ANCHOR CYBER FEED

Numbers or pictures? Smiley face or thumbs up? Hackers have learned to adapt to the ways that online users create their passwords. Using common words, phrases, and numerical strings is clearly not secure enough these days. Ideally, a strong password is totally random; however, the stronger the password the harder they are to remember. This often leads to a weak password or the replication of the same password for every login. Enter the emojis as an potential alternative. The beauty of an emoji password system is that the picture is translated into characters by the log-in system, and each emoji may be comprised of a number of characters resulting in a lengthy password. The addition of emojis to our passwords would make it visually easier for the user while adding knock-out security due to the large number of characters for hackers to decipher. http://www.marketwatch.com/story/the-new-password-emojis-2015-12-29 http://www.npr.org/sections/alltechconsidered/2015/06/15/414742418/e

"RansomWhere?" Tool Released to Detect and Halt Ransomware on Mac Computers Patrick Wardle, a leading researcher in Apple Mac vulnerabilities and security measures, released a tool called "RansomWhere?" last week to halt ransomware infections on Mac computers. Though ransomware has not been a widespread issue on Macs to this point, the tool's operational concept is interesting. It watches users' home folders (and their sub-folders), where the vast majority of documents are stored locally, for rapid write operations being performed on many files and suspends the responsible process. To avoid false positives, RansomWhere? catalogs all the programs running at the time it is installed, and it will never alert on actions taken by those programs; for this reason it is not effective if installed on a computer with ransomware already present. The technique is not insurmountable, but a similar tool on Windows PCs would likely stop the majority of existing ransom

Most businesses have experienced, or will experience, a cyber security breach. Don't be exposed. General Liability Insurance may not offer you the resources to mitigate a breach, recover your data and repair your brand. Your existing security controls may not manage all of your risk, and a cyber insurance policy can supplement weaknesses in your controls. HOWEVER, also be sure to understand the coverage you will receive with your cyber insurance policy and what cyber risks you are outsourcing. ​​ http://www.technewsworld.com/story/Insurance-Industry-Buzzes-Over-Data-Breach-Ruling-83403.html https://databreachinsurancequote.com/cyber-insurance/does-commercial-general-liability-insurance-cgl-cover-a-data-breach/ https://databreachinsurancequote.com/cyber-insurance/how-cyber-insurance-may-or-may-not-cover-a-ransom-attack/

Recent research shows that a cyber attacker can launch an attack from up to 500 feet away. The attacker is able to take control of the target computer without physically being in front of it. The attacker can then type arbitrary text or send scripted commands at 1000 words per minute, making it possible to rapidly perform malicious activities without being detected. ​ http://www.securityweek.com/mousejack-vulnerability-affects-80-percent-organizations-survey​

Microsoft "Patch Tuesday" Includes Six Critical Updates Last Tuesday, on their regular monthly day to issue patches, Microsoft released thirteen security bulletins, six of them rated as "critical." Two of these (MS16-037 and MS16-038) are for Microsoft's browsers, Internet Explorer and Edge, respectively. MS-039 and MS16-040 are for core components of Windows, and affect nearly every supported version of the operating system for both servers and workstations. MS16-042 is for Microsoft Office, and affects every currently-supported version (even those for Mac). This is a particularly urged update to install, given that malicious documents attached to email are a common source of malicious software infections. Organizations are urged to test and install these updates as soon as possible. http://www.symantec.com/connect/blogs/microsoft-patch-tuesday-april-2016 https://technet.microsoft.com/library/security/ms16-apr?f=255&MSPPError=-2147217396 High Risk

Microsoft SQL Server is one of the most widely-used database management systems (DBMS) in businesses today, particularly with smaller organizations and more modest requirements. This Tuesday (April 12th), SQL Server 2005 hit the end of its extended support period. This means that Microsoft will no longer be providing updates to resolve any security issues with the software. The presence of outdated and unsupported software on an organization's systems is one of the most severe issues commonly seen during security assessments. Database software is one of the most difficult types of software to deal with, as it generally serves as a "back-end" behind some other application or website, and compatibility issues are common. What to do about this: Verify the versions of SQL Server on all your systems. If you are running SQL Server 2005, identify all applications that depend on that server. Check with any application vendors regarding compatibility with newer SQL Server ver

Zero-Day Flash Vulnerability Announced, Patch Available A new vulnerability (CVE-2016-1019) in Adobe Flash was announced last week; the vulnerability is being actively exploited to install malware on vulnerable computers. Adobe stated that their latest update released in March prevents the worst type of damage from this vulnerability, such that most exploitations attempts will result only in a crash rather than remote code execution. On Thursday, Adobe released a patch to fix the vulnerability. The patched version is 21.0.0.213, and you can check if you have the latest version installed by visiting <a href=" flash="" http:="" products="" www.adobe.com=""> this link . Keep in mind that different browsers may have separate installations of Flash, so you should check with all browsers on your system(s). http://www.eweek.com/security/adobe-working-on-zero-day-pwn2own-patches-for-flash.html https://helpx.adobe.com/security/products/f

Another bad Java bug (CVE-2016-0636) was revealed recently; in this case it was actually a bug that was found back in 2013 and was just never patched properly. The vulnerability was publicly exposed a couple of weeks ago, and Oracle released a patch just this week. But either way, it's the same sad, old song: your computer's Java installation could allow a malicious webpage to quickly, quietly, and entirely take complete control. All your files, all your processes, exposed. Everything you have access to on the network, the attacker has access to. But what can you do about it? There will always be vulnerabilities popping up, and Java is an essential part of using the web, so we're just stuck with it, right? Well, that may have been (or seemed) true ten, or even five, years ago, but Java apps on the web have been declining in popularity for a long time. Most of go weeks or months without doing anything online that requires the use of a Java runtime interpreter on ou

Ransomware Continues to Grow as a Threat to Organizations of all Types and Sizes Ransomware, malicious software that encrypts digital files and demands a payment for the ability to decrypt them, continues to grow as a threat to organizational computer systems. Due to the profitable and (so far) low-risk nature of these attacks for criminals, the variety and frequency of attacks using ransomware has increased greatly over the past year. Several hospitals and other health care organizations have been targeted and even crippled by such attacks recently. According to a recent DHS report, the federal government faced at least 321 such attacks in 2015. While the variety of such malware makes it impossible to prescribe a single technology or method for avoiding or stopping such attacks, it is widely agreed that frequent, complete, and reliable backups are an essential step for avoiding being crippled by such attacks. http://www.computerworld.com/article/3050018/security/medstar-health-pa