Doug Bedell — June 23, 2017, 10:41 am

Preview of Web Security Tools Coming Up

Ericka Chickowski on the DarkReading blog provides a preview of “8 hot hacking tools” that are expected to be “revealed and released” next month at the Black Hat USA meeting in Las Vegas.

These are tools for “white hats,” the good guys, to have and understand in the continually plaguing effort to keep the Internet safe and secure for all to use – “black hats” excepted. Ericka’s post is a preview of what’s to come. Especially if you won’t be in Vegas, it’s worth spending some time on.

Doug Bedell — June 13, 2017, 10:03 am

New York City’s Security Setting

PRO Barrier Engineer Rich Lawrence provides a PDF copy of the Spring, 2017 issue of Security Director, published by ASIS International’s New York City chapter. Get caught up on how New York is meeting its security needs – a comprehensive run-through.

Doug Bedell — June 12, 2017, 10:26 am

Pluck Your ‘Low-Hanging’ Cyber Security Fruit – Could Be Enough

For a good overview on how to confront the security needs of your organization, Government Security News offers Katherine Teitler’s “5 Ways to Find the Low-Hanging Fruit on Your Network.”

“Though securing everything which needs securing — hardware, software, applications, data, people — is by no means a light lift,” Ms.Teitler writes, the security team’s ability to focus on eliminating low-hanging fruit will raise the ‘cost’ of an attack for cybercriminals. In many cases, this means your adversary will turn his attention elsewhere. If your company is a high-value, singled-out target, erecting better barriers means the attacker has to elevate his game, and you’ll have a better chance of identifying an attack earlier in the cycle…so long as you don’t “set and forget.”

Yes, whatever you do in cyber security terms, keep it current.

Doug Bedell — June 8, 2017, 3:40 pm

Become an “A” Student of Cyber Security

Cyber security – we’ve been on this subject before, but it’s one that bears repeating and refining. Computer breaches are becoming all too common so Diane Griffin on the Security Directions E-Magazine offers “5 Ways to Strengthen Your Cyber Security”. It’s a post from last year, but one that remains applicable today.

Ms. Griffin advises: Control Access, Secure WI-FI Networks, Protect Against Viruses, Don’t Ignore Software Updates and Make Backup Copies. These are computer techniques that have become security disciplines too. Check out her post for pointers on each.

Doug Bedell — June 6, 2017, 8:43 am

Schools Being Protected From a Security Control Center

The public schools in Littleton, Colorado, are demonstrating how security principles can be applied to an entire school system, with the state of the electronic art monitored from a single control center.

“Staff,” advises the Security Industry Association, “can watch video feeds displayed on a wall of 16 screens and view access control information for all facilities on desktop monitors. They can call up the view from any of countless cameras across the school district, check on what doors are locked or unlocked, communicate with schools and law enforcement and, if necessary, initiate a lockdown. All this information can also be accessed on mobile devices by first responders and school staff.”

Pretty cool for school protection.

Doug Bedell — June 2, 2017, 11:13 am

Homeland Security Issues Semiannual Report to Congress

Government Security News advises that the Department of Homeland Security has published its Semiannual Report to Congress, and that GSN is publishing selections of its key topics.

Such topics include Securing Cyberspace and Information Technology Assets, Secret Service challenges, Evaluatiion of SHS’ Information Security Program and Security Controls for the Transportation Security Administration.

Doug Bedell — May 28, 2017, 8:10 am

President Trump Prods the Feds on Cybersecurity

We trust that President Trump’s executive order on cybersecurity will have the result with federal agencies the President wants, and the nation needs.

For, as SecurityInfoWatch reports, “more than 190 federal agencies who previously all have been running disparate cybersecurity programs will have the opportunity to create a unified framework that will not only help protect the nation’s critical data and information resources but modernize some agencies that have IT systems that are between 30 to 50 years old.

“For example, the Commerce, Defense, and Treasury departments, along with HHS and VA report using 1980s and 1990s Microsoft operating systems that stopped being supported by the vendor more than a decade ago, and many other departments are using unsupported operating systems and components.”

Truly, there’s plenty of room for coordination and improvement of federal cybersecurity efforts.

Doug Bedell — May 24, 2017, 12:06 pm

Digital Security Breaches Setting World Records

Amid all the coverage of digital security breaches so far this year, it’s not surprising to learn that “data breaches and software vulnerabilities look set to break new records in 2017, if first quarter trends are any indication.”

That’s DarkReading’s conclusion as it reports that “Risk Based Security’s analysis of Q1 data showed there were a total of 1,254 publicly reported data breaches worldwide, which together exposed a mind-boggling 3.4 billion records containing sensitive data.

“Two breaches alone accounted for over 2.5 billion of those breached records. One involved River City Media and exposed 1.34 billion email addresses while the other at Chinese Internet Service Provider NetEase Inc. exposed nearly 1.3 billion email addresses and passwords that were later sold on the Dark Web.”

So don’t, it bears reminding, operate a computer without malware protection, like, for example, Norton Internet Security. And be mindful of what emails you’re opening – if in doubt, it’s probably best to delete.

Doug Bedell — May 20, 2017, 8:14 am

Bollard Barriers Stopped the Times Square Carnage

A television station in Los Angeles makes a point to remember about the chaotic scene in New York’s Time Square in which a speeding, careening car was brought to a halt by security bollards.

One woman was killed and 23 other people were injured in the incident. But “Investigators,” the TV report added, “said the tragedy could have been a lot worse if not for one Southern California company that makes the steel security barriers that stopped the careening Honda.”

The bollards were made by Calpipe Security Bollards based in Compton, CA, and were installed in late 2016. For its part PRO Barrier engineering offers the B-Cube basic bollard barrier which can be deployed in many creative ways.

Doug Bedell — May 17, 2017, 8:05 am

Insight Into the ‘Wanna Cry’ Ransomware Attacks

SecurityInfoWatch takes us into the digital chaos produced by the “Wanna Cry” ransomeware attacks. The infection was spread via a massive email spam, exploiting a vulnerability in the Windows OS, which Microsoft released a security patch for in March. Computers and networks that did not install the patch to help protect their systems are at risk.

“Think about it,” says Rob Clyde, Board Director for ISACA, an international IT governance association. “Earlier, even a simple computer crime involved two steps to get to monetization. First, the criminals have to break-in and steal personal information like credit card details and then secondly, sell it on the dark web, often to organized crime groups, in order to get paid. The buyers, in turn, use the credit card or other information to commit fraudulent transactions,” Clyde explains.

“With ransomware, crime has become an easy one-step monetization process. They break into a computer system, install ransomware and get the payment directly from the person or organization impacted. It’s a one-to-one interaction and payment is easily received. So from a cyber criminal’s perspective, ransomware has become a superior way of monetization.”