Doug Bedell — March 22, 2017, 1:14 pm

Healthcare Information, Too, Is a Computer Security Risk


Now, evidently, it’s in healthcare, too – complacency over computer security. Brand Barney reports on the Security Metrics blog that “When it comes to the security aspect of HIPAA (a 1996 act on medical data privacy), many healthcare organizations are complacent, thinking a data breach won’t happen. As a result, far too many organizations are losing data and they don’t even know it.”

“Many organizations,” Barney adds, “don’t realize how easy it is for someone to walk in, take something with valuable data on it, and walk out. Social engineers can easily install malware and steal data from healthcare systems due to inadequate employee training and security.”

Doug Bedell — March 20, 2017, 3:23 pm

‘Spear Phishing’ Explained; It’s Digitally Treacherous


Barrier Briefs has been noting the vulnerability of computer users to spammers and hackers. Here’s a specific instance discussed by Brian Krebs on his security blog of a company – Defense Point Security – that had to advise is employees “that their W-2 tax data was handed directly to fraudsters after someone inside the company got caught in a phisher’s net.”

Spear phishing, advises Norton Utilities, “is a scam and you’re the target. Spear phishing is an email that appears to be from an individual or business that you know. But it isn’t. It’s from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC…”

Doug Bedell — March 17, 2017, 4:26 pm

‘White-Hat Hacking’: It’s Come to That – To Insure Web Safety


With cybersecurity at heightened levels of awareness, we’ve reached a point at which we can note the emerging discipline of “ethical hacking.” Ethical hacking? Well, now you can pay to determine if you’re being intruded upon on the Web.

Paul Ridgewell on Naked Security reports on “white hat” contractors, “a somewhat shady-sounding occupation that uses penetration-testing techniques to assess IT security and identify vulnerabilities.”

“But on the whole, in the round” Ridgewell adds, “the concept of attaching ‘ethical’ to a criminal activity seems only to apply to cybersecurity. As I say, it’s odd.” Indeed.

Doug Bedell — March 15, 2017, 10:29 am

Getting a Grip on Digital Security


Bruce Schneier led us to the Digital Security Exchange, a new organization launched in the context of the growing concerns over the vulnerability to intrusion of digital systems.

“So much infrastructure is vulnerable:,” writes Josh Levy, “Vast databases of constituent information sit in the cloud, state surveillance is eradicating privacy and chilling free speech, and the devices we depend on to communicate have been weaponized against us.

“At the same time, existing recommendations can be dizzying…”

Doug Bedell — March 13, 2017, 3:25 pm

The Risk of Cyber Security Attacks: Oh Gee, It’s Growing


In case you haven’t been giving them center stage, the risks of a cyber attack on your security system(s) are growing, the Security blog advises, so pay heed. “But there isn’t just one (such risk). Instead, it’s a combination of issues that will create a complex, multi-faceted problem set that has no clear-cut solution.

“To get a picture of what is likely to await all of us,” the Security warning continues, “let’s look at the numbers! The cyberattack surface area will dramatically increase over the next few years. A 2015 report by management consultants at EY projected that by 2020, the number of connected devices would exceed 50 billion. Think about the dramatic growth in the Internet of Things segment – connected vehicles, wearable computing, IoT sensors embedded systems, and so much more….”

Doug Bedell — March 10, 2017, 11:59 am

Banking on Security? Not So Fast…


Ericka Chickowski on Dark Reading reports on a study advising that while banks have “some of the most advanced application security practices and tools” in place, they’re not so hot at validating them or requiring their third-party vendors “to have similar policies and standards.”

In other words, cyber security can sometimes be only keyboard deep. Be mindful of that when you’re counting yourself or your business as well-protected.

Doug Bedell — March 6, 2017, 1:59 pm

‘FlatCam’s’ Astounding Data Images


Something else to be mindful of on the security horizon, if you’re able to catch a glimpse of one as it emerges. Seriously, two Rice University researchers have developed “flat camera” technology to the point that it’s expected to be in widespread use by the end of 2019.

FlatCam is a lensless camera less than a millimeter thick. “FlatCam,” advises Security InfoWatch, “has the potential to make cameras even more ubiquitous (than present security cameras) in public spaces.” That would make it a security monitoring agent that would-be intruders might not be aware of. Rather than producing images via lenses, FlatCam relies on computations to ‘get the picture’.

Doug Bedell — February 27, 2017, 2:46 pm

Get With It: Building a ‘Cybersecurity Culture’


With the Internet and digital communication being an increasingly powerful factor in today’s communication, there’s much to consider about the security of being “on the Web”. Joel Griffin, editor of Security InfoWatch, discusses this reality in a post on “How to build a more effective cybersecurity culture”.

Griffin advises that “While senior leadership within most organizations today would readily admit that cybersecurity is one of their biggest concerns, many are still woefully behind when it comes to building a more cyber-aware culture among their employees and even the C-Suite.”

Doug Bedell — February 24, 2017, 9:14 am

Securing Computers In Today’s Offices


We talk a lot about digital security, but here are “10 physical security measures (ital. added) every organization should take,” courtesy of TechRepublic.

They start off with, “Lock up your server room.” If you have a small office without a server room, we assume that means, Keep your computer-containing office space darned secure.

Doug Bedell — February 22, 2017, 4:59 pm

Don’t Invite Spammers In


Here’s a simple, but important, security tip to ward off would-be attackers of your computer systems: Don’t open files or messages you don’t recognize. They may be spam carriers. Spammers can trick users into opening a rigged .zip file and…

“Once the .zip file is opened, an .exe file that’s nested inside is activated and code – in the form of a malicious DLL (MSIMG32dll) – is dropped onto the victim’s machine. The malware uses DLL hijacking to write system usernames and passwords to a text file, ‘Log%s#%.3u.txt,’ and send them along to the attacker’s command-and-control server.”

Got it? This sobering advice comes from threatpost.com. And it’s well worth heeding.