|
CyberheistNews Vol 4, 40
Editor's Corner
Who is the Most Dangerous Cyber Celebrity of 2014?
No, it's not who you think. In recent years it was always a female celebrity like Emma Watson, Heidi Klum or Cameron Diaz that lured web surfers to sites laced with malware. At the end of this item is a link to a slide show that you should send to your users, and you will surprise them with which celebs are on the list. Somehow a male comedian has become the most dangerous celebrity to search for online, with one in five (wow) searches winding up on an infected site. Per McAfee, he is only the second male to rank number one on this list, with Brad Pitt the only other male in 2008. "Most consumers are completely unaware of the security risks that exist when searching for celebrity and entertainment news, images and videos online, sacrificing safety for immediacy," said Gary Davis, chief consumer security evangelist at McAfee, in a statement. Another surprise is that the Kardashians have dropped out of the Top 10. But don't be fooled: They're still dangerous. Here is the slide show! http://www.networkworld.com/article/2688080/security/security-165087-mcafee-s-most-dangerous-cyber-celebrities-of-2014.html
October 2014: National Cybersecurity Awareness Month
The President of the United States of America made a proclamation on September 30, 2014 that is worth having a look at. Knowing now that the U.S. Government is deep into offensive cyber war with advanced malware like Stuxnet, and the NSA almost able to get into anything, anywhere using unknown 0-day vulnerabilities, this becomes very interesting reading. President Obama started out with: "Cyber threats pose one of the gravest national security dangers the United States faces. They jeopardize our country's critical infrastructure, endanger our individual liberties, and threaten every American's way of life. When our nation's intellectual property is stolen, it harms our economy, and when a victim experiences online theft, fraud, or abuse, it puts all of us at risk. During National Cybersecurity Awareness Month, we continue our work to make our cyberspace more secure, and we redouble our efforts to bring attention to the role we can each play." If I were you, I would use this as a great opportunity to kick off a campaign in your own organization, and use this proclamation as something all employees could read to start off with, and then follow up with other campaign activities. Things that come to mind are "spot-the-phish" contests between departments, where departments get sent phishing security tests and the best (lowest) scoring department wins a fun prize. Here is the proclamation, forward far and wide! http://www.whitehouse.gov/the-press-office/2014/09/30/presidential-proclamation-national-cybersecurity-awareness-month-2014
Top 5 eLearning Statistics for 2014 [Infographic]
Are you (planning to) step users through web-based on-demand security awareness training? Here is some interesting data. The rise in eLearning’s popularity isn’t showing any signs of slowing. In fact, judging by the following Top 10 eLearning statistics for 2014, the future of the eLearning Industry is brighter than ever. Take a look at the "Top 5 e-Learning Statistics for 2014 You Need To Know": http://blog.knowbe4.com/bid/397580/Top-5-eLearning-Statistics-for-2014-Infographic
Quotes of the Week
"Our greatest weakness lies in giving up. The most certain way to succeed is always to try just one more time." - Thomas A. Edison, Inventor "The secret of genius is to carry the spirit of the child into old age, which means never losing your enthusiasm." - Aldous Huxley, Novelist "Dare to think for yourself." - Voltaire, Writer and Philosopher Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe, you can do that right here
|
Your Money or Your Files!
New KnowBe4 Whitepaper: A Short History of Ransomware
Read the short and brutal history of how vicious ransomware came into existence. 2014 was the year that ransomware went mainstream... but how did we wind up here?
Learn about: Hacking Generations, the first ransomware in 1989 (!), Bitcoin 101, and why criminals want to be paid in Bitcoin, CryptoLocker and its copycats, different ransomware types and families, the future of ransomware, and how to best mitigate against it. Download here:
http://info.knowbe4.com/whitepaper-ransomware-history-14-10-07
Poll: Employees Clueless About Social Engineering
Fresh from Dark Reading: "When it comes to social engineering, Pogo, the central character of a long-running American comic strip, said it best. "We have met the enemy and he is us."
It was 1971 when Walt Kelly penned the cartoon with the celebrated quote; Pogo, who lived in a swamp, was talking about Earth Day. Today, the same sentiment can be applied to employees who are blissfully ignorant of the lengths criminals will take to gain their confidence in order to breach an organization’s security and steal proprietary data.
But don’t take my word for it. According to a recent Dark Reading flash poll, more than half of 633 security professionals who responded said that the most dangerous social engineering threat to their organizations was due to a lack of employee awareness." Full article with much more data and graphs at Dark Reading: http://www.darkreading.com/perimeter/poll-employees-clueless-about-social-engineering-/a/d-id/1316280
SANS October Issue of OUCH! Released
Sans said: "We are excited to announce the October issue of OUCH! This month, led by Guest Editor Lenny Zeltser, we cover the top five steps to staying secure. With both technology and threats constantly evolving, people are often confused with changing security advice. In this edition, we cover the fundamentals that apply regardless of what technology you are using or where you are using it.
In addition, we are releasing something new for National Cyber Security Awareness Month (NCSAM)
A companion tips sheet that highlights the same five points covered in this month's edition of OUCH! This tip sheet was designed to be a simple reference that people can print out and post at their desk or computer. Please take a moment to read the details below. As always, we encourage you to download and share OUCH! with others." (PDF): http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201410_en.pdf
Data Leak Prevention Has a New Challenge
"Through glass transfer" is a new area. At the COSAC 21st International Computer Security Symposium and SABSA World Congress in Naas, Ireland, a researcher demonstrated a protocol he had devised that automates the transfer of data from any display to devices like smart phones. Richard Stiennon has the (very interesting) story: http://www.forbes.com/sites/richardstiennon/2014/10/01/data-leak-prevention-has-a-new-challange-introducing-through-glass-transfer/
Latest Anti-Phishing Working Group Report
The latest APWG report came out: "Phishers are criminal, but they do make rational decisions about how to go about their work. They’re in it for the money, and they work to make their schemes as productive as possible while evading detection. To combat phishing we need to know what the phishers are doing, and how. Where is the phishing taking place? What companies are most vulnerable? Were the slew of new top-level domains a bonanza for phishers? By analyzing the phishing that took place in the first half of 2014, the authors have some answers, and those answers may surprise you."
- The major findings in this report include:
- Apple became the world’s most-phished brand.
- The introduction of new top-level domains did not have an immediate major impact on phishing.
- Chinese phishers were responsible for 85% of the domain names that were registered for phishing.
- Malicious domain and subdomain registrations continue at historically high levels, largely driven by Chinese phishers.
- The average uptimes of phishing attacks remain near historic lows, pointing to some success by anti-phishing responders.
- The companies (brands) targeted by phishing targets were diverse, with many new targets, indicating that e-criminals are looking for new opportunities in new places.
- Mass hackings of vulnerable shared hosting providers led to 20% of all phishing attacks.
Recommended reading! The PDF is at the apwr.org site: http://docs.apwg.org/reports/APWG_Global_Phishing_Report_1H_2014.pdf
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
SUPER FAVE: A compilation of some of the best wingsuit flights in the Swiss Alps and the Norwegian Fjords. Amazing photography and beautiful music!: http://www.flixxy.com/best-of-wingsuit-flying.htm?utm_source=4
SUPER MAGIC: Enzo Weyne does the impossible with his 'magic cube' at the French television show 'The World's Greatest Cabaret.' wait for the end, this is a stunner: http://www.flixxy.com/enzo-weyne-magic-cube-the-worlds-greatest-cabaret.htm?utm_source=4
Now that I am driving a Tesla Model S myself, this video of how they are made is suddenly a lot more interesting and real. This car drives like a bat outta hell! http://www.flixxy.com/how-the-tesla-model-s-is-made.htm?utm_source=4
Now for some old-fashioned magic. Vlad performs some stunning magic tricks with his feet at the French television show 'The World's Greatest Cabaret': http://www.flixxy.com/magic-feet-vlad-and-elena.htm?utm_source=4
Ten of the world's best supercars and sports cars selected by Motor Trend Magazine face off in an epic quarter-mile sprint. Their only fail... no Tesla! [grumble] :-D http://www.flixxy.com/worlds-greatest-drag-race-2014.htm?utm_source=4
Ohio State marching band with an incredible Wizard of Oz halftime show, complete with tornado, dancing scarecrow, and flying witch on a broomstick: http://www.flixxy.com/ohio-state-marching-band-wizard-of-oz-halftime-show.htm?utm_source=4
|
|