Skip to content

I went on Radio63119.org again on the 16th with the Inside and Out show with Dr. Stan Fine https://www.facebook.com/Radio63119/videos/828354904257304/ is the link to the livestream - which is online at the Radio63119 page on Facebook. Or tune your FM radio to K W R H - 92.9FM within 10-20 miles of Zip code 63119 (Webster Grove)

The main theme was Cybersecurity and how one can defend against Cyberattacks.

CrowdCyber – Use your voice to contact businesses to help them survive a Cyber catastrophe.

Will your favorite business go out of business in 6 months after a ransomware attack? Or will they bounce back?

Check oversitesentry.com to help your local businesses defend against Cybersecurity attacks.

The show goes over the following 6 questions:

What is worst that can happen in cybersecurity?

2. How is psychology of security harming some small businesses?

3. how to prevent a disaster in cybersecurity?

4. how can anyone with concern for small businesses help the businesses.

5. What is crowdCyber?

6. How much time and effort should be spent on cybersecurity?

Thursday the 2nd of January https://www.radio63119.org/thursday At 10:30am I will be on the Dr. Stan Fine Show of "Business Inside and Out with Dr. Stan Fine"

Also at https://www.facebook.com/Radio63119/ may have a livestream. (searching in Facebook for radio63119 works too)

Here is the livestream link: https://www.facebook.com/Radio63119/videos/779825965873107/

Or tune your FM radio to K W R H - 92.9FM within 10-20 miles of Zip code 63119 (Webster Grove)

We will be discussing how to help Small businesses:

Some things you should know "Psychology of Security" and more

After the show airs the 6 questions and some answers will be reposted here.

  1. Why are small businesses getting hacked? (even though they do not have a lot of money/resources)
  2. Who is attacking us now?  Is it criminals? Young people experimenting? Nationstates?
  3. What method of attacking is most likely to hack you? What is the weak link?
  4. How is the Psychology of Security hampering Human tendencies when it comes to Cybersecurity?
  5. What can you do to prevent getting ransomware?
  6. What is a general rule of thumb to defend your technological devices?

The show went well (link above of the Facebook Live link)

News of Day: The Rowhammer and this week is Patch Tuesday.

In tip of Day segment we have a serious problem, as Rowhammer opens a new security angle which cannot be patched for some machines.dramsmall

 

Some RAM has a bit-flipping problem in certain situations which can cause an escalation of privilege, so if the hacker is on the computer, they can get admin or root access.

We need to realize that today's researchers develop exploits that then criminals use to attack our computers, and then the script kiddies use to attack the people who don't know how to use computers.

 

So we have to develop a new method of thinking - security must be built into our processes and methods. Compliance means security first. Otherwise we will get blindsided by the newest researcher attacks.

 

Remember our systems were not built for security first, the internet was not built with security in mind. So we will have many other attacks and eploits to keep in mind.

 

This is why you need a security department, somebody who is thinking about the security angle all the time.

Contact Us

the video itself;


Here is a story on how to improve your privacy on your iPhones

http://www.zdnet.com/pictures/new-iphone-ipad-change-these-ios-8-privacy-settings-immediately/

 

Bruce Schneier's post on privacy in general:

https://www.schneier.com/blog/archives/2015/02/everyone_wants_.html

 

We also need more Cybersecurity  http://oversitesentry.com/how-do-we-improve-security/  We need more Ethical hackers in every company understanding the issues

 

Use the principle of Philotimo to be an Ethical Hacker. The friend of Honor will "do the right thing"

Also an apt Youtube video (regarding ΦΙΛΟΤΙΜΟ)  http://youtu.be/DaPF4_-gH4g

 

To listen and educate yourself on the Netneutrality is:

Interesting economist (Professor Hazlett of economics) explains the Nuts and bolts of the net neutrality

Minute 44 is DSL sales growth and usage in the telecom industry.

I saw the Internet industry grow and change like Hazlett is talking about from 1996 until today

Minute 51 had an example of a Net neutrality violation (Metro PCS streaming Youtube but not others - like Netflix or Hulu)

At about an hour questions start.

 

As in my video - even after listening to Hazlett discuss this for an hour, I still think it will depend on the political power of the various factions. Of course the law is going to come down on NetNeutrality as well.

Hmmm  there are a 1000 phone companies in America (2-4 we can name) the rural companies get government subsidies.

 

The Fixvirus video show that explains it:

According to Kaspersky Group  report:

http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2015/02/Equation_group_questions_and_answers.pdf

There is malware that can infect hard drive firmware and then perform other tasks

At page 23 #14 says:

23

 

"14.
What C&C infrastructure do the Equation group implants use?
The Equation group uses a vast C&C infrastructure that includes more than
300 domains and more than 100 servers. The servers are hosted in multiple countries, including the US, UK, Italy, Germany, Netherlands, Panama, Costa Rica, Malaysia, Colombia and Czech Republic.
All C&C domains appear to have been registered through the same two major
registrars, using “Domains By Proxy” to mask the registrant’s information.
Kaspersky Lab is currently sinkholing a couple dozen of the 300 C&C servers."
C&C means command & control.
The infected hard drive means nothing without being able to "phone home".  So since it has to contact its C&C server we can detect that. Once we detect it we can stop the transmission - Use an IPS system firewall (a Next Gen FireWall) properly configured can protect against the malware.
Contact Us to help you with setting up your IPS or purchasing an IPS system that works for you.

First we made a special short video on what an Ethical hacker does:

Second the Video for the Fixvirus Security show:

News of Day is about this week's  patch Tuesday, there are several critical patches for Microsoft software and your IT department should patch multiple patches, as they are remote code execution (and thus very dangerous). Hackers can create attacks any time now, and if you do not patch your machine then it will be hacked by criminal Hackers.

 

Tip of Day: We need to move to a Six Sigma IT methodology - which means we need to

A. Define

B. Measure

C. Analyze

D. Improve

E. Control

 

So we need to test your IT environment to ensure it is performing as prescribed.

The only way to create an environment where only 1 mistake in a million can occur is if you are constantly testing from the outside.

that is where we can help: http://www.fixvirus.com/contact-us/

 

Sophos has a good article detailng some potential methods the hackers can use to extort money out of companies:   Nakedsecurity Sophos Blogsite

This is the important part:

1. Hackers hack and penetrate your systems, including customer databases

2. Customer data will be encrypted - a ransom will be put on the data (that is the old method)

2a. now the new method is to modify only some of the data like usernames or passwords (sometimes passwords and usernames are set by the customer) so it is impossible to find this encryption until customers call saying they cannot access their accounts.

3. Customers log onto your site and they get infected with ransomware themselves on their personal computers.

 

So what just happened?

A. your server inattention has caused your customers their data and the relationship with you is now harmed.

B. The fix to this is not a restore of data, since it may have been done some time ago. And thus is in your backups as well.

cryptolocker-ransomwaremessage  This is a Cryptolocker2.0 message

We must figure out how to restore before the hack.

How do you know? Test, test, and test keep your datapoints

We are all about  testing here at Fixvirus.com   Contact us to help you in this new cybersecurity environment

 

Here is the Fixvirus Security Show explaining this and Risk Management problems.

The video expounds on the Risk Management failure as well (in tip of day segment)

That was started on our blog post:  http://oversitesentry.com/?p=1400 "Risk Management does not work"

 

Brian Krebs has updated his Blog: and his famous picture (how much is your hacked computer worth):

http://krebsonsecurity.com/2015/01/fbi-businesses-lost-215m-to-email-scams/

becstats IC3 data - Internet Crime http://www.ic3.gov /about/default.aspx  ic3-banner4

The BEC is a global scam with subjects and victims in many countries. The IC3 has received BEC complaint data from victims in every US state and 45 countries. from 10/1/2013 to 12/1/2014 the following stats were reported(now look at image above):

total US victims: 1198

total US dollar loss: $179mil

total nonUS victims: 928

total nonUS dollar loss: $35mil

combined victims: 2126

combined dollar loss: $214mil

So Brian Krebs has updated his how much is your computer worth to hackers image:

HE-1-Krebsonsecurity.com

So Brian reviews what can happen to your email account if somebody is able to take it over and use it for their own money making schemes.

If I attempted to put a small dollar amount on these accounts, how much is your email account worth?

Google: $2

Facebook: $2

iTunes: $3

Amazon: $3

Walmart: $3

Netflix: $2

Dropbox: $2

Salesforce: $2

Fedex:$1.50

UPS: $1.50

Bank acct: $4

Steam:$2.50

Total:  $28.50 ? or more?

this is my image:

tonyz-hackedemailacctworth

 

My list is only a partial one, but I am trying to make it more personal - and give the hack a certain dollar amount. I am trying to create awareness, also note the comments in BrianKrebs post:

briankrebscomments

You can click on the image or go to Brian's site to read them, but I qwant to transcribe one of them in specific(bottom one):

"Almost word for word what happened to an affiliate company of ours. Slightly altered domain name appearing as someone’s VP, email request to wire funds, funds were sent, fund transfer frantically reversed at the 11th hour."

This attack is used in a manner that was not even a hacked email account, just a slightly modified domain name with a wire transfer fund using the name of the VIP. What are the odds that 2 comments similar in nature one after the other? Criminals are preying on our good graces and naivety.

 

If you need help in working on your compliance on passwords, or testing other aspects of your security policy, i can help with the Omega Scan service:

http://oversitesentry.com/solutions/omega/

Omega-Logo-819x1024  It is a unique service.

 

Here is the video to go along with this post

Pentesting every 3 months for entities with more than 20k transactions

annually for less than 20k transactions.

Why do you need to pentest?

Because things happen, and it is good to review your security profile

 

Have some Philotimo -


philotimogreekbreathing
  philotimopeterpappas

philotimohuffingtondo the right thing - defend your site by scanning. http://oversitesentry.com/solutions/

Philotimo video:

Today's Fixvirus Security Video:

Also discussing the Oversitesentry blog post about QWERTY keylogger: http://oversitesentry.com/?p=1351