New SiteLock Application to Protect WordPress

June 19th, 2017 by admin No comments »

WordPress open-source publishing is the popular platform for companies. It has also attracted cyber criminals. Sites face attacks frequently. SiteLock, a Scottsdale, Ariz. website security vendor has started private beta of its new SMART Database (SMART/DB) solution. This application scans detects and automatically removes spam and malware from WordPress databases.

 SiteLock was formed in 2008. President Neill Feather mentioned that company specializes in helping small and midsized businesses (SMBs) mount a defence against cyber attackers. It also provides easy-to-deploy web application firewall (WAF) and distributed denial-of-service (DDoS) mitigation capabilities. SMBs to strengthen their WordPress deployments are also implemented.

 Operating a website is a risky affair in the current cybersecurity landscape.

“On average, websites face over 8,000 attacks per year from cyber criminals trying to steal valuable resources such as website bandwidth, traffic, and customer data. Popular, well-recognized websites that utilize e-commerce or a large number of interactive features or plugins can be obvious targets for cyber attacks and are often reported in mainstream media,” Feather said.

 “According to SiteLock data, websites using 10 to 20 plugins are two times more likely to be compromised than the average website, and websites linking to Twitter, Facebook and LinkedIn accounts are 2.5 times more likely to be compromised than the average website.”

 Many small business owners do not pay much attention towards cyber security but the trend of attacks is increasing.

 “In fact, 43 percent of all cyber attacks targeted small businesses in 2016,” Feather informed. “Given that the majority of small businesses manage or maintain their own websites, they typically aren’t aware of the time or resources required to ensure adequate protection against ever-evolving security threats such as malware and other vulnerabilities.”

 “It’s important to understand that any website, regardless of the number of features or amount of traffic, is constantly at risk,” he added.

 Many WordPress websites face attack today.

 “As most WordPress websites include customer engagement features such as blog comments, blog contributors, and content aggregation, this emerging malware monitoring technology keeps comments and posts clean from spam, ensuring site content is search engine friendly and is most valuable for visitors,” Feather said. “SMART/DB also mitigates other database malware like malicious redirects and backdoors, ultimately keeping website visitors safe.”

____________________________________________________________________________________________

 Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Series B funding for Trusona

June 17th, 2017 by admin No comments »

Before four months, Ariz.-based Trusona has Series A funding of $8 million. Now, they have got additional funding of $10 million in a Series B round. This new round was led by Microsoft Ventures along with existing investor Kleiner Perkins.

“Trusona offers businesses the ability to replace a static username and password combination (which can always be lost, stolen or compromised) with a more dynamic way to prove authentication online,” explained Ori Eisen, CEO and founder of Trusona. “With the Trusona app, users can log in with a single tap without typing any username or passwords.”

Trusona is expert in authentication and federated identity technologies for companies. TruToken is the patented technology of the company. It analyzes the physical magnetic signature of a card and the way of swiping the card by the user to determine fraud. It also offers two-step authentication process which involves TruVerify for logins and TruFidelity, which helps combat attacks during online transactions.

Cloud Security Alliance survey which was sponsored by Centrify mentioned that 22 percent of breaches in last year was caused due to stolen user and password. Other survey conducted by SailPoint Market Pulse mentioned that the stolen passwords are also sold.

“All you need is to register with the free Trusona app and the relying party (such as banks, healthcare providers, WordPress, streaming media, Salesforce, a company’s network, etc.) sends you a prompt,” added Eisen.

Trusona continuously tries to look for fraud transactions.

“What sets Trusona apart is its patented technology that uses the unique nature of each authentication to assure the transmission is authentic and not a session replay,” Eisen said. “Trusona’s patented anti-replay technology, infused in every solution, protects from malware that can replay static usernames and passwords to compromise any online account. This assures the right person is behind every digital interaction.”

Microsofts is impressed with this new technology.

“Identity management is a critically important and growing space,” said Nagraj Kashyap, corporate vice president of Microsoft Ventures, in prepared remarks. “Helping businesses and consumers move toward a safer and more secure digital world is a priority for Microsoft. We believe in the work Trusona is doing to give their enterprise clients peace of mind when it comes to data protection.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Security of the end point devices

June 15th, 2017 by admin No comments »

A Recent survey conducted by Ponemon Institute shows that Sixty-three percent of participants are not able to monitor endpoint devices after they leave the corporate network. Fifty-five percent of endpoint devices contain sensitive data.

Absolute sponsored the survey which also contains below findings –

Fifty-six percent of participants don’t have a cohesive compliance strategy

Seventy percent mentioned that they have a below average ability to limit endpoint failure damages

Twenty-eight percent use automated analysis and inspection for determining compliance.

“It’s clear that enterprises face real visibility and control challenges when it comes to protecting the data on corporate endpoints, ensuring compliance and keeping up with threats,” Ponemon Institute chairman and founder Dr Larry Ponemon said.

The number of malware-infected endpoints devices has increased in the past one year. Also, forty-eight percent are not happy with their endpoint security solution.

“The trends that drove the extraordinary activity in 2016 are continuing unabated in 2017,” Risk-Based Security executive vice president Inga Goddijn said in a statement. “We have seen the return of widespread phishing for W-2 details, large datasets continue to be offered for sale, and misconfigured databases remain a thorny problem for IT administrators.”

Another survey by SACA shows that fifty-three percent reported an increase in cyber attacks. There is a general rise in data breaches.

“There is a significant and concerning gap between the threats an organization faces and its readiness to address those threats in a timely or effective manner,” ISACA board chair Christos Dimitriadis said in a statement. “Cyber security professionals face huge demands to secure organizational infrastructure, and teams need to be properly trained, resourced and prepared.”

Many believe there should be a rise in the budget for the security.

“The rise of CISOs in organizations demonstrates a growing leadership commitment to securing the enterprise, which is an encouraging sign,” Dimitriadis said. “But that’s not a cure-all. With the number of malicious attacks increasing, organizations can’t afford a resource slowdown. Yet with so many respondents showing a lack of confidence in their teams’ ability to address complex issues, we know there is more that must be done to address the urgent cybersecurity challenges faced by all enterprises.”

___________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Half of the third party softwares are outdated

June 13th, 2017 by admin No comments »

Synopsys conducted a study of 128,782 software applications which shows that almost fifty percent are old.

“Over time, vulnerabilities in third-party components are discovered and disclosed, leaving a previously secure software package open to exploits,” Synopsys Software Integrity Group general manager Andreas Kuehlmann said in a statement. “The message to the software industry should not be whether to use open source software, but whether you are vigilant about keeping it updated to prevent attacks.”

The survey also showed that some of the vulnerability dates back to 1999.

“Coming on the heels of last month’s WannaCry outbreak, the insights in the report serve as a wake-up call that not everyone is using the most secure version of the available software,” Synopsys security strategist Robert Vamosi said. “The update process does not end at the time of software release, and an ongoing pattern of software updates must be implemented throughout the product lifecycle.”

“As new CVEs are disclosed against open source software components, developers need to know whether their products are affected, and organizations need to prevent the exploit of vulnerabilities with the latest versions when they become available,” Vamosi added.

Vanson Bourne survey mentioned that companies are not up to date considering patches and new versions. Half of the user mentioned that they have to bring a team for patches or to deal with a security issue.

“We can see with the recent WannaCry outbreak — where an emergency patch was issued to stop the spread of the worm — that enterprises are still having to paper over the cracks in order to secure their systems,” Bromium CTO and co-founder Simon Crosby said in a statement. “The fact that these patches have to be issued right away can be hugely disruptive to security teams, and often very costly to businesses, but not doing so can have dire consequences.”

“WannaCry has certainly shined a spotlight on a problem that has plagued enterprises for years,” Crosby added. “It is simply impractical to expect enterprise organizations to continually upgrade — even when they have licenses, the actual deployment creates huge disruption, or in some instances would require an entire hardware refresh and result in huge upfront capital costs.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. 

Huge Gap in Demand and Supply for CyberSecurity Workforce

June 11th, 2017 by admin No comments »

The 2017 Global Information Workforce Study (GISWS) conducted a survey which showed that cybersecurity workforce gap will rise to 1.8 million by 2022. Another study conducted by Frost & Sullivan for (ISC)2’s Center for Cyber Safety and Education also mentioned that there is scarcity of skilled CyberSecurity workforce.

Average information security worker in North America get $120,000 per year.

The survey shows that the main reason behind the shortage are –

Forty-nine percent  – Difficult to find qualified personnel

Forty-two percent – Leadership fails to understand requirements

Thirty-one percent – Difficult to retain talent

Thirty-one percent – There is no clear security expert career path

Due to above, seventy percent of companies plan to increase the size of the security team. Operations & Security Management is the most sought after positions.

“It is clear, as evidenced by the growing number of professionals who feel that there are too few workers in their field, that traditional recruitment channels are not meeting the demand for cybersecurity workers around the world,” the report states. “Hiring managers must therefore begin to explore new recruitment channels and find unconventional strategies and techniques to fill the worker gap.”

Herjavec Group survey shows that there will be even greater workforce gap.

“Unfortunately, the pipeline of security talent isn’t where it needs to be top help curb the cybercrime epidemic,” Herjavec Group founder and CEO Robert Herjavec said. “Until we can rectify the quality of education and training that our new cyber experts receive, we will continue to be outpaced by the black hats.”

“There is a zero-percent unemployment rate in cyber security, and the opportunities in this field are endless,” Herjavec added. “Gone are the days of siloed IT and security teams. All IT professionals need to know security — full stop.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Kmart Attacked by Hackers Again

June 9th, 2017 by admin No comments »

Kmart suffered another data breach when its server was attacked by hackers.

“Our Kmart store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls,” a Kmart FAQ on the data breach states. “Once aware of the new malicious code, we quickly removed it and contained the event.”

Sears Holdings owns Kmart. It has not mentioned the number of affected card holder in the statement. Also, the location impact is also not disclosed. But it mentioned that only card information got breached.

“All Kmart stores were EMV ‘Chip and Pin’ technology enabled during the time that the breach had occurred and we believe the exposure to cardholder data that can be used to create counterfeit cards is limited,” the company stated. “There is no evidence that kmart.com or Sears customers were impacted nor that debit PIN numbers were compromised.” 

This is the second breach in three years. Security of the card is crucial and online shops are finding it difficult to secure.

“Consumers should monitor the transactions on any account linked to credit or debit cards they have used in a Kmart store and report any fraudulent transactions to their bank as soon as they are identified,” Capps said. “Given the brisk migration to a chip-and-pin system, we are unlikely to see the stolen credentials used for in-person payments, but they can be used for online transactions. “

 In 2014, Kmart was affected by malware.

 “We will likely find that this attack started with a stolen credential, used to inject the malware into Kmart’s networks,” Nir Polak, CEO of security vendor Exabeam mentioned. “In this modern operating environment, better behavioural analysis — focused on both use of credentials and on the system processes that are spawned from malware — is the best way to detect and shut down these attacks.”

____________________________________________________________________________________________

 Alertsec encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

IoT Security

June 6th, 2017 by admin No comments »

The Internet of Things (IoT) is seeing the rapid rise but it seems to repeat the history of technology evolution. The pace of growth is not matched with security requirements. IoT helps automation as well as real-time synchronization of business processes. The implementation helps for precise response in real time.

 “IoT devices assist businesses in real-time responses to supply-and-demand market effects, they empower patients and healthcare professionals to continuously monitor conditions, and they enable electric grid operators to adjust the production, flow, and cost of electricity according to real-time market demands to ensure the most efficient, resilient, and cost-effective solution,” says James Scott, senior fellow at the Institute for Critical Infrastructure Technology, a Washington DC-based cybersecurity think tank.

 Hundreds of companies now provide IoT solutions. But security aspect is lagging behind.

 “As was shown in the Dyn attack, we appear doomed to repeat the mistakes we made with PCs and mobile devices in IoT,” says Tom Byrnes, founder and CTO of ThreatSTOP. “Once again, cost reduction has made security an afterthought, if a consideration at all, with predictably disastrous consequences.”

It is different than other systems as threat involved is higher due to many connection points. As per the Intel, 200 billion IoT devices will be online by 2020.

“Most IoT devices and sensors lack any form of security or security-by-design,” says Scott.

 “Without the layered security of the IoT microcosms, hacktivists can disrupt business operations, cyber-criminals can compromise and ransom pacemakers, and cyber-jihadists or nation-state sponsored threats can compromise and control the grid,” to name just a few of the potential IoT security attack scenarios.

“Every IoT device has inherent vulnerabilities and exploitable weaknesses resulting from a culture that sacrifices security in the design process in favour of meagre savings and in the rush to market,” says Scott. “The overwhelming preponderance of insecure IoT devices in the future will render security an impossibility in the future.”

Most of IoT devices do not have computational power or battery life to have security applications.

“We need to develop cost-effective IoT devices that incorporate security-by-design rather than cheaper and less secure alternatives,” says Scott. “While that may save a few dollars in the short-term, it puts the public and critical infrastructure at risk of losing millions of dollars and valuable data in the long-term.” 

Also, there is a lack of platform standards.  

“With old devices lasting longer than ever before, there are many devices currently in use that do not support new standards,” says Sam Rehman, Chief Technology Officer of Arxan. “Hackers will always see legacy devices as a prime choice of the entry.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Healthcare Industry Most Affected by Data Breach

June 2nd, 2017 by admin No comments »

As per reports, healthcare industry was frequently attacked by cyber hackers. Vectra Networks survey suggests that 164 threats were detected per 1,000 host devices. The education industry has 145 threat detections per 1,000 host devices.

“The data shows that healthcare and education are consistently targeted and attackers can easily evade perimeter defences,” the report mentions.

There is a rise of 265 percent in the average number of reconnaissance, lateral movement and exfiltration detections. Also, 333 percent rise was recorded for reconnaissance detections. Finance and technology received below-average threat detection rates mainly due to stronger policies and good response. Media companies has highest rates of exfiltration.

Healthcare industry now has a significant number of IoT.

“These unsecured devices are easy targets for cybercriminals,” the report mentions.

As per Synopsys survey, sixty percent of manufacturers and 49 percent of HDOs said that usage of mobile devices in hospitals and other healthcare organizations increase data risk. But only 17 percent are employing steps to prevent attacks.

“The security of medical devices is truly a life or death issue for both device manufacturers and healthcare delivery organizations,” Ponemon Institute chairman and founder Dr Larry Ponemon said in a statement. “According to the findings of the research, attacks on devices are likely and can put patients at risk. Consequently, it is urgent that the medical device industry makes the security of its devices a high priority.”

Medical devices are difficult to secure as per the eighty percent of respondents.

“These findings underscore the cyber security gaps that the healthcare industry desperately needs to address to safeguard the wellbeing of patients in an increasingly connected and software-driven world,” Synopsys global director of critical systems security Mike Ahmadi said in a statement.

“The industry needs to undergo a fundamental shift, building security into the software development lifecycle and across the software supply chain to ensure medical devices are not only safe but also secure,” Ahmadi added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.