Data Privacy Day – 10 tips to keep your data secure

Recognized annually on January 28th, Data Privacy Day is defined as a centered approach towards respecting privacy, safeguarding data, and enabling trust. It is a global effort to raise and promote awareness around protecting one’s data and privacy. With this thought in mind, we have put together these 10 security…

The post Data Privacy Day – 10 tips to keep your data secure appeared first on Quick Heal Technologies Security Blog | Latest computer security news, tips, and advice.

Read more

How to make PC security alerts better? Make them twirl, jiggle

Have you ever ignored a security alert on your PC? You’re not the only one.

The warnings are designed to save us from malware infections and hacking risks, but often we’ll neglect them. It could be because we’re too busy or we’ve seen them too many times, and we’ve become conditioned to dismiss them — even the most serious ones, according to Anthony Vance, a professor at Brigham Young University.

Vance has been studying the problem and he’s found that introducing certain small but noticeable changes can make the alerts more useful — and harder to ignore.  

“Our security UI (user interface) needs to be designed to be compatible with the way our brains work,” he said at the USENIX Enigma 2017 conference on Tuesday. “Not against it.”

To read this article in full or to leave a comment, please click here

Read more

Trump stresses cybersecurity but postpones executive order

U.S. President Donald Trump called on government agencies to better protect their networks, but he delayed signing an executive order to kick-start a government-wide review of cybersecurity policy.

A draft copy of the order, leaked earlier, would give the Department of Defense and the Department of Homeland Security 60 days to submit a list of recommendations to protect U.S. government and private networks. 

Trump had been scheduled to sign the executive order Tuesday but canceled shortly before it was due to happen.

To read this article in full or to leave a comment, please click here

Read more

Shopping for W2s, Tax Data on the Dark Web


The 2016 tax season is now in full swing in the United States, which means scammers are once again assembling vast dossiers of personal data and preparing to file fraudulent tax refund requests on behalf of millions of Americans. But for those lazy identity thieves who can’t be bothered to phish or steal the needed data, there is now another option: Buying stolen W-2 tax forms from other crooks who have phished the documents wholesale from corporations.

Read more

A look back at the Zyns iframer campaign

Behind compromised sites or malvertising, you will often find trails that can take you back years and see how infection chains evolved, or didn’t, over time.

Categories:

Tags:

(Read more…)

Read more

Easy-to-exploit authentication bypass flaw puts Netgear routers at risk

For the past half-year, Netgear has been working on fixing a serious and easy-to-exploit vulnerability in many of its routers. And it’s still not done.

While Netgear has worked to fix the issue, the list of affected router models increased to 30, of which only 20 have firmware fixes available to date. A manual workaround is available for the rest.

The vulnerability was discovered by Simon Kenin, a security researcher at Trustwave, and stems from a faulty password recovery implementation in the firmware of many Netgear routers. It is a variation of an older vulnerability that has been publicly known since 2014, but this new version is actually easier to exploit.

To read this article in full or to leave a comment, please click here

Read more

Trump to sign cybersecurity order calling for government-wide review

President Donald Trump is due to sign an executive order Tuesday that gives each cabinet official more responsibility for the safety of data within his or her agency.

It will be accompanied by a government-wide review of cybersecurity by the Office of Management and Budget, looking at the technology in place that guards U.S. government systems from cyberattacks, according to a White House official.

The results of that review could lead to a government-wide upgrade of federal cybersecurity systems.

The U.S. government has been hit by hacks in the last few years. The State Department spent months trying to get rid of intruders in its unclassified network, and the Office of Personnel Management lost personal information about millions of government workers through a second hack.

To read this article in full or to leave a comment, please click here

Read more

Locky Bart ransomware and backend server analysis

The developers of Locky Bart already had very successful ransomware campaigns running called “Locky” and “Locky v2”. After some users reported being infected with Locky Bart, we investigated it to find the differences as to gain greater knowledge and understanding of this new version.

Categories:

Tags:

(Read more…)

Read more

iPads ‘more secure than voting systems’ — claim

Dutch security researcher Sijmen Ruwhof has examined the software used at Dutch polling stations to send election results, and now claims “the average iPad is more secure than the Dutch voting system.”

Hack the vote

Local television station RTL asked the researcher to examine the security of Dutch voting systems after they heard they used weak SHA1 cryptography in certain parts of the system.

Dutch elections have used paper-based voting since 2009, when the government banned electronic voting on security grounds.

To read this article in full or to leave a comment, please click here

Read more

Threat Actors will come up with new Targeted Attack Tactics that Circumvent Current Anti-evasion Solutions

In the Trend Micro 2017 Security Predictions report, we cover many of the threats that organizations will have to deal with this year and none could be more challenging that a targeted attack. We recently saw a report from the Identity Theft Resource Center which said 2016 had the most data breaches in US history. Within…

Read more