Search the Community

Kaspersky researcher Ido Noar says attackers have hit hundreds of small and medium businesses, stealing credentials and documents in a noisy smash-and-grab campaign. Noar says criminals have stolen some 10,000 documents from nanotechnology, education, and media outfits in an attack that foists a newly-discovered strain of malware called "Grabit". "Our documentation points to a campaign that started somewhere in late February 2015 and ended in mid-March," Noar says in a notice. "As the development phase supposedly ended, malware started spreading from India, the United States and Israel to other countries around the globe. "Grabit threat actors did not use any sophisticated evasions or manoeuvres in their dynamic activity." Attackers did not commit much effort to conceal their command and control servers, nor hide from the local system. Noar discovered the locations of the servers by simply opening the malicious Grabit phishing document file in an editor. "During our research, dynamic analysis showed that the malicious software’s 'call home' functionality communicates over obvious channels and does not go the extra mile to hide its activity. In addition, the files themselves were not programmed to make any kind of registry manoeuvres that would hide them from Windows Explorer," he says. The criminals could choose their favourite remote access trojan including DarkComet and the less complex HawkEye keylogger. Grabit should serve as a wake up call to admins in charge of protecting small businesses that coordinated attack campaigns are not confined to large enterprises and high-profile organisations. Source

When mega-retailer Target was the victim of a data breach during the 2013 holiday season, more than 70 million customers earned that their personal information, including email addresses and credit card numbers, had possibly been compromised. However, there was one small bright spot in the torrent of bad news: Target reported that the PIN numbers for compromised debit cards were encrypted, and therefore useless to the criminals who now had access to them. While that might have been little consolation to those customers who had to spend time locking down their accounts, to Target, it was a major victory in an otherwise bleak situation. Because the retailer did employ encryption to protect certain vital data, they were granted “Safe Harbor” from certain reporting requirements and more importantly, major fines, as a result of the breach. The Target data beach, and the others that have occurred since at retailers like Nordstrom and Home Depot, only serve to underscore the importance of encryption as part of a data protection strategy. While prior to these breaches, businesses that collect customer payment information, including credit and debit card numbers, were required by the Payment Card Industry Data Security Standards (PCI DSS) to encrypt data, many other businesses that store and transmit data via networks had less defined rules regarding encryption. However, that’s all changing. Encryption, once viewed as “extra” protection by many, has become a priority in the ongoing quest to secure data. 3 Top Trends in Data Encryption The fact that encryption has become a bigger priority in the last year is not the only change in the data security universe. In fact, the new emphasis on encryption itself has led to some significant trends. Among them: 1. Key Management Has Become More Complex One of the leading causes of data breaches is the inappropriate management of credentials, and encryption key management falls squarely under the umbrella of credential management. As more enterprises adopt encryption as part of their security protocol, the number of keys that need to be managed has also increased. Vendors that offer encryption as a service are growing more reluctant to be responsible for customer keys, while businesses employing encryption are also finding challenges in maintaining separation between the keys and the encrypted data. 2. Compliance Standards Are Changing While certain regulations, including the PCI DSS and HIPPA already required encryption as a minimum security standard, those regulations are expanding and becoming more stringent. The definition of “sensitive data” is expanding all the time, and organizations that fail to comply with the regulatory standards of their industry could face serious consequences. Many are choosing to err on the side of caution, and employing advanced encryption ahead of regulatory changes. 3. Expectations for Encryption Are Evolving One of the primary reasons that many businesses have resisted encryption — especially small businesses — is that encryption has often been viewed as complex and cumbersome function. Some older (read: a decade or more) encryption solutions did present some hurdles to users, but today’s virtualization security solutions present a seamless alternative. In short, modern encryption technology protects data without any effect on application functionality. Developers are also working toward homomorphic encryption to make the analysis of Big Data more thorough. Currently, most cloud based data analysis tools are not able to work with encrypted data. Businesses must either take the risk of working with unencrypted data in the cloud, or develop their own analytical applications, which increases expense. Homomorphic encryption, however, allows encrypted data to be analyzed just as it would if it were unencrypted. This allows businesses to not only tap into the power of Big Data more securely, it also presents opportunities to analyze data from multiple sources at once, without exposing potentially sensitive information. Even just a few short years ago, encryption was often viewed as a “bonus” security measure, something that enterprises could choose to employ. Believed to be the realm of government agencies and hackers, it was often reserved for the most sensitive data only, and considered unnecessary for the average user. With so much data being shared online, and with the explosive growth of cloud computing, though, encryption has become as commonplace as antivirus protection and firewalls. As adoption grows, expect to see more changes in encryption standards and security management going forward. Source

Do you own a Facebook Business page? If yes, then you will notice a drop in the number of "likes" on your Facebook Page by next week, which could be quite disappointing but, Facebook believes, will help business to know their actual followers. FACEBOOK'S OFFICIAL MASS AUTO-UNLIKE The social network giant is giving its Pages a little spring cleaning, purging them of memorialized and voluntarily deactivated inactive Facebook accounts in an attempt to make its users data more meaningful for businesses and brands. Facebook purge will begin from March 12, Facebook said, and should continue over the next few weeks. FACEBOOK TO DETECT FAKE FOLLOWERS Facebook is also taking steps to improve how it detects fake profiles. We all know that a number of Businesses and Brands buy fake Facebook Likes and Twitter followers in order to show their brand popularity. Social Media giants, Facebook, Twitter and Google, have emerged as major players in recent general elections in India, where political parties spend millions of dollar to buy number of Followers and advertize their promo campaigns to impact Election results. BENEFITS OF REMOVING INACTIVE USERS FROM LIKES According to Facebook, there are two main reasons to remove inactive Facebook accounts from Page audience: Accurate Likes Keeping Actual followers on the Top With more accurate "like" counts, businesses and brands could better understand how much followers are actually interested in their contents and products. Facebook wants to give businesses “up-to-date insights” on their pages’ active followers. The move will give businesses more precise information about those Facebook users who are actively following their Facebook Page and make better use of Facebook’s Custom Audiences tool, which lets businesses create followers — aka lookalike audiences — by finding people on Facebook who are similar to those who already follow the company’s page. The company also wants to make business results consistent with individual users’ experiences. Facebook already filters out "likes and comments generated by deactivated or memorialized accounts from individual Page posts." While, the decrease in number of followers may disappoint you at the very first time, but at the same time it will help you gain a more accurate way to track your customers and grow your followers with authentic number of likes, which will be more beneficial to your business. Source