Vulnerabilities Archives - Tech Prognosis Blog

Why Small Organizations Need Vulnerability Management

Computer with hard to read code, stressing the need for vulnerability management.

The US Cyber Security Agency (CISA) recently released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Microsoft Windows and Windows Remote Desktop Protocol (RDP). Vulnerability management can help organizations get a handle on such vulnerabilities.

Consequently, Microsoft released fixes for 50 security vulnerabilities in the Windows operating system, creating yet another scramble by IT professionals to patch their computer systems.

Part of what Microsoft fixed in the updates released was what is regarded as a major crypto-spoofing bug that affected Windows 10 users.

A key point is to realize that this particular vulnerability could allow a cyber criminal or hacker to spoof a code-signing certificate, vital to validating executable programs in Windows, and make it appear as if an application was from a trusted source.

Keep in mind that in technology terms, spoofing is defined as a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver.

To put it another way, when this vulnerability is exploited and code-signing certificates are spoofed, the operating system will find it difficult to tell the difference between malware and Microsoft software. (more…)

Comments Off

January 17, 2020

Malware / Security / Small Business / Tech Tips for Business Owners / Vulnerabilities / Web Technology

Protect Your Business From Dangerous Cryptomining Activities

Why Small Organizations Should Be Worried About Illicit Cryptomining Activities

cryptomining activity

There is a scourge currently targeting small businesses and organizations and many are not even aware of it because it does not do anything sensational meant to cause harm. It does not install a virus, send phishing emails, or attempt to kidnap business data for ransom. That scourge is cryptocurrency mining, or simply cryptomining.

What is cryptocurrency?

Cryptocurrency is a form of digital currency that can be used in exchange for goods, services, and even real money, similar to other currencies. However, unlike other currencies, cryptocurrency operates independently of a central bank and uses encryption techniques and blockchain technology to secure and verify transactions.

To quote Malwarebytes, “Two words—“cryptography” and “currency”—combine to form “cryptocurrency,” which is electronic money, based on the principles of complex mathematical encryption. All cryptocurrencies exist as encrypted decentralized monetary units, freely transferable between network participants.” Or put more simply, cryptocurrency is electricity converted into lines of code, which have a real monetary value. (See a detailed article by Malwarebytes on this topic here).

While Cryptocurrency may be in its infancy, its popularity continues to increase, some would say, exponentially. You may have heard of terms like Bitcoin, Litecoin, Monero, Ethereum, Ripple etc. These are just a few types of the cryptocurrencies currently available. (more…)

Comments Off

November 7, 2019

Cloud Computing / Compliance / Enterprise Computing / Featured / Malware / Open Source / Security / Security Breach / Small Business / Vulnerabilities

Data Encryption Tools For The Mobile Business Executive

Infographic depicting various devices using data encryption.

Data encryption is not one of the security options most companies think of providing for their senior executives who use, and travel, with laptops, netbooks and tablets so they can stay productive even when on the road. This is even more true of corporate executives who sometimes demand anytime, anywhere access to data residing on corporate servers.

While the big corporations can afford to spend millions of dollars on data protection hardware and software., the same cannot be said of executives in small and medium-sized organizations, especially when it comes to loss of personal information, including credit card data, patient records or other financial information, stored by the company.

Data breaches happen and information is lost every day due to small mistakes that could have been avoided by using data encryption technologies. For small businesses, these data loss events can be devastating. (more…)

Comments Off

October 10, 2019

Enterprise Computing / Ethics / Featured / Security / Vulnerabilities / Web Technology

Why We Should Thank, Not Demonize LulzSec, Anon

So the 50-day cruise is over and the guys at LulzSec are going back underground. That should worry some of us because if they did not want us to know what they were doing, I don’t think any sane person would argue that they could not have done so.

While the media has been abuzz about the exploits of Anonymous and LulzSec, the bigger question we should be asking is, are any of their exploits new or did they just give us a wake up call that there is no security, at least in the way we normally define it. What they have demonstrated is that security is a term we use to make ourselves feel good. (more…)

Comments Off

June 26, 2011

Cloud Computing / Enterprise Computing / Ethics / Featured / Hardware / Security / Security Breach / Vulnerabilities

The RSA Breach: Time for Full Disclosure?

As more companies with national security interests come forward with admission of breaches related to the hacking of RSA’s SecurID technology, one wonders if it is time for RSA to break its stubborn refusal to tell the public what exactly was stolen or when the breach actually occurred. At this stage, it is not just enough to tell the public that it had been hit by a phishing email exploiting a zero-day vulnerability in Adobe Reader. (more…)

Comments Off

June 3, 2011

Cloud Computing / Email and Spam / Enterprise Computing / Ethics / Featured / Vulnerabilities / Web Technology

Is Facebook’s Login Approvals a Setback for Mobility?

“Today, we’re announcing our newest opt-in security feature that I’ve worked to build over the past few months: Login Approvals.”

With that, Facebook announced Login approvals, “…a Two Factor Authentication system that requires you to enter a code we send to your mobile phone via text message whenever you log into Facebook from a new or unrecognized computer.”

The idea behind the new feature is to help users combat unauthorized access or the now infamous “I have been hacked” incidents that have plagued users of the Social Network. The new feature, which is currently optional is expected to add a second layer of protection to users’ login process.

What exactly is it? Here is Facebook’s explanation of Login Approvals: (more…)

2 Comments

May 24, 2011