Are Your Group Chat Messages Safe?

Are Your Group Chat Messages Safe?

The group messenger app WhatsApp is an easy target for hackers. Read more to find out what is at stake.

Since the messaging platform, WhatsApp was acquired by Facebook in 2014, its growth has been unstoppable. The app now boasts over a billion users each month who send over 30 billion messages per day.

WhatsApp has strengthened their security over recent years by adding two-step verification, and automatic end-to-end encryption. Despite this, there are still some security threats you need to know about.

Web Malware

With over a billion users, it’s almost certain that malicious cybercriminals would look to exploit the popular messaging app. WhatsApp announced the launch of a web interface and desktop application in January 2015. Unsurprisingly, hackers were quick to pounce with fake WhatsApp websites and applications that stole data and distributed malware.

Some attackers created malicious software downloads that would masquerade as WhatsApp Desktop applications. Once installed they could install and distribute malware or otherwise compromise your computer. Others turned to creating websites pretending to offer access to WhatsApp Web. They ask for your phone number in order to “connect you to the service” but in reality use it to bombard your WhatsApp with spam messages.

Although WhatsApp does offer a client for both Windows and Mac, the safest option is to go directly to the source at http://web.whatsapp.com. Read more »

Where We Stand and Where We Need to Go

You may not know exactly what your IT Security problem is. We will find it and we’ll develop and implement real-world solutions. This article highlights the trends in cybersecurity and the trajectory of our field.

AI in Cybersecurity: Where We Stand & Where We Need to Go

How security practitioners can incorporate expert knowledge into machine learning algorithms that reveal security insights, safeguard data, and keep attackers out.

With the omnipresence of the term artificial intelligence (AI) and the increased popularity of deep learning, a lot of security practitioners are being lured into believing that these approaches are the magic silver bullet we have been waiting for to solve all of our security challenges. But deep learning — or any other machine learning (ML) approach — is just a tool. And it’s not a tool we should use on its own. We need to incorporate expert knowledge for the algorithms to reveal actual security insights.

Before continuing this post, I will stop using the term artificial intelligence and revert back to using the term machine learning. We don’t have AI or, to be precise, artificial general intelligence (AGI) yet, so let’s not distract ourselves with these false concepts.

Where do we stand today with AI — excuse me, machine learning — in cybersecurity? We first need to look at our goals: To make a broad statement, we are trying to use ML to identify malicious behavior or malicious entities; call them hackers, attackers, malware, unwanted behavior, etc. In other words, it comes down to finding anomalies. Beware: to find anomalies, one of the biggest challenges is to define what is “normal.” For example, can you define what is normal behavior for your laptop day in, day out? Don’t forget to think of that new application you downloaded recently. How do you differentiate that from a download triggered by an attacker? In abstract terms, only a subset of statistical anomalies contains interesting security events.

Applying Machine Learning to Security
Within machine learning, we can look at two categories of approaches: supervised and unsupervised. Supervised ML is great at classifying data — for example, learning whether something is “good” or “bad.” To do so, these approaches need large collections of training data to learn what these classes of data look like. Supervised algorithms learn the properties of the training data and are then used to apply the acquired knowledge to classify new, previously unknown data. Unsupervised ML is well suited for making large data sets easier to analyze and understand. Unfortunately, they are not that well suited to find anomalies. Read more »

Jason’s Deli warns customers of possible data breach

Jason’s Deli warns customers of possible data breach

Our job is to make sure you are secure. We solve real-world security issues. This incident occurred recently and is prevalent in today’s society. Read the article below to learn more.

Jason’s Deli is warning customers of a data breach.

The Texas-based deli chain said it was notified on Dec. 22 by “payment processors – the organizations that manage the electronic connections between Jason’s Deli locations and payment card issuers – that MasterCard security personnel had informed it that a large quantity of payment card information had appeared for sale on the “dark web,” and that an analysis of the data indicated that at least a portion of the data may have come from various Jason’s Deli locations.” Read more »

2017’s Top Hacks and Data Breaches

2017 was a year teeming with hacks and data breaches. Our solutions are all-encompassing. That is we build comprehensive, realistic, effective IT solutions that solve our clients’problems. HackRead takes us for a stroll down memory lane. Relive what hacks and data breaches occurred.   https://www.hackread.com/2017-top-hacks-data-breaches/

 

2017 is over, but memories of some of the biggest hacking and data breach related incidents will haunt victims for a long time. Today, we will be highlighting biggest hacking incidents of 2017 including malware attacks leading to ransomware infection or a simple email that turned out to be a phishing email and stole millions of dollars from unsuspecting users and businesses.

These incidents also involve those which took place in the last few years but announced in 2017. So brace yourself.

Equifax

In July 2017, the consumer credit reporting agency Equifax suffered a massive data breach in which personal data of 143 million Americans were stolen. This means over 40% of the entire population of the United States had their personal information stolen.

The stolen data includes names, birthdays, addresses, driver license numbers, credit card data and including social security numbers (SSNs). The company only announced the incidents to the victims and media on September 8th.

Yahoo

Yahoo is often in the news for wrong reseasons and on October 4th, 2017 the company announced it suffered a cyber attack in which hacker stole 3 billion user accounts in August 2013. This means each and every Yahoo user had their Yahoo email and password stolen.

HBO

2017 was a bad year for Home Box Office (HBO) thanks to an alleged Iranian hacker who stole a massive trove of company’s data including unreleased episodes of Game of Thrones, Curb your Enthusiasm and Insecure etc.

The hacker also stole personal data from HBO’s Viviane Eisenberg, the Network’s Executive Vice President Legal Affairs and ended up leaking it online. The data included emails and plain-text passwords for her social media, bank, work and university accounts. Read more »

2018 Forecast: Hacking…as prevalent as it was in 2017

 Clients come to us to solve real-world problems, not to just check the boxes. At Adsero Security, our job is to make sure you are secure. The Huffington Post reminded all of us how prevalent hacking was in 2017: https://www.huffingtonpost.com/entry/data-breach-hacks_us_5a3a7f56e4b025f99e13cdbe

Once more unto the (data) breach, dear friends.

2017 was notable for some massive data breaches, unintended exposures of sensitive information on the internet and other unfortunate tech incidents. Some were intentional (looking at you, North Korea), and some were not (hello Equifax, nice of you to join us).

2018 probably won’t be any better.

Read more »

Adsero Security points to cyber security threats within; Offers IT security techniques to keep your systems safer

What are the security threats lurking within your organization? Discover how to keep your systems safer:

TAMPA, Fla., Dec. 21, 2017 (GLOBE NEWSWIRE) — A 2016 IBM cyber security intelligence report found that 60 percent of all cyber-attacks were related to, or directly the result of, insider activity. Cody Wray, Co-Managing Partner of Tampa FL based Adsero Security, observes that these security breaches often originate from three unique sources within an organization’s known security perimeter.

  • Malicious Insider: This individual has motive to harm. He or she could be a disgruntled employee, one facing workplace discipline or financial difficulties, or an individual using work privileges for personal gain.
  • Negligent Insider: This employee is bypassing company cyber security protocols to be more productive or save time. He or she is careless in securing data or losing credentials, or is falling prey to phishing attacks that can result in security breaches, theft of sensitive data and the introduction of malware into an organization’s IT systems. These individuals often knowingly exceed the organization’s risk tolerance.
  • Third Parties: Subcontractors, vendors, and business partners may all have access to your systems. However, your ability to ensure they adhere to best practices is limited. To maintain your organization’s cyber security standards, all third parties should be treated as a security risk.

“Employees and associates can pose the biggest cyber security threat, whether their actions or intentional or not,” says Wray. “Establishing a culture of security through an employee awareness training program is essential. And, once you have an entity-wide security program in place, an organization must continually evolve with it through ongoing employee training and consistent security program maintenance and updates. Finally, remember that practicing basic cyber hygiene can address or mitigate many security breach attempts.” Read more »

IT security advice from Adsero makes the news:

IT security advice from Adsero makes the news:

TAMPA, Fla., Dec. 20, 2017 (GLOBE NEWSWIRE) — Organizations that rely on simple security appliances or monitoring services are not getting a complete view of their risk surface and are enjoying a dangerous false sense of security, observes Jason Martino, Co-Managing Partner at Adsero Security.

In addition, cloud computing and mobile, while increasing business agility, have fragmented the traditional security perimeter and further complicated security efforts. According to Martino, reactive security protocols are no longer sufficient. Instead, a proactive security approach is mandatory in today’s severe risk environment. Read more »

Breaking News: Healthcare Data Breach

Sharing some breaking news with you about a healthcare data breach. Emails could be the culprit. Are you protecting yourself against a data breach? http://www.healthexec.com/topics/health-it/email-most-likely-source-healthcare-data-breach

A survey of senior information technology and security professionals in healthcare found the most likely source of a data breach to be email—which the vast majority of respondents admitted to using frequently to transfer protected health information and consider critical to their organization.

Seventy-six IT professionals were surveyed by Mimecast, a data security company, and HIMSS Analytics. When asked to rank likely sources of a breach, email got more first place votes (37) than the other categories combined. Laptops and other portable devices were the next likeliest sources. Read more »

Breaking News: Uber Breach

Sharing some breaking news with you about the recent Uber breach. Ransomware is becoming more and more expensive with every incident. Are you taking precautions to avoid being victimized? http://for.tn/2Bt1VYY

The massive data breach at Uber that exposed the data of some 57 million accounts was the work of 20-year-old Florida man, who was paid by the ride-hailing company to destroy the information through its bug bounty program.

The revelation, which was uncovered by Reuters, is the latest mark against Uber as it struggles to move past its many controversies and reshape its toxic work culture.

Read more »

New Release: Complimentary IT Vulnerability Scans Offered

As business risks increase, Adsero Security offers complimentary IT vulnerability scans

Did you know that “As business risks increase, Adsero Security offers complimentary IT vulnerability scans” ? Check out our article feature on the Tampa Bay Newswire:

TAMPA, FL – As a service to IT teams at large firms seeking to strengthen their data security protocols in a business environment becoming riskier by the day, Adsero Security announces complimentary external vulnerability scans of internet-facing corporate networks, including up to four external domains or IP addresses.
The offer is in response to proof of increased computer-driven cyber-attacks on U.S. firms identified by Adsero’s intercept tracking technologies at its Tampa headquarters.
“In our combined 40 years of experience in IT security, we haven’t seen anything like this before. The hackers’ computers continue the pressure constantly, day and night, until they find a weakness and work their way in,” said Jason Martino, Co-Managing Partner at Adsero Security. “As our systems monitor the alarming level of inbound penetration attempts from all corners of the world, and display them on our wall monitors, the trajectories look almost like hundreds of inbound ICBMs at the start of a nuclear war.”
Adsero Security specializes in preparing large firms for data security audits such as the SOC 1 and 2, HIPAA, PCI, ISO/IEC and others, assisting them in addressing deficiencies identified in the audits, writing IT compliance policies, and then implementing ongoing managed security.

 

Read more »