Connect with us

Cyber Security

Apple Fixes Tame POODLE Bug on Macs

Avatar

Published

on

Apple FixReading Time: 1 minute

Apple has released fixes for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5 to address vulnerabilities in SSL 3.0, referred to as the POODLE bug. An attacker can use the but to decrypt data protected by SSL

Earlier this week, Google announced that they had identified known attacks that compromised the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. SSL 3.0 has known vulnerabilities that could allow hackers to read user cookies and private communication.

Comodo recommends disabling SSL 3.0 on servers and on older browsers. Newer browsers already disable SSL 3.0 by default.

To disable SSL 3.0 on Internet Explorer 9, do the following:
1) Select Tools (Alt+X)
2) Select Internet Options
3) Select the Advanced tab
4) In the Security group, uncheck Use SSL 3.0

If you are not sure if your browser currently uses SSL 3.0, you can check a the web site poodletest.com.

Users and administrators should review Apple Security Update HT6531 (link is external) for additional details.

TEST YOUR EMAIL SECURITY GET YOUR INSTANT SECURITY SCORECARD FOR FREE Source: https://blog.comodo.com/it-security/apple-fixes-tame-poodle-bug-macs/

Cyber Security

Simple Steps To Protect Your Business Data Across Mobile Devices

Avatar

Published

on

Data security is always the top priority for businesses of all sizes, and there is never a moment you should go slack with it. However, this gets challenging as businesses generate massive volumes and a variety of data every day. Another fact that adds to the challenge is that this data comes from and goes to mobile devices as well. Every mobile device in the corporate infrastructure is like a weak point that hackers can compromise and steal the data on it. So it makes sense to go the extra mile with the right security measures to protect the corporate data across mobile devices.

It sounds challenging, considering BYOD is a norm for most organizations today, and there may be hundreds of mobile devices in the ecosystem at any point. Managing them all can be a big task for your IT security team. However, the right tools coupled with a proper mindset can help you secure sensitive data on mobile devices without much work. Let us explain some simple steps for mobile data security every business should have in place.

 

Have a BYOD policy in place

When it comes to protecting business data in the current landscape, nothing is more important than having a formal BYOD policy in place. After all, you need to make sure that there are no unintentional and malicious threats at the hands of employees bringing their personal devices into the corporate ecosystem. The critical elements of this policy include password norms, installation of remote wiping software, protocols for reporting loss or theft of devices, and use of protective security software for device-level security. Education and training for your employees are vital because they should know how to safeguard company data while accessing it from their own mobile phones.

 

Maintain access control to mobile devices and data

Maintaining access control policies is vital to prevent unauthorized users from accessing your mobile devices and data. Mobile device management (MDM) solutions are a critical investment for enterprises as they enable access management. These solutions create identity and authentication protocols for devices by installing an MDM agent on them and monitoring access requests. With this, you can make sure that nobody outside the business can access the devices. The security protocols cover the data stored on these devices as well. It ensures data encryption while uploading or downloading from a device. Further, data is secured with access regulations that permit only authorized users and applications to use it.

 

Ensure that devices are updated at all times

Your business data is only as secure as the devices that house them, which means that you should go the extra mile with device security. The latest software updates are critical for mobile devices because they include patches for various security vulnerabilities. These holes can expose the device and data to malware and other security threats. As a security best practice, ensure that all employees install the updates at the earliest. Apart from software updates, they should also cover their devices with reliable antivirus software. At the same time, make the users aware of the suspicious sites and apps that could bring malware to their devices, so that they can steer clear of them.

 

Discourage the use of public Wi-Fi networks

Public WiFi networks are perhaps the biggest threat to corporate mobile device security strategy. A device connecting to a public Wi-Fi network becomes an easy target for any hacker or malware looking to compromise hardware and data. This is perhaps the simplest way they can break into your network and cause havoc, so you need to make sure that it never happens. Enterprises need to enforce strict rules that discourage users from accessing these networks because they can pose a serious risk to sensitive business data. Training your employees and educating them about the perils of using public Wi-Fi is also important.

 

Have native device and OS security tools in place

When you implement a BYOD policy for your organization, it is likely that there will be multiple device types and diverse operating systems in your ecosystem. These devices and OS usually include built-in security tools, but best-in-market mobile device management solutions always give you an additional layer of safety. Have a close look at the available security tools and assess whether they are good enough from the enterprise device security practices. Sometimes, they may not be enough to protect a device fully, so you cannot rely solely on them.

 

Back up mobile data regularly

Even if you take all the steps to secure your devices and data, disasters can still happen. If corporate data is compromised, you may have to delete it, or it may not be accessible anymore. It makes sense to back up the data on BYOD devices regularly and maintain it as a routine for all the employees using such devices. Do not consider it as a one-and-done deal; rather, enforce it as a rule that the entire organization has to follow strictly and without any exceptions.

 

Evaluate your MDM strategy periodically

Although you may take all the steps required to create a robust MDM strategy for your business, there isn’t a guarantee that it will always work. One of the tools may not be good enough, or an employee may not be adhering to the BYOD policies properly. There is always a chance of a new threat surfacing in the evolving cybersecurity landscape. Evaluating your data security plan periodically helps you find holes that need to be addressed sooner rather than later. Also, it keeps you prepared to deal with security threats that may arise anytime in the future.

 

đŸ”„đŸ‘‰ Allowing personal mobile devices in the corporate ecosystem is fraught with risks, but not doing so can compromise with the flexibility and mobility of your business. The best thing to do is to keep tight security controls over your business data and devices so that you can get the best benefits while minimizing the risks. A reliable mobile device management solution has you covered, so implementing one is worth the effort.

source: Plato

Continue Reading

Cyber Security

Quelques conseils pour améliorer la sécurité informatique afin de ne pas perdre des données personnelles

Avatar

Published

on

On n’arrive souvent pas Ă  y croire, mais il est quasi-impossible de vivre sans informatique dans notre vie quotidienne. Tout se fait avec un ordinateur ou un smartphone, depuis la simple rĂ©servation d’une table au restaurant, Ă  l’organisation d’un voyage Ă  l’autre bout du monde.

MĂȘme les billets de train ou d’avion ont presque disparu au profit des billets Ă©lectroniques Ă  QR Code. On vous souhaite une bonne chance d’essayer de vivre dans notre sociĂ©tĂ© actuelle sans un outil informatique dans la poche. En rĂ©alitĂ©, c’est juste impossible.

C’est indĂ©niable que cela apporte un lot de facilitations dans la vie quotidienne, Ă©tant donnĂ© qu’on peut tout faire depuis un smartphone ou un ordinateur. Cependant, cela apporte Ă©galement un lot de risques qui sont liĂ©s aux donnĂ©es personnelles.

Aujourd’hui, nous allons voir quelques conseils qui permettent d’amĂ©liorer la sĂ©curitĂ© de nos donnĂ©es personnelles. On y va ! 👇

 

Qu’est-ce que la sĂ©curitĂ© des donnĂ©es personnelles ?

La sĂ©curitĂ© des donnĂ©es personnes est tous les systĂšmes, mĂ©canismes, protocoles, actions, etc. utilisĂ©s afin de s’assurer que nos donnĂ©es personnelles (comptes bancaires, informations personnelles, comptes professionnels et privĂ©s, etc.) restent en sĂ©curitĂ© et intouchables par des personnes malveillantes. C’est peu de dire que c’est une chose trĂšs importante quand on sait que pratiquement toutes les donnĂ©es de nos vies sont gĂ©rĂ©es par plusieurs systĂšmes informatiques.

 

Comment assurer la sécurité de nos données personnelles ?

Pour commencer, aucun systĂšme au monde est infaillible. Cela est dĂ» au fait que ces systĂšmes ont Ă©tĂ© et sont crĂ©Ă©s par des hommes, qui sont eux-mĂȘmes imparfaits.

Cependant, les ingĂ©nieurs et dĂ©veloppeurs sont quand mĂȘme trĂšs intelligents pour crĂ©er des mĂ©canismes de protections, et nous, en tant qu’utilisateurs, on doit Ă©galement faire attention et prendre certaines mesures.

Voici quelques conseils pour assurer au mieux la sécurité de vos données personnelles.

 

Ne jamais utiliser un ordinateur public

Le premier conseil est de ne jamais, au grand jamais, utiliser un ordinateur public pour consulter les mails, les comptes bancaires, les commandes en lignes, les rĂ©seaux sociaux, etc. et tout ce qui touche de prĂšs ou de loin Ă  votre vie personnelle. « Mais pourquoi ? » diriez-vous. Tout simplement parce que sur un ordinateur public, dieu seul sait ce qu’il y a dedans. Il doit sĂ»rement y avoir virus, trojan, spyware, malware, key-logger, etc. et toute une autre panoplie de programmes malveillants qui se feront un plaisir de voler vos donnĂ©es personnelles. Donc, en gros, Ă©vitez Ă  tout prix ces ordinateurs. A la limite, vous pouvez les utiliser pour faire des recherches sur Internet. Aussi, Ă©vitez de brancher des clĂ©s USB ou des supports amovibles sur ces ordinateurs car vous allez transporter les menaces vers votre ordinateur personnel.

Toujours vĂ©rifier la provenance des mails. Ces derniers temps, on voit que les pirates reviennent en force avec le phishing. Le phishing consiste Ă  tromper les personnes avec un faux site web pour que celles-ci y entrent leurs informations personnelles. Du coup, quand vous recevez un mail de votre banque par exemple vous invitant Ă  cliquer sur un lien pour mettre Ă  jour vos informations personnelles, c’est sĂ»rement du phishing, surtout quand les informations demandĂ©es sont le nom et le prĂ©nom, date de naissance, numĂ©ro de carte, etc. Dans le doute, vĂ©rifiez la provenance de l’email car ce genre de messages ne proviennent jamais d’institutions lĂ©gitimes. Et si vous n’arrivez pas Ă  dĂ©terminer l’adresse mail de l’expĂ©diteur, cliquez sur le lien et vĂ©rifier l’adresse du site web. Dans tous les cas de phishing, le site web du lien n’a rien Ă  voir avec le vrai site, sauf pour le design.

Faire attention sur les rĂ©seaux Wi-Fi non sĂ©curisĂ©. Plusieurs espaces publics proposent des connexions Internet gratuites pour tout le monde Ă  l’aide de Wi-Fi non sĂ©curisĂ©, Ă©tant donnĂ© que c’est plus facile Ă  mettre en place et Ă  gĂ©rer. Mais, ce qui n’est pas dit, c’est que les rĂ©seaux Wi-Fi non sĂ©curisĂ© sont des espaces oĂč toutes les donnĂ©es ne sont pas cryptĂ©es. Il suffit Ă  une personne malintentionnĂ©e qui se trouve sur le mĂȘme rĂ©seau pour capter toutes les donnĂ©es transmises sur le rĂ©seau assez facilement. Donc, si vous devez utiliser ce genre de rĂ©seau pour une raison ou une autre, Ă©vitez Ă  tout prix de faire des achats, de consulter vos mails et vos rĂ©seaux sociaux, de consulter votre 

banque, etc. et tout ce qui touche aux données sensibles. Vous pouvez faire de simples recherches sur ces réseaux, ou regarder des vidéos dessus sur YouTube ou autre plateforme de streaming gratuite (pas de Netflix ou Prime Video).

Utiliser un bon antivirus. L’antivirus permet de garder sĂ»r vos appareils (PC, smartphone, tablette, etc.) contre les menaces informatiques. En utilisant un bon antivirus, vous aurez la certitude d’avoir le meilleur outil pour faire un excellent travail, et de plus, vous pouvez avoir ici des promotions trĂšs intĂ©ressantes sur une large gamme d’antivirus. Autre chose, laissez l’antivirus faire son travail sans interfĂ©rer, car ils sont maintenant trĂšs performants et peuvent fonctionner tout seul.

Utiliser un mot de passe complexe. Pour tous vos comptes en ligne (PayPal, banque, etc.), il est plus que conseillĂ© d’utiliser un mot de passe complexe, avec des lettres, des chiffres, des caractĂšres spĂ©ciaux et des majuscules/minuscules. Pourquoi ? Parce qu’un mot de passe simple est facile Ă  craquer en utilisant la force brute. Par contre, un complexe ne le sera pas, ce qui augmentera la sĂ©curitĂ© de vos donnĂ©es personnelles. Aussi, si vous avez la possibilitĂ© d’utiliser un gestionnaire de mot de passe, faites-le car ils sont pratiques et performants.

 

👉  VoilĂ  quelques conseils qui permettront de rendre vos donnĂ©es personnelles encore plus sĂ»res dans notre monde numĂ©rique. C’est des conseils faciles Ă  mettre en place et qui vous sauveront la vie Ă  coup sĂ»r.

N’hĂ©sitez surtout pas Ă  vĂ©rifier et revĂ©rifier tout ce que vous recevez dans votre boĂźte mail, car les personnes malveillantes sont de plus en plus ingĂ©nieuses pour voler vos donnĂ©es personnelles. Faites attention et tout se passera bien.    

 

Source: Plato

 

Continue Reading

Cyber Security

Payment Card Records Stolen from US-Based Restaurant Dickey’s Barbecue Pit

Avatar

Published

on

payment card

On the Dark Web marketplace, Gemini Advisory says, a data collection of millions of payment card documents allegedly stolen from US-based restaurant chain Dickey’s Barbecue Pit has surfaced.

The details, posted on the underground marketplace of the Joker’s Stash, appears to have been obtained from over a hundred compromised locations. The data seems to come from 35 US states and some European and Asian nations.

The BLAZINGSUN data collection reportedly comprises 3 million payment documents, with an estimated price of $17 per card.

There are 469 outlets operated under the Dickey’s Barbecue Pit franchise in 42 states, each of which has approval to use the type of point-of – sale (POS) system they want, as well as their chosen processors.

The details that appeared on Joker’s Stash, according to Gemini Advisory, indicates that 156 Dickey locations in 30 states might have been hacked. Between July 2019 and August 2020, the data was allegedly harvested.

Dickey’s runs under a franchise model that also requires each location to decide the type of system and processors they use for point-of-sale (POS). However, the damage could be attributed to a violation of the single central processor, which was leveraged by over a quarter of all Dickey’s places, considering the widespread existence of the breach,’ says Gemini Advisory.

The security company also reports that the exposure by location does not exactly correspond with the spread of the restaurant across states, but the exposure is roughly representative of the overall spread, with the exception of Texas, which hosts 123 restaurant locations but only three compromised locations.

Gemini also notes that payment transfers were conducted using the magstripe system in this infringement, which is obsolete and vulnerable to attacks. It’s unknown, though, whether the affected restaurants used redundant or misconfigured terminals.

“The documents from Dickey’s will likely continue to be applied to this marketplace for several months, based on past big breaches of Joker’s Stash,” the security company says.

The restaurant chain confirms it is mindful of a potential breach of data and an investigation has been initiated.

We received a warning stating that there may have been a security breach involving a payment card. We took this breach very seriously and our action plan was launched promptly and an investigation is ongoing. We are now focusing on identifying the affected sites and time periods involved. We use the expertise of third parties who have assisted other restaurants to resolve similar concerns.

Source: https://cybersguards.com/payment-card-records-stolen-us-based-restaurant/

Continue Reading
Fintech2 hours ago

Minimum Wage Workers Can Now Get Guaranteed Payday Loans No Matter What In Canada

Energy2 hours ago

Volvo Trucks Awarded $21.7M from U.S. EPA and South Coast AQMD to Deploy 70 Class 8 VNR Electric Zero-Emission Trucks

Energy2 hours ago

Trilliant Partners with 1NCE for a Cost-Effective Cellular Solution to Cover the Last Mile for IIoT

Energy2 hours ago

LyondellBasell Hosts Annual Global Care Day Supporting Food Security

Energy2 hours ago

Insider Buying Signals Gold Industry Momentum

Energy2 hours ago

In New Book, Veteran Journalist Shows How to End California’s Water Wars, Protect Habitats and Meet State’s Water Needs

Blockchain2 hours ago

How Does the Future Look for Cryptocurrencies in the Financial Market?

Cyber Security3 hours ago

Simple Steps To Protect Your Business Data Across Mobile Devices

Blockchain5 hours ago

How Blockchain Can Help Your Business Grow

Cyber Security6 hours ago

Quelques conseils pour améliorer la sécurité informatique afin de ne pas perdre des données personnelles

Aviation6 hours ago

Norwegian’s New Airbus A321LR Fleet – What To Expect

Ripple Price
Blockchain7 hours ago

Charted: Ripple (XRP) Technicals Suggest a Crucial Breakdown Below $0.24

Fintech7 hours ago

Insurtech Bolttech Expands Its Footprint to South Korea With LG U+

Aviation7 hours ago

Remember The Interjet-Aeromar Codeshare? Its Over

Blockchain8 hours ago

Savvy Traders Are Capitalizing on Two New Crypto Assets, Says Bitcoin Bull Tyler Swope – Here’s How

Aviation8 hours ago

One Of The World’s Busiest International Routes Is Less Than 300km Long

Aviation8 hours ago

Western Sydney cover up possible, hints top bureaucrat

Ethereum
Blockchain9 hours ago

TA: Ethereum Could Narrowly Avoid a Major Drop if it Closes Above $380

Aviation9 hours ago

A Look Inside Drake’s Crazy New Private Boeing 767 Jet

Aviation10 hours ago

Tasmania on track to open to NSW on 2 November

Aviation10 hours ago

Cathay Pacific Weighs Further Job And Pay Cuts

Aviation11 hours ago

What Is A Tail Strike And Why Can They Be Dangerous?

Bitcoin Price
Blockchain11 hours ago

TA: Bitcoin Hesitates Below $11,550, But Upside Break To $12K Seems Likely

Blockchain11 hours ago

Top DEXs Record 197% Average Monthly Trading Volume Increase As DeFi Hype Drives Growth

Blockchain11 hours ago

Bitstamp To Provide Crime Insurance for Crypto Asset Safety

Blockchain12 hours ago

Bitcoin Price Prediction: BTC/USD Struggles to Break $11,500 Resistance, May Set the Stage for Upside Momentum

check-out-thorchain-rune-shapeshift-ceo-erik-voorhees-says.jpg
Blockchain12 hours ago

“Check Out Thorchain (RUNE),” ShapeShift CEO Erik Voorhees Says

Aviation12 hours ago

Melbourne To Top Singapore Airlines’ Flight List In December – Here’s The Catch

Blockchain13 hours ago

Kraken Daily Market Report for October 18 2020

Aviation14 hours ago

United Airlines Moving Forward With Boeing 787 Polaris Retrofits

Chainlink LINK
Blockchain14 hours ago

Analyst: Chainlink Likely to Rally to $16.50 as It Approaches Key Level

Aviation14 hours ago

Victoria’s own website permitted ‘unauthorised’ Kiwi arrivals

Aviation15 hours ago

AirAsia X Cutting Indonesia Arm

options-trends-makes-it-hard-for-this-analyst-to-imagine-a-bitcoin-mega-pump.jpg
Blockchain15 hours ago

Options Trends Makes it Hard for This Analyst to Imagine a Bitcoin “Mega Pump”

Ecommerce15 hours ago

Embodee Announces Beta Availability of New Web Platform for 3D Fashion…

Ecommerce15 hours ago

Money Mailer Joins Capital One Spring Discount Platform for Small…

Blockchain15 hours ago

Outlier Detection with RNN Autoencoders

filecoin-fil-faces-a-miner-crisis-72-hours-into-launch-analyst-says.png
Blockchain16 hours ago

Filecoin (FIL) Faces a Miner Crisis 72 Hours Into Launch, Analyst Says

Aviation16 hours ago

Comment: Virgin bloodletting signals private-equity hijacking

Aviation16 hours ago

Fort Worth’s Drive-in Airshow Wraps a Successful Weekend

Trending