Latest "Cyber Data Security" Posts

After Dropbox Breach, Is It Safe to Use? (Snowden Would Say No)

dropbox breach

Did Edward Snowden Actually Comment on the Dropbox Breach? No.

Almost as fast as every media source out there could jump on the “Yet Another Breach” bandwagon and report that Dropbox had been hacked, the company was denying it. So let’s play a little game of true or false to try to sort out fact from fiction:

Statement: Hackers were able to access logins and passwords of Dropbox users and then leaked 400 account passwords and usernames on to the site Pastebin.

True.

Statement: The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the Internet, including Dropbox.

True. (In fact that is a direct quote from the Dropbox blog of October 13, 2014 in which they bluntly proclaim “Dropbox wasn’t hacked”.)

Posted in Cyber Data Security, Online Privacy by Identity Theft Speaker .
Tags: , , , ,

GameOver Zeus Virus Test

gameover zeus

The original notice on GameOver Zeus appeared on the US-CERT site. If you’d like to go directly to the tests for the GameOver Zeus virus, scroll down.

Overview of GameOver Zeus

GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011, [1] uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.

Systems Affected by GameOver Zeus Virus

  • Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
  • Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012

Impact of GameOver Zeus

A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users’ credentials for online services, including banking services.

Posted in Cyber Data Security, Identity Theft Prevention by Identity Theft Speaker .
Tags: , , , ,

Is Home Depot Data Breach an Example of the “New Normal”?

Home Depot Data Breach

Home Depot Data Breach Exposes Our Growing Complacency

When Target suffered a data breach back in December of 2013, you couldn’t look at a news source without seeing a new story about it.  Yet when the Home Depot data breach was revealed recently, it received almost a ho-hum reception in the news.  This, even though, it was the biggest data breach in retailing history and has compromised 56 million of its customers’ credit cards!  It seems we have come to expect these data breaches to the point where we have become almost complacent.

Consumers, like the companies that breach our data, have become apocalyptic zombies, staring unquestioningly forward as we are attacked from all sides.

Posted in Cyber Data Security, Fraud Detection & Prevention by Identity Theft Speaker .
Tags: , , , , ,

Apple Pay Makes Mobile Payments Sexy; But Secure?

[youtube http://www.youtube.com/watch?v=aVqJBizL90Y&rel=0]

Is Apple Pay going to be secure?

Apple has us ooing and ahhing about the iPhone 6, it’s big brother the 6+ and finally the Apple Watch. But the biggest announcement of all didn’t even have to do with gadgets. The most significant announcement was about a new service that will be built into those devices…

It is Apple Pay, Apple’s own version of a “mobile wallet” that will allow Apple users to pay for items with just a tap or wave of their device. That is if those items happen to be in stores that have agreed to install the technology necessary to allow near-field communication (NFC – no not the football conference, the radio-wave technology) to work. Of course, Apple has done the background work to ensure a lot of big names (MC, Visa, AMEX and retailers such as Target, Macy’s and McDonald’s to name a few) are already on board, which is a significant mark in their favor.  And with the upcoming mandatory implementation of EMV technology, Apple may have just timed this perfectly.

Posted in Cyber Data Security, Identity Theft Prevention, Sileo In the News by Identity Theft Speaker .
Tags: , , , , , ,

iCloud Hacked for Nude Jennifer Lawrence Photos? How to Keep from Being Next

icloud-hacked

Unless you’ve been living under a rock (or haven’t been on the internet in the past 24 hours), you most likely know that intimate photos of celebrities like Jennifer Lawrence and Kate Upton have been exposed (pardon the pun) to the public.

While it is not yet verified, Apple has said it is “actively investigating” the possibility that iCloud accounts have been hacked.  The photos surfaced immediately after an Apple “Find My iPhone” exploit was revealed, so Apple’s own security is being questioned. As of now, Apple is saying that iCloud has not been systematically hacked, but that the breach of celebrity photos was a limited, targeted attack. Whether or not iCloud was exploited in any way for these pointed attacks hasn’t been determined.

Posted in Cyber Data Security by Identity Theft Speaker .
Tags: , , , , , , ,

US Companies Face Cyber Attacks; Live in a State of Cyberseige

When JP Morgan was recently asked about reported cyber attacks, their spokesperson replied that they were “closely safeguarding information and would notify anyone affected” and went on to add that companies of its size experience cyber attacks “nearly every day”.  It seems a rather casual reply for an event that may have resulted in the theft of multiple gigabytes of sensitive data!

Yet that is the reality today.  In fact, the financial industry, and most of the business world, has been described as being in a state of almost perpetual cybersiege.  Cyber attacks have become so commonplace that most businesses have almost come to expect it.

Which is why we have stopped paying attention, because breach is so normal. And breach is so normal because corporations don’t train their employees correctly on how to avoid it. 

Posted in Cyber Data Security by Identity Theft Speaker .
Tags: , , , , , ,

Data Breach Expert on UPS Breach (Same ol Same ol)

UPS Breach

Homeland Security has revealed a potential threat to many US retailers saying that malicious software could be lurking in their cash registers.  This software would allow hackers to steal customer financial data, as in the case of the UPS breach where 51 of their stores had infected computers and may have exposed customers’ names, postal and email addresses, and payment card data.

UPS’s response to the data breach has been par for the course – give the victims credit monitoring. But are they doing anything to educate the employees that inevitably missed warning signs?

The government urged businesses of all sizes to scan their point-of-sale systems for software known as “Backoff”.  The program gains access to companies’ computers by finding insufficiently protected remote access points and duping computer users to download malware.  These tricks are not new, but the hackers have become increasingly more sophisticated at developing malware that’s specifically for credit cards and can evade antivirus programs.

Posted in Cyber Data Security by Identity Theft Speaker .

Data Breach Expert’s Pragmatic View on PF Chang’s News

pf changsData Breach Expert Alert: The restaurant chain P.F. Chang’s China Bistro has reported a security breach that may have led to the theft of customer data from credit and debit cards used at 33 restaurants.  In addition to stolen card numbers, the intruder may have gotten  names and expiration dates as well.  The breach took place between October 19th of 2013 and June 11th of 2014 and supposedly has affected 33 locations.

If P.F. Changs follows in the footsteps of the recent Target breach, you can expect an expanding number of stores and customers affected over the coming days. It seems that the data breach playbook suggests that companies initially under-report the severity of the security lapse in order to keep customer shock and defection to a minimum. Once the news cycle has worn out the topic (generally 3-5 days), the breached company generally issues news on additional stores affected, customer data lost, increases in the actual data affected, etc. Let’s hope P.F. Chang’s does a better job of communicating damage the first time.

Posted in Cyber Data Security by Identity Theft Speaker .
Tags: , , , , ,

5 Ways to Doom Your Next Cyber Security Summit (Cyber Security Speakers Like Ambien)

Boring cyber security speakers?

Have you ever snored through a cyber security speaker’s presentation, despite being caffeinated, sugared up and subjected to convention-strength air-conditioning? So imagine what it’s like for audience members who desperately need high-level background on data protection (so that their organization doesn’t become the next Target), but don’t have a technical bone in their body.

Many cyber-security awareness events are studded with brilliant techies full of amazingly useful ideas who have a minor problem communicating their genius. And if your audience members don’t listen, don’t understand, don’t care–then there is little hope of changing their risky data-security habits. Attendee boredom is a meeting planner’s nightmare, an IT department’s budget-buster and an organization’s fast track to data breach.

But your event doesn’t have to be this way. Avoid the 5 Ways and your team will become the silent hero of your next conference.

Posted in Cyber Data Security by Identity Theft Speaker .
Tags: , , , ,