By Matthew Losanno

When the integrity of your system and network is at stake, neglecting a critical software update is the last task that should be placed on the back burner.

According to an article posted on Dark Reading over the summer “Six out of every 10 users of Adobe Reader are running unpatched versions of the program, leaving them vulnerable to a variety of malware attacks, according to a report…”

All software updates, although seemingly trivial, can offer protection against a variety of vulnerabilities. Most of us will readily update our anti-virus software; we all understand that it can prevent a virus from taking control of our computer or deleting our data. While the antivirus software actively scans incoming files/emails, AV software is similar to a last line of defense; it is there when your computer has already been the target of an exploitation. Read more…

Data Security, Malware

Our friends over at BitDefender have released a new Internet Security Suite.  Checkout the review over on Infosec Island.

While you’re at it, also checkout Kanguru’s secure, encrypted flash drives featuring onboard BitDefender Anti-Virus for protecting your flash drives from malware.

Data Security, Malware

A recent article in Network World outlines the potential security threats of smart phones.  The article explains how, much like flash drives (or thumb drives, whichever term you prefer), mobile phones can be used to potentially spread malware when plugged into a USB port for syncing or charging.

Compromised phones will infect computers they may plug into for otherwise legitimate reasons, much the same way malware such as Stuxnet found its way onto laptops via thumb drives, according to the “Emerging Cyber Threats Report 2012″ released at the Georgia Tech Cyber Security Summit 2011″

The report warns that “mobile phones will be a new on-ramp to planting malware on more secure devices.”

The article goes on to outline several other infosec threats posed by mobile phones as well.

For the full story, click here.

Data Security, Malware

A new study from the Digital Forensics Association, called The Leaking Vault 2011, covers 3,765 publicly disclosed data breach incidents over the past six years.  The estimated cost of these data breaches totaled more than $156 Billion.  “Hacking” exposed the largest number of records, while “Drive/Media” exposures were the second leading cause.

The study also shows the breakdown of incidents among business, education, government and medical sectors.  It clearly shows that data breaches can happen to a wide variety of institutions, not just those that handle “classified” information.  State data breach laws and industry regulations like HIPAA have increased the spotlight on data security outside of traditional national security organizations.  In fact, medical data breaches were the fastest growing segment from 2005-2010.

Read the full report for conclusions and recommendations.

Data Security, Financial, Government, Healthcare, Malware, Portable Storage

There have been a lot of discussions lately about the security (or lack thereof) inherent in the use of passwords in IT security.  We’re inundated with headlines like “We’re lousy at picking passwords” or “One more reason why passwords are no darn good”.

Many people in the “passwords aren’t secure” camp point to the fact that most users tend to lean on easy to remember, and often easy to crack, passwords.  “12345”, “password”, and “iloveyou” are just a few of the common passwords used.

Another problem besieging password use:  password cracking.  Even a complex password consisting of letters, numbers and symbols can fall to a brute force, dictionary or pattern attack given enough time and computing power.

And then there is keylogging, recording every keystroke you make, rendering your password choice inconsequential.

The truth is, there is nothing wrong with using passwords for IT security.  It is HOW they are implemented that needs to be managed. Read more…

Data Security, Malware

From our friends over at BitDefender:

Madonna, Cameron Diaz and Barack Obama also amongst the top personalities used in cyber scams according to BitDefender analysis of 25 million spam messages

American comedian and TV host Jay Leno is the most dangerous Hollywood celebrity in cyberspace, according to analysis of 25 million spam messages by BitDefender®, an award winning provider of innovative internet security solutions. After Leno, results revealed Madonna and Cameron Diaz to be the next most frequently used personalities by cyber criminals in spreading spam. Barack Obama and Stephen King also make the top ten.

BitDefender’s analysis found most of the spam messages focused around medicine and the purchasing of pills but come with enticing subjects such as ‘Jay Leno found taking drugs’ or ‘George Clooney’s Girls.’ Other celebrities mentioned but ranking outside the top ten include Read more…

Data Security, Malware

USB Flash drives: Petite, portable storage devices capable of storing gigabytes of data.  They’ve revolutionized the business world with their convenience and portability; however, there is a darker side to the revered little flash drive.

Their tiny size often makes them easy to lose and their storage capacity allows huge amounts of potentially sensitive data to be stored on them. If lost or stolen a single, tiny, insecure flash drive has the potential to cause a massive data breach.

As state, federal and business regulations tighten on information security and impose fines and sanctions for data breaches, the question arises:  Should flash drives be banned from work environments, as the Department of Defense did in the fall of 2008[i]?  Or can they be used in a safe manner without limiting the very attributes that make them so popular?

The answer to this will vary greatly depending on your organizational policies and security standards; however, there are options for using flash drives securely.

A good starting point is encrypted flash drives.  While encryption is important, there are many more factors to take into consideration in the overall security of flash drives.

In order to cover some of the new security developments surrounding flash drives and to figure out the best solutions for your needs I’ve come up with 11 basic questions to ask when buying a secure flash drive.

Question #1: What is the overall level of security and has it been certified by an independent, accredited entity?

Why it is important: Generally, the higher the encryption level (128-bit, 256-bit), the more difficult it is for a hacker to break.  However, it is also very important that the device be tested for other relevant factors such as encryption tunnels, a true random number generator, physical security features, hashing, and the security of the device’s firmware. Read more…

Data Security, Financial, Government, Healthcare, Malware

A recent article in Security Week outlined a dramatic increase in malware sent via e-mail.  This after the takedown of the Rustock Botnet.  Methods of spreading the malware included fake “parcel tracking information” mimicking those from UPS and DHL, PDF file attachments with script malware, explicit PowerPoint presentations and more. 

The take away from this report is to maintain a regularly updated anti-virus on your computer, scan e-mail documents before opening them, and be wary of any suspicious attachments/e-mails. 

If you work on computers that do not have anti-virus installed, you can carry a mobile anti-virus program on your Kanguru Defender Elite, Defender V2 or Defender Basic which allows you to scan any files you transfer between the unprotected computer and your flash drive.  It’s a great added layer of security, protecting your mobile documents from becoming a carrier of malicious programs.

Malware, Portable Storage

According to a new study by the Ponemon Institute, 75% of the energy and utility companies that were surveyed experienced a data breach within the last year.

“We were surprised that utility companies didn’t put a higher priority on issues like smart grid and smart meters, where there’s been a lot of concern about cyberthreats,” says Larry Ponemon, chairman and founder of Ponemon Institute. “Many of the people we talked to are still more focused on physical security than on cybersecurity.”

One possible attack vector being used against power companies is unsecured USB flash drives.  This was reported to be a big factor in the spread of Stuxnet last year.  Energy, utility and manufacturing companies should be taking extra measures to be sure only secure devices are plugging into industrial control equipment.

Malware, Portable Storage

You might not know the answer to that question until it’s too late.  Unfortunately, the most common response to finding a USB drive is to plug it in.  Virus-writers count on that response when they design the latest malware threats.

Network World discusses the way the Stuxnet worm has exploited this vulnerability.

Many companies have focused on the worm’s ability to spread via USB flash drives. Malicious programs spreading through infected such devices have become a major problem for corporations, because of employee curiosity. In penetration tests conducted by Leviathan Security, 8 out of 10 employees that found a USB drive plugged it into a computer. All of those workers then went on to open up a spreadsheet labeled “LayoffNotice.xls,” says Frank Heidt, CEO of Leviathan.

“You can tell your people, ‘Hey, don’t plug in USB sticks into your network,’ but that is antithetical to human nature,” Heidt says.

One way to combat this problem is to restrict unknown USB devices from your network and only allow devices with built-in antivirus protection.  Kanguru includes integrated malware protection as a standard feature on all new secure flash drives.  The network restrictions can be easily managed with Group Policy or one of the many Endpoint Security products now on the market.

Data Security, Malware, Portable Storage