Why Small Organizations Need Vulnerability Management

Computer with hard to read code, stressing the need for vulnerability management.

The US Cyber Security Agency (CISA) recently released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Microsoft Windows and Windows Remote Desktop Protocol (RDP). Vulnerability management can help organizations get a handle on such vulnerabilities.

Consequently, Microsoft released fixes for 50 security vulnerabilities in the Windows operating system, creating yet another scramble by IT professionals to patch their computer systems.

Part of what Microsoft fixed in the updates released was what is regarded as a major crypto-spoofing bug that affected Windows 10 users.

A key point is to realize that this particular vulnerability could allow a cyber criminal or hacker to spoof a code-signing certificate, vital to validating executable programs in Windows, and make it appear as if an application was from a trusted source.

Keep in mind that in technology terms, spoofing is defined as a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver.

To put it another way, when this vulnerability is exploited and code-signing certificates are spoofed, the operating system will find it difficult to tell the difference between malware and Microsoft software.

Read more

Share

Data Encryption Tools For The Mobile Business Executive

Infographic depicting various devices using data encryption.

Data encryption is not one of the security options most companies think of providing for their senior executives who use, and travel, with laptops, netbooks and tablets so they can stay productive even when on the road. This is even more true of corporate executives who sometimes demand anytime, anywhere access to data residing on corporate servers.

While the big corporations can afford to spend millions of dollars on data protection hardware and software., the same cannot be said of executives in small and medium-sized organizations, especially when it comes to loss of personal information, including credit card data, patient records or other financial information, stored by the company.

Data breaches happen and information is lost every day due to small mistakes that could have been avoided by using data encryption technologies. For small businesses, these data loss events can be devastating.

Read more

Share

How You Can Protect Your Business From Crypto Ransomware

Image of a laptop computer and "Your personal files are encrypted" notification

 

You know it is very bad news when you see the message above on your computer screen: That is what a crypto ransomware notification looks like. And if you’ve been following the news lately, you’ve certainly heard about how cities and local governments in Texas, Florida, Maryland and others have had to deal with cases of ransomware infections.

It initially started out as an annoyance: you click on a link and ads popped up on your computer screen. Then it progressed to fake anti-virus scams that installed nag screens on your computer and tried to force you to pay to remove the nag screen.

Crypto Ransomware is a new form of virus attack that encrypts files, making them inaccessible, until money (a ransom) is paid to the people responsible for locking or encrypting the files.

Big picture? Think of your QuickBooks database, Excel spreadsheets that contain vital business data, the PowerPoint presentations that took countless hours to create, and on a more personal note, the pictures and videos you’ve painstakingly collected over the years. All gone, unless you pay a ransom to the cyber criminals.

Read more

Share

Why We Should Thank, Not Demonize LulzSec, Anon

So the 50-day cruise is over and the guys at LulzSec are going back underground. That should worry some of us because if they did not want us to know what they were doing, I don’t think any sane person would argue that they could not have done so.

While the media has been abuzz about the exploits of Anonymous and LulzSec, the bigger question we should be asking is, are any of their exploits new or did they just give us a wake up call that there is no security, at least in the way we normally define it. What they have demonstrated is that security is a term we use to make ourselves feel good.

Read more

Share

The RSA Breach: Time for Full Disclosure?

As more companies with national security interests come forward with admission of breaches related to the hacking of RSA’s SecurID technology, one wonders if it is time for RSA to break its stubborn refusal to tell the public what exactly was stolen or when the breach actually occurred. At this stage, it is not just enough to tell the public that it had been hit by a phishing email exploiting a zero-day vulnerability in Adobe Reader.

Read more

Share
Share
Share