Friday, 24 February 2017

Donald Trump owns 3,600 Domains

CNNMoney has carried out an investigation on Donald Trump’s online portfolio of domain names and found that he has 3,643 websites that range from TrumpEmpire.com to TrumpFraud.org.

CNNMoney investigated 20 years of internet records using Domain name search tool DomainTools. Before he reached the White House, Trump’s company had laid claim to at least 3,643 website domains. The buying spree continued as he ran for president. Trump bought 93 of them after he launched his presidential campaign.

According to CNNMoney’s investigation, Trump owns websites including ImBeingSuedByTheDonald.com, VoteAgainstTrump.com, TrumpMustGo.com, NoMoreTrump.com and DonaldTrumpSucks.com.

The Trump Organization issued a statement on Tuesday:

“Unfortunately cyber squatting, publishing false content and the use of ‘negative’ domain names is a serious issue facing all large companies around the world,” said company spokeswoman Amanda Miller. “We take the protection of our corporate identity and our intellectual property very seriously… this includes trademarking both positive and negative domain names and taking firm legal action when necessary to protect our name and intellectual property.”

DonaldTrumpSucks.com originally belonged to Dan Parisi, who once ran WhiteHouse.com as a porn site. Parisi, an infamous cybersquatter , told CNNMoney that he let the TrumpSucks domain registration lapse. Parisi said he now plans to turn WhiteHouse.com into “a voice of the people against the administration.”

The post Donald Trump owns 3,600 Domains appeared first on IT SECURITY GURU.



from Donald Trump owns 3,600 Domains

Most Hackers Can Access Systems and Steal Valuable Data Within 24 Hours

More than three-quarters (88%) of hackers can break through cybersecurity defences and into the systems they target within 12 hours, while 81% say they can identify and take valuable data within another 12 hours, even though the breach may not be discovered for hundreds of days, according to research by global technology company Nuix.

The Nuix Black Report—the results of a confidential survey of 70 professional hackers and penetration testers at DEFCON, the world’s largest hacking and security conference—will overturn many conventional understandings and sacred cows of the cybersecurity industry.

“There is no shortage of cybersecurity industry reports so we’ve avoided going down the familiar path of compiling data about incidents that have already taken place or highlighting trends and patterns in data breaches—these are clearly the symptoms of a deeper problem,” said Chris Pogue, Nuix’s Chief Information Security Officer and a co-author of the Nuix Black Report. “Instead, we have focused on the source of the threat landscape: the attackers themselves.”

By examining the security landscape from the hacker’s perspective, the Nuix Black Report has revealed results that are contrary to the conventional understanding of cybersecurity. For example:

  • Respondents said traditional countermeasures such as firewalls and antivirus almost never slowed them down but endpoint security technologies were more effective at stopping attacks
  • More than half of respondents changed their methodologies with every target, severely limiting the effectiveness of security defenses based on known files and attacks
  • Around one-third of attackers said their target organizations never detected their activities.

“Data breaches take an average of 250–300 days to detect—if they’re detected at all—but most attackers tell us they can break in and steal the target data within 24 hours,” said Pogue. “Organizations need to get much better at detecting and remediating breaches using a combination of people and technology.”

Nuix Insight Adaptive Security is a next-generation endpoint technology with cutting-edge detection algorithms that can identify and stop security threats—including new and unknown attack methodologies—within seconds. According to industry analyst firm Enterprise Management Associates, Nuix Insight Adaptive Security “has applied practical field knowledge to the product’s development, leveraging a design team that includes malware analysts, penetration testers, incident response experts, social engineers, and digital forensic professionals” and “is well aligned with all of the top use cases for adaptive security technology.”[1]

“The Nuix Black Report illuminates the true nexus between attacker methodology and defensive posture; showing which countermeasures will improve security and which are a waste of money and resources,” said Pogue. “Readers will learn what is the best spend for their security dollar and, more critically, why.”

[1] Enterprise Management Associates, Nuix Insight Adaptive Security Brings Context Visibility and Deception to Protect Endpoints, January 2017

The post Most Hackers Can Access Systems and Steal Valuable Data Within 24 Hours appeared first on IT SECURITY GURU.



from Most Hackers Can Access Systems and Steal Valuable Data Within 24 Hours

Security specialist identifies security breaches in apps from 50 top global banks

The Pradeo Lab, a worldwide leader in mobile devices and applications security, analysed the mobile applications of 50 of the world’s top 100 banking establishments to identify security breaches. It discovered on average every app was vulnerable to seven security threats: that is, 100% of the 50.

Data from the BBA, the leading trade association for the UK banking sector, says there were 11 million banking app logins a day during 2015, a 50% rise for 2014***.  American Federal Reserve stats show that 71% of people using mobile banking services are confident about the security of mobile banking transactions**. In fact, it is estimated that the security failings revealed in the Pradeo test could affect over half a billion, or 500 million, people worldwide.

 “Our job is to provide solutions to prevent threats generated by mobile applications and mobile device environments. We chose to make an assessment of the threats targeting banking applications because of their importance. We were very much not expecting what we discovered as our analysis evolved.” explains Clément Saad, Founder and President of Pradeo.

Mr Saad explained that what is worrying is not only the number of establishments concerned, but also the number of techniques that worked when the company checked potential security approaches. “We did not settle for a demonstration of the vulnerability of each application in front of a simple keylogger, but their weaknesses facing more than twenty threats.  Not a single banking app successfully passed our exam, and on average, and each app was susceptible to seven breaches.”

Potential cybercriminals attack banking apps with a number of different goals: stealing passwords, spying into account behaviour, retrieving transaction validation codes to name just a few.

Many malicious actions are within the reach of many computer geeks. Under the disguise of a game or a utility, “malware” lies in wait before working silently on thousands or even millions of devices as was the case with  the malware Marcher.

Should users be concerned? For Clément Saad, while the implications of his company’s findings are far-reaching, the priority is to equip banks with the right tools to beat cyber criminals in a rapidly evolving digital landscape: “We limited Our study to 50 banks. Chances are that apps from other banking establishments are also at risk and that consequently, the number of impacted users is potentially very significant. While there have not yet been any major security issues with banking apps, banks need to address these issues. This is why Pradeo develops these tests as well as the solutions. The world of mobile applications is relatively young compared to the web and it is evolving quickly. It takes time to better understand this new environment and face the threats linked to it.”

The post Security specialist identifies security breaches in apps from 50 top global banks appeared first on IT SECURITY GURU.



from Security specialist identifies security breaches in apps from 50 top global banks

Spectra Cyber Security Solutions ready to defeat the threat of ‘cyber-hackers’

Fast-growing voice and data communications specialist, Spectra Group (UK), has announced that it is extending its Cyber Security division in order to give SMEs similar options available to its existing Government, Defence and Public customers in the fight against cyber-attack.

Spectra has identified cyber services as the ‘next huge growth area’ and heralds the launch of Spectra Cyber Security Solutions as a natural progression for a company that already has a proven expertise in this area.

The Herefordshire-based company can count on extensive experience successfully designing, delivering and maintaining networks for military organisations and Government Agencies.  Its high-grade solutions are designed to integrate seamlessly with business architecture minimising downtime. Data is available as and when required and it is kept secure and protected from attacks throughout its lifecycle. Spectra Cyber Security Solutions can provide defence-in-depth, with proactive testing, to identify vulnerabilities in networks and procedures and protect data.

Spectra operates a Security Operations Centre (SOC) which provides 24/7/365 monitoring of networks to immediately identify any breach – or potential breach – as well as providing a UK-based help desk. This enables clients to benefit from security monitoring and provides the user with a 24-hour contact if they have concerns or issues with their network.

Spectra is ISO 27001-accredited which, as an information security management standard, is clear and precise, listing 114 key security controls that should always be at the heart of any organisation’s approach to security.

The company is also fully compliant with the UK Government-backed Cyber Essentials Scheme. Developed in conjunction with the Information Security Forum (ISF), Cyber Essentials forms a robust and stringent checklist that security companies must meet to be considered eligible to work with highly sensitive information and Government level security contracts. It is also a Cisco Partner – Cisco Select Certification recognises and rewards partners that have achieved a Cisco specialisation.

Cyber-attack has been identified as one of the four highest priority and most pervasive of risks faced by the UK – with the others being international terrorism, international military crises and major accidents or natural hazards. In the last year alone, some two thirds of large businesses in the UK experienced a cyber-attack and, staggeringly, almost a quarter fell victim to breaches at least once a month.

Simon Davies, CEO of Spectra Group (UK) Ltd, said: “Without doubt Spectra views cyber security services as the next growth area. We have already been delivering cyber services through our existing networks business so the launch of Spectra Cyber Security Solutions is a natural progression for the company.

“Among our talented employees are experts who possess all the know-how and experience to deliver highly bespoke security solutions to protect against cyber-attacks. As data now plays an increasingly important part in everyday life, ensuring its confidentiality must be of paramount importance to any organisation. We recognise that not every company can afford to have a large, highly trained, IT department, and some need a straightforward pricing system to plan their business operations. Spectra Cyber Security Solutions aims to make keeping companies safe from cyber-attack as simple and cost-effective a process as possible.”

The post Spectra Cyber Security Solutions ready to defeat the threat of ‘cyber-hackers’ appeared first on IT SECURITY GURU.



from Spectra Cyber Security Solutions ready to defeat the threat of ‘cyber-hackers’

Security should be top priority for mobile developers to protect consumers

With the recent surge in fake apps tricking consumers out of personal data, experts are warning that manufacturers and developers of mobile devices need to make security a top priority in the design process to mitigate the serious risks posed by hackers.

As recently as last month, numerous consumers fell foul of a fake Netflix app that infiltrated devices via a trojan allowing hackers to secretly spy on conversations, use the camera and microphone, and access contacts and messages.

Jason Fry is a cybersecurity specialist at pav.co.uk.  He has worked with numerous corporate and independent businesses across the UK helping them to review and update their cybersecurity policies, procedures and solutions.  He said:

“The rise in fake apps, particularly those purporting to be from recognisable brands, has brought a new level of scam potential for cybercriminals with millions of people being duped out of confidential data such as bank details and passwords.

“Whilst the fraudsters are constantly refining and improving the ways to trick unsuspecting targets, one of the main problems is the vulnerability of the devices themselves, which aren’t designed with security as a primary concern.”

And as mobile and tablet usage now officially exceeds that of PCs and laptops, the problem is teetering on the edge of a colossal cybersecurity fallout.  Jason says this could result in ever increasing issues with apps that are available to download from reputable stores but, once installed, upload vicious malware or fool targets into entering personal information, bank account details and passwords.

Jason continued:

“As an industry, we are well aware of the risks of cybercrime.  There is a great deal of knowledge available, which developers should be tapping into in order to improve the security efficiency of their products and limit attacks.  Developers could be doing more to educate consumers about the importance of security and should be creating products that have security as a core feature.”

Jason’s advice to those using smart phones and tablets is to always ensure they are protected from hacks and viruses with a reliable piece of security software.

“Unfortunately, the vast majority of smartphones and tablets remain unprotected, which makes them easy targets for fraudsters.  To minimise the risk of an attack, I’d recommend that you invest in a good quality piece of antivirus software from a reputable provider, such as Norton, that is suitable for the make of device.”

The post Security should be top priority for mobile developers to protect consumers appeared first on IT SECURITY GURU.



from Security should be top priority for mobile developers to protect consumers

Cloudbleed: Big web brands leaked crypto keys, personal secrets thanks to Cloudflare bug

Big-name websites leaked people’s private session keys and personal information into strangers’ browsers, due to a Cloudflare bug uncovered by Google researchers. As we’ll see, a single character – ‘>’ rather than ‘=’ – in Cloudflare’s software source code sparked the security blunder. Cloudflare helps companies spread their websites and online services across the internet. Due to a programming blunder, for several months Cloudflare’s systems slipped random chunks of server memory into webpages, under certain circumstances.

View full story

ORIGINAL SOURCE: The Register

The post Cloudbleed: Big web brands leaked crypto keys, personal secrets thanks to Cloudflare bug appeared first on IT SECURITY GURU.



from Cloudbleed: Big web brands leaked crypto keys, personal secrets thanks to Cloudflare bug

Cybercriminal selling nearly one million Coachella accounts on the dark web

Nearly one million Coachella accounts are reportedly currently up for sale on the dark web. An underground data trader is allegedly selling over 950,000 Coachella user accounts data, which includes usernames, hashed passwords and email addresses, for $300. “Coachella complete database dump from this month,” the cybercriminal, who uses the handle Berkut, wrote in their listing, on the popular dark web marketplace Tochka, Motherboard reported.

View full story

ORIGINAL SOURCE: International Business Times

The post Cybercriminal selling nearly one million Coachella accounts on the dark web appeared first on IT SECURITY GURU.



from Cybercriminal selling nearly one million Coachella accounts on the dark web