Security Professionals Alert Users on New Malware Campaign


Recently, security researchers at Internet security firm Sophos identified a new malware campaign, which targets Facebook users. Attackers are purportedly sending e-mails, which appear to recipients as arriving from Facebook. The e-mail includes a well-crafted message, which advises the recipients to download a PDF attachment containing new password for their Facebook account as the currently used password is not safe. The malicious e-mail comes with different subject lines such as "your password has been changed", "the new password to your account", "personal data has been changed". The above sentence is preceded by the word, "Facebook" or "Facebook Support". The sentence is followed by an ID Number. The e-mails are not personalized. According to security researchers at Sophos, the e-mails claim toarrivefrommessage@,password@facebook.comorsupport@. Users must be wary of such e-mails as the companies are unlikely to change the passwords on their own and they will not send a PDF attachment. Further, genuine e-mails are more likely to be personalized.

Attackers may spoof e-mails or change the header to make the user believe that e-mails are arriving from a legitimate source. Users can direct visit the legitimate website and check whether they are able to log on with their existing passwords. Users may report such fraudulent e-mails to the targeted company and security response teams. Recipients who download the attachment may inadvertently infect their computers with Mal/Zbot-AV as identified by Sophos. Mal/Zbot-AV is a Fake AV downloader, which installs malware in several locations on the computer system. Internet security awareness is crucial to deal with consistent, well designed and sophisticated threats from cybercriminals. Users may gain insights on safe online computing practices through online IT courses and following security blogs, and updates from software developers. Internet users must install, update and regularly scan their computer systems with anti-virus and anti-malware software. They must avoid clicking on suspicious links and downloading e-mail attachments received from suspicious sources. They must use genuine software, adhere to security advisories and update software programs to safeguard their computer systems. The popularity of social media sites such as Facebook and Twitter makes them vulnerable to cyber threats.

Attackers constantly target users of social media sites through fraudulent schemes. Attackers tempt users to click on link or download attachments containing malware. The malware may be designed to delete, modify or extract files from the compromised computes. In the recent times, Facebook users have been targeted with various game, survey and event scams. Some of the scams seek access for rogue applications on Facebook account of a user. Once allowed access, the scams attempt to target people listed in the Friends list of the user. Vibrant online threats make it inevitable for security professionals to remain alert and regularly update their technical know-how by attending webinars, conferences and undertaking online IT degree programs. Professionals qualified in IT degree programs and security certifications may help developers in proactively devising new security mechanisms. Social media sites must work with Internet security firms to identify and alert users against spam and malware-ridden e-mail attachments.

Cloud Computing Security Tips For Small Businesses – What You Must Know


As a business grows their data storage needs grow. Backups of business information for disaster recovery are essential and, storage of backups off site can be challenging for small business. With cloud computing, organizations can monitor current needs and make on-the-fly adjustments to increase or decrease capacity, accommodating spikes in demand without paying for unused capacity during slower times. Cloud computing represents system reliability, especially for small businesses with aging computers and data stored on hard drives. As it doesn't mean that security and reliability can be taken for granted, it is necessary to a small business in the company in the cloud with careful due diligence and planning. ??? Identify and Assign Value to Assets Assets could be include applications, data, including private customer information; or infrastructure such as hosted servers and operating systems.

While not all cloud providers are the same, it is best to assign a value to your assets, to decide the level of security that is necessary. ??? Assess Your Liabilities One of the biggest cloud security concerns is the risk of breaches resulting in loss or theft of sensitive private data. If the information leaked is proprietary only to your company, liability is not a concern. But it is important to know where responsibility lies if information goes missing. ??? Compliance Requirements In certain industries like banking and healthcare, there are specific regulations for the handling of electronic data. In some cases there may be restrictions to use cloud services as there may be a requirement to store data within the borders of your own country. ??? Inquire About Security and Reliability Certifications By considering only those providers with documented, verifiably sound security practices may eliminate some of the need to probe deeper. ??? Negotiate Service Levels and Exit Strategies Security in the cloud is not just about protecting data. It's also about ensuring your own business continuity.

Your ongoing operations may depend on being able to access a cloud service, and it is therefore important to understand the service levels and exit strategies It is also important to know about the types and levels of encryption the provider can offer to ensure that even if data is leaked it cannot be read. It is also prudent to know about the provider's business continuity provisions and what happens if its main data center is destroyed. Small businesses must know about the security monitoring and auditing processes, and what kind of reporting the provider does. Look for effective cloud computing services that can take all the worry out of maintaining the technology of a small business.

Privacy Versus Security Enhancement


Where home security hardware is concerned, some of it constitutes real security hardware and some of it is simply designed to provide some privacy. Knowing the difference can help you improve your home security habits.

On your front door, if you've set things up correctly, you'll find a deadbolt, a kick plate and a locking door knob. In this situation, the deadbolt and kick plate are both security hardware. Together, they make it very difficult for anyone to open the door with a kick or a shoulder. The key-in-knob lock, however, is simply a privacy-enhancing device. If someone were to approach the house and simply try to open the door, the key-in-knob lock would let them know it's locked. If that person happened to be a thief and there was no deadbolt or kick plate in place, the key-in-knob lock would do essentially nothing to stop them from opening the door. This should serve to answer any questions about whether or not deadbolts are necessary.

Windows are privacy enhancing devices that can be transformed into legitimate security devices, given the right modifications. For instance, standard glass is not a security device. It will keep someone from entering your home by shattering the glass provided they're no stronger than a toddler. Adding laminate or tempered types of glass to a window, however, make it a much more formidable means of controlling access. A window that is reflective from the outside is a privacy enhancing device, obviously, as well as a security device as it keeps the contents of your home safe from prying eyes.

Screen doors are privacy devices. They allow a homeowner to, essentially, enjoy having their door wide open in the warmer months while still presenting a hindrance to anyone who would simply walk in uninvited. Remember that security value can be assessed, partially, on the difficulty of the obstacle it presents. A screen door that can be simply kicked in is no real obstacle. An iron door with screens added to it to allow it to function as a screen door, however, is a very real security device. Security is about making crime as difficult as possible.

When assessing home security, it's important to note where privacy devices have been used in place of legitimate security hardware. A shed or garage that has only a key in knob lock and flimsy glass windows is probably safe from anyone whose intentions are simply to be rude. If someone wants to steal your belongings, however, those devices will do little to discourage, or stop, them.

An alarm system is probably the device most accessible to homeowners that offers the greatest possible level of security. In any scenario, having a professionally installed alarm system makes it very difficult to break into a home undetected. They also work by taking simple privacy devices, such as windows, and outfitting them with monitors which has the effect of turning a privacy device into a security device in its own right.