

6. You can then sit back, you are patched!

https://kb.vmware.com/s/article/52085

https://blogs.vmware.com/services-education-insights/feed-items/meltdown-and-spectre-vmware-patches#

https://blogs.vmware.com/feed-items/vmware-releases-patches-for-meltdown-and-spectre-bug/

If you need to discuss this further please, post a question to the VMware topic area.
1
Andy's VMware vSphere tip#5: Best Practice and Security Hardening ? HOW... easy as 1...2...3...

How about using some Automated VMware expertise, like having a VMware Consultant on hand, every minute of the day to ensure your VMware vSphere environment, is following best practices and security hardening guidelines to protect your environment, also has the ability to monitor VMware vSphere Hypervisor logs in real time for VMware KBs. We've been using and following this small startup for a few years now. Let me introduce you to Runecast Analyzer.

2018-05-24-10_41_44-Runecast-_-Web-c.png
https://www.runecast.biz/

Download a 14 Day Trial and take it for a spin.

We would not recommend it, if we didn't use it!

So there is no no excuse to quickly scan your environment for FREE, and see what you need to change!

PS Tell them Andy sent you.....you may get a discount!!!
0

Expert Comment

by:Alba Richi
Very interesting, thank you!
0
LVL 129

Author Comment

by:Andrew Hancock (VMware vExpert / EE MVE^2)
No problems follow me for more tips!
1
0

Expert Comment

by:Alba Richi
Thank you, I will definitely try your checklist!
1
LVL 5

Author Comment

by:Adrian McGarry
If you like the checklist, try our GDPR product
0
2

Expert Comment

by:Alba Richi
Thanks for the link.
0
https://blogs.technet.microsoft.com/mniehaus/2018/05/02/new-upgrade-to-windows-10-1803-without-suspending-bitlocker/

Microsoft is re-tightening security after tearing open a huge security hole themselves, long ago. They are offering to disable a problematic behavior that they have introduced years ago, which was heavily criticized, but somehow manage to make it sound like "going forward". Thing is, the ability to auto-suspend when upgrading was there before - IT WAS THE PROBLEM.

Interesting read for WSUS/SCCM admins who want to deploy feature upgrades.
1
LVL 107

Expert Comment

by:John
Thank you for posting this. On my machine, I have Opal 2 and my understanding from Microsoft (Redmond Global MVP Summit) is that BitLocker is not needed here so I have not implemented it.

Interesting read and thanks again.
0
Acronis Data Cloud 7.8 Enhances Cyber Protection
LVL 1
Acronis Data Cloud 7.8 Enhances Cyber Protection

A closer look at five essential enhancements that benefit end-users and help MSPs take their cloud data protection business further.

0
1
CloudFlare and APNIC have launched a free DNS service @ 1.1.1.1 that claims to prevent your ISP from selling your data:
https://blog.cloudflare.com/dns-resolver-1-1-1-1/

The claim to be the "fastest" comes with the caveat of "privacy-first" -- I wonder how it stacks up against DNS services that don't provide any inherent perceived privacy?

On a related note, the service is being hammered by multiple gbps of trash data:
https://www.zdnet.com/article/1-1-1-1-cloudflares-new-dns-attracting-gigabits-per-second-of-rubbish/

Personally, I've used Google's public DNS for years now, since it's always seemed to be more stable than my ISPs, but this CloudFlare option is really tempting. Handing over literally all of my browsing data to Google is probably not the best idea.
1
LVL 46

Expert Comment

by:noci
IPv6 patterns:
Google:
google-public-dns-a.google.com. 21599 IN AAAA   2001:4860:4860::8888

Cloudflare:
1dot1dot1dot1.cloudflare-dns.com. 299 IN AAAA   2606:4700:4700::1001
1dot1dot1dot1.cloudflare-dns.com. 299 IN AAAA   2606:4700:4700::1111

Quad9:
dns.quad9.net.          119     IN      AAAA    2620:fe::fe

level3 has no  ipv6...???
0
LVL 19

Expert Comment

by:Kyle Santos
I need an ELI5 version of what this does.  What am I doing by doing what they said here?
See https://1.1.1.1/ because it's that simple!
0
MyFitnessPal breach exposes data of an estimated 150 million users

Got an account at MyFitnessPal?  Change your Password!

MyFitness Pal, a fitness and nutrition app owned by Under Armour, announced on March 29th that a recent data breach impacts 150 million of their users.
 
What happened? According to a press release from Under Armour , they became aware of a potential security issue on March 25th when they discovered an unauthorized party had accessed user data from MyFitnessPal in February.

What data was compromised? The current investigation is ongoing but so far, indicates that the compromised data included hashed passwords, usernames and email addresses.

I'm a MyFitnessPal user. What should I do? The company is urging users to change their MyFitnessPal password immediately. Dashlane also recommends changing passwords for any accounts that share exact or similar passwords with your MyFitnessPal account.

Source: https://dashlane.com
0
In 2017, the number of vulnerabilities detected in applications rose 33%. Is your company prepared to deal with these risks? Train to become a Certified Penetration Testing Engineer today! There are only two days left to enroll in this month’s Course of the Month.
2
Redefine Your Security with AI & Machine Learning
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

Have you been following the ransomware attack against Atlanta? They were threatened with a bitcoin ransom, due yesterday. As of this morning, city courts were shut down and residents have been unable to pay their bills.

In an NPR report, there was a previous audit of Atlanta's IT department and they were warned this could happen.

What can we learn from this?

http://www.businessinsider.com/atlanta-cyberattack-cripples-city-operations-2018-3

https://www.npr.org/sections/thetwo-way/2018/03/28/597758947/time-is-running-out-for-atlanta-in-ransomware-attack
7
LVL 129

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE^2)
But we ALL there will be no blame and Management will get pay rises!
0
LVL 129

Expert Comment

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Know is missing autocorrect!
0

[Free Webinar] Ten Security Controls for effective Cybersecurity


cyber-webinar-1200x627.jpgWith cyberattacks evolving everyday organizations are forced to build a strong security layer to keep their data safe and maintain user privacy. With so much touch points to improve organization security, ManageEngine is here to facilitate things for you, by hand picking 10 primary security controls which you need to practice to keep the attackers at bay.

Attend our webinar about cybersecurity on April 24th, 11 am BST and make sure you have the best security measures in place for 2018.

Register Now: https://goo.gl/R16u4f
0
Did you know it only takes 2 hours for a security patch to be reversed engineered? Don’t let your company’s vulnerabilities go unsupervised. Enroll in March’s Course of the Month to begin training for your Certified Penetration Testing Engineer Certification today.
1

iStock_000048177382XXXLarge.jpgMicrosoft Patch Tuesday March 2018 updates

This Patch Tuesday comes with 74 security updates, including fixes for two known vulnerabilities (CVE-2018-0808 and CVE-2018-0940); luckily this release arrives in a more timely fashion, as there have been no known exploitations of these vulnerabilities like we’ve seen in the past.

Read more:  https://blogs.manageengine.com/desktop-mobile/desktopcentral/2018/03/14/microsoft-patch-tuesday-march-2018-updates.html
0
The US DoD recently released (via FOIA request) footage of an F18 SuperHornet tracking a UFO:
https://coi.tothestarsacademy.com/2015-go-fast-footage/

Kind of surprising this type of information doesn't create a maelstrom of headlines.

The tracking system used to capture the footage was Raytheon's Advanced Targeting Forward Looking Infrared pod: https://www.raytheon.com/capabilities/products/atflir

Interestingly, this isn't the first time UFO footage has been released:
https://www.nytimes.com/2017/12/16/us/politics/pentagon-program-ufo-harry-reid.html
0

Expert Comment

by:Alba Richi
Oh thank you for the link, it's very useful information for me.
0
http://www.newsweek.com/best-buy-geek-squad-fbi-informants-834846

There are bound to be varying opinions on the legality and/or morality of Geek Squad's practice of turning over client data to the FBI; especially considering that at least one instance allegedly led to the GS employee being paid for the info. I am intrigued to hear what others think about this.
2

Security

25K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.