Monday, June 29, 2015

Mobile devices are a company’s biggest security risk

Mobile devices are the weak links in a company’s security chain, providing easy access to valuable organizational assets.

Mobile devices are the weak link in a company’s security chain, providing easy access to valuable organisational assets. This is according to Check Point Software Technologies’ third annual Security Report.

For an organisation with more than 2,000 devices on its network, there’s a 50% chance that at least six are infected.

IT providers’ top mobile security challenge is securing corporate information, while their second is managing personal devices storing both corporate and personal data.

“Corporate data is at risk, and being made aware of these risks is critical to taking the proper steps to secure mobile devices,” said Check Point South Africa.

Read more:

Image courtesy of Stuart Miles at

Thursday, June 25, 2015

Easy Access Fuels ATM Attacks - ATM 'Eavesdropping' Alert Highlights New Risks

Global ATM manufacturer NCR Corp. issued an alert this week about card reader eavesdropping attacks, which were first identified in Europe last year and are now spreading, potentially posing a risk in the U.S.

These attacks involve accessing or opening the top of an ATM's enclosure, where the card reader is housed, and attaching a so-called wiretapping or eavesdropping device to the reader. The attackers' device captures card data as it is transmitted from the card reader to the ATM.

Earlier attacks, which were targeting through-the-wall ATMs typically installed right outside a bank branch, involved drilling a hole or cutting into the ATM's enclosure to insert and attach the device to the card reader.

Read more:
(Image courtesy of 

Wednesday, June 24, 2015

Unencrypted Device Breaches Persist

Health Data Breach Tally Shows String of Theft Incidents

Image courtesy of 
dream designs 
Although hacker attacks have dominated headlines in recent months, a snapshot of the federal tally of major health data breaches shows that stolen unencrypted devices continue to be a common breach cause, although these incidents usually affect far fewer patients.

See Also: The Enterprise at Risk: The 2015 State of Mobility Security

As of June 23, the Department of Health and Human Services' Office for Civil Rights' "wall of shame" website of health data breaches affecting 500 or more individuals showed 1,251 incidents affecting nearly 134.9 million individuals.

Those totals have grown from 1,213 breaches affecting 133.2 million individuals in an April 29 snapshot . . . Read more:

Tuesday, June 23, 2015

Google Chrome Listening In To Your Room Shows The Importance Of Privacy Defense In Depth

Image courtesy of joesive47 at

Yesterday, news broke that Google has been stealth downloading audio listeners onto every computer that runs Chrome, and transmits audio data back to Google. Effectively, this means that Google had taken itself the right to listen to every conversation in every room that runs Chrome somewhere, without any kind of consent from the people eavesdropped on. In official statements, Google shrugged off the practice with what amounts to “we can do that”.
It looked like just another bug report. "When I start Chromium, it downloads something." Followed by strange status information that notably included the lines "Microphone: Yes" and "Audio Capture Allowed: Yes". Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room.

Monday, June 22, 2015

“EPIC” fail—how OPM hackers tapped the mother lode of espionage data

Image courtesy of  Idea go at
Two separate "penetrations" exposed 14 million people's personal info.

Government officials have been vague in their testimony about the data breaches—there was apparently more than one—at the Office of Personnel Management. But on Thursday, officials from OPM, the Department of Homeland Security, and the Department of the Interior revealed new information that indicates at least two separate systems were compromised by attackers within OPM's and Interior's networks. The first was the Electronic Official Personnel Folder (eOPF) system, an entity hosted for OPM at the Department of the Interior's shared service data center. The second was the central database behind EPIC, the suite of software used by OPM's Federal Investigative Service in order to collect data for government employee and contractor background investigations.
OPM has not yet revealed the full extent of the data exposed by the attack, but initial actions by the agency in response to the breaches indicate information of as many as 3.2 million federal employees (both current federal employees and retirees) was exposed. However, new estimates in light of this week's revelations have soared, estimating as many as 14 million people in and outside government will be  . . .  

Saturday, June 20, 2015

Zero-Day Exploits for Stealing OS X and iOS Passwords

I think you'll agree with me when I say: Apple devices are often considered to be more safe and secure than other devices that run on platforms like Windows and Android, but a recent study will make you think twice before making this statement.

A group of security researchers have uncovered potentially deadly zero-day vulnerabilities in both iOS and OS X operating systems that could put iPhone/iPad or Mac owners at a high risk of cyber attacks.

Researchers have created and published a malicious app on the App Store that was able to siphon users’ personal data from the password storing Keychain in Apple's OS X, as well as steal passwords from iCloud, banking and email accounts.

Read more:

Thursday, June 18, 2015

Baseball Insider Corporate Espionage: Making Sure You Aren’t Next

Image courtesy of cooldesign at
With a successful major security breach happening nearly every month now, it is easy to start treating this as noise, but that could be a career-ending decision. The news this week wasn’t just on the Cardinals hacking the Astros but also on Congress asking for heads to roll on the Chinese hack that compromised the information of a massive number of federal employees.

While I think the drama of all of this is fascinating, the underlying problem is the continued focus on blame rather than actually attempting to fix the problem. At the heart of the federal problem is an endemic lack of focus on making critical systems secure. So much so that last year the Attorney General recommended shutting much of the system down to protect confidential information.