Partner Perspectives //

bitdefender

2/28/2017
03:00 PM
Razvan Muresan
Razvan Muresan
Partner Perspectives

Report: Only 2 in 3 Cyber Attacks Can Be Stopped with Current Defenses

A recent Bitdefender survey of 250 US IT execs in companies with 1000 or more PCs paints a disturbing picture of cybersecurity preparedness in the enterprise.

Image Source: Bitdefender
Image Source: Bitdefender

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
3/1/2017 | 7:38:22 AM
1.2m phishings
according to an essay published this morning on Help Net Security:

With 1.2 million phishing attacks, 2016 was a success for cybercriminals

while converting to a more secure o/s may not be immediately practicle nonetheless people can move ahead with AUTHENTICATION for e/mail, current term

consider using Symantec/PGP Desktop with Outlook,   or -- use ENIGMAIL with Thunderbird

note that this can be phased in -- as users and correspondents can acquire training and software step-wise. 

while this will be seen as a burden cost the potential for blocking tragedy is significant.

all e/mail should be authenticated and encrypted.

Link to article
Jet Hedon
50%
50%
Jet Hedon,
User Rank: Apprentice
3/1/2017 | 7:11:06 AM
Re: "Hope is not a method"
Thanks for your comment, helped me out to learn more
macker490
50%
50%
macker490,
User Rank: Ninja
3/1/2017 | 6:36:10 AM
"Hope is not a method"
between the cubes today employees are admonished to read incomming e/mails carefully and not to click on "anything funny"

there was an article on this this morning   on ComputerWorld

see A better security strategy than 'know your enemy': Know your co-workers

THINK

(1) are employees going to be highly successful in examining input mails for signs of fraud?    are they even capable of doing that ?   or are there going to be a few click-firsts and then ooooops errors ?

(2) why are your computer systems vulnerable to "phishing" messages that are loaded with malware?

---

a. start using PGP with Outlook to validate e/mails.   Or Thunderbird/ENIGMAIL .   It isn't hard; you can do it.

b. use a secure o/s.   we may not have any that are 100% secure -- but some are MUCH better than others.

 
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20050
PUBLISHED: 2018-12-10
Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method.
CVE-2018-20051
PUBLISHED: 2018-12-10
Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via certain ONVIF methods such as CreateUsers, SetImagingSettings, GetStreamUri, and so on.
CVE-2018-20029
PUBLISHED: 2018-12-10
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
CVE-2018-1279
PUBLISHED: 2018-12-10
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on ...
CVE-2018-15800
PUBLISHED: 2018-12-10
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.