Thank You JPM, It’s Time For Our Next Snack

October 13, 2014 — Leave a comment

Once you try the flesh of the major financial institutions, there is no coming back to where you used to hack before. This is exactly what happened with the group, which paid an unexpected visit to the JPMorgan. And, they are after for some more VIP financial blood. This does not have to be necessarily all bad.

Why? How can we say such a thing? Well, there is some poetic justice in this one. No matter what kind of cyber tools they use, our good old friendly hackers are still the human beings. And, they get infected with the greedy virus too, sooner or later, this way or another. What more can we expect?

For what is worth, the hackers have started to mess up with the wrong guys. These institutions can afford themselves a luxury of hiring the very best cyber security experts. They make the money. They can make some extra to fight back with the vengeance. Now, let us see what happens in the aftermath.

This is how it works. You do not do something for real, unless the trouble knocks at your door. In the clash between the financial wizards and cyber crime master minds, you know who is going to prevail eventually, don’t you? We sure hope it is not going to include some collaterals. In both finances and among us.

Huge Breaches – Small Awareness

October 12, 2014 — Leave a comment

OK. You do not have to read our or any other security blog to know what is happening out there. It is a nasty and merciless world of the cyber pain. Yet, you should know some basics. Right? How about some of the biggest IT security breaches in the recent history? If you forget it, then what is going to happen?

You do not have to be a rocket scientist to know that these unpleasant things will happen again. More than 77% of people in the USA are completely unaware of the eBay, Home Depot or Health Clinics data breaches. Does it really have to happen to you or your loved ones so you can start paying attention?

Maybe that is our worst cyber enemy, our ignorance and reckless behavior. We behave in a way all hackers in the world can only wish for. Millions and millions of people get affected on a daily basis. Yet, we have the careless days of our lives somewhere at the end of our cyber rainbow.

What is the alternative? Should we act as the android paranoid? That is not a solution. For what is worth, you should read some other news sections besides the sports, celebrities and finances. One minute of cyber awareness can save you at least one year of crumbling cyber pain. Enough for you?

Why Does My Linux HeartBleed?

October 11, 2014 — Leave a comment

If you thought that the HeartBleed has been the worst thing that can happen in the cyber world, you should better think twice. Why? Because we thought that the Linux was supposed to be the cyber land of the free. Wrong again. There is a HeartBleed version designed especially for the Linux world.

This vulnerability has a very nice and appropriate name. It is called the ShellShock. Compared to it, our good old HeartBleed seems like a kid’s toy. If you are up to full and unprecedented control, then the ShellShock is the right hacking thing for you. With this one you get the both worst scenario things.

Not only the keys to all rooms of your house, but also all remote controls for all of your devices. So, where should we go next? Both Windows and Linux are seriously compromised. The only what is left “untouched” are the mobile platforms, such as Android, IOS and Windows Phone. Is this enough?

How long before our mobile heart begins to bleed here, as well? How long before we experience the new mobile shock within or outside the shell? Can we fight the future for a change, at least once? How hard could it be? Otherwise, the only reasonable remaining option for us would be to get back in the caves.

Call Of Cyber Security Duty

October 10, 2014 — Leave a comment

No matter how hard you try, it seems you cannot unlock the mind of a hacker. Why? Well, you can try to predict the certain type of behavior, but they keep surprising you with the things they steal or hack. Here is a controversial case of the cyber theft, which makes it almost impossible to put all pieces of the puzzle together successfully?

So, what happened? It turns out that an extremely skillful hacker has paid a devastating and uninvited visit to both Xbox One and US Army systems. He or she, or eventually them, get into the possession of the Apache helicopter simulation program. Including the pre-release of the latest Call of Duty game.

The estimated value of these stolen goods, which can be classified as the top intellectual property stuff, is more than $100 millions. On the other hand, you can stop wondering. It makes a perfect sense that someone would like to steal the simulation program for one of the best military helicopters in the world.

However, what is with the Call of Duty pre-release? Maybe, our hero needs to relax after the hard work in his office? For the makers of this planetary popular game, this is not a funny story. In the real life hacking is not a video game. Once you end up in jail, you cannot restart the game from the beginning.

Award Down The IT Security Boulevard

October 9, 2014 — Leave a comment

The Americas Information Security Leadership Awards has announced its winners for the fourth time. The great thing about is that the American in its title does not refer only to the North America, but also to the Central and South America. So, when you say the American Award it includes both continents.

This is exactly what we need. We need something traditional, encouraging and inspirational at the same time. On the other hand, this something should include the word international in its title. As long as we have American or European prefixes, we cannot expect a major improvement in this field.

For what is worth, we are appreciating and we are grateful for these types of rare IT security awards. We just wish for more of these awards with the wider scope. The hackers themselves seem to be less nationalistic oriented and more open to the idea of an international cooperation. We should follow.

This is how we should do it. A little bit of awarding here and there. Then, a little bit of bug bounty programs, as well. If we appreciate enough our efforts and time invested for the IT security, then we can be rewarded with something more valuable that the awards themselves. The fully functional IT Security, for a change.

Unpatched = Unprotected

October 8, 2014 — Leave a comment

How many times we have to repeat it? How many evidences we have to submit in order to convince you? About what exactly? Our main point is quite a simple one, and apparently extremely difficult to accept. The human factor is the worst cyber menace you have ever witnessed and heard about.

In the absolute and surprising majority of cases you can easily ensure the remarkable level of the proper IT security. How? With the regular updates and use of patched systems. Yet, we keep missing to update and continue to use the unpatched systems. Why? Either we are totally reckless or lazy.

Either way we are in trouble. On the other hand, your friendly neighbor hacker only needs one vulnerability to pay an unexpected and unforgettable visit. We could have easily avoided or at least decreased the chances of facing this cyber trouble. All what we needed to do was to invest a little bit of our time.

No one can make you to comply with these simple and effective IT security rules, but also there is no one you can complain once you get hurt. The cyber doctors have given you a fair warning including a vaccine. It is your fault, if you think that you have something else more important to do.

The Shadow IT

October 7, 2014 — Leave a comment

The big bad and ugly wolf is coming. It is called the EU General Data Protection Regulation. Actually, it is supposed to protect us and save us from the three little pigs, who have mastered some hacking in the meantime. Then, how come the worrying majority of the employees in the EU is not willing to cooperate? Fully.

Nowadays, the IT guys in your company can forget the good old days when they were the Alphas and Omegas in your office. The cloud technology and the absolute abundance of available mobile devices were the fruitful ground for the new phenomena called the “shadow IT”. What in the world is that?

Well, this is a nice way for you to avoid the situation with the EU General Data Protection Regulation way, or the highway. You can still do your thing without worrying about those boring new regulations, including your paranoid IT colleagues. What is so difficult and problematic about the new IT security measures?

It is the similar, if not absolutely the same, situation with the traffic safety regulations. They are supposed to protect you. You can ignore them or even work against them, but at your own risk. The same goes for the IT security measures, rules and policies. Instead of keep asking why, just comply.

KasperskyPOL

October 6, 2014 — Leave a comment

Here is a breaking news in the world of cyber security. Kaspersky Lab has teamed up with Interpol and Europol. This can easily turn out to be a role model for the future private – public teams up. Undoubtedly, this is a dream team for the cybercrime field. So, what they can do together for real?

Well, with no exaggeration at all, the sky is the limit. On the other hand, what is the nature of this specific relationship itself? It is better to say partnership. Kaspersky Lab will involve all of its resources and even staff for the Interpol and Europol specific tasks. There will be so much work to do together.

On the other hand, we do not want to spoil the fun, but we need to ask some questions. If Kaspersky Lab remains to be the only Interpol and Europol partner, then this will not be a good thing for the cyber security itself. We would be more than pleased to witness more participants in this teaming up.

Why stop here? Let us bring FBI and other similar agencies to share their thoughts and requirements with the cyber security experts. If the hackers can hold their hands, or better to say fingers, while attacking our IT infrastructure, then how come our guardians cannot be on the same cyber page?

The BlackEnergy On The Run Again

October 6, 2014 — Leave a comment

Who or what is the BlackEnergy? Well, to be quite honest, no one can tell for sure. We can only speculate. However, we can make a wild guess, which sounds extremely reasonable. From what it is known, the BlackEnergy has humble DDoS beginnings. Then, all of a sudden everything has changed for this group.

They have become more sophisticated. In addition, it is more than indicative that the primary targets were in both Ukraine and Poland. This somehow strangely coincides with the recent political and military confrontation in Ukraine. That is why the rumors about the state’s support were born.

But, which state? Well, you do not have to guess twice, do you? Russia is the usual suspect in this story. This does not imply that the USA and other NATO allies do not have cyber black ops teams of their own. Yet, when you have the government’s fingers involved, then the things become even more serious.

What is the point if we keep fighting the cyber menace, which has a state’s support and origin? Solving of all political crisis in the world will not eliminate all cyber threats. Nevertheless, we can certainly decrease their numbers. The most dangerous hackers are the ones wearing state’s uniforms.

Former Employees – Future Worries

October 5, 2014 — Leave a comment

You do not have to be a rocket scientist to know that former employees should not have the access to the company’s IT infrastructure as once they used to do. Yet, you would be surprised to find out in how many cases we forget to lock the IT door after someone leaves a company this way or another.

Why? It seems that we worry much more about the contract, social security, cancellation period, and all other more important issues that IT security in these cases seems like a trivial thing. We do not have time to clean the cyber working space after our former colleagues, but we do not forget the other things.

Believe it or not, there is a higher probability that your former employee will “hack” your company than any hacker you can possibly think of on this planet. The worst thing about it is that we leave an open door. Any unauthorized access is potentially extremely dangerous for your company or business.

This includes cases, when your former employee feels nostalgic about his old company’s account or wants to do you harm because he was fired. It only takes a couple of minutes to change passwords and adjust new security settings. Yet, we miss to act accordingly. This is how our former employee becomes our future hacker.

IMELA Software Blog

4 out of 5 dentists recommend this WordPress.com site

Cyber Security