Attackers Turn Password Recovery Into Backdoor – Dark Reading

The assault on CloudFlare shows that companies have to pay attention to how their security services are locked down and how the credentials for those services can be recoveredAttackers Turn Password Recovery Into Backdoor – Dark Reading.

Making the consumer realize there is security threats is your job

Should we live in fear and distrust or should we be cautious and diligent with the protection of our data?  We worry about American companies taking away our privacy and tracking our every move.   What should we really worry about?  Everything.

With consumerization growing and our need for toys, we go about our daily lives forgetting that threats are real.   We forget that every day our computers, tablets, phones, servers, laptops, TVs, Blurays and every device that touches the web is being hit.   Hit by what?  Hackers, script kiddies and viruses.   As we move into a digital world at a breathtaking speed, we throw our hands in the air and ride the internet as though it is a roller coaster.  We forget that the enjoyment we have may come crashing down at any time and we are not at a theme park.

There’s a balance that is being overlooked and companies along with individuals are overlooking the basic need for diligent security.  With mom and pop businesses making up a majority of our businesses, these small businesses lack the expertise needed in protecting their information and their customers’ information.

  • Do they have a hardware firewall?
  • Is their software firewall on?  Is it monitored?
  • Are they getting updates on their computers? Firmware updates on their hardware?
  • Do they allow other family members access to the company computer?
  • Are other family members getting on the same network when visiting with their private device?
  • Is the wireless secure?  Who knows the key? (Password)
  • Are they surfing social sites and the internet on the company computer?
  • Is the screen turned away from customers?
  • Are files encrypted on the computer?
  • Are they using strong passwords and changing them? Who has access to the passwords?
  • Are they checking personal email?
  • Do they sell their old computer and destroy the hard drive?
  • Are they backing up files securely?   Is the backup going off site?
  • Are they properly sharing out folders?
  • Are they restricting users?
  • Do they practice physical security?
Here’s the truth. It isn’t really about small businesses.   As a matter of fact it isn’t about Enterprise level businesses.  It is about EVERYONE.

A recent report by the Pentagon has information which includes such possible threats such as China.

…Cyber Espionage and Cyberwarfare Capabilities. In 2011, computer networks and systems around the world continued to be targets of intrusions and data theft, many of which originated within China. Although some of the targeted systems were U.S. government-owned, others were commercial networks owned by private companies whose stolen data represents valuable intellectual property. In the hands of overseas competitors, this information could diminish commercial and technological advantages earned through years of hard work and investment. Intrusions in 2011 occurred in key sectors, including companies that directly support U.S. defense programs. Authoritative writings and China’s persistent cyber intrusions indicates the likelihood that Beijing is using cyber network….read more

So what does Cyberwarefare and Cyber Espionage have to do with businesses?  Everything.  Information can be stolen from anyone, anywhere on the planet.

The typical home user thinks these threats are against businesses, industries and government entities.   Little do they know home users are targets also.   It’s not about anti-viruses or where you go on the web, it is so much more.

Massive Credit Card ring bust

From Help Net Security

47 individuals were arrested on Wednesday by the officers of the Royal Canadian Mounted Police following an investigation of a highly organized and disciplined criminal ring that has managed to steal at least $7 million via cloned bank cards…read more

The Internet Crime Complaint Center (IC3) releases 2011 internet crime report

The Internet Crime Complaint Center (IC3) released their 2011 report today (May 10).   With over 300,000 complaints, IC3′s report can be downloaded here.

Also be sure to check out the Identity Theft Resource Centers where millions of identities may already be compromised.  Link to the 2012 breaches.

What you should do because of the Credit Card breach

Over 10 million credit card accounts were compromised at the end of March.   This number may grow as credit card vendors look into the breach.   Regardless if you bought something on line or not, you should do the follow:

  • Go to Annual Credit Report (free) and obtain your credit report – look for odd information
  • Visit your Credit Card Company’s website and look for messages in regards to the breach
  • Watch for small unauthorized transactions in the event someone did get your number - thieves usually start with small transactions and challenge the cc company with larger purchases over time.
  • Don’t fall prey to emails or phone calls from ‘unknown’ people contacting you about the breach
  • Visit the Identity Theft Resource Center

Forbes -
“Massive” Credit Card Breach of Estimated 10 Million Accounts: Where Are Those Smart Cards?

CNN -
‘Massive’ credit card data breach involves all major brands

FoxNews-
Security Breach Hits U.S. Card Processors, Banks

New Botnets Gaining Traction Across The Web, Study Says – Dark Reading

Damballa report shows seven new botnets among the top 10 largest; off-the-shelf construction kits dominate list. via DarkReading shareNew Botnets Gaining Traction Across The Web, Study Says – Dark Reading.

40% of SMBs suffered breach due to unsafe Web surfing

40 percent of small and medium-sized businesses have suffered a security breach due to unsafe web surfing, and nearly one-third still do not have a policy to govern the use of social networking sites,

40% of SMBs suffered breach due to unsafe Web surfing.

Have you been hacked this month?

Since the start of this year, globally, there have been 365 data loss incidents involving 126,727, 474 records. According to research by Juniper Research, 90% of organizations have suffered data breaches in one form or another over the past 12 months. Testament to this is the number of household brands that have inadvertently divulged the information of hundreds of individuals:

 

 

Have you been hacked this month?.

Was your identity stolen in 2010?

The Identity Theft Resource Center has reports that cover last year and information about past data breaches with prominent companies.  The ITRC has information on what to do if your id is stolen.  Link

Data Breaches In 2010: Indicates Mandatory Reporting Needed – Darkreading

Data Breaches In 2010: Indicates Mandatory Reporting Needed – Darkreading.

The Identity Theft Resource Center recorded 662 breaches on its 2010 ITRC Breach List. It is apparent, with few exceptions, that there is no transparency when it comes to reporting breaches. Other than breaches reported by the media and a few progressive state websites, there is little or no information available on many data breach events. It is clear that without a mandatory national reporting requirement, that many data breaches will continue to be unreported, or under-reported.” Read more..

Chronology of Data Breaches – Privacy Rights Clearinghouse

Privacy Rights Clearinghouse has excellent tips and information for consumers and the internet.  With dozens of links and tips, Privacy Rights Clearinghouse is a wealth of information.

An excellent on-site searchable database for data breaches is available.  Link