search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
While this awareness is growing and it’s encouraging to see, at the same time, people have been given conflicting advice. They’re told to watch out for how much sites like Facebook can invade their privacy, then also that using social login like the now ubiquitous Facebook button may be more secure. They’re told to protect special accounts like their Microsoft or Google account if they use those for their primary email, but then that makes them feel they can’t hit the “Login with Google” button without compromising that security.


Even Apple, which once had the reputation of being the most secure, has been hit with attackers trying to prove it wrong and hacking into celebrity iCloud accounts and leaking personal data.


Clever people can be forgiven for getting easily confused by all the details one has to master to do personal security well on today’s internet. As the internet morphs into the internet of things, pulling in more and more devices to be connected and services to be offered, it’s likely to get a lot more confusing before it’s done.


However, one crucial step people can take to protect their accounts is to use multi factor authentication whenever it's available. iCloud accounts, for example, offer turning on the Apple ID two step verification. Most other major online vendors – Google, Amazon, Yahoo, and more – have their own version of this process. The single most common mistake users of public cloud make is to not take advantage of the security protections being offered to them. When you have the option of using two factor authentication to make cloud storage safer, use it. While it might seem slightly more inconvenient as an extra step to security, think about the data that could be stolen. Locking the door to your house is an extra step, but one that we all know is well worth the extra time it takes.


Keeping your smartphone safe


Richard Patterson Director


Comparitech


Smartphones have grown from allowing users to simply browse the internet, check email or socialise to doing online banking, shopping and controlling home appliances (and even vehicles) when paired with other devices.


Our smartphones contain sensitive information from personal photos to business contacts and password logins. And due to people’s reliance on and wide usage of those devices, they have become an appealing target for cyber criminals. Thus, understanding how to keep smartphones safe is crucial.


First of all, make sure that the manufacturer (Google, Apple, etc.) hasn’t granted unnecessary access to any private data. Indeed, every time you install a new app, don’t just scroll past the permissions page and hit accept. Especially if the app is from a less well-known publisher – ask yourself whether it really needs all those permissions. In addition, you could switch off permissions such as location tracking or access to camera/microphone as these are features that you don’t need all the time.


VPNs are another important aspect to consider when looking at mobile devices protection, because they aim to encrypt internet traffic to and from a device, in order to keep the web browsing and app usage private. Indeed, many socialising apps such as WhatsApp, Viber, Snapchat and Facebook Messenger have some level of encryption. Yet whether your messages remain private depends on how difficult it is for a hacker to reverse engineer the app or how easily the company gives into government coercion.


With all the recent cases of IoT devices being hacked due to weak passwords, the importance of strong passwords in smartphone security is undeniable. In addition to having strong, varied passwords, you could use a password manager that encrypts and stores all passwords into a single app.


When you’re backing up your phone data in case your phone is lost or stolen make sure all sensitive information is encrypted. Boxcryptor, Viivo and Cloudfogger all make free apps that you can use to encrypt files locally before uploading to your cloud storage. Similarly, always remember to remove your SIM card when repairing your phone, as it can be used to make purchases or sign up for accounts.


Finally, keeping the device software up to date will nullify vulnerabilities in deprecated or obsolete older versions. We recommend you stick to the latest stable release, but there’s generally no need to use beta or nightly versions that are still being tested.


Modern day Dick Turpin - Ransomware


Troy Gill, Manager of Security Research AppRiver


Ransomware catapulted into the news in 2013 when CryptoLocker started holding people’s files to ransom. Since, we’ve seen a number of other programs making a name for themselves. With unprecedented levels of ransomware circulating this year, victims have to make the hard decision of losing their data or paying the cyber criminal’s demands.


Or do they? > © CI TY S ECURI TY MAGAZ INE – WINT ER 2016 /17 www. c i t y s e cu r i t yma g a z i n e . c om 21


What is Ransomware?


Ransomware pretty much does what it says on the tin. It is a malicious program that encrypts a victim’s computer and then displays a message from the criminals demanding payment in return for the decryption keys. Having paid, the victim receives a file that will unlock the machine – if they’re lucky.


How serious the problem is depends on which ransomware is involved. Locky and Zepto are still some of the reigning champs, as far as ransomware volume goes, but here are a few others making a name for themselves:


Princess: this ransomware stands out due to its high ransom price and the pink tiara it boasts once you are infected. The usual asking price for most ransomware is around the $300 mark, however Princess has a starting price of around $1800. If you’re too slow to pay, that doubles to around $3,600 (or 6 bitcoins) to get the key.


EduCrypt: This one was aimed at teaching users a lesson as, once the virus ran and encrypted files, it would let the user know that a key had been hidden on their computer and they just needed to find it to get their files back and decrypt them. The note that pops up has some often recommended advice of not downloading random things on the internet.


Internet of Things Ransomware: Hackers were able to demonstrate that they could successfully infect a thermostat with ransomware. While this is a very specific situation with a certain model of a thermostat, it brings up a point that security researchers have been trying to bring to light: the Internet of Things can be a security nightmare.


MarsJoke (aka Polyglot): The newest ransomware, this one is aimed at targeting government agencies and educational institutions. The attack has mainly been seen via links in email messages that lead to the malicious download.


If you’re unlucky enough to fall victim to the modern day highwaymen, and thinking of paying the demands, remember that these thieves are often associated with larger criminal organisations, which use your money to fund their illegal activities.


Instead, before you do anything else, take the time today to back up your files, update your software and hardware, and make sure you have layered security, then you won’t find yourself caught between a rock and a hard place.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36