Cybersecurity

Employees Are One of the Biggest Cyberthreats to Businesses in North America

Grazed from Kaspersky Lab

Kaspersky Lab today released a report, Business Perception of IT Security: In the Face of an Inevitable Compromise, revealing the current state of security threats among businesses and how their perception of threats compares to the reality of cybersecurity incidents experienced over the past year, both in North America and worldwide. A top concern of North American businesses and a leading cause of successful cyberattacks in these organizations are also the most important asset: their employees.

The findings are a subset of data from the 2016 Kaspersky Lab Corporate IT Security Risks survey, which confirms cyberattacks are not uncommon to businesses throughout the world. In just the last 12 months on a global scale, 43 percent of businesses experienced data loss as a result of a breach. When taking a closer look at businesses in North America, the data reveals that these organizations are significantly less protected against attacks compare to businesses worldwide. For enterprises, nearly half (44 percent) in North America suffered four or more data breaches in the past 12 months alone, which is double the amount that businesses worldwide suffered (20 percent).

Alphabet Inc Shuts Down Cloud Service Of Client For Malicious Attacks

Grazed from MarketExclusive. Author: Adam Russell.

Fred Trotter, the executive of healthcare research startup CareSet and healthcare startup DocGraph recently got to work only to find that Alphabet Inc (NASDAQ:GOOGL) had locked him out of his cloud computing service. The CEO reported to work as usual on Monday morning only to finds that Alphabet had shut down his firm’s account on the Google Cloud computing service, worrying him and his team.

Trotter received a warning that one of his systems had been carrying out intrusive attacks against third parties. Alphabet condemned the act and warned the executive and his team that the problem should be fixed. Alternatively, they were expected to explain the legitimacy of the unexpected network traffic. Alphabet threatened to terminate the cloud services if the CEO and his team failed to carry out any of the requests...

Cloud Computing: 5 Cybersecurity Threats Businesses Should Watch Out for in 2016

Grazed from Tech.co. Author: Dennis Hung.

From phishing attacks to new and creative malware to infected laptops, cyber-crime is globally growing at an alarming rate. These cyber criminals are not just targeting the blue chip companies and large corporations as the media reports. According to Symantec, 43 percent of cyber-attacks in 2015 targeted small-to-medium sized businesses with around 250 to 500 workers. Experts forecast a continuation of this trend in 2016 with the global cybercrime industry growing to $600 billion a year. The weak cyber security protocols of these businesses make them easy targets. They also offer access to larger corporations and the government who are their clients.

Malware

Malware lurks in the background stealing company data such as usernames and passwords. These malware is mostly installed by unsuspecting employees. According to Blue Coat, the average data breach can cost an organization 5.4 million dollars. In April 2016, MetStar, a non-profit organization running 10 hospitals in the Baltimore and Washington area was a victim of SAMSAM ransomware that encrypted sensitive data, requiring them to pay up the amount of 45 Bitcoins (approx. US$ 18,500) for the decryption key. Luckily, the IT department was able to detect the malware and prevent it from spreading further into their internal network...

Read more from the source @ https://tech.co/cybersecurity-threats-businesses-watch-2016-05

VMware Patches Man-in-the-Middle and Web Session Hijack Vulnerability

By David Marshall

ATTN: VMware administrators.  Do you have plans this afternoon?  What about this weekend? 

"Patch now!" is the word coming down from the VMware mothership after the company revealed a new security flaw (VMSA-2016-0004) this week in the VMware Client Integration Plug-in that if exploited by an attacker could lead to a man-in-the-middle attack.

 

Cloudwick Announces First Open Source Adaptive Cybersecurity (OSAC) Vulnerability Assessment on Cloud or On-Premise

Grazed from Cloudwick

Cloudwick
, the leading provider of bimodal digital business services and solutions, announced today a new vulnerability assessment for advanced cybersecurity threat detection for on-premise and cloud. This assessment provides unprecedented north-south and east-west DNS as well as internal and perimeter flow vulnerability analysis capable of analyzing more than 30 billion events per day.

At its booth (1024) at Strata + Hadoop World in San Jose (March 28-31), Cloudwick will demonstrate its advanced cyber threat detection for complete threat visibility into:

1. Perimeter & Internal flow attacks by stealthy scanning, side channel data escapes, reflection attacks, unusual data flows and beaconing, and:

2. DNS threats from tunneling, NNTP and Beaconing

Pwn2Own Contest Places a $75K Bounty to Hack VMware Workstation at CanSecWest Security Conference

Article Written by David Marshall



The annual Pwn2Own hacking contest returns next month to the CanSecWest security conference and researchers are going up against the most popular browsers and operating systems, challenged with finding and exposing exploits.  

For this year's contest, participants will be asked to exploit Microsoft Edge or Google Chrome on fully patched versions of 64-bit Windows 10 and Apple Safari on OS X El Capitan.  

Exploiting Google Chrome or Microsoft Edge will earn hackers a $65,000 prize, while exploiting Apple Safari on Mac will earn a payout of $40,000.  Achieving system-level access on Windows or root access on Mac OS X would bring an additional bonus of $20,000 to the pot.
 

IBM Sees 2015 Growth in Cloud, Security and Systems

Grazed from eWeek.  Author: Darryl K. Taft.

 IBM's strategic initiative led the way in 2015, with cloud now a $10 billion business and security a $2 billion unit. Systems and analytics also grew.  Despite another quarterly revenue slide, IBM sees a silver lining in its strategic imperatives as these key focus areas—cloud, analytics, mobile, social and security—show significant growth and indicate Big Blue is committed to succeeding in its transformation.

In the fourth quarter of 2015, IBM saw its revenue decline 9 percent to $22.1 billion; however the company's strategic imperatives revenue grew 26 percent (adjusting for currency and the System x divestiture) to $28.9 billion and now represents 35 percent of the company's overall revenue...

The Future of Information: Linking Cloud, Cybersecurity and Big Data Investment

Grazed from INNDaily. Author: Morag McGreevey.

Sometimes it seems like every other business is a cloud-based company. This internet-based computing service has entirely transformed the way information is processed, organized, stored and shared. Indeed, it seems almost impossible to separate the explosion of big data from cloud computing.

However, the rapid transition from old school data management to the highly efficient data centers driving today’s markets has created a need for cybersecurity solutions. With sensitive personal information, healthcare records and financial records being managed by these systems, cloud security has emerged as a vital aspect of protecting this data. As a result, cloud computing, cybersecurity and big data investment have formed an important nexus in the tech space...

Cloud Computing: Hackers reveal flaws in cyber security framework

Grazed from TheNation.  Author: Asina Pornwasin.

The recent hacking of government websites has called into question the government’s cyber security standards and risked its reputation for management, but a single gateway was not a solution to that problem, cyber security specialists said yesterday.  What the government can do is upgrade cyber security standards and adopt cyber security best practices as well as draft a national policy framework and regulations for cyber security. 
 
Police websites and about 300 Courts of Justice websites were hacked by sympathisers of the Anonymous group in protest against the Koh Tao double-murder verdict.   That led to a suggestion from police to bring back the single gateway plan to tackle the problem...

Cloud Computing: What's Behind Microsoft's Security Moves

Grazed from CMSWire. Author: David Roe.

Microsoft CEO Satya Nadella announced the launch of a new security strategy for the entire Microsoft portfolio on Nov. 17. Except Nadella didn’t call it a strategy — he called it a "posture." In practical terms we'll assume there isn't much difference between the two. Nadella said that security will no longer be an afterthought in product design, but rather a core consideration.

Same As It Ever Was?

Security is top of mind for Microsoft as it develops business around cloud products like Azure and Office 365. But does this announcement herald a new era for Microsoft’s approach to security? According to Garrett A. Bekker III, senior analyst for Information Security with 451 Research, the objectives may be different, but the way Microsoft is going about it is not...

Read more from the source @ http://www.cmswire.com/information-management/whats-behind-microsofts-security-moves/