During the COVID-19 pandemic and response, workers are heading home in record numbers. In this short 23-min. webinar, CI Security CTO Mike Simon covers the the critical work-from-home cybersecurity risks that employees need help with now.
The material is geared toward InfoSec and IT professionals, technical users, and team managers.
Top 8 Work From Home (WFH) Cybersecurity Priorities...
Step 1: Control the WFH Environment
Step 2: Control the WFH Computer
Step 3: Up Your Phishing Game
Step 4: Worry About Sensitive Documents and Regulated Data
Step 5: Watch for Cyber-Threats
Step 6: Expanding VPN
Step 7: Say No to Split-Tunnels
Step 8: Keep Great Records
Showing posts with label cybersecurity. Show all posts
Showing posts with label cybersecurity. Show all posts
Tuesday, March 24, 2020
Saturday, March 21, 2020
Remote Work, Security & Is Your Office Being Bugged While You're Home
It's a rule of thumb in cybersecurity that the more sensitive your system, the less you want it to touch the internet. But as the US hunkers down to limit the spread of Covid-19, cybersecurity measures present a difficult technical challenge to working remotely for employees... In some cases, working from home isn't an option at all...
Late last week, the US government's Cybersecurity and Infrastructure Security Agency issued an advisory to critical infrastructure companies to prepare for remote work scenarios as Covid-19 spreads...
But cybersecurity consultants who actually work with those high-stakes clients—including electric utilities, oil and gas firms, and manufacturing companies—say that it's not always so simple. For many of their most critical customers, and even more so for intelligence agencies, remote work and security don't mix. more
Special note to the business community...
Planting bugs is easy when your offices are empty. Business espionage types know this.
Quality TSCM sweep teams will be in demand and hard to book when Covid-19 subsides. Prepare now. Put your team on retainer.
If you don't have a quality provider contact us. We'll create a back-to-work inspection strategy, and a no-obligation estimate for you. ~Kevin
Late last week, the US government's Cybersecurity and Infrastructure Security Agency issued an advisory to critical infrastructure companies to prepare for remote work scenarios as Covid-19 spreads...
But cybersecurity consultants who actually work with those high-stakes clients—including electric utilities, oil and gas firms, and manufacturing companies—say that it's not always so simple. For many of their most critical customers, and even more so for intelligence agencies, remote work and security don't mix. more
Special note to the business community...
Planting bugs is easy when your offices are empty. Business espionage types know this.
Quality TSCM sweep teams will be in demand and hard to book when Covid-19 subsides. Prepare now. Put your team on retainer.
If you don't have a quality provider contact us. We'll create a back-to-work inspection strategy, and a no-obligation estimate for you. ~Kevin
Friday, March 20, 2020
Will Working from Home Increase Business Espionage Opportunities
I received a question today about inductive coupling; gleaning computer data leaked on to power lines (aka, mains) from keyboards, screens, etc. The person mentioned this was possible if the residences shared the same power transformer.
"So, does the increase in work-from-home offices these days increase the business espionage threat?"
Interesting question. Got me thinking.
I replied...
You're correct about sharing a transformer. Information can be induced onto the mains and intercepted on that side of the circuit. Several floors in an apartment building and usually 3-4 homes in a residential neighborhood can share one transformer.
But, let's think this through...
Back before we all became computerized the mains lines were relatively noise-free. Carrier-current bugs and wireless intercoms worked quite well for transmitting audio. These days, the noise level is a digital cacophony, created by everyone who shares the circuit.
The very low signal level a keyboard might contribute would be difficult to hear. Segregating the signal from other digital noise would also be a challenge. With diligence and the right instrumentation deciphering this digital data is doable. It would not be a nosy neighbor doing this. If you got that far, you're probably a government and the home worker has a bigger than average problem.
Realistically speaking...
A fairly static group of mains users also reduces risk. Your neighbors aren't deep cover spies who have waited years for the chance you might be forced to work from home. Moving into a neighborhood or apartment building with spying intentions is possible, but not easy to do on a moments notice. There are easier ways to obtain even more information, with a lot less work, and greater chance of success.
Worry about these things...
The weak links in a home office are: the computer, wireless keyboards, Wi-Fi, and internet modems. Current versions of wireless keyboards use Bluetooth (30 foot range) with some pretty good security features. As for date leaking onto the mains... Most smart people use a UPS battery backup with filtering for their computers, so no problem there. For anyone without a UPS getting one is a very worthwhile recommendation for multiple reasons.
Threats the average home office faces...
Imagine this...
Your company needs to have a technical security consultant on retainer—because there is more to know.
"So, does the increase in work-from-home offices these days increase the business espionage threat?"
Interesting question. Got me thinking.
I replied...
You're correct about sharing a transformer. Information can be induced onto the mains and intercepted on that side of the circuit. Several floors in an apartment building and usually 3-4 homes in a residential neighborhood can share one transformer.
But, let's think this through...
Back before we all became computerized the mains lines were relatively noise-free. Carrier-current bugs and wireless intercoms worked quite well for transmitting audio. These days, the noise level is a digital cacophony, created by everyone who shares the circuit.
The very low signal level a keyboard might contribute would be difficult to hear. Segregating the signal from other digital noise would also be a challenge. With diligence and the right instrumentation deciphering this digital data is doable. It would not be a nosy neighbor doing this. If you got that far, you're probably a government and the home worker has a bigger than average problem.
Realistically speaking...
A fairly static group of mains users also reduces risk. Your neighbors aren't deep cover spies who have waited years for the chance you might be forced to work from home. Moving into a neighborhood or apartment building with spying intentions is possible, but not easy to do on a moments notice. There are easier ways to obtain even more information, with a lot less work, and greater chance of success.
Worry about these things...
The weak links in a home office are: the computer, wireless keyboards, Wi-Fi, and internet modems. Current versions of wireless keyboards use Bluetooth (30 foot range) with some pretty good security features. As for date leaking onto the mains... Most smart people use a UPS battery backup with filtering for their computers, so no problem there. For anyone without a UPS getting one is a very worthwhile recommendation for multiple reasons.
Threats the average home office faces...
- shared cable internet,
- Wi-Fi signal hacking,
- spyware viruses (data, audio and video compromise),
- Wi-Fi connected printer intercepts,
- information phishing scams,
- and none of the usual enterprise type protections.
Imagine this...
- Step #1: The spy purchases a USB Rubber Ducky (to crack into the computer) and an o.mg cable (to crack into the smartphone). Total cost: <$200.00.
- Step #2: Spy plops these into an old Amazon box and mails it to "the mark."
- Step #3: Mark goes, "Wow, cool. I didn't order this. Amazon must have screwed up. Not worth sending back. I'll keep it."
- Step #4: Mark plugs this windfall into his computer and phone.
- Step #5: Gotcha!
Your company needs to have a technical security consultant on retainer—because there is more to know.
Thursday, February 6, 2020
US Weapons-Makers Plagued by Industrial Espionage
The U.S. defense industrial base received a "mediocre C" report-card grade as it struggles to stay ahead of adversaries, such as China, that rely on stealing American military secrets to remain competitive, according to a new report from the National Defense Industrial Association (NDIA).
"Vital Signs 2020: The Health and Readiness of the Defense Industrial Base," a data-based report compiled by NDIA and the data analytics firm Govini, analyzed 44 statistical indicators ranging from potential threats to digital systems to surge capacity over the last three years.
The report then graded eight performance areas -- on a scale of 100 -- for an average grade of 77 for 2019. more
"Vital Signs 2020: The Health and Readiness of the Defense Industrial Base," a data-based report compiled by NDIA and the data analytics firm Govini, analyzed 44 statistical indicators ranging from potential threats to digital systems to surge capacity over the last three years.
The report then graded eight performance areas -- on a scale of 100 -- for an average grade of 77 for 2019. more
Thursday, January 30, 2020
NIST - Detecting and Responding to Ransomware and Other Destructive Events
In response to growing ransomware attacks on businesses and governments small and large, the National Institute of Standards and Technology (NIST) has released draft guidelines to help organizations prepare for “data integrity cybersecurity events” that threaten their operations...
The free guide, which will be available for public comment through Feb. 26, focused specifically on potential tool sets for mitigating and containing cybersecurity attacks as well as what strategies security teams could adopt to respond...
Security teams and organization leaders can read the full report and provide public comment through NIST’s website. more
The free guide, which will be available for public comment through Feb. 26, focused specifically on potential tool sets for mitigating and containing cybersecurity attacks as well as what strategies security teams could adopt to respond...
Security teams and organization leaders can read the full report and provide public comment through NIST’s website. more
Facebook Tracks You - You can stop the spying, sort of.
If you’ve ever thought Facebook is listening or watching you when you’re not on the social media site, you are right. ... The Washington Post says Facebook-owned apps like Instagram and Messenger are tracking you, too.
But now developers at the social media giant have rolled out a tool that may stop most of it, or at least tell you how Facebook is spying on users’ daily lives. It’s called off-Facebook activity...
Click the small triangle at the top right of Facebook and go to settings. Then click “Your Facebook Information” on the left column, then select Off-Facebook Activity to manage the information the company gleans from your life. Here you can either manage it or clear the entire history from your account.
But the company also has a caveat. You may clear your current history, but new activity will be shared back to Facebook in the future. more
But now developers at the social media giant have rolled out a tool that may stop most of it, or at least tell you how Facebook is spying on users’ daily lives. It’s called off-Facebook activity...
Click the small triangle at the top right of Facebook and go to settings. Then click “Your Facebook Information” on the left column, then select Off-Facebook Activity to manage the information the company gleans from your life. Here you can either manage it or clear the entire history from your account.
But the company also has a caveat. You may clear your current history, but new activity will be shared back to Facebook in the future. more
Geez... just like barnacles. |
Wednesday, January 22, 2020
FutureWatch: Mind-Reading Called Brain-Hacking - Food for Thought
The world is in the middle of a new technology arms race, according to best-selling historian Yuval Noah Harari, who warns that the prize being fought over this time is not physical territory, but our brains.
Speaking at the World Economic Forum in Davos, Harari predicted a future where governments and corporations will be able to gather enough data about citizens around the world that, when combined with computational power, will let them completely predict – and manipulate – our decisions. Harari calls this concept "brain-hacking".
"Imagine, if 20 years from now, you could have someone sitting in Washington, or Beijing, or San Francisco, and they could know the entire personal, medical, sexual history of, say, every journalist, judge and politician in Brazil," said Harari.
"You could control a whole other country with data. At which point you may ask: is it an independent country, or is it a data colony?" more Previous mind-reading posts.
Speaking at the World Economic Forum in Davos, Harari predicted a future where governments and corporations will be able to gather enough data about citizens around the world that, when combined with computational power, will let them completely predict – and manipulate – our decisions. Harari calls this concept "brain-hacking".
"Imagine, if 20 years from now, you could have someone sitting in Washington, or Beijing, or San Francisco, and they could know the entire personal, medical, sexual history of, say, every journalist, judge and politician in Brazil," said Harari.
"You could control a whole other country with data. At which point you may ask: is it an independent country, or is it a data colony?" more Previous mind-reading posts.
Tuesday, January 21, 2020
Android Users Beware: These Top Camera Apps May Secretly Be Spying
The latest warning has come from the research team at CyberNews, exposing “camera apps with billions of downloads [that] might be stealing user data and infecting them with malware.”
...But that’s exactly what some of the top beauty camera apps have been found guilty of doing. more
...But that’s exactly what some of the top beauty camera apps have been found guilty of doing. more
- BeautyPlus – Easy Photo Editor & Selfie Camera
- BeautyCam
- Beauty Camera – Selfie Camera
- Selfie Camera – Beauty Camera & Photo Editor
- Beauty Camera Plus – Sweet Camera & Makeup Photo
- Beauty Camera – Selfie Camera & Photo Editor
- YouCam Perfect – Best Selfie Camera & Photo Editor
- Sweet Snap – Beauty Selfie Camera & Face Filter
- Sweet Selfie Snap – Sweet Camera & Beauty Cam Snap
- Beauty Camera – Selfie Camera with Photo Editor
- Beauty Camera – Best Selfie Camera & Photo Editor
- B612 – Beauty & Filter Camera
- Face Makeup Camera & Beauty Photo Makeup Editor
- Sweet Selfie – Selfie Camera & Makeup Photo Editor
- Selfie camera – Beauty Camera & Makeup camera
- YouCam Perfect – Best Photo Editor & Selfie Camera
- Beauty Camera Makeup Face Selfie, Photo Editor
- Selfie Camera – Beauty Camera
- Z Beauty Camera
- HD Camera Selfie Beauty Camera
- Candy Camera – selfie, beauty camera & photo editor
- Makeup Camera-Selfie Beauty Filter Photo Editor
- Beauty Selfie Plus – Sweet Camera Wonder HD Camera
- Selfie Camera – Beauty Camera & AR Stickers
- Pretty Makeup, Beauty Photo Editor & Selfie Camera
- Beauty Camera
- Bestie – Camera360 Beauty Cam
- Photo Editor – Beauty Camera
- Beauty Makeup, Selfie Camera Effects & Photo Editor
- Selfie cam – Bestie Makeup Beauty Camera & Filters
Monday, January 13, 2020
Security Tip #792: Be Gone Phishing
via Krebs on Security
"Savvy readers here no doubt already know this, but to find the true domain referenced in a link, look to the right of “http(s)://” until you encounter the first backward slash (/). The domain directly to the left of that first slash is the true destination; anything that precedes the second dot to the left of that first slash is a subdomain and should be ignored for the purposes of determining the true domain name."
"For instance, in the case of the imaginary link below, example.com is the true destination, not apple.com: https://www.apple.com.example.com/findmyphone/" more
Double checking links before clicking can save you from sleeping with the phishers. Hover over links, but don't click, to see where you might be going.
"Savvy readers here no doubt already know this, but to find the true domain referenced in a link, look to the right of “http(s)://” until you encounter the first backward slash (/). The domain directly to the left of that first slash is the true destination; anything that precedes the second dot to the left of that first slash is a subdomain and should be ignored for the purposes of determining the true domain name."
"For instance, in the case of the imaginary link below, example.com is the true destination, not apple.com: https://www.apple.com.example.com/findmyphone/" more
Double checking links before clicking can save you from sleeping with the phishers. Hover over links, but don't click, to see where you might be going.
Tuesday, December 31, 2019
Now Santa's Toys Know if You Are Naughty or Nice
Christmas is over, which means there may be a few extra toys for children in the house.
Cybersecurity experts are warning parents to pay attention to what kinds of toys their children are playing with, saying some could be capable of doing much more than what you're aware of.
...toys with Bluetooth or that can connect to Wi-Fi have the potential to not only spy on those playing with them but could also collect data later capable of predicting children's thoughts and behaviors. more
Cybersecurity experts are warning parents to pay attention to what kinds of toys their children are playing with, saying some could be capable of doing much more than what you're aware of.
...toys with Bluetooth or that can connect to Wi-Fi have the potential to not only spy on those playing with them but could also collect data later capable of predicting children's thoughts and behaviors. more
Tuesday, November 19, 2019
Beginner's Guide to Small Business Cyber Security
Cyber Essentials is a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices.
Consistent with the NIST Cybersecurity Framework and other standards, the Cyber Essentials are the starting point to cyber readiness...
Managing cyber risks requires building a Culture of Cyber Readiness. The Culture of Cyber Readiness has six Essential Elements... more
Consistent with the NIST Cybersecurity Framework and other standards, the Cyber Essentials are the starting point to cyber readiness...
Managing cyber risks requires building a Culture of Cyber Readiness. The Culture of Cyber Readiness has six Essential Elements... more
Tuesday, November 5, 2019
With a Laser, Researchers Say They Can Hack Alexa and Other Assistants
Since voice-controlled digital assistants were introduced a few years ago, security experts have fretted that systems like Apple’s Siri and Amazon’s Alexa were a privacy threat and could be easily hacked.
But the risk presented by a cleverly pointed light was probably not on anyone’s radar.
Researchers in Japan and at the University of Michigan said Monday that they had found a way to take over Google Home, Amazon’s Alexa or Apple’s Siri devices from hundreds of feet away by shining laser pointers, and even flashlights, at the devices’ microphones. more
But the risk presented by a cleverly pointed light was probably not on anyone’s radar.
Researchers in Japan and at the University of Michigan said Monday that they had found a way to take over Google Home, Amazon’s Alexa or Apple’s Siri devices from hundreds of feet away by shining laser pointers, and even flashlights, at the devices’ microphones. more
Wednesday, October 30, 2019
Kettle Gets Called Black... or, Who's Zoomin' Who
Facebook launched a new front in the battle over encryption yesterday by suing the Israeli spyware firm NSO Group for allegedly hacking WhatsApp, its encrypted messaging service, and helping government customers snoop on about 1,400 victims...
The lawsuit marks the first time a messaging service has sued a spyware company for undermining its encryption and it could prompt a slew of suits against companies that have developed encryption workarounds bolstering governments' ability to spy on their citizens. more
The lawsuit marks the first time a messaging service has sued a spyware company for undermining its encryption and it could prompt a slew of suits against companies that have developed encryption workarounds bolstering governments' ability to spy on their citizens. more
Friday, October 25, 2019
Racoon Steals Data for $200. per Month - Cute
A new kind of easy to use trojan malware is gaining popularity among cyber criminals, providing them with simple means of stealing credit card data, passwords and cryptocurrency -- and it has already infected hundreds of thousands of Windows users around the world.
Raccoon Stealer first appeared in April this year and has quickly risen to become one of the most talked-about malware services in underground forums.
Researchers at Cybereason have been monitoring Raccoon since it first emerged, and note that while not sophisticated, it is aggressively marketed to potential criminal users, providing them with an easy-to-use back end, along with bulletproof hosting and 24/7 support -- all for $200 a month. more
Raccoon Stealer first appeared in April this year and has quickly risen to become one of the most talked-about malware services in underground forums.
Researchers at Cybereason have been monitoring Raccoon since it first emerged, and note that while not sophisticated, it is aggressively marketed to potential criminal users, providing them with an easy-to-use back end, along with bulletproof hosting and 24/7 support -- all for $200 a month. more
Thursday, October 24, 2019
Turning Amazon and Google Smart Speakers into Smart Spies
Researchers at Germany’s SRLabs found two hacking scenarios — eavesdropping and phishing — for both Amazon Alexa
and Google Home/Nest devices. They created eight voice apps (Skills for
Alexa and Actions for Google Home) to demonstrate the hacks that turns
these smart speakers into smart spies. The malicious voice apps created
by SRLabs easily passed through Amazon and Google’s individual screening
processes...
For eavesdropping, the researchers used the same horoscope app for Amazon’s smart speaker. The app tricks the user into believing that it has been stopped while it silently listens in the background. more
For eavesdropping, the researchers used the same horoscope app for Amazon’s smart speaker. The app tricks the user into believing that it has been stopped while it silently listens in the background. more
Google Accused of Spying with New Tool
Google employees have accused their employer of creating a surveillance tool disguised as a calendar extension designed to monitor gatherings of more than 100 people, a signal that those employees may be planning protests or discussing union organizing. Google parent company Alphabet “categorically” denies the accusation.
The accusation, outlined in a memo obtained by Bloomberg News, claims severe unethical conduct from high-ranking Google employees, who they say allegedly ordered a team to develop a Chrome browser extension that would be installed on all employee machines and used primarily to monitor internal employee activity.
Employees are claiming the tool reports anyone who creates a calendar invite and sends it to more than 100 others, alleging that it is an attempt to crackdown on organizing and employee activism. more
The accusation, outlined in a memo obtained by Bloomberg News, claims severe unethical conduct from high-ranking Google employees, who they say allegedly ordered a team to develop a Chrome browser extension that would be installed on all employee machines and used primarily to monitor internal employee activity.
Employees are claiming the tool reports anyone who creates a calendar invite and sends it to more than 100 others, alleging that it is an attempt to crackdown on organizing and employee activism. more
Toga! Toga! Toga! ...SCIF Fight!
SCIF fight shows lawmakers can be their own biggest cybersecurity vulnerability.
About two dozen House Republicans enter a sensitive compartmented information facility (SCIF) where a closed session before the House Intelligence, Foreign Affairs and Oversight committees took place.
A group of House Republicans could have created a field day for Russian and Chinese intelligence agencies when they stormed into a secure Capitol Hill room where their colleagues were taking impeachment testimony yesterday with their cellphones in tow. more
About two dozen House Republicans enter a sensitive compartmented information facility (SCIF) where a closed session before the House Intelligence, Foreign Affairs and Oversight committees took place.
A group of House Republicans could have created a field day for Russian and Chinese intelligence agencies when they stormed into a secure Capitol Hill room where their colleagues were taking impeachment testimony yesterday with their cellphones in tow. more
"You're all worthless and weak!" ~Doug Neidermeyer
Wednesday, October 23, 2019
Free Ransomware Decryption Tool
Emsisoft Decryptor for STOP Djvu
The STOP Djvu ransomware encrypts victim's files with Salsa20, and appends one of dozens of extensions to filenames; for example, ".djvu", ".rumba", ".radman", ".gero", etc.
Please note: There are limitations on what files can be decrypted. more
Of course, put all the safeguards in place first so you won't need this tool. ~Kevin
The STOP Djvu ransomware encrypts victim's files with Salsa20, and appends one of dozens of extensions to filenames; for example, ".djvu", ".rumba", ".radman", ".gero", etc.
Please note: There are limitations on what files can be decrypted. more
Of course, put all the safeguards in place first so you won't need this tool. ~Kevin
Friday, October 18, 2019
IT / Security Director Alert: Cisco Aironet Wi-Fi High-Severity Vulnerability Patch Available
Cisco has issued patches for critical and high-severity vulnerabilities in its Aironet access point devices.
It also issued a slew of additional patches addressing other flaws in its products.
“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory.
“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory. "...it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the [access point], creating a denial of service (DoS) condition for clients associated with the [access point].” more
It also issued a slew of additional patches addressing other flaws in its products.
“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory.
“An exploit could allow the attacker to gain access to the device with elevated privileges,” said Cisco in a Wednesday advisory. "...it could allow the attacker to view sensitive information and replace some options with values of their choosing, including wireless network configuration. It would also allow the attacker to disable the [access point], creating a denial of service (DoS) condition for clients associated with the [access point].” more
Thursday, October 17, 2019
Massive Corporate Espionage Attack: 'One million pages stolen'
Australian blood giant CSL has been rocked by an alleged corporate espionage attack, with a former "high level" employee accused of stealing tens of thousands of its documents - including trade secrets - in order to land a job at a key competitor...
CSL’s allegations are expected to reverberate through the highly competitive global drug making industry where trade secrets are the most prized possession of the companies. more
Any pharmaceutical company without:
CSL had protection measures in place. Thus, this discovery, and recovery. ~Kevin
CSL’s allegations are expected to reverberate through the highly competitive global drug making industry where trade secrets are the most prized possession of the companies. more
It's never this obvious. |
Any pharmaceutical company without:
- a robust Information Security Policy,
- Recording in the Workplace Policy,
- IT Compliance and Surveillance program,
- regularly scheduled Technical Surveillance Countermeasures (TSCM) inspections (with an Information Security Survey component)
CSL had protection measures in place. Thus, this discovery, and recovery. ~Kevin
Subscribe to:
Posts (Atom)