ANCHOR CYBER FEED

Summer is officially here, and with that comes vacation season. But before you go, make sure you’re following these simple steps to stay cyber-secure while you soak up the sun: Stay with mobile payment apps and carrier networks when traveling - avoid open public WiFi. Don't announce your plans or locations via social media. Enable the location and remote wipe capabilities on your mobile device. Make sure to have a short timeout for your mobile lock-out function, and use an adequate password/PIN.Hackers know you want to connect and they will do their best to gain access to your device and/or important data, not to mention being more than willing to just steal the device itself if they can. ​ http://www.darkreading.com/endpoint/5-tips-for-staying-cyber-secure-on-your-summer-vacation/d/d-id/1325930? http://www.nationalcybersecurityinstitute.org/small-business/summer-traveling-cybersecurity-tips/

A phishing campaign was discovered last week that targeted possibly millions of users of Microsoft's Office365 Corporate service. The campaign was delivering the Cerber ransomware, which encrypts documents, videos, and photos on the compromised computer, as well as any network file shares to which the compromised computer is attached, and then demands a ransom to provide the ability to decrypt them. The malware was delivered via a document with malicious macros embedded in it. Previous versions of Cerber were delivered via web-based exploits that exploited Flash vulnerabilities. The malware was able to bypass the built-in security tools in Office365, but was detected using the Check Point SandBlast malware protection system. The SandBlast technology can run on a Check Point firewall, as an agent on network endpoints, or as a cloud-based service. To learn more about Check Point Sandblast, contact Anchor.

By far, the biggest story in malware over the past two years or more is the rise of ransomware. This species of malicious software seeks to encrypt a computer or user's files then hold them hostage, demanding a ransom in order to provide the key to decrypt the data. While the first modern ransomware began to appear in 2005, it was the emergence of the CryptoLocker ransomware in 2013 that began the sharp increase in ransomware incidents that we are still observing today. Today, ransomware has largely displaced "banking trojans" and other financial and credit card information stealing malware as the most common form of financially-motivated malware in use today. How to Be Prepared for Ransomware Attacks Have adequate backup and restoration capability. While obviously we hope to avoid being hit by ransomware, we want to be prepared in case it does successfully strike us. Ensure that backups are frequent, and (very importantly) that backup file locations are NOT in w

What puts you at the greatest threat of being hacked? Is it your operating system, the websites you visit, the up-to-datedness of your anti-virus software? All of those things matter - and they matter a great deal - but what it really comes down to is this: how complacent are you about cybersecurity? Hackers looking for a computer to take advantage of may ping yours to see if it’ll reply; if it does, the answer lets them know what operating system your computer is running—an excellent starting point for their despicable games. ​ All computers have some kind of basic input/output system (BIOS), the basic program that brings a machine to life. It's the kind of thing you should never tamper with. And it should obviously remain heavily protected. http://www.huffingtonpost.com/jason-glassberg/are-apple-products-really_b_10241742.html?utm_hp_ref=cybersecurity http://money.cnn.com/2015/06/03/technology/mac-bug/ http://www.macworld.com/article/1051456/protectfw.html

Cybercrime is evolving at a rapid pace, and it's been predicted that data breaches could cost businesses $2.1 trillion globally by 2019. In order to stay ahead and protect data and businesses, security teams must adapt fast in the escalating arms race. To help you win the war Gartner has picked the top ten cyber security technologies for 2016. ​ www.information-age.com/technology/security/123461612/gartner-picks-out-top-ten-cyber-security-technologies-2016

Tuesday was the regular day for Adobe to release software updates, and this Tuesday they released a bulletin for Flash announcing that there was a newly-discovered vulnerability which was already being used, "in limited attacks," in the wild by cyber criminals. However... not patch was available. Yet. That patch was released this afternoon (Thursday), and is now available both on their website and via auto-update. The vulnerability it fixes (CVE-2016-4171) affects Flash on all platforms: Windows, Macintosh, Linux, and Chrome OS. It was reported to Adobe by researchers from Kaspersky Labs, who have observed it being used by an "advanced persistent threat" (APT) group that Kaspersky has dubbed "ScarCruft." Organizations are urged to ensure their system are updated as soon as possible. This is the third time in recent months that Adobe has delayed a Flash update from its normal, expected release time in order to include a patch for an active zero-day ex

There's a new ransomware program infecting computers called RAA that's written entirely in JavaScript and locks users' files by using strong encryption. It's rare to see client-side malware written in web-based languages such as JavaScript, which are primarily intended to be interpreted by browsers. Attackers have taken to this technique in recent months resulting in a spike in malicious email attachments. http://www.infoworld.com/article/3083419/javascript/dont-run-js-email-attachments-they-can-carry-potent-ransomware.html http://www.pcworld.com/article/3083392/security/dont-run-js-email-attachments-they-can-carry-potent-ransomware.html

Check Point Software Technologies, found a security flaw in Facebook’s Messenger platform that allowed hackers to change messages in a Facebook chat after they had been sent. In essence, it would allow anyone to essentially take control of any message and replace that message with a different link sent by Chat or Messenger, modify its contents, distribute malware and even insert automation techniques fooling you into infecting your system. https://securitytoday.com/articles/2016/06/07/facebook-vulnerability-allows-hacker-to-alter-conversations.aspx ​ http://blog.checkpoint.com/2016/06/07/facebook-maliciouschat/ https://www.helpnetsecurity.com/2016/06/07/facebook-vulnerability-chat-messenger/

Smart technology and access to high-speed internet has been a part of the Class of 2016. Their lives from the get-go, are making this group incredibly tech savvy. But, their hyper-connected behavior doesn’t come without its limitations. Bring in the next, extremely tech-adaptive generation into the workforce, we need to learn how you can protect your network from their laidback security behavior. As the workforce becomes increasingly mobile, managing all types of devices and network security is imperative to data security. http://www.darkreading.com/operations/5-ways-to-protect-your-network-from-new-graduates-/d/d-id/1325764? http://www.darkreading.com/cloud/millennials-could-learn-from-baby-boomers-when-it-comes-to-security/d/d-id/1325687?ngA http://www.darkreading.com/endpoint/believe-it-or-not-millennials-do-care-about-privacy-security/d/d-id/1322622

Data warehouses and business intelligence tools aren't just for measuring and monitoring business operations and performance. They can also be valuable in an organization's security program. http://www.infoworld.com/article/3071112/security/defend-yourself-build-a-cyber-security-database.html ​ http://www.darkreading.com/application-security/database-security/databases-remain-soft-underbelly-of-cybersecurity/d/d-id/1325216