ANCHOR CYBER FEED

Keeping your computer and information secure is challenging all the time, but is especially challenging when you are on the go. Both your device(s) and data can be at risk, and some of the protections you may be used to having on your corporate and/or home networks are not present. Extra vigilance is warranted in such situations. Whether you're traveling out-of-town or just working at a table in the Starbucks down the street, here are a few things to keep in mind to keep secure while traveling: Avoid Wi-Fi hotspots in cafes, hotels, restaurants, etc., especially “open” hotspots (which most publicly-accessible ones are.) iPhones have a built-in capability to connect to a VPN , so this is a way of more safely using open Wi-Fi. A wired connection in your hotel is better than Wi-Fi — less subject to monitoring.  When you work over non-secure networks (and any network you don’t control should be treated as such), a good practice is to work over a VPN connection or other remote

Social media is a vastly popular use of the Internet today, and a source for a huge interchange of data. This ability to upload and download many forms of data can make social media a conduit for illegitimate information flow in and out of an organization. Social media can also allow malicious individuals to seek out and connect with people by name or by interest. Foreign intelligence services and cyber criminals have been known to create fake profiles, sometimes based on those of real people, in order to connect with and gather information on persons in an area or field of interest. Key tips for security on social media include: Use two-factor authentication; most social networks have this option. Be careful who you accept "friend" requests or connections from. Check who they are already connected with, especially, to see if their connection make sense in light of what you know of this person. Avoid connecting with people you don’t know well. Use care in sharing pe

Private Web-based Email Accounts of CIA Director and Secretary of Homeland Security Hacked It was revealed this week that the CIA Director and Homeland Security Secretary’s private emails had been compromised by hackers, who published much of the information contained therein. The incident is interesting for two reasons. One was that the CIA Director’s private email included a number of potentially sensitive emails that had been forwarded from his White House email account during his time working there. The other is the method the attackers used, impersonating the account owners from one account to the next to gather the info necessary to reset their account passwords and gain control of the accounts. Organizations need to grapple with the reality that users’ personal accounts and devices can impact their work accounts and data, and should ensure that policy and training address these issues. http://www.scmagazine.com/cia-director-brennans-personal-email-contained-sensitive-info-h

In many organizations, more and more work is being conducted via “mobile devices” like smartphones and tablets rather than traditional PCs and laptops. The most common of these by far are those running Apple’s iOS (iPhones and iPads) and those running Google’s Android OS. These devices are light, portable, convenient, handy, and generally easy to maintain and manage. However, they are still powerful computing devices that can store a lot of critical information and can also prevent serious security challenges. Some basic measures that you should take include: Set a password and set your phone to lock automatically after a short period of non-use. It’s so easy to lose a phone on a bus or train or in a restaurant, and if someone picks it up while it’s unlocked they can do and access pretty much everything on the device. Consider enabling a function to wipe the data and settings from your device if the passcode is entered incorrectly enough times. This function does allow for some

The phrase “the Internet of things” (IOT) has gained currency over the past several years as more devices aside from traditional computing devices are being connected to the Internet. The term was coined in a 1999 presentation on the use of radio-frequency ID (RFID) chips to track items in the manufacturing and delivery process. Since then it has become a major issue in technology circles and a subject of much concern regarding the security implications of such Internet-connected "things." Many appliances and other devices are connected to the Internet now, primarily in order to provide for remote control and/or monitoring. Common examples include security cameras, thermostats, door locks, automobile systems, medical devices, and home lighting control systems (indeed, whole-house control systems). The Nest thermostat (and later smoke detector and cameras) was perhaps the first highly-visible and widely-known Internet-connected “thing,” and its popularity helped bring the

New Flash Zero-Day Vulnerability Being Actively Exploited Last Tuesday, the same day that Adobe released their regular monthly patches, Trend Micro disclosed their discovery of a new zero-day vulnerability being exploited by the “Pawn Storm” hacking group. The observed activity is directed primarily against various nations’ foreign affairs ministries, but the vulnerability (CVE-2015-7645) is not publicly disclosed and may be subject to further exploitation. Adobe released a new out-of-cycle patch for the issue on Friday evening. http://www.cnet.com/news/another-security-flaw-affects-all-versions-of-adobe-flash/ http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/ https://helpx.adobe.com/security/products/flash-player/apsa15-05.html Microsoft Releases Six Patches for IE/Edge, Office, Windows Last Tuesday, Microsoft released six updates that fix about 33 security issues in their browsers, in Windows, and in Office.

Our last tip discussed the importance of using strong, complex passwords, and being diligent to use different passwords for everything. Most of us can agree that is good advice, but many of us don't follow it. The reason is simple: it is too hard to remember all those passwords! I understand completely; I personally have about 300 passwords right now! The old wisdom was to never write down your passwords and never record them ANYWHERE. However, the big threat to your data today is not someone who finds your password hidden under your keyboard, but someone on the other side of the world cracking or guessing your password. So to make complex and unique passwords possible, many security professionals recommend the use of a "password manager" software or service. Password managers are apps used to safely store ALL of your passwords and keep them safely encrypted in one place. Most are offered by providers who will store the data in the cloud so that you can sync it to a

If you are like most modern folks, you use a large number of passwords every day. As mentioned in our very first tip this month, the use of passwords alone to secure anything of significant value/importance is a questionable practice by today’s standards. However, the reality is that for now and for the foreseeable future we are likely to be doing business in this way with many of the sites and services we access. And even with multi-factor authentication, the use of a strong password is still your first line of defense. So how do you ensure your passwords are strong? Key tips include: Length is strength. Making your password longer is the easiest and most effective way to make it stronger and more difficult to guess it crack.  Consider using a real phrase. A real phrase, complete with spaces, capitalization, and punctuation, will be longer than most passwords while meeting most password requirements, being quick for a good typist to type, and being easy to remember. Don'

Most anyone who browses the web regularly knows that some pages are “secure” and some are not. The key difference is that “secure” websites are served using the HTTPS protocol rather than HTTP protocol; this means that the information sent between your browser and the web server is encrypted so that anyone potentially “listening in” between you cannot read it. HTTPS also provides for positive identification of the website to avoid you being fooled by a fake. Web browsers have various visual cues to help you know you are on the right site and that it is being served to you securely. Chrome, for instance, looks like this. This video shows you how the different browsers show you if a site is secure. Like everything in technology, the methods used for providing this security have advanced in the past decade. For organizations hosting websites, there is a need to balance between enabling users to access your site even if they may be using an older device/browser and ensuring that

Vulnerability in Microsoft Outlook Web Services Exploited Cybereason, an Israel-based security vendor, claims to have discovered a "back door" in Microsoft's Outlook Web Services that was used to install malware on a company's web services, and to compromise the data of thousands of employees. Microsoft has responded that the flaw is only exploitable by a user or attacker who already has privileged access to the Exchange server in question. http://www.cybereason.com/cybereason-labs-research-a-new-persistent-attack-methodology-targeting-microsoft-owa/ http://blogs.technet.com/b/exchange/archive/2015/10/07/no-new-security-vulnerability-in-outlook-web-access-owa.aspx http://www.scmagazine.com/backdoor-in-ms-outlook-webmail-raises-security-doubts/article/443415/ FBI Urges Organizations and Users to Adopt Multi-Factor Authentication The FBI issued a posting urging organizations and individuals to use two-factor authentication (aka multi-factor authentication)