TOPIC:  CYBER SECURITY





SOURCE:  SECURITYWEEK.COM

America's intelligence chief on Wednesday said Russia hacks US computer networks "all the time," while also seeking to reassure the public the transition to a new president would "be OK." 

US agencies, companies and individuals are frequently targeted by overseas hackers, and Democratic presidential nominee Hillary Clinton's campaign has accused Moscow of hacking into Democratic National Committee (DNC) emails. 

"The Russians hack our systems all the time, not just government but also corporate" and personal systems, Director of National Intelligence James Clapper said at a Washington security summit, though he did not directly address whether Moscow was behind the DNC hack. 

He also pointed the finger at China and "non-state" actors for constantly trying to swipe data. 

The recent breach of DNC data, along with other electronic intrusions, has raised concerns about cyber incidents that could affect the outcome of the US presidential race, or other contests. 

Clinton is locked in a tightening race with Republican rival, Donald Trump. 

TOPIC:  RISK MANGEMENT


 

 

SOURCE:  SECURITYWEEK.COM


Whether you follow politics, healthcare, or sports, there’s a lot happening in the world right now and a lot to keep up with. Attackers are taking advantage of this flurry of activity and your quest for information to launch a new round of scams. 

The Brexit is just the latest example in which we’ve seen a surge in malicious emails within hours of the referendum result. Promising to protect individuals from financial market upheaval, the ploy lures users to open an email and an infected attachment, or click on a link that goes to a malicious website. Subject lines like “Brexit causes historic market drop” are designed to create the sense of urgency so that targets click before they think.

Cybercriminals act fast to capitalize on the confusion and time-sensitivity that surrounds breaking news. They quickly register domain names that sound official and create fake sites. Techniques like typosquatting or URL squatting to spoof the names of legitimate sites, and SEO poisoning to inflate search engine ratings, make it extremely difficult for a typical user to identify when they are being duped.

Attackers then devise their scheme for engaging targets. They may use malware delivered through an email to damage files, collect personal information or to hijack systems that will serve as a launching pad for other mechanized attacks. Or, they may use phishing scams to lure targets to their bogus sites, posing as a legitimate sender and pointing users to a website where they input personal financial data. 

TOPIC: TECHNOLOGY


 

 



SOURCE:  CNET.COM 

If you have an iPhone, you need to download the latest iOS update right now

Apple released the "important security update" in response to an active malware threat that can be used to read texts and email, record calls (including WhatsApp and Viber calls), track your location and turn on your phone's camera and microphone.

If that sounds terrifyingly invasive, that's because it is. The threat, dubbed "Trident" by mobile security firm Lookout, exploits three zero-day vulnerabilities in iOS 9 to form an "attack chain" that can break through Apple's (relatively) secure platform. According to University of Toronto's Citizen Lab, Trident is used in a spyware product developed by Israel-based "cyber war" company NSO Group (which is reportedly owned by an American venture capital firm). 

Citizen Lab and Lookout became aware of the issue when links containing the Trident exploit and the spyware were sent to Ahmed Mansoor, a human rights defender based in the United Arab Emirates. Mansoor did not click on the links and instead forwarded the emails to Citizen Lab, but had he clicked on the links, his phone would have been remotely jailbroken and invaded by NSO Group's "government-exclusive" spyware. Upon confirming the zero-day iOS vulnerabilities, Citizen Lab and Lookout notified Apple -- and now Apple has released a fix.

How to update your iPhone

To see if you're running the latest, patched version of iOS 9, open the Settings app and go to General > About > Version. If it says 9.3.5, you're good. Anything else, and you need to update.


TOPIC: FAN-SUBMITTED

 



SOURCE:  ARTEMUS FAN, DR. ERIC COLE (SECURE ANCHOR)


I have been focusing my energy and effort on building the best security content on the planet with one focus: To make the world a safe place.


Cyber security is our passion, our focus, our life. Protecting our clients is our purpose and what we love to do. We have been producing a lot of amazing content to help the community. If you do not follow me on social media, look me up on twitter and linkedin. Ultimately, I want to help you do your job more effectively and provide resources that have value. Therefore I would love to hear from you on what is your biggest challenge or area you need the most help in from a cyber security perspective. Some of the key topics we are focusing in on is threat hunting, insider threat and CISO resources. 

To help you focus on being the best security professional on the planet, ask yourself: How much confidence do you have in your organizations security and how you are approach cyber security? Think about the answers to these questions for your organization:
  1.  Are you compromised and if you were how would you know?
  2. Do your executives understand security with clear metrics and a security dashboard?
  3. If your organization had ransomware attack, would your executives' pay?
  4. Do you have a clear and accurate security roadmap focused on risk?
  5. Are your resources focused in on the highest priority areas and is your security program making a positive impact on the organization?
If you would like to receive more information, you can email me directly at This email address is being protected from spambots. You need JavaScript enabled to view it. or visit our splash page at www.secureanchor.org.

To help get you started I attached some of my recent posts that provide actionable items you can do today to secure your organization.  

Let us know how we can help you customize our content to make your job easier. Your organization needs to focus on running its business - Let Secure Anchor focus on securing your business.

At Secure Anchor, cyber security is our business.