News

The cost of security breaches within..

Steve Hirst - Monday, January 18, 2016
In a recent security audit, Kaspersky found that 73 percent of companies have been affected by internal information security incidents, with the largest single cause of confidential data losses being employees - 42 percent.

Company expansion and new components add new vulnerabilities. The situation is aggravated by the fact that not all employees - especially those with no specialist IT knowledge - can keep pace with a rapidly changing IT environment. As a result, the company is exposed not only to external threats but also internal threats that come from employees.
They found that 21 percent of companies affected by internal threats lost valuable data that subsequently had an effect on their business.

In addition to data leaks, internal threats include the loss and theft of employees’ mobile devices - 19 percent of respondents confirmed that they lost a mobile device containing corporate data at least once a year.
Another important factor was related to staff fraud, where 15 percent of those surveyed encountered situations when company resources, including finances, were used by employees for their own purposes.

This survey is a timely reminder to start the year off on the right footing and have your IT company check your company’s security status and internal practices.
Trackbacks (0) | Permalink

Ransomware Criminal Apprehended

Steve Hirst - Friday, December 18, 2015
It makes disturbing news when we read that malware doubles every year and that 63% of businesses download malware.  Therefore, is was great to get some good news regarding the apprehension of the person behind the CoinVault and Bitcryptor ransomware.

If you have ever been a victim of ransomware, you know the pain of having to make the decision to lose your data or possibly shell out hundreds of dollars for a chance at retrieving it. Those who have been affected by CoinVault and Bitcryptor ransomware can now rest easy as Kaspersky has obtained all relevant decryption keys, making it possible for users to retrieve their data without having to pay a single penny.

Earlier in the year, they reported that Kaspersky Lab was working with authorities to uncover decryption keys for those affected by Coinvault. Unfortunately, at the time, only a small number of keys had been recovered, making the solution hit-or-miss. But now, several months later, Kaspersky is happy to report that the joint investigation has uncovered all of the decryption keys for CoinVault and Bitcryptor ransomware. The company has made a decryption program available for free, which will allow users to decrypt their own data.
Trackbacks (0) | Permalink

AVG can sell your browsing history to third parties

Steve Hirst - Tuesday, October 20, 2015
AVG - one of the world's largest computer security firms - has come under fire recently for their newly updated privacy policy. The issue in question that’s caught the eye of privacy advocates, is that they can now retain the browsing history of their users, and have the ability to sell that information on to third parties.
Their policy states the following;

"We collect non-personal data to make money from our free offerings so we can keep them free, including:
• Advertising ID associated with your device;
• Browsing and search history, including meta data;
• Internet service provider or mobile network you use to connect to our products; and
• Information regarding other applications you may have on your device and how they are used.

Sometimes browsing history or search history contains terms that might identify you. If we become aware that part of your browsing history might identify you, we will treat that portion of your history as personal data, and will anonymise this information."

Metadata is a powerful tool for identifying and tracking people, it’s what the NSA was collecting en-masse from around the world for just that purpose. As AVG classify browsing, search history and metadata as non-personal data they have the ability to share it with third parties:

Do you share my data?
Yes, though when and how we share it depends on whether it is personal data or non-personal data. AVG may share non-personal data with third parties and may publicly display aggregate or anonymous information.

Thankfully, they also state that users do have a way to opt out, by following the instructions on their website here.
The impact that this will have on AVG, who are the world’s third largest antivirus vendor, remains to be seen. As most people are used to clicking on ‘Agree’ for license agreements and privacy policies without really reading the fine print; it is unlikely many users will have any idea of their acceptance of this practice.

If you currently run AVG’s antivirus software, our tech team would be happy to provide assistance with this or similar features. Alternatively, consider switching to our managed antivirus solution, and avoid the risk altogether!
Trackbacks (0) | Permalink

Outlook attack steals massive number of passwords

Steve Hirst - Monday, October 19, 2015
Large organisations could be at risk as researchers have uncovered advanced malware that can steal almost all of their email passwords by infecting their Outlook Web Application (OWA) mail server over an extended period of time.

Security firm Cybereason’s researchers discovered the malicious OWA module after receiving a call from an unnamed company that had more than 19,000 endpoints (an Internet-capable computer hardware device). Apparently the company had witnessed several behavioural abnormalities in its network and asked Cybereason to look for suspicious activity. Within hours, they found a suspicious file loaded into the company’s OWA server that was unsigned (not proven to be safe).

This file contained a backdoor. Because it ran on the company's server, it was able to circumvent the security protocols, and as a result, the attackers behind this threat were able to steal the passwords of anyone that accessed the server.

Cybereason also detailed the technical information behind how the hackers managed to gain a foothold into such a highly strategic asset;
"Almost by definition, OWA requires organizations to define a relatively lax set of restrictions; and in this case, OWA was configured in a way that allowed Internet-facing access to the server. This enabled the hackers to establish persistent control over the entire organization's environment without being detected for a period of several months."

This is a particularly valuable resource for attackers because it acts as an intermediary between the public Internet and a resource that’s inside a company’s firewall. Because they were using OWA to enable remote user access to Outlook, the attackers were able to access the company’s domain credentials. Although Cybereason didn’t say how widespread the attack is beyond it targeting the one company, the likelihood is that malware as detailed as this isn’t a one-off thing, so it wouldn’t be surprising to see it resurface again.

Are you worried about such an event happening to your company? Our Managed Services Solutions can help you defend against such an attack. Talk to our sales team for more info.

Trackbacks (0) | Permalink

Passwords are becoming obsolete

Steve Hirst - Monday, October 19, 2015
Thanks to the emerging phenomenon that is the Internet of Things, the Internet and personal security has never been under such pressure, especially with the rate of the cybercrime increasing exponentially. In the past we could rely on passwords to protect our bank accounts, computer access and other personal devices, and many people changed them infrequently.

These day’s for most of us, the number and complexity of passwords we are now forced to create, and the regularity with which they should be changed is too much for most of us to handle. As a result we resort to writing passwords down, saving them in unencrypted files, or using the same password for everything. The more technically aware use a password manager such as Steganos or Last Pass, but even these require passwords to login.

The Internet of Things is focused on connecting more and more devices to each other that generate, store and share unprecedented amounts of sensitive information. The data on all these devices requires more passwords – which creates more security risks.

Ultimately to combat the security risks, passwords are becoming obsolete. Because of this, the way people access smartphones, personal computers and many other password-protected technologies will change. The likely scenario is a decline in password use over the next few years as alternative methods, like biometrics and device authentication arrive to supplement or replace them. Biometrics includes technology such as fingerprint scanners, palm print readers, iris scanners, and finger vein and face recognition. Authentication covers techniques such as two-factor authentication, device encryption and multiple authenticators.

With the unprecedented and unstoppable proliferation of devices, data and connectivity, the move away from passwords is well underway and accelerating. People want more privacy and security than passwords are giving them and alternatives will continue to grow in favour as they become more widely used in the digital world.

Trackbacks (0) | Permalink

950 Million Android phones left vulnerable

Colm McGrath - Monday, August 17, 2015

At Computer Culture we take security very seriously and like to be proactive about it. When we encounter issues that need to be shared we will send out email alerts. Hopefully we can save you time, money and pain by addressing the risks before they become an issue!

We have been made aware of a very serious security flaw in Android phones that requires your attention.

Many of our customers use Android phones (such as Samsung Galaxy for example) and a security vulnerability has recently been discovered that effects roughly 950 million of these devices (95%). The vulnerability can allow remote access to your phone without you knowing it, with the ability to access your data, and well as devices in your phone such as your camera and microphone.

The security researcher who discovered the flaw describes this latest Android security flaw as "the worst Android vulnerabilities discovered to date", adding that "if 'Heartbleed' from the PC era sends a chill down your spine, this is much worse."

Google (who produces Android) are aware of the issue and they have released a security patch for it. The problem however is that the security update has reached very few of the devices in use. The reason for this is that Google don’t have the ability to patch Android devices directly like Microsoft can do with Windows Update, or Apple can do with their iPhones. Google releases a patch, which then goes to the phone manufacturer (e.g. Samsung, HTC, Motorola etc), who need to rebuild their Android software with their customisations, and once tested release the update. The update is then further delayed by carriers (such as Vodafone, Spark etc) who also need to approve the updates.

The end result is there are A LOT of vulnerable Android phones out there, many of which may never be patched due to their age (often phones older than 18 months stop receiving updates). While most modern Android phones should eventually be patched, there may be a long wait.

It appears the Firefox web browser on all major platforms (Android, Windows, Mac) is also affected by the same vulnerability. Mozilla, the makers of Firefox released an update to fix the issue in May, so it is also very important you update Firefox to the latest version if you use it on your computer (our Attiva managed patch service will take care of this automatically for you).

So what’s our advice? Although we are not aware that anyone is taking advantage of this exploit, it is more then likely someone will soon. We recommend you check to see if there are any updates available for your phone, and if there are, apply them immediately. If you are unsure of how to update your device please let us know and we can help.

Click here to review the research article published describing the security vulnerability and get more info.

We’re monitoring this situation closely and will keep you updated with any additional steps that can be taken to help secure your devices.

If you would like to discuss this further with us, please call our support team on 03 377 4662 or email support@computerculture.co.nz.

Please forward this email on to anyone you know that is using an Android phone.

Trackbacks (0) | Permalink

Previous .. 2 3 4 5 6

Back to Top