300,000-plus wireless routers have malicious changes

ARSTechnica outlines how hackers have made malicious changes to routers….again.

Researchers said they have uncovered yet another mass compromise of home and small-office wireless routers, this one being used to make malicious configuration changes to more than 300,000 devices made by D-Link, Micronet, Tenda, TP-Link, and others.

Solving The Security Workforce Shortage – DarkReading

According to the study, the most sought-after quality is a broad knowledge of security — more of a strategic understanding than technical know-how followed by certifications.  Read More

Opinion – While certifications are an important part of IT, the technical know-how is the most important. Getting a degree or a certification is a great advancement for your education but can you configure a firewall? Run Linux-OSX- Windows? Support mobile, wireless, servers with Active Directory and monitor and control an IT environment?   That’s the difference between $12 an hour and a career.

The life of a file

The life of a file…

8:00 a.m.  The executive secretary begins writing a credit memo for several clients.  The file has sensitive data.

8:15 a.m.   The file is saved to the documents folder on the secretary’s desktop.   The document is truly on a domain server in her profile folder.   There is one copy of the file.

8:17 a.m.   The secretary opens her email and attaches the file.   The secretary emails the document to ten recipients.

8:17:30 a.m.  The file goes to ten different email servers.

8:18: a.m.  The file now sits on eleven computers- ten email servers and on the company’s domain server.

8:19 a.m. The file gets downloaded onto three tablets and one notebook.   The file is now on 16 devices.

8:19 a.m. The file received by two of the email recipients above is synchronized to a cloud backup service.  The file is now on 19 devices.

8:20 a.m. The file is received by the above tablet and is synchronized onto a cloud backup service and synchronizes with the end-user’s phone and their home desktop computer.  The file is now on 22 devices.

8:20:45 a.m. The file on the above recipient is copied to a third party storage solution from their phone.  The file is now on 23 devices.

8:21 a.m.  The file now synchronizes from the one of the above tablets above and is forwarded to a private email.  The file is downloaded to their phone.  The file is now on 25 devices.

8:29 a.m.  The file is received by the remaining six recipients and is synchronized to five cloud servers, lands on four laptops and three smartphones.   The file is now on 43 devices.

8:30 a.m.  The corporate server synchronizes to a backup drive and shots the secretary’s file to an offsite backup.  The file is now on 45 devices.

8:35 a.m.  The secretary copies the file to a USB drive and prepares for a business meeting at another location.  The file is now on 46 devices.

9:05 a.m. One of the email recipients copies the file to a flashdrive and gives the file to an associate.  The file is now on 47 devices.

9:07 a.m. The secretary arrives at the off-site location and gives the flashdrive to a co-worker.  The co-worker prepares for a presentation and copies the file to a presentation laptop.  The file is now on 48 devices.

9:08 a.m.  The flash drive is placed into the pocket of the co-worker.   One of the email recipients copies the file onto a server and shares the file to 8 co-workers.   Six of the co-workers download the file to their tablets.  The file is now on 55 devices.

9:10 a.m.  The presenter at the offsite location  jogs to an out building to get supplies for the meeting.  The flashdrive falls through a hole in his pocket.

9:12 a.m.   An archiving program on the second server copies the file into a data warehouse server.  The data warehouse server makes a copy of the file and backs up the file.  There is now 57 devices.

9:15 a.m.  One of the email recipients cannot open the file on his tablet.   The email recipient copies the file to a flash drive and moves the file to a company laptop.   The file is now on 58 devices.

9:20 a.m.  An email recipient forwards the email to a wrong address and to three correct addresses.   The file goes to four email servers and is downloaded to three laptops and onto a desktop of one user.   The file is now on 67 devices.

9:21 a.m. The email is synchronized to other devices for the last group of recipients.   The file lands on an addition nine devices.   The file is now on 76 devices.

9:30 a.m. The email servers backup the files for the recipients.  The file is now on now on 90+ devices.

9:31 a.m.  The meeting starts at the offsite location.

9:32 a.m.  A stranger finds the flashdrive that was dropped outside of the building.   Another stranger downloads the email that was wrongfully sent to them.

In today’s world, your one file grows as though it were a microorganism.   It is held by many corporations and can be seen by many individuals…in the first hour.

ncsam10_bnr3

October is National Cyber Security Awareness Month

facebook_cover_photo

National Cyber Security Awareness Month (NCSAM) – celebrated every October – was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online.

Free Security Check ups

The Tennessee College of Applied Technology – Shelbyville is listed as a champion.

?????

List of all Champions

Get Involved!

Information for -

- See more at: http://www.staysafeonline.org/ncsam/get-involved/promote-ncsam#sthash.gQ2q3Y50.dpuf

Free tool repairs critical Windows configuration vulnerabilities

“”Tripwire announced SecureCheq, a free configuration utility that helps evaluate and repair the most common, critical configuration vulnerabilities in Windows desktops and servers.””

Free tool repairs critical Windows configuration vulnerabilities

(By AddThis – NetSecurity.org)

 

This excellent tool scans your system for configuration errors.  In the example below, we use a system that has NOT been secured.

2 Tripwire

 

 

1 Tripwire Scan

 

Tripwire Disabled features

Experts hope for another failure in next Anonymous attack

Anonymous’ failed attack against Israeli websites last month has left security experts cautiously optimistic that the hacktivist group will be unsuccessful in its plans to disrupt U.S. government and banking sites.

Anonymous plans to launch distributed denial of service (DDoS) attacks on May 7 against nine government sites and more than 130 financial institutions….”

Experts hope for another failure in next Anonymous attack.

Networkworld (ShareThis)

Unseen, All-Out Cyber War on the U.S. has Begun

“There’s a war going on, and it’s raging here at home — not in the streets or the fields, but on the Internet. You can think of it as a war on the digital homeland. If you work for a power company, bank, defense contractor, transportation provider, or other critical infrastructure type of operation, your organization might be in the direct line of fire. And everyone can become collateral damage”

Unseen, All-Out Cyber War on the U.S. has Begun.

(Shared from CIO)

A Search Engine that shows devices on the web

Secure your devices.  Bottom-line, there are malicious users on the web that can find your device (webcams, IP cameras, routers, SCADA and other devices).  Change the default passwords and update software/firmware when it is available.  Disable UPNP and look for vulnerabilities that may affect your device.

 

CNN’s Money on “Hacking anything connected to the internet

 

 

Ever wonder how much cybercrime pays?

Paul’s Internet Security Blog references a Networkworld article that gives the approximate pay for criminals who participate in cybercrime.  Go over and see just how much money is given to the lower end criminals.   The question is how much travels to the top?  Read more

 

For midsize businesses, there is a new way to spell risk: BYOD

“Online and offline, in IT departments and across organizations, the bring your own device (BYOD) debate is raging….For midsize businesses, there is a new way to spell risk: BYOD.

How hackers used vendors to erase someone’s digital life

Wired recently posted and excellent article on how hackers used vendors to erase the digital life of Mat Honan. See how the hackers used pieces of accounts to piece together his online accounts to gain access to his information and how they used synchronized devices to erase almost all of his information.

Panetta: Chinese Cyberattacks Unabated | CIO Today

China-backed hackers’ tactics are continuing and evolving, U.S. Defense Secretary Leon Panetta says, and are expanding and focusing more intently on critical American oil, gas and other energy companies. Chinese officials have steadfastly denied the cyberattacks, saying they also are victims of computer hackers and breaches.   Read more: Panetta: Chinese Cyberattacks Unabated | CIO Today.