Daily Archives: January 6, 2020

#cybersecurity | #hackerspace | Adding MFA to Windows Systems

Source: National Cyber Security – Produced By Gregory Evans

By Zach DeMeyer Posted January 6, 2020

Although the password is a ubiquitous security measure, recent security breaches show us that the password by itself isn’t nearly strong enough to protect the entirety of an organization. In fact, compromised credentials represent the number one attack vector hackers use to exploit businesses. That’s why adding multi-factor authentication (MFA) to Windows® system logon is one of the most important measures an IT admin can take. 

What is MFA?

Multi-factor authentication, also known as two-factor authentication (2FA), requires a user to provide an additional factor beyond the usual username/password combination to supplement security for authentication processes. Some types of MFA factors include a time-sensitive one-time password (TOTP), physical token, or biometric identifier.

In other words, MFA requires end users to provide something they know (credentials/password) along with something they have (TOTP/token) or something they are (biometrics) in order to authenticate securely to a resource. That way, even if a hacker compromises a user’s credentials, said hacker will have a significantly harder time leveraging them in an attack. 

Why Windows MFA?

So why are passwords the main target of attack? Security news outlet welivesecurity found that ‘12345’ and ‘password’ were among the most-used passwords of 2019.  Add to that the fact 61% of people reuse passwords like these across multiple resources, and it’s no surprise that hackers utilize passwords as a go-to for exploiting organizations. Additionally, studies show user systems are the second target for cyberattacks.

In the current system landscape, Windows remains the most popular OS — the rise of Mac® and Linux® in the enterprise notwithstanding. Given the fact that passwords and systems are the two top targets for hackers, it’s safe to say that Windows system passwords are incredibly susceptible to attacks.

So, if a hacker compromises a Windows system in any way (i.e. theft), a password cannot act as a system’s sole source of protection. By adding a deliberate layer of security through MFA, admins ensure a compromised system will not present a source of ingress to the organization. Combine that with full (Read more…)

Source link

The post #cybersecurity | #hackerspace |<p> Adding MFA to Windows Systems <p> appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#cybersecurity | #hackerspace | London Stock Exchange Outage: A Cyberattack? By Iran?

Source: National Cyber Security – Produced By Gregory Evans

Secret sources say a London Stock Exchange failure might have been caused by a security breach. GCHQ, the “British NSA,” is said to be investigating a possible inside job involving a bogus software update.

Despite official denials, the ever-present “people familiar with the matter” are whispering that what at first appeared to be a fat-finger glitch a few months back actually might be a supply-chain attack. And it all sounds rather nation-state-y.

If so, which state could be responsible? In today’s SB Blogwatch, bloggers make a wild, unsubstantiated stab in the dark.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Free energy!


2+2=5?

What’s the craic? Anna Isaac reports—“Was London Stock Exchange hit by cyberattack?”:

 UK government agencies are examining whether a trading outage … at the London Stock Exchange in August may actually have been caused by a cyberattack … according to people familiar with the matter. … The incident … the worst outage in eight years, immediately triggered government cyber alert systems, according to the people.

The LSE is a key contributor to London’s financial pre-eminence. … It is also the global leader in clearing trillions of dollars worth of derivatives contracts. … If the outage was caused by an attack, the aim may have been to cause market disruption and undermine confidence.

An LSE spokesperson denied that the incident was cybersecurity related, attributing it to a “technical software configuration issue.” … She added that the LSE “has thoroughly investigated the root cause of the issue.”

And Jon Fingas adds—“GCHQ isn’t fully convinced the failure was due to a glitch.”:

 The GCHQ intelligence agency is … reportedly taking a close look at the associated code, including time stamps, to determine if there was any suspicious activity. The exchange was in the middle of updating its systems when the outage happened, and there’s a fear this left systems open to attack.

The exchange contracts development out to third-party teams. … There’s a risk that the inadvertent spread of malware or rogue contractors could pose problems.

So they suspect a supply-chain attack? Gareth Corfield pours cold water—“Rumours of our probe into … ’cyberattack’ have been greatly exaggerated”:

 GCHQ [has] denied that they are investigating a cyber-attack on the London Stock Exchange. … The National Cyber Security Centre, GCHQ’s cyber defence offshoot which normally does this sort of work [said] “The NCSC has not treated the LSE outage as a cyber security related incident and has not investigated it as such.”

While it is certainly possible that GCHQ and its cuddly public-facing arm are publicly denying the existence of an investigation, perhaps to keep a potential attacker in the dark, an on-the-record denial could be interpreted to point the other way. … Following the US assassination of an Iranian general … GCHQ may have other things on its corporate mind.

Ain’t that the truth? Mark Joseph Marks’ words: [You’re fired—Ed.]

 The U.S. must brace for Iran to launch bold cyberattacks designed to cause major financial damage or threaten American lives as retaliation for the killing of one of its top generals, cybersecurity experts say. … Iran may be willing to cross dangerous boundaries in cyberspace.

Iranian hackers could launch attacks that shut down electricity … destroy important financial records or disrupt hospital or transportation systems. … Experts are also warning Iran could launch widespread [ransomware] attacks.

Iran has routinely tested the boundaries of what it could get away with in cyberspace, including pummeling U.S. banks after the Obama administration imposed new sanctions in 2012. … Researchers have already spotted a surge in suspicious posts drumming up pro-Iran sentiment. … Bogus claims of an additional airstrike against an Iraqi air base were also spreading on Twitter. … The activity echoes previous Iranian information operations.

But aren’t we getting ahead of ourselves? Shannon Jacobs keeps digging:

 I think the most optimistic we can be about a precision response would be if the Iranians seriously targeted our drones. … I think there are a number of relatively inexpensive approaches that could end the era of increasingly unrestricted drone warfare.

OK, but what can we do to prepare? viraptor suggestifies:

 Unless you manage large enterprise IT, not much. Do the usual things: Ensure backups are running, update software. For a consumer, it doesn’t matter if their laptop stopped working because of spilled water, or someone hacking them, and the steps to recovery are the same.

Larger orgs, especially related to infrastructure or national services may be specifically targeted. They know what their weak points are.

But what they’re afraid of and how they deal with that is going to be specific to their systems. I guess the only common thing for “brace for cyber warfare” is: talk to your peers about weird new things you see.

On the other hand, carvalhao foresees false-flag operations ahead (but not in the way you might think):

 Now there’s the perfect cover for any cyberattacks or cyberdefense probing by adversaries of the US. Do all you want, leave a trail leading back to Iran.

Great time for Russia or NK to play around.

Still not worried? Yashar Ali—@yashar—shoots from the hip:

 This will be a major moment in US-Iran relations & Supreme Leader will undoubtedly see this as a major provocation/act of war. … Equivalent to another country killing US Vice President.

We shouldn’t be surprised to see major cyber attacks. … We should expect to see the most significant/aggressive response.

For those who think Iran will respond with just traditional warfare, you’re wrong.

Meanwhile, DeanOh makes a totally non-partisan point:

 I pity the poor ******* who ends up with the task of attempting to explaining anything about “the cyber” to this POTUS.

And Finally:

Don’t try this at home, kids

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or [email protected] Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: Office of preservation and publication of the works of Ayatollah Seyyed Ali Khamenei (cc:by)

Source link

The post #cybersecurity | #hackerspace |<p> London Stock Exchange Outage: A Cyberattack? By Iran? <p> appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#cybersecurity | #hackerspace | CCPA – Introduction, Applicability and Recommendations

Source: National Cyber Security – Produced By Gregory Evans

What is the CCPA and what is its applicability to businesses?

The California Consumer Privacy Act (CCPA) of 2018 is a broadly applicable and wide-ranging privacy law that will come into effect on January 1, 2020. The CCPA applies to any business that does any amount of business in the State of California, AND:

  • has more than $25 million in revenue, OR
  • buys or sells the personal information of 50,000 or more consumers, OR
  • derives 50 percent or more of its annual revenue from selling consumers’ personal information

 

So, if your revenue is over $25 million, and you do business with even one (1) customer in California, you must be fully compliant with the CCPA by January 1, 2020.

 

What Data is Regulated Under the CCPA?

Much of the data kept in the clouds today likely includes personally identifiable information (PII) which is highly regulated under the CCPA. PII, defined under CCPA, very broadly includes real name, alias, postal address, account name, social security number, driver’s license number, passport number, and other similar identifiers. PII specifically includes many other categories of data such as biometrics (specifically including DNA data), internet search and browse data (anything used for digital marketing), geolocation data, employment information, and much more. The CCPA definition of PII even addresses “probabilistic identifier” which means the identification of a consumer or a device to a degree of certainty of more probable than not based on any categories of personal information included in, or similar to, the categories enumerated in the definition of personal information.

 

What are the Rights of Californians Under the CCPA?

  • Right to Disclosure: Know whether their personal information is sold or disclosed and to whom
  • Right to Access: Access their personal information
  • Right to Opt Out: Say NO to the sale of personal information
  • Right to Equal Service: And they still must be provided with equal service and price by your business – even if they exercise their privacy rights
  • Right to Deletion: Request deletion of their personal information

 

What are the penalties for Non-Compliance?

  • Citizens have the right to file civil class action lawsuits against companies to pay damages ranging from $100 to $750 per incident per person. The cost can add up to tens of millions with only 100,000 records.
  • State can levy a fine of $7500 for each intentional violation and $2,500 for each unintentional violation on the company

 

CipherCloud’s recommendations for businesses to comply with CCPA

  • Data Encryption: Encrypt sensitive personal data as soon as it’s collected, definitely before sending it to the cloud, and keep encryption keys in a separate environment so that at anytime, and at any stage in the lifecycle of the data, it remains completely protected. This includes data encrypted at rest (in the database), in use (application code, search, API), and in transit (network, etc).
  • Data Loss Prevention: Establish a DLP program and strategy for enterprise and cloud applications to prevent sensitive personal data leaks by user errors and abuse, intentionally or unintentionally, structured data (Databases, CRM,ITSM, HRMS, etc.) as well as unstructured data (Office 365, Dropbox, etc.)
  • Data Discovery and Data Request Management: Discover and classify sensitive personal data in enterprise and cloud applications with structured data and unstructured data. Establish processes by which consumer data requests can be submitted, responded to, and tracked to completion.
  • Adaptive Access Control: Maintain access management program that enforces access policies including “step-up” 2FA authentication, not only at login time, but also continuously during the entire session while analyzing abnormal behavior of user, device, and location especially when accessing sensitive personal data. 
  • Training & Awareness: Create and conduct data privacy training and awareness campaigns to make employees aware of their responsibilities around personal data handling.

 

Download CipherCloud’s CCPA Definitive Guide to comply your business operations with CCPA and accelerate your cloud adoption.

The post CCPA – Introduction, Applicability and Recommendations appeared first on CipherCloud.

*** This is a Security Bloggers Network syndicated blog from CipherCloud authored by CipherCloud. Read the original post at: https://www.ciphercloud.com/ccpa-introduction-applicability-and-recommendations/

Source link

The post #cybersecurity | #hackerspace |<p> CCPA – Introduction, Applicability and Recommendations <p> appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#cybersecurity | #hackerspace | Tech Lessons From Star Wars Movies

Source: National Cyber Security – Produced By Gregory Evans

My family recently saw “Star Wars: The Rise of Skywalker” in a local movie theater, and we were not disappointed. The characters, action, plot, and almost everything else we experienced, met or exceeded our high expectations.

As we were leaving the theater, almost everyone had an opinion about the way the movie series ended. The conversations even continued into holiday parties, with were plenty of questions, opinions, and “what ifs.”

But most of all, there was a nostalgic feeling, now that the nine movies have come to an end.

Looking Back…

I vividly remember when the first Star Wars movie was released in 1977. As a boy, I was captivated, mesmerized and quietly addicted to everything that happened: “A long time ago in a galaxy far, far away.”

I was amazed by the technology, computers, lightsabers, different space ships and hyperspace travel using hyperdrives to jump between planets. Yes, I had watched Star Trek on TV before that, but Star Wars movies took the excitement to a new level for me – even accelerating my interest in computer science as a career.

I immediately admired and studied all the characters, and I secretly had a crush on Princess Leia.

Much later, as an adult, when episodes I, II and III were released two decades ago, I eagerly awaited new movies with new stories that somehow came together neatly into the wider, multi-generational narrative.

Somehow, this ongoing story has thrived and captured the imagination of the world for over fifty years.

How?

Over the holidays, I pondered the question further: Why do so many still love these stories?

Earlier movies certainly broke through new ground with technology that exceeded imaginations and broke through barriers regarding what was possible in movie-making. And yet, the later movies were not (Read more…)

Source link

The post #cybersecurity | #hackerspace |<p> Tech Lessons From Star Wars Movies <p> appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof