Mobile Device Security Market to Show incredible growth in 2020

Great article that breaks down the forecast growth of a report on the Mobile Security Market. See the link below. 

https://coleofduty.com/news/2020/04/20/mobile-device-security-market-to-show-incredible-growth-by-2020-know-about-brand-players-symantec-trendmicro-vmware-airwatch-trustgo-sophos-mcafee/

NIST revises mobile device security guidelines

NIST has made its first update to the mobile device security guidelines in 7 years. These guidelines structure is mainly the same. The structure includes guidelines for mobile device characteristics, threats, security tools and deployment. Major changes have been made to the threat section of the guidelines. The link below takes you to the article. 

https://www.fedscoop.com/nist-mobile-device-security-guidelines/

LG partners with Trustonic Security for enhanced security

LG will be enhancing its security for mobile phones using Trustonic Secured Platform (TSP™). This will improve security for smartphone apps such as banking apps and also strength security of third party app development. see the link below to the article. 

https://finance.yahoo.com/news/trustonic-security-implemented-lg-mobile-080000307.html

Forensic science failures putting justice at risk, says regulator

Great article on lack of skilled digital forensics and digital evidence explosion could cause issues in the justice system in England.  

https://www.theguardian.com/science/2020/feb/25/forensic-science-failures-putting-justice-at-risk-says-regulator

Launch of Remote Mobile Data Collection Tool

New collection tool for business to collect data internally and remotely for internal  and legal investigations. 

https://www.einnews.com/pr_news/510061541/digital-forensics-company-downstreem-launches-mobile-data-collection-device-remotestreem

History of Mobile Forensics

This is a great read of history of Mobile Forensics! Gives an overview of the history of mobile phones and mobile forensics. 

Mobile Device Digital Forensics

https://medium.com/@z3roTrust/mobile-device-digital-forensics-6c28d04c4e21

DOJ Anti-Trust probe looks into Apple’s Screen Time App, questioning third party parental app developers

The article below discuss the probe by the DOJ into anti-trust violations by Apple. The article talks about how Apple’s Screen Time app is preventing third party app developers from adding parent control apps to the App Store. The apps provide tracking and screen time controls for parents to control the phones of their children.

https://www.techtimes.com/articles/247205/20200205/u-s-department-justice-questions-iphone-app-makers-during-apple.htm

Mobile security threats

The article “ 7 mobile security threats you should take seriously in 2019 “ has some great information on 7 threats for mobile devices. The threats are more concerning to businesses with the use of mobile devices being used for business on a daily bases. The average cost of a data break is $3.8 million. The article’s list does not include malware. Stating that mobile devices have built in protection to keep these types of threats to a minimum. The list includes Data leakage to Social Engineering to poor passwords. 

https://www.csoonline.com/article/3241727/7-mobile-security-threats-you-should-take-seriously-in-2019.html

Cybersecurity importance to Businesses

April 5,2019

In the article titled “Why is it so hard for us to pay attention to cybersecurity?” on ZDNet.com talks about cybersecurity importance for businesses and charities is increasing. A survey done by the UK government shows that around 75% of businesses and charities put a high priority on cyber security. This still leaves 25% of businesses and charities listing it as a low priority. The article indicates that the food and hospitality industries are most likely to not have a high priority on cyber security. They also talk about areas outside of data-intense business such as finance, technology and education dismissing the importance of cybersecurity because they do not believe they are targets of cyber attacks.  The last segment of business talked about is small businesses. This area looks at cybersecurity as an expense not a business necessity. Soon or later those that do not make cybersecurity a top priority will experience an attack and the cost of the attack will be much greater the cost of prevention!

https://www.zdnet.com/article/why-is-it-so-hard-for-us-to-pay-attention-to-cybersecurity/

ASUS compromised with malware to deliver backdoored software updates

March 30,2019

The article from HELPNETSECURITY.com titled “Attackers compromised ASUS to deliver backdoored software updates” talks about ASUS computer and electronic maker’s compromise by unknown attacker. The hackers gained access to ASUS and download malware into its software update utility. The malware had a hardcoded list of about 600 MAC addresses. Although this was intended for attacks on these MAC addresses, millions of computers were infected with this Malware. Kaspersky Lab researchers discovered this malware in January 2019 and determined that the attack went on between June and November 2019. Kaspersky Labs notified ASUS of the attack.  A tool has been created to identify if the malware is on your computer. A link to the tool is in the article. The malware creates a backdoor and contact C&C server and create a second-stage backdoor. The malware will only work on the 600 hardcoded MAC Addresses. If the malware is installed on machines it will still create a backdoor but will not create the second-stage backdoor.  The link below will take you to this article.

https://www.helpnetsecurity.com/2019/03/25/asus-supply-chain-attack/

What is Credential Stuffing Attack?

March 24,2019

According to the article on Cyware.com. It is when attackers use usernames and passwords gained from other hacked sites to try and gain illegal access to other user accounts on other websites. Two well know sites have been comprised by credential stuffing attacks. Intuit was compromised by this type attack and personal data was stolen in February 2019. The second notable website was Dunkin’ Donuts.  Perkin accounts were accessed and personal data and perk points were stolen.  The information was then sold and used to get free coffee and other discounts. The article give tips to protect against this type attack. First never use the same username and passwords across websites. Change passwords frequently and use two-factor authentication. Lastly, log out after ending the session.  

https://cyware.com/news/credential-stuffing-attack-what-is-it-and-how-to-stay-protected-26185075

Data Breach includes Minnesota businesses

February 24, 2019

WCCO news is reporting a data breach that affects many Minnesota businesses. The breach occurred last month. Credit card information was accessed. North Country Products had identified suspicious activity on clients networks and found malware collecting credit card information of customers of businesses around the country that includes Minnesota businesses. Some of the businesses in Minnesota are Dunn Brothers Coffee, Chino Latino and Sebastian Joe’s Ice Cream. A link to a complete list of businesses affected in included in the article, the link is below. 

https://minnesota.cbslocal.com/2019/02/19/dunn-bros-coffee-sebastian-joes-chino-latino-affected-in-data-breach/ 

Dozens of Sites breached by one hacker

February 16, 2019

The following article, “Hacker Breaches Dozens of Sites, Puts 127 Million New Records Up for Sale” dated February 15, 2019 on the Hacker News website is reporting that 24 websites have been breached. Almost 750 million online accounts were stolen.  This account information has been put this stolen information up for sale on the dark web. The hacker was interviewed by “The Hacker News”. The stolen information was up for sale in two parts. The first part was around 620 million online accounts and being offered for less than $20,000. The second set of records up for sale was about 127 million records and selling for $14,500.  Only 8 of the 24 companies have acknowledged the breaches. Both sets of records have been removed from the dark web. The article lists the 24 companies that were breached.  Some companies are resetting user passwords after confirming they were breached. The author of the article also suggested that users of these websites consider changing their passwords, especially if you are using the same password for other accounts. 

Article Link

https://thehackernews.com/2019/02/data-breach-website.html

Lack of CyberSecurity Regulations

Feb 10, 2019

In an article on Lawfareblog.com dated Nov 18, 2018 called “CyberSecurity Regulation.” It details the Securities and Exchange Commission effort and research for the need to have public companies to have stronger policies and procedures for CyberSecurity along with disclosure all of data breaches. A report by the White House Council of Economic Advisers reported cyber activity cost the US economy between $57 billion and $109 billion in 2016 The article also indicates the laws and regulations for cyber security are not uniform and at times contradictory. In order to make public companies accountable for Cyber Security and reporting data breaches the SEC created a unit to enforce there guidelines and regulations. Below are some of their finding and enforcement actions taken.

In 2017 only 24 companies reported breaches but researchers found over 4000 cyber attacks in the same period.

SEC enforcement actions:

Yahoo was fine $35 million for not disclosing a data breach

Financial firm fined $1 million for in adequate protection of personal data. Phishing scheme was able to get passwords changed and access 5,600 customers’ personal data.

SEC report on Oct 16, 2018 reported that $100 million was paid out to hackers by 9 public companies.

Seems to me again the people representing us in Washington have their priorities mixed up. Seems we need to build a cyber wall not a physical wall to keep people from committing crimes in the United States!  

https://www.lawfareblog.com/sec-and-cybersecurity-regulation

What is Ransomware?

Jan 27, 2019

Ransomware is a form of malware that locks files and or systems until a monetary ransom is paid. Ransomware is most commonly transmitted by email attachments or links in the email. Clicking on the attachment or link launches the malware that encrypts important data or makes the computer inoperable. The ransom is usually requested in some form of internet payment such as bitcoin to make it difficult to find the perpetrator.  The Department of Homeland Security offers information on what Ransomware is and how to protect against it. 

https://www.us-cert.gov/sites/default/files/publications/Ransomware_Executive_One-Pager_and_Technical_Document-FINAL.pdf

Cyber Warfare

Jan 20,2019

In the article on the website Searchsecurity.techtarget.com defines Cyber warfare as computer or network attacks by one country on another country. These attacks are used to disrupt government activities or to spy on a country. Cyber warfare can be in the form of a virus, disruption of service or to collect data. As we all know the 2016 Presidential election is being investigated for Russian interference. From running fake Facebook pages to hacking the Democratic National Committee computers. Hacking is becoming the up and coming form of war between nations. We are so dependent on technology that there will be no need to drop bombs anymore to attack another country. A cyber attack of a countries water or electricity supply could be just as deadly as a nuclear bomb! Maybe we should invest in National Cyber Security instead of a physical wall to protect our nation!  

https://searchsecurity.techtarget.com/definition/cyberwarfare