Open post

Cloud security going into 2018

The cloud is becoming more and more preferred as times goes by. Data and applications are streaming to it at a faster rate every hour, and more people are deciding to turn to cloud services on a daily. There is no question as to why this is happening, the cloud services are extremely convenient and offer functionality that you cant find anywhere else! In saying that, this also means cloud services are under a watchful eye by everyone, even the nefarious types.

Threats to the cloud

Generally when we have something good, people like to mess it up. The cloud is no different, there are people who have already interfered with the cloud and it’s services to steal data for very selfish and rather rude reasons. 2018 will be no exception to this, for there are quit a few issues with the newly born service that can easily be manipulated. Despite popular belief, cloud services and their security are not in the hands of the service provider, rather the customer. Knowing that, we should evaluate the potential risks with cloud technology and understand the vulnerabilities of the information stored on the cloud.

  • Data breaches– This can occur in multiple ways, ranging from intent to steal information on the cloud, human error, vulnerabilities in applications relating to the cloud, or just poor security understanding and practices.
  • Insufficient identity, credentials, and access management– Persons with ill intent may gain access to cloud stored information and cause all sorts of trouble due to a lack of credential security, which would enable unauthorized access to your data.
  • Insecure interfaces and application programming interfaces– Cloud technology providers expose UI’s and API’s that customers may use to manage their cloud experience. This is both great and bad, for this means the protection you could have is in your hands, and were you to become accessed by some unwanted party, they now have full access to your cloud security, and the providers of that cloud will have little to no feasible way to rescue you. There is a lacking of accidental and malicious attempts of policy circumventing.
  • System vulnerabilities– This is the big contender that has gained spotlight this last year for cloud tech. These are exploitable bugs in the program that allow malicious actions to gain access to a system and steal data, taking control of the system, or disrupting service operations.  Vulnerabilities within the components of the operating system put security of all the services and data at significant risk. Because the cloud has systems from various organizations placed close to each other, if the cloud is breached, that means those other systems are now vulnerable as well.

The cloud is a fantastic service that will no doubt lead to other great systems and functionality in the world, however right now while it is still young, it has quit a few quirks to work out before it can be considered a fully safe and developed system. Now that doesn’t mean don’t use the cloud, it means be mindful of what you put on there, and the risks that are present in the technology your using.

Open post

2018 predictions: Healthcare security breach

As we all have become aware, 2017 was a free for all when it comes to security breaches.  There were countless phishing scams, ransomware, state-sponsored attacks and new forms of attacks that all made headlines and shook us to our boots. However 2018 means a new year and a new us! Right? Well we hope so, but thus far the the outlook isn’t in our favor.

Recently a VP at Tripwire gave his predictions for 2018 and our security in the online world. The prediction does not bring bright bearings, in fact it seems 2018 may be quit ill.

The Tripwire VP predicts that healthcare security will be breached, due to the ever growing vulnerability in medical devices and electronic healthcare records. 2018 is expected to have hospitals, insurers and healthcare manufacturers in the sights of hackers  and cybercriminals.

It is expected that the healthcare industry is not prepared for the kinds of attacks that may come, with things like the WannaCry incident and the UK NHS.  Not all ransomware is noisy and boisterous which is where the real danger may lie for the healthcare industry.

In relation to the healthcare being a target for 2018, there is also a lot of talk about the cloud, and it’s  potential security abuse over the horizon in 2018. It should come to no surprise that since cloud technology is still pretty new, that defending the cloud is still a process in the works. We should not be taken by surprise when there is another cloud data management leak, and should be cautious until they have developed a stronger, more prominent protection for cloud storage. There is talk of security becoming up to date near the end of 2018 for this form of technology, but until then we may see leaks of credentials and misconfigurations, as well as other exploited vulnerabilities.

Let’s all learn from the mistakes of not only ourselves, but each others, and make 2018 predictions like this nothing but a false alarm! If you need help with your online presence, give us at Re2tech a call and lets discuss your security options and optimizations! 

Open post

2018 security expenses expected to rise in response to 2017

2017 was full of news on companies and corporations that had security breaches, and the effects on the masses that would follow because of them. Because of this hard pressed security year, it is expected that in 2018, the total expenses on security spending will rise, by about an estimated 8%.

A research firm known as Gartner took data from 2017’s data breaches and calculated in the response from similar companies and corporations, to derive an expected shift in security spending, as well as the changing views on cyber security.

In 2017 it was estimated that the total spending on security measures summed up to about $89.1 billion. The $89 billion expense resulted from the events of the previous year that spurred people to take cyber security more serious and treat it as an actual threat. The same reasoning is behind the estimated spending for 2018, which is at $96.3 billion. This increase comes at no surprise in response to the overwhelming coverage of security breaches all over the world, and these breaches are estimated to affect the three years following the event. So moving into 2019 we can already estimate a larger security spending sum.

Gartner uses multiple factors under the umbrella of cyber security to make these estimations more accurate. The several sub sections of cyber security involve the following:

-Identity Access Management

-Infrastructure Protection

-Network Security Equipment

-Security Services

-Consumer Security Software

It was made clear by Gartner that out of all these sub sections, the section that would be most invested in this coming year would be Security Services, priced at $57.7 billion which is an increase from last this years $53 billion. The other sub sections of security spending is also estimated to increase this coming year, just not as largely as Security Services.

Gartner also says that the spending will continue to go up from here in the next few years, with more than 60% investing in data loss prevention, protection and encryption tools. Currently spending is at about 35% for protection tools, so there is an obvious large spike in response to recent events around the world with enterprises and their security.

Let’s buckle up and get ready for an interesting new year! Before the new year rolls in, why not be the first to pave the path of a more secure cyber presence and let us at Re2tech work to hatch down your vulnerable information and close any back doors in your network!

Open post

The most popular passwords, proven by hacked accounts

So apparently, every year SplashData compiles a list of passwords and rates them according to occurrence. These passwords are from accounts that have been stolen and made public. There are millions of these accounts and the similarities in the passwords show the unoriginal ideas people come up with to secure their information.

Due to the sheer number of accounts that was used to support this data, you can trust what your about to see as being something that can be applied to a greater population. The reason SplashData makes this list every year, is  to make it apparent that we need to take our passwords more seriously, and stop using pop culture and sports references. SplashData also noted that the list supplied this year, is using passwords mainly from North America and Western Europe, and that adult websites and the Yahoo hack were excluded from this list.

We actually did an article a while back about password security, and how our thoughts on a strong password have changed and the best way to form a password. You can find that article by clicking here

Now, for the list of disappointments

  1. 123456
  2. Password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. letmein
  8. 1234567
  9. football
  10. iloveyou
  11. admin
  12. welcome
  13. monkey
  14. login
  15. abc123
  16. starwars
  17. 123123
  18. dragon
  19. passw0rd
  20. master
  21. hello
  22. freedom
  23. whatever
  24. qazwsx
  25. trustno1

They say great minds think alike, but it seems not so great passwords do the same thing!

It is amazing to see the thought that occupies someones mind for a split second that makes them say “hey that should be my password, no one will ever think it’s so simple and obvious!” as you turn around and high five your friend for wearing the same Starwars shirt.

Let’s try to take our online security a bit more seriously into this next year, you could even call it a new years resolution!

If you do have any concerns about other aspects of your online security or network, give us a call and let’s ensure your walls are made of hacker kryptonite! (my password is Sup3rM4n…not really)

Open post

Companies who have been breached are still confident in their defenses

There has been a lot of articles and news covering companies and businesses who have security breaches and had people’s vulnerable information out in the hands of some hackers. Despite this news, APAC organisations are still confident in their online security measures, and feel like they don’t need to change or enhance those measures.

Fortinet recently took a poll with an enterprise security survey and the results were, unique. If we look at the companies who took the poll we see that 86% of those organizations had actually been the victim of a breach, and yet 48% of the IT decision makers at APAC are still confident in their security defenses.

There were a total of 1,801 respondents across 16 countries globally. 82% percent of the APAC IT decision makers see themselves in a higher standard  when it comes to cybersecurity compared to other organisations. However there was an honest 6% that said they felt they were lagging behind. This curious insight tells a bigger picture of the false sense of security an organization can have, which can lead to a self detrimental outcome down the road.

The reasons for this confidence are found in the method that caused their data breach in the past. There is a lack of fear in their cybersecurity because most organizations chalk up their data breaches to things like social engineering, ransomware and email phishing, things that are less to do with cybersecurity and more to do with human error.

When questioned what these organisations would do differently in their security career, 46% said they would invest more into employee training when it comes to cybersecurity awareness, which would in turn prevent their security breached past to begin with.

As a follow up from the Fortinet poll, organisations have planned to employ an IT education program for 2018 to enhance user security in the organisations. This is a great start. but it was also made aware that only 26% of the APAC businesses plan to employ network segmentation to reduce the spread of malware.

It is important to not only be aware of threats online like email phishing, but also to enhance your understanding of cybersecurity methods that would prevent things like the spread of malware, or open back doors to the network!

If you have any networks that could use some beefing up, or your looking for some insight into online security, give us a call today and let Re2tech be your source of cybersecurity!

Open post

Follow up information on the Uber data breach

Earlier today, it was made public the specifics that were stolen during the Uber data breach. Uber gives a more in-depth idea of the information accessed by the hackers, giving customers and drivers a stronger understanding of their vulnerability.

Some U.S. senators have been hounding Uber for more information on their security breach and what it meant for the customers who’s information was involved. Uber had hired an outside cybersecurity firm after the massive data breach, to get some more detailed information on the event. The cybersecurity firm has stated that they found no evidence of any riders’ credit card information, bank account information or social security numbers being downloaded by the two hackers. Uber has however disclosed that in some cases, the hackers had retrieved the location information from the place where people signed up for Uber, as well has some heavily encoded versions of the user passwords.

The company has stated that they have not seen any evidence of account fraud or misuse of data from the breach. As a response to the data breach concealment, there has been two employees who were fired for not “informing the appropriate parties”. The two employees were anonymously contacted by the hackers, being told they had just been breached and demanded payment. Through the tracking of the breach using private cloud data stored on Amazon’s web services, Uber was able to shut down access from the hackers.

The two employee’s agreed to pay the hackers $100,000 so that they would delete the data. Later on, the hackers real identities were identified, and they signed documents saying that all breached data was deleted, ensuring that the information could not be abused. It was disocvered that the hackers first gained access to Uber’s network on Oct. 13th, 2016 and the last use point of contact was on Nov. 15th. 2016.

It is still unclear if a criminal investigation has been started. Uber has since installed a stronger online defense to prevent the same issue from arising again. 

Open post

HP laptops pre-installed with keyloggers

Recently made public by a security researcher by the name of ZwClose, is the unfortunate mishap affecting some of the HP laptops.

Supposedly in the past there have been complaints about HP leaving key loggers installed on laptops, posing a potential danger to those whose laptops are involved. Key loggers that could allow hackers to record every keystroke on the laptop and steal sensitive data from the users which can include everything from usernames and passwords to credit card information.

Unfortunately the mistake has once again risen is head. The key loggers have been found to be in an estimated 460 HP laptops, supposedly “accidentally left behind” from the manufacturing and testing stages of the laptops. The key loggers are turned off, which may seem like its not be deal then, however, there is the potential for hackers to alter the registry value associated with the key logger that would turn it on, and give the hackers access to the device.

HP claimed it was also a “debug trace” and has since been removed when made aware of the problem. A list of the affected models for HP laptops can be found at this link here. If your model is listed, it is important to update your drivers as soon as possible to prevent any possible key logging travesties.

It’s important to keep up to date on your devices and their security, so keep checking back for more insight on what may prove a threat to your home, life and online presence!

Open post

Breaking news! Everything keeps breaking! Here we go again…

Another day another security breach! But where at this time you may ask? A cryptocurrency company known as NiceHash.

Early Wednesday, it was discovered that hackers had breached the bank of NiceHash and stolen potentially millions of dollars in bitcoins. It was made known that most of the funds stolen belonged to the customers of NiceHash. The customers of NiceHash use their computer processing power to earn cryptocurrency.

The hack affected the payment system of NiceHash and got away with the entirety of NiceHash’s wallet, an estimated 63 million in bitcoins. NiceHash has stated that they are working on resolving the urgent matter as fast as possible, and have contacted the necessary law enforcement authorities, while also conducting their own investigation.

NiceHash is a mining service for cryptocurrencies. NiceHash lets people offer their extra computer processing power for high-energy calculations and in the process are rewarded with altcoins, a differrent form of cryptocurrency, that can be exchanged for bitcoins. Generally people move their earnings to their personal cyber wallets and exchange the bitcoins for currency in some manner, however some people chose to leave their earnings in NiceHash’s cyber wallet…the one that was hacked.

Cryptocurrency companies often boast about the safe and trustworthy technology that secures the currency from hackers and the like, but NiceHash isn’t the first company that’s in the cryptocurrency business to be hacked. Just last month, a company called Parity had their digital wallet frozen by a novice hacker, making around $162 million in cryptocurrency unusable.

Word of advice: Don’t leave your money in someone else’s pockets, it may not be there later.

Be careful on the web folks and as always, if you need some reinforcement of your networks and want to learn about your security options, as well as the technology your using, give us a call at Re2tech! 

Open post

PayPal acquires TIO networks but with a cost

Just hours ago, it was made public that PayPal has had a security breach due to their newly acquired networks company TIO.

Back in February, Paypal had acquired TIO Networks in hopes of introducing the TIO customers to PayPal’s services. This attempt at bolstering their user numbers has actually backfired.

Thus far it is estimated that 1.6 million customers’ personal information has been breached. PayPal has suspended TIO networks last month after discovering the evidence of a security breach. PayPal stated that TIO’s network had discovered the vulnerability in security and that the forms of information that was taken could be customer names, addresses, SSN, and login credentials.

It is important to note that the PayPal systems and TIO systems are separate networks and PayPal customers were unaffected. Thus far, TIO will remain in suspension until TIO’s platform issues with data security and information security standards are up to PayPal’s standards.

It’s quit lucky that PayPal had chosen not to fully merge the systems otherwise this could have become an even bigger issue and also involving customers with PayPal accounts.

Be careful where you put your sensitive information on the web, and ensure the businesses your using has strong network defenses. 

Posts navigation

1 2 3 4 5 6
Scroll to top