Ransomware FAQs; What's Going on Here?

Ransomware is getting big notice in the press. Frankly, it makes a pretty readable story; organization gets hit by a virus, data is locked up and they pay a ransom to get their data back. Like the plot of a movie, perhaps. Except this is real, happens to people just like you and it's unlikely to stop anytime soon.

To control something like this, it's important to fully understand the issue first. Here are a few FAQs on Ransomware to get started on that understanding.

Read More

Top Suites & Tools for Internal Pen-testing

Beng breached is one of the scariest things that could happen to a security professional. The best strategies to prepare for a situation like this is to actually hack yourself. Whether you hire an external firm to perform a penetration test on your systems or you perform it yourself. It is a best security practice to know completely where you are vulnerable and how to fix it. Below is a short list of the best tools and suites for testing vulnerabilities.

  • Burp Suite
    • Burp Suite is one of the very best web vulnerability scanners on the market. One of the tools included called Intruder, lets the users initiate full pay load attacks on web sites of their choice. If you had one choice of a well-rounded tool to get and learn, this would be the one.
  • Acunetix
    • For those who do not have the time or resources to work with Burp suite, Acunetix is your next best option. This is a great web vulnerability scanner that automatically scans for SQL injections, Cross-site scripting and other high end vulnerabilities that may leave your websites open to attack or data loss. This tool has many options and is very simple to learn. With the ability to create professional reports to your liking, Acunetix is an industry leader in vulnerability scanning.
Read More

10 Security Blogs You Should be Reading

As a security professional, it is your duty to stay constant and up to date with the current news in the industry. Each one of the following blogs/sites offer their own twist with their writers and material. Making a constant effort to visit these sites on a daily or weekly bases will broaden your awareness into the security world.

Read More

5 Ways to Keep your Domain Name Safe from Being Hacked

The proliferation in the number of people using the internet had led to a significant number of new websites and blogs popping up every day. The huge platform for sharing views and personal opinion about anything or host content that one deems suitable to share, casual users today have understood how good a business owning a website or even a personal blog can be.

However, although many people easily set up their own website or blog, there are hardly any who are knowledgeable enough in protecting their domains from hackers once they become the legal registrants of domains. Today, we discuss this issue to help owners of personal blogs and small websites.

Read More

Removing the CryptoWall 3.0 Virus: How to Decrypt CryptoWall 3.0 Encrypted Files

CryptoWall 3.0 ransomware has taken the world by storm. The ransomware is capable of encrypting all your personal files if your device is infected. It uses the AES-CBC 256-bit encryption algorithm, which is the RSA 2048 key, to encrypt data on the victim’s computer. The malware then threatens the victim about destroying the data if their ransom of $500 is not paid within the timeframe requested (96 hours). If the ransom is not paid within 7 days then the amount grows up to $1000. Thus, the victim needs to be extra careful with the given timeframe and make the payment in Bitcoins.

But, worry not. If you ever get infected with this cryptographic ransomware, this article will teach you to remove it without breaking a sweat. Keep reading.

Read More

How to Write a Sane BYOD Policy

Depending on what type of industry you are involved in, a BYOD (bring your own Device) policy may or may not be an option. It can be very beneficial to companies that are growing rapidly or want to strive for employee satisfaction. There are also a lot of downfalls that could occur as well. You need to be well prepared with this policy so that you can cover all aspects that could arise from a security perspective.

First step you will want to specify what types of devices are allowed. One problem with this that may occur is employees not liking placing a pin or password setting not only on their device but also having to enter a second method of authentication as well. You may get a little push back on this but this is one of the most important parts of this policy. There is simply too much information available and it would be too easy with mobile phones to have an unnecessary leak or breach of data without a form of secondary authentication.

Read More

Are Apple Devices Still Less Vulnerable?

Mobile users have come to realize in recent years just how insecure their devices are. Although smartphones today house many apps that get a lot more done than was previously the case, the security aspect has been greatly neglected.

Although smartphones run the same web scripts as normal computers and laptops do, the fact that they are not tailored for smartphones, as well as the meagre security features available in most smartphones, make it even simpler for the vulnerabilities in those web scripts to be exploited on such devices. Even other operating systems have been targeted continuously by hackers. However, over the years, Apple devices have been the cause of envy in users and developers of other platforms.

This is mainly because Apple has always branded its devices as immune, or quite close to the word, to malware and other such agents. This claim was much backed up by their superior statistics in the beginning, but of late, even Apple devices are ending up as victims of cyber-crimes. We take a look at how things stand at present.

Read More

3 Easy Techniques to Protect Your Data

Some of the best firms use very simple techniques to protect their companies’ information. These techniques can be very efficient with not only securing company data but also your employee's personal information as well. These may take some time and resources to set up initially, but you will thank yourself down the road.

First you want to implement some sort of yearly or bi-yearly security training program. Something interactive that will keep them involved and teach them the basics of security in the office. Using game-ology or animation in this training will insure that the information sticks with the employees. Not only will you remain compliant with a yearly security training program but you can insure awareness around the main cause of information leaks and breaches; humans.

Read More

New Cyber Security Ideas for 2016

In the last 5 years, almost all businesses, big or small, have realized just how vulnerable they are to cyber-attacks. The astonishingly increasing number of attacks each year trouble corporate heads so much that they spend hours on end discussing their company’s cyber security system. The IT professionals and Chief Information Security Officers (CISOs) are even more troubled, for they keep seeing their efforts foiled by hackers.

The number of big corporations targeted in 2015 only goes to show that no one is completely safe. Wherever you look, there is an Ashley Madison data breach case or a Home Depot or JP Morgan Chase case story from the past year that will make you realize just how precarious security structures are. To help corporations beef up their security better in 2016, we discuss some new ideas.

Read More

New Malware Found on Macs; "KeRanger" is Dangerous Ransomware

Macs are often considered "safe" from a Malware and Ransomware perspective. While it is true that the amount of Malware and Ransomware on Windows is significantly higher than that on Mac and Linux systems, Mac and Linux systems are far from safe. For iSheriff customers, this is why iSheriff Cloud for Endpoint includes versions for Mac and Linux. As if to shine a bright light on this fact Ransomware has crossed from being a threat predominately to Windows systems to encrypting and grifting from those that own Mac systems as well.

Read More

APTs - Understanding the Ghost in the Machine

One of the biggest threats to all businesses is an APT attack. This is when an attacker has gathered sensitive information, weighed out all the possible outcomes, and is ready to attack at a moment’s notice. APT (Advanced Persistent Threat) is a form of cyber attack in which the attacker gains access to a network and finds a way to remain there hidden for a long time. Virtually undetected gathering information and waiting to attack. It is usually not an easy process to do, in a usual hack, the intruder will want to get in and get out as fast as possible with whatever data they can get. With an APT attack, the intruder wants to get in and stay in without being detected.

Once the attacker is in, there are many of things they can do to damage your internal network. Some of the most common ones are spear fishing attacks(sending false emails internally to try and wire money or get information) and social engineering attempts to get actual full network access. With this access, the attacker will try and set up a back door to come in and out when they please.

Read More

The 5 Biggest Cybersecurity Risks for Small and Medium Businesses

Cases of data breaches from major corporations around the world are becoming more and more frequent, much to the dismay of business owners all over the world. Every few weeks, there is a report about a big corporation’s data being leaked on some website, causing the company huge monetary losses as well as irreparable damage to reputation.

Although the alarming frequency of such high-profile data breaches would lead one to believe that the hackers must really have it in for large business owners, the fact still remains that small and medium business owners are just as susceptible to data breaches, if not more. Even if small and medium businesses realize that they are under threat as well, they might wrongly think that they would need to spend a large amount of money to keep the threat at bay.

The reality is anything but this. The major factor that decides whether you fall victim to such attacks is your level of negligence. Therefore, this article aims to make you aware about the 5 biggest threats your business might face.

Read More

Subscribe to Email Updates

About iSheriff

iSheriff is the leading provider of content and endpoint security from the cloud. We keep organizations and individuals safe from cybercrime, malware and digital threats. Thousands of businesses across a wide array of industries have deployed our solutions, including some of the most sophisticated buyers of security technology worldwide.