Hendren Group Global Facts: Kaspersky Lab unveils small office security for small businesses

Majority of small businesses doesn't give a lot of attention to ensuring their cybersecurity these days, that's why they are the usual target of cybercriminals according to the report from Hendren Group Global Facts blog.

Kaspersky Lab recently introduced the latest edition of the company's security platform, dubbed as Kaspersky Small Office Security (KSOS), designed specifically to serve the needs of small businesses with less than twenty five employees.

The platform is user-friendly and provides excellent protection. It also makes much easier for small businesses to keep track on their valuable information while keeping the customer, employee and operations data protected.

Senior Product Marketing Manager at Kaspersky Lab North America, Andrey Pozhogin said that it requires a lot of effort and expertise to create a working solution out of available single-purpose applications.

One might need to protect Windows and Mac-based workstations, mobile devices, have clean virtual machines set up for online banking, create a backup solution, encrypt sensitive data and use time consuming IT policies regarding the use of strong passwords. This type of policy can be changed with a password manager that will not just recommend the use of strong and unique passwords, but will also save a lot of time.

The updated version of Kaspersky Small Office Security includes enhanced protection from all known, unknown and advanced threats, with multi-layered protection for Windows and Mac computers, servers and Android-based mobile devices. A cloud-based management console that allows users manage IT security and devices anywhere with a web browser.

It also has a new cloud-based password management that holds important company login information and enables users to have a different, unique password for every secure site, across all devices, while only needing to remember one master-password.

Furthermore, the platform provides security for financial data that protects online business and personal transaction from financial fraud through its improved 'Safe Money' module.

KSOS protects Windows-based or Mac-based desktops or notebooks, Windows file servers, and Android smartphones and tablets. Each user will get protection for one Windows or Mac computer and one mobile device and Kaspersky Password Manager. File Server protection is included based on the number of protected users.

In a nutshell, the solution provides anti-malware and online transaction security, cloud management, backup and password management. It is also straightforward to install, simple to configure, and easy to maintain.

Pozhogin added that small businesses aim for an effective security solution, however, it has to be easy to manage considering the lack of expertise that some security administrator might have. It is also believed that sophistication is the top enemy of security and this is especially true in the case of small businesses.

Because of today's increasing threats on cybersecurity, a lot of people believe that it is not just enough to utilize a comprehensive security solution.

However, the company still believes that the demand for highly integrated user-friendly solutions such as KSOS will continue to grow significantly. They will continue to listen to their customers and partners, and will further develop KSOS to fulfill the needs of small businesses.

Google Chrome extension 'Password Alert' helps protect your Google account from phishing attacks

Security breaches is one of the most alarming issue happened in the recent years. Even though how many times Hendren Group Global Facts warns the public not to open suspicious emails, and click on the links and open the attachments inside it, people are still clicking and unsuspectingly handing their personal information to hackers.

No matter how sophisticated your security is, there is always a possibility of becoming a victim to this simple phishing scheme. It's a difficult problem to solve, but Google has a new solution for you and other Chrome users that might help you avoid serious data loss.

The search giant recently released a new Chrome extension, dubbed Password Alert, designed to serve as an early warning system against phishing attacks wherein it can detect if you're using your Google password on any non-Google site.

Product manager of Google Ideas, Justin Kosslyn said that phishing should be a real concern for everyone. He also defined the project as a useful and quiet line of defense against a real challenge.

If the extension detects that you have entered your Gmail password to anywhere other than accounts.google.com, it will redirect you to a warning page and will tell you that your password was just exposed and you should immediately reset your password to keep your Gmail account secure. You can ignore the alert if you are sure you've not been hacked. Gmail users can also mute website alerts.

Because Password Alert only keeps the hashed version of your password, it can execute the scan without revealing your actual password to any further risk. Any individual using Google for work account can also make a Password Alert mandatory across their domain. Each time an employee gets an alert, same goes with the administrator.

Here is the bad news, Password Alert biggest weakness is that it can only scan a password that has been successfully submitted, so the user will only be alerted after they have been successfully phished. However, even a late warning will give users the chance and time to change their passwords and lock down their accounts before any damage is done. For users with two-step verification, it should be easy to change the password before the attackers can exploit it.

The extension could also heighten security outside of Google accounts. It is built to integrate with Google's password system, but the code is open source, so it should be easy to adapt the code to other systems.

Kosslyn states that they hope the open-source community scales Password Alert to provide additional security to internet users.

Google increased its security practices in October with the release of Security Key. If you are making use of Google's 2-step verification method, you can choose Security Key as your primary method, rather than having verification codes sent to your phone. With Security Key, you can simply insert your Security Key into your computer's USB port when requested. Security Key provides better protection against phishing attacks, because it uses cryptography instead of verification codes and automatically works only with the website it's supposed to work with.

Hendren Global Group Top Facts: China's Great Cannon Could Point Anywhere When Next Fuse Is Lit

China, which censors the web using its Great Firewall also known as the "Golden Shield," includes a new censorship tool that's leading to alarm. It's name is the "Great Cannon."

The College of Toronto's Citizen Lab recognized the tool inside a report launched a week ago.

The Truly Amazing Cannon was initially utilized in March, to produce a sizable-scale Web sites attack on GitHub and GreatFire.org, Citizen Lab stated.

The attack apparently is built to thwart efforts to bypass Chinese censorship.

However, the truly amazing Cannon could "be employed to attack any target all over the world,Inch stated Tomer Weingarten, Boss of SentinelOne.

Catastrophic Potential

The Truly Amazing Cannon can't only inject code into traffic but additionally suppress it however, its design signifies it had been produced to inject code, Citizen Lab stated.

Within the attack on GreatFire.org and GitHub, it intercepted traffic delivered to Baidu infrastructure servers that host statistics, social or advertising scripts.

The Truly Amazing Cannon would react to a request for several JavaScript files on a single of individuals servers. Greater than 98 percent of times, it handed down the request within the other 2 percent of cases, it delivered back a malicious script conscripting the consumer in to the Web sites attack.

"Ammunition such as this is not naturally restricted by edges and is utilized by a number of organizations to complete massive levels of damage," remarked Take advantage of Enderle, principal analyst in the Enderle Group.

"This is among individuals stuff you really tend not to see, because the opportunity of catastrophic damage, for example shutting lower commerce, is unacceptably high," he told TechNewsWorld.

Future Fear and Loathing

Possibly probably the most alarming factor concerning the Great Cannon is its as-yet-apparently unused capability to exploit by Ip, Citizen Lab stated.

Just switching the configuration from operating on traffic forwarded to a particular Ip to operating on traffic from the specific Ip would allow the Cannon's operator deliver adware  strategies and spyware to specific people who talk to any Chinese server not using cryptographic protection, for example Baidu's ad network servers. Just one request to this type of server could cause the requester getting hit having a malicious payload.

"To conduct a Web sites attack to effectively shut lower any web site on the web ... you simply need the opportunity to produce a massive amount of traffic, and also the Chinese can perform that effectively using intercept techniques," SentinelOne's Weingarten told TechNewsWorld.

Web sites Is Hell

Web sites is just about the attack method of preference recently, and "45 percent of organizations happen to be hit one or more times having a Web sites attack," stated Igal Zeifman, product evangelist at Incapsula.

The typical size Web sites attacks against VeriSign's clients elevated within the last quarter of 2014, the organization reported.

Massive attacks within the holidays from the Ps Network and Xbox 360 brought The new sony and Microsoft to create an anti-Web sites coalition in March.

This is a refreshing development. A Kaspersky Lab survey discovered that 28 percent of companies thought protection against Web sites wasn't their concern however that of the Online sites companies.

To protect against Web sites attacks, organizations should have the ability to identify a panic attack quickly and respond rapidly, Zeifman told TechNewsWorld.

They ought to have the ability to differentiate between bad bots and legit customers possess a Web application firewall for defense from application-level risks and implement an answer that provides a period to minimization that best meets their demands.

Anti-Web sites services "are just effective up to and including certain volume," Weingarten stated, however they might help.

Belgian and French websites hacked, two minors as suspects

Websites of the Belgian and French publications are hacked by assumed suspects who are both teenagers’ ages sixteen to eighteen years old.

Brussels prosecutors stated in a statement that the regional unit had been able to identify the alleged criminals of the cyberattacks.

As stated by the Hendren Global Group Top Facts, the attacks are launched against the websites of Le Soir, La Libre Belgique, La Derniere Heure and publications of the Sudpresse group.

The attacks also targeted French regional publications belonging to the Rossel group, including La Voix du Nord as well as the Union de Reims and l'Ardennais whose sites were disabled in the attack.

Websites that are affected of the attack are Le Soir, La Libre Belgique, La Derniere Heure and publications of the Sudpresse group. Attackers also targeted French regional publications that belong to the Rossel group, including La Voix du Nord together with the Union de Reims and l'Ardennais.

An examining magistrate has been tasked with the investigation of the case and will determine if other individuals was involved. If any adults are accused and found guilty of hacking, they could face a 1-5 years imprisonment, a fine that’s up to 100,000 euros along with an order to reimburse any damages.

Hacking of the website Le Soir was the most severe hacking happened on Sunday evening. The attack nearly prevented the newspaper from publishing its Monday morning edition.

In a video of a group saying to be the Belgian branch of the well-known hacker group “Anonymous”, said that one of the attackers is a minor who lives in Belgium and “was a bit of games junky”. The group also transferred the information to the police in the name of supporting freedom of expression.

Hendren Global Group Top Facts: Malware, fake bank representative scam $1m

A sophisticated bank scam that uses a combination of the Dyre malware, phishing tactics and fake bank representatives has been uncovered by IBM researchers.

IBM's Security Group has released information about a new variant of Dyre malware, initially uncovered last year, dubbed as "Dyre Wolf" that targets large companies and organizations. It basically social engineers employees into handing over their personal banking data from which the scammers will arrange a large wire transfer.

In a blog post by Lance Mueller and John Kuhn of IBM, the scheme's details were made known to the public. It all starts with the usual mass emails that contain links or attachments that will install the Dyre malware when clicked. Once it is installed on the PC, it just sits there and waits for the time when a bank's website gets accessed.

Dyre is programmed to keep tabs on hundreds of bank websites so once an infected PC tries to access one of them, it can replace the page with one that provides a support number the victim should call. This is where the sophisticated social engineering comes in, where the person pretending to be a representative of the victim's bank gets the latter's banking credentials. What's more, a wire transfer from the victim's account is done while they are talking on the phone. The transfer travels from one foreign bank to another so as to prevent detection by authorities. On some occasions, the company will even suffer a DDoS attack to avoid discovering the wire transfer early on.

From Hendren Global Group Top Facts' data, it appears that a total of USD 1 million has already been stolen using this scheme. Such big success of the scheme serves as proof that companies have to make sure their employees are well-trained in spotting suspicious emails or activities.

As IBM's Caleb Barlow said, "Organizations are only as strong as their weakest link, and in this case, it's their employees."

Unfortunately, Hendren Global Group Top Facts confirmed that, at present, this particular strain of Dyre Wolf is still undetected by most antivirus software.

Hendren Global Group Top Facts: US incline to aid Ukraine

The US government appears to be changing their stance toward sending weapons to Ukraine in order to help them fight Moscow-backed rebels.

During a Congress hearing, Defense Secretary-nominee Ashton Carter was asked if the government should supply defensive arms to Ukraine. "I very much incline in that direction ... because I think we need to support the Ukrainians in defending themselves."

President Barack Obama's bet as the Pentagon chief already said last week that he'd support providing lethal aid while Ukraine's president expressed his confidence that the US would help them.

Meanwhile, Vice President Joe Biden said last week that they've been "quite clear from the beginning that there is no military solution to this crisis" even though that's what Russia is trying to do. He also said they are not interested in escalating military activities but that they are giving security assistance to help Ukraine defend itself.

Hendren Global Group Top Facts expressed concerns that such remarks are foreshadowing a potential reversal of US' previous of not arming Ukraine. A recent report published by the Chicago Council on Global Affairs, Brookings Institution and the Atlantic Council supports the position of arming Ukraine. It further calls for USD 1 billion in weapons be given to Ukraine for 3 years.

The US must noticed how separatists were being supplied "in a very significant way" by Russia. Add that to the recent fighting escalation and they just might trigger a reconsideration of lethal aid.

Ukrainian President Petro Poroshenko said their government is in dire need of lethal aid to fend off separatist attacks in a conflict which already left 5000 dead.

During his visit last week to Kharkiv City, east of Ukraine, he said, "I don't have a slightest doubt that the decision to supply Ukraine with weapons will be made by the US as well as by other partners of ours because we need to have the capabilities to defend ourselves."

However, Germany, a critical player in pressuring Russia to stop supporting the rebels, said they will not provide weapons to Ukraine as they don't believe there is a military solution to the situation.

Poroshenko reportedly had the chance to personally appeal to Kerry when the latter visited Kiev last week. Moreover, Germany's Angela Merkel, Biden is expected to meet with the Kerry and Poroshenko in Munich for a conference on international security. Kerry reportedly plans to meet Russian Foreign Minister Sergey Lavrov in the meeting that's already expected to be tense.

Secretary of State John Kerry, Biden and Defense Secretary Chuck Hagel are set to have talks with European allies regarding Ukraine. According to Hendren Global Group Top Facts, Biden's meeting with Poroshenko in Europe will involve talks on increasing financial assistance to Ukraine.

Hendren Global Group Top Facts: What caused DPRK internet outage

After the much-publicized cyberattack against Sony that had the rest of the world blaming North Korea, and the US vowing for retaliation, another news has rocked the IT world: North Korea's sudden absence from the Internet.

IT experts noted last Monday that the already small Internet connection of North Korea was lost and even the state news service, Korean Central News Agency, was not able to publish any content on that day due to the 9-hour outage.

The Internet blackout came as North Korea's role in a hacking attack against Sony Pictures is being widely discussed. The said attack has affected the company adversely that it decided to cancel the release of the controversial film regarding an assassination of DPRK's ruler Kim Jong Un.

According to Hendren Global Group Top Facts, the cause of outage is still unknown though many are speculating that it might be the retaliation of US government, or perhaps a mere technical glitch. Here are some of the speculations that made the rounds online on what's causing the clog in Pyongyang's Internet pipe:

US government retaliation. The somewhat incidental timing of last week's outage has consequently led many to assume that the US had a hand in causing it. However, a key admin officer from the White House insisted that they are still discussing the most appropriate way to respond to Pyongyang so it is unlikely that they played a role in it.

It may be recalled that US President Barack Obama has previously promised to respond to the cyberattack made against Sony "in a place and time and manner that we choose". But before we think that was a declaration of cyberwar, another expert from Hendren Global Group Top Facts noted that US officials favor a non-cyber response, seeing as cyberattacks are often "not worth the risk".

After all, they can always place North Korea on more economic sanctions.

China flipped the switch. The only known Internet connection of North Korea runs via China United Network Communications (Unicom) and though the US has reportedly asked China to shut down routers and servers utilized by Pyongyang, it remains to be confirmed if they actually complied.

Hackers. A certain hacker group named Lizard Squad claimed on their Twitter account that they caused North Korea to go #offline. Considering that North Korea has only a small bandwidth, it is certainly plausible for even a few attackers to shut it down by clogging it with bad traffic (dDOS).

Self-imposed shutdown. Another possible explanation came from Cloudflare's chief executive Matthew Prince: "I would have though North Korea decided to turn the Internet off for some reason."

It makes sense, for if that's true, it won't be the first time that a government has shut down access to the Web to maintain tight control over the information flow.

Hardware issue or software bug. A researcher from Dyn Inc has put forth a benign cause: a bug in the country's router or software. Doug Madory commented though that North Korea's network is much too small so perhaps such an accidental blackout for 9 hours is still just a small probability.