Connect with us

News

CYBERTHREATS INCREASING BUT SHIFTING, WITH RANSOMWARE ATTACKS DOWN 17 PERCENT

Published

on

Schaumburg, IL, USA (5 June 2018) —2017 was widely billed as the year of ransomware, but cyberthreats have moved in a new direction this year, according to ISACA’s State of Cybersecurity 2018 research.

Results show that 50 percent of the 2,366 security leaders surveyed have seen an increase in cyberattack volumes relative to last year. In addition, 80 percent of respondents said they are likely or very likely to be attacked this year—a statistic that remains unchanged from last year’s study.

But despite an increase in cyberattacks generally, ransomware attacks are significantly declining. Last year, 62 percent of respondents experienced a ransomware attack, compared to 45 percent this year—a 17-point drop. This is likely because organizations are significantly better prepared after last year’s WannaCry and NotPetya attacks. Eighty-two percent of respondents said that their enterprises now have ransomware strategies in place and 78 percent said they have a formal process—up 25-points from last year.

While these findings are positive, the data show that ransomware attacks may have been displaced by cryptocurrency mining, which is becoming more frequent. Cryptocurrency mining malware can operate without direct access to the file system, making them harder to detect—and as the prices of cryptocurrencies increase, the economics of cryptocurrency mining malware becomes better for the attacker.

Additionally, the three most common attack vectors remain unchanged from last year: phishing, malware and social engineering.

Active Defense Strategies Are Highly Effective, But Underutilized 
ISACA’s research also found that nearly 4 out of 10 respondents (39 percent) are not at all familiar or only slightly familiar with active defense strategies (e.g., honeypots and sinkholes). Of those who are familiar with active defense strategies, just over half are actually using them.

“This is a missed opportunity for security leaders and their organizations,” said Frank Downs, director of cybersecurity at ISACA. “ISACA’s research indicates that active defense strategies are one of the most effective countermeasures to cyberattacks. A full 87 percent of those who use them indicate that they were successful.”

Recommendations
The ISACA report suggests enterprises must be better prepared with focused attention on several areas, including:

  • Investing in talent—With attacks still on the rise, enterprises must continue to invest in finding, retaining and training skilled cyber security professionals.
  • Exploring further automation benefits—Enterprises should consider automation-driven strategies and tools for detection and to support recovery and response efforts.
  • Ensuring appropriate investment in security controls—With attack vectors (phishing, malware and social engineering) minimally changing, existing control types are still valid and useful. Enterprise investment and attention to security controls should increase in line with the frequency of these attack vectors.

Parts 1 and 2 of ISACA’s State of Cybersecurity Study can be downloaded free of charge at www.cybersecurity.isaca.org/state-of-cybersecurity.

 

 

 

 

Source: ISACA

Continue Reading
Click to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

News

HTTP SECURITY CONSIDERATIONS – AN INTRODUCTION TO HTTP BASICS

Published

on

HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.

HTTP Security Considerations - An Introduction To HTTP Basics

HTTP is the protocol that powers the web and to penetrate via a web service it pays to have a good solid foundational understanding of HTTP, how it works and the common response codes – many of which can lead to some kind of vulnerability which is exploitable.

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, and hypermedia information systems.[1] HTTP is the foundation of data communication for the World Wide Web.

Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. HTTP is the protocol to exchange or transfer hypertext.

Development of HTTP was initiated by Tim Berners-Lee at CERN in 1989. Standards development of HTTP was coordinated by the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C), culminating in the publication of a series of Requests for Comments (RFCs). The first definition of HTTP/1.1, the version of HTTP in common use, occurred in RFC 2068 in 1997, although this was made obsolete by RFC 2616 in 1999 and then again by the RFC 7230 family of RFCs in 2014.

Source: Wikipedia

From a security perspective it’s important to understand:

– Requests
– Request methods
– Responses
– Response status codes

All of which are covered in the Security-focused HTTP article by Acunetix.

You can find the article with the full details here:

HTTP Security: A Security-focused Introduction to HTTP, Part 1

Continue Reading

News

WHEN WILL YOU FINALLY MAKE A PROPER KINDLE, AMAZON?

Published

on

This Sunday we do something a little different. E-book readers don’t exactly fall in line with our traditional topic list, but they still have a place in our personal field of interest and expertise. Oddly enough, there seems to be a vacuum of in-depth reviews, particularly comparative ones. So, I thought I’d share my personal experiences, as a historical run-down and comparison between different generations of Kindle devices.

I’ve been a Kindle user for six years. My career requires long hours of reading, and that’s also a favorite past time. Heck, even my job here as a moderator at GSMArena requires going though thousands of comments.

I have a little over a thousand books in my library and my average day for the last three years includes 8-9 hours of reading, a lot of it done on а Kindle since it doesn’t strain my eyes. Yet all this experience has shown me is that Amazon just can’t or won’t make an e-reader device for avid readers. Read the rest of this review/rant to find out why.

My first (and possibly best) Kindle was the Kindle 5 (2012), which, upon release retailed at £69.

Kindle 5 (2012) key specs

  • 6” E Ink display, 167 ppi
  • 600 x 800-pixel resolution
  • 2 GB internal storage
  • 1,800 mAh Li-ion battery
  • microUSB 2.0

The Kindle 5 is the e-reader I’ve used for the longest time. Experiencing E Ink displays for the first time, I was thrilled to discover that it felt just like a regular book, with some significant upsides, such as less weight, changeable font sizes, and so on. Compared to a computer, tablet or smartphone screen, the lack of eye strain completely got me in the e-reader cult.

I was pretty happy with it, although over time the buttons started showing signs of wear and tear and got a little “clicky.” Overall, the build quality and reading experience were superb. The battery life was remarkable, even after four years of daily use. It has consistently lasted around 3-4 weeks on a single charge. I got used to this splendid performance and took it for granted. The only thing missing back then was a touchscreen, so typing, highlighting and taking notes would be an excruciating process on a device not meant for typing.

After that, I got the Kindle Paperwhite (3rd Generation) (2015), which cost £109.99 in 2015 and was slightly cheaper, when I got it a year later.

Kindle Paperwhite (3rd Generation) (2015) key specs

  • 6” E Ink display, 300 ppi, touchscreen
  • 1400 x 1080-pixel resolution
  • 4 GB internal storage
  • 1,420 mAh Li-Po battery*
  • microUSB 2.0

* Since Amazon doesn’t officially release detailed technical specifications of their Kindle devices I cannot be entirely sure whether they’ve downgraded the battery capacity.

The illuminated screen felt great, even though the build quality wasn’t quite as good. The touchscreen, while painfully insensitive and sluggish due to the slow display refresh rate, was a God-sent for typing and highlighting, but a tad uncomfortable for changing pages (the primary action you perform on a Kindle). Yet, the most significant downgrade was battery life. Even with brightness set to 0, the Paperwhite lasted a week or less of intensive reading, on a charge.

Amazon advertises battery life at six weeks if used for 30 minutes per day, with Wi-Fi off and brightness set to 10. I honestly didn’t feel any noteworthy difference in battery life after changing brightness settings, although I’ve never used it at levels higher than 15 (it goes up to 24).

I started to miss the days I had physical buttons at my disposal and when not every accidental brush against the screen changed the page, and I spent the longest time contemplating whether I should opt for the more expensive Voyager (Amazon discontinued it before I had made up my mind) and later, the Oasis, just for the physical buttons.

In the end, my worsening eyesight was the decisive factor, especially after Amazon unveiled the 7” Kindle Oasis in 2017. All other Kindles are 6” and while compact and easy to carry around, are a bit of a drag to read on continuously, especially if you’re using a larger font size.

I got the Kindle Oasis (9th Generation) (2017) just recently. We do have a full review of the Oasis 2, which you can check here.

Kindle Oasis (9th Generation) (2017) key specs

  • 7” E Ink display, 300 ppi
  • Touchscreen and physical buttons
  • 1680 x 1264-pixel resolution
  • 8 / 32 GB internal storage
  • Audible support, Bluetooth 4.2
  • IPX8 water resistance
  • microUSB 2.0

I bought the Wi-Fi only 32 GB version which costs around £259 because Amazon only offers 8 and 32 GB versions. 8 GB is too small for me, and while 32 GB was way more than I needed I had no other viable option. I wish they made an in-betweener, a 16 GB version, which should be enough to store all my comic books without overpaying for storage.

I paid less than full retail, only because there was a warehouse deal on Amazon. Even so some of my expectations were dashed while unboxing when I discovered there isn’t a power adapter included in the box, even for their most premium device and I refuse to pay the extra £17 on principle.

The Oasis itself feels fantastic, especially after you get over the strange design, complete with a handlebar on the back. The screen is smooth, and seems to have a better refresh rate (I can’t be sure since Amazon doesn’t release comprehensive specs) so it makes for an efficient browsing and typing experience. The build quality is excellent and the return of physical buttons is a superb treat, for me.

The software isn’t all that different from the Paperwhite. The useless Home screen, thankfully easy to turn off, is still there, the same shameless shoving of Goodreads down your throat is also still present.

Fortunately, the good stuff is there as well, such as simple highlighting; searching within the library; pressing down on a word for a definition; easy access to the store, and a filter-rich, simple way to browse through books.

There are also some great new additions, such as auto-rotation, adaptive brightness, and a nightlight mode, for those of us with more sensitive eyes. It would have been even better if the nightlight didn’t just reduce brightness gradually, but also had a blue light filter.

I love that you can turn off the touchscreen while reading and use only the physical buttons to avoid accidental turning of pages. Overall, most changes in the software are upgrades and facilitate the user experience.

Unfortunately, migrating from one Kindle device to the next is a pitiful experience. Moving hundreds of books and personal documents, which were diligently organized in collections from the Kindle 5 to the Paperwhite was a real nightmare. In theory, everything (well, almost) is on the cloud, and it should be easy, right? It wasn’t. The reason for that is that, apparently, collections on older versions of the Kindle software weren’t being backed up on the cloud. I ended up spending days reorganizing my library and making sure everything is just right.

This time around, when moving my library to the Oasis, my collections were on the Amazon Cloud, so I naively thought the process would be painless. However, Amazon still saves wirelessly sent files only, which means all personal documents I have transferred from my computer via USB aren’t in the cloud.

So, I had to send data to the device all over again, manually. Sure, this issue might be limited only to my use case because I transfer via cable alongside more modern methods such as emailing my docs or one-click buying.

The next annoyance, even in the 21st century, is downloading all your books on your device. I don’t know about you, but I’m uncomfortable having only the literature I currently use on the device since there might be a time I need something from my library, while lacking Wi-Fi access. Not a problem, if you spring for a network-enabled Kindle, with Whispernet. But that comes with quite a hefty price hike, over the already expensive Oasis.

On the Oasis, I could download my collections, but there isn’t an option to automatically do the same for the books inside, so once again I spent hours clicking “save to device.” Only after removing duplicates by hand and ensuring everything is where it’s supposed to be, could I start enjoying the Oasis. For comparison, my last smartphone migration from a Samsung Galaxy S7 to a Google Pixel 2 took about 10-15 minutes, during which I barely had to do anything.

All this said, I’ve been happy with Kindles more often than not. They’ve endured overly extensive usage astonishingly well. However, I wish Amazon would consider doing a no-compromise device rather than just releasing a multitude of models, which exclusively target the casual consumer, who reads 30 minutes per day.

A larger screen would be a blessing for more specific types of books, e.g., technical literature, rich in tables and graphs. A stylus or some other tool would make it much more useful to people, who take extensive notes. Another useful feature would be a more natural way to organize notes and annotations (at the moment I use an outside service – Clippings.io – which is a life-saver).

Onyx BOOX is an excellent example of a company that has a vast selection of models, for every type of user. However, I am not ready to jump ship, just yet. The tedious process of migration is one of the reasons I’m afraid to buy an alternative e-reader. I shudder at the thought what transferring gigabytes worth of books to a non-Amazon device would be like, seeing it takes so much time and effort from one Kindle to the next.

One more reason I’m dreading purchasing another brand of e-reader is losing access to the vast e-book library Amazon has to offer. In 2017 Amazon sold 82% of all e-books worldwide. Now that’s an oligopoly if I’ve ever seen one.

Interestingly enough, the price tag is also a factor. Which is noteworthy, since Kindles are not really affordable to begin with. The bigger 9+” Onyx BOOX models cost around £400-500, which is more than twice the price of the most expensive Kindle. Simply put, Amazon needs to realize it’s not alone in the market anymore and offer more variety to its customers. Or, is the small e-book niche not worth more attention, even in 2018?

Clearly, Amazon is not alone, there’s the Onyx BOOX line I mentioned earlier, there’s Kobo and NOOK, even Sony’s been exploring E Ink devices with Digital Paper.

So there is some market segmentation, but it seems Amazon just refuses to respond and sells pretty much the same e-readers it did in 2011 year after year.

Are e-readers for everybody? Honestly, I think the average reader would do just fine using the Kindle app (or an alternative) on their tablet, especially if said tablet has a good screen. Users are smart enough to be aware of this since the Kindle App for Android is the most popular reading app in Japan, second in the U.K. and Canada and third in Germany and the U.S. In 2016, dedicated e-readers held the smallest share (8%) of devices people read on, while tablets and smartphones accounted for 28%, among readers in the U.S.

So it’s clear that the average buyer doesn’t need a separate, not-so-cheap device for reading. Which makes it even more frustrating that Amazon doesn’t cater to the small pool of potential customers, who are willing to pay a premium price for a more useful and flexible e-book reader.

Continue Reading

News

WHATSAPP WARNING: SHOCK FLAW COULD CAUSE BIG CHAT APP FIGHTS BETWEEN YOU AND YOUR FRIENDS

Published

on

WHATSAPP users are being put on alert after a shock flaw was discovered which could spark huge arguments between you and your friends.

 fans are being warned after security experts revealed a flaw that could spark big bust-ups between you and your friends on the chat app.

Stats revealed earlier this year showed WhatsApp has over 1.5billion users, with over one billion chat app groups and 65bn messages sent daily around the world.

With such a vast number of communications being sent each and every day it’s unsurprising that scammers try to slip in fake messages to fool users.

Just recently Express.co.uk warned about a fake vouchers scam allegedly for Costa Coffee that tries to trick victims into handing over personal details.

WhatsApp

WhatsApp users have been alerted that the issue affects private and group chats (Image: GETTY • PIC POSED BY MODEL)

Check Point explained: “In this attack, it is possible to spoof a reply message to impersonate another group member and even a non-existing group member.”

They added: “To impersonate someone from the group, all the attacker need do is catch the encrypted traffic.

“Once the traffic is captured, he can simply send it to an extension which will then decrypt the traffic.”

Check Point went on to explain how this could work in practice.

WhatsApp

WhatsApp has over 1.5billion users around the world (Image: GETTY)

They said: “For example, we can change the conversation to something else.

“The message with the content ‘Great!’ sent by a member of a group, for instance, could be changed to something else like: ‘I’m going to die, in a hospital right now’ and the participant parameter could also be changed to someone else from the group.”

They added: “In order to make everyone see the new spoofed message the attacker needs to reply to the message he spoofed, quoting and changing that message (‘Great’) in order for it be sent to everyone in the group.”

Check Point also outlined one potential attack where only one victim in a three member group chat (which included an attacker) was receiving faked messages.

WhatsApp

WhatsApp users sent 65billion messages each and every day (Image: GETTY)

But the other person in the chat wasn’t, causing confusion amongst the victims being targeted.

Check Point said this gives “attackers immense power to create and spread misinformation from what appear to be trusted sources”.

Speaking to Express.co.uk, a WhatsApp spokesperson said that the Facebook-owned chat app bans accounts that attempt to make WhatsApp modifications.

WhatsApp

The WhatsApp flaw has the potential to cause arguments among friends (Image: GETTY • PIC POSED BY MODEL)

They said: “We carefully reviewed this issue and it’s the equivalent of altering an email to make it look like something a person never wrote.

“This claim has nothing to do with the security of end-to-end encryption, which ensures only the sender and recipient can read messages sent on WhatsApp.

“We take the challenge of misinformation seriously and recently placed a limit on forwarding content, added a label to forwarded messages, and made a series of changes to group chats.

“We ban accounts that attempt to modify WhatsApp to engage in spammy behaviour and we are working with civil society in several countries to educate people about fake news and hoaxes.”

Continue Reading

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 671 other subscribers

Advertisement

Trending

%d bloggers like this: