Archive for Security

Guest Post: 3 Ways Failing To Secure Your Business Data Can Prove Costly

Posted in Commentary with tags on May 26, 2018 by itnerd

By Penny Garbus

Every day, businesses across the country hum along efficiently, their operations supported by enormous reams of data that most employees – and bosses – take for granted.

Need to check inventory? Want to make sure a customer paid a bill? That information and much more is stored somewhere in a computer, always at the ready in time of need.

Except when it’s not.

Sometimes things go awry – a hacker, a system crash – that cause a business to lose critical data, and that can be devastating to the bottom line. Worst-case scenario: The business goes out of business.

“If you’re a business owner and you’ve not thought of data in relation to your financial well-being, don’t feel bad; you’re not alone,” says Penny Garbus, co-founder of Soaring Eagle Consulting Inc. ( and co-author of Mining New Gold – Managing your Business Data.

“Sometimes people are so busy running their businesses that they don’t have time to worry about the bits and bytes of their data and how relevant it is to longevity of their business.”

But they should, she says. Without data protection processes and procedures in place, the business could face serious consequences.

Garbus says data is like gold: It can be traded, it’s the base for creation of products, and if you lose it, you lose money.

Here are just three ways in which a failure to secure data can prove costly to a business:

  • Impact on sales. A sales team may be so dependent on data to do its job that a breach could mean sales goals aren’t met. That in turn affects the bottom line of the company. The longer it takes to reconstruct the data, the more money is lost.
  • Lawsuits and fines. Sometimes regulatory agencies require that certain records be kept. If a business loses that information, it could face potential fines or lawsuits. “Lawsuits and regulatory agencies can make your life a nightmare if you fail to understand, develop and follow processes that protected regulated data,” Garbus says. Customers also could sue if a system malfunction causes a business to fail to live up to a contract.
  • Ransomware. On occasion, malicious hackers infect your computers with software that blocks access to everything until you pay a ransom. “The ransoms are usually $1,000 and most companies pay the money,” Garbus says. Unfortunately, even paying a ransom is no guarantee a company’s data will be freed because on occasion the perpetrators demand even more money, she says. The situation can get even worse. “Sometimes the attacker has so completely destroyed data files and infected hard drives that they are unable to get the data back,” Garbus says. “The cost can run into thousands or even millions of dollars to get the company up and running again.”

“Any business that hasn’t already done so should begin a self-analysis to design data protection processes and procedures,” Garbus says. “You need to define your needs and then talk with your IT staff to ensure that the data recovery and protection strategies match those needs.

“But remember that this is not an insurmountable problem. If you take the right steps you can save yourself a lot of costs and headaches down the road.”


About Penny Garbus

Penny Garbus, co-founder of Soaring Eagle Consulting Inc. (, is co-author of Mining New Gold – Managing Your Business Data. She has been working in the data-management field since leaving college when she worked as a data entry clerk for Pitney Bowes Credit. She later ran the training and marketing department of Northern Lights Software.


Buy A Low Cost Android Phone, And Get Pwned For Free

Posted in Commentary with tags , on May 25, 2018 by itnerd

More than 100 different low-cost Android models from manufacturers such as ZTE, Archos, and myPhone ship with malware pre-installed, researchers at Avast Threat Labs reported on Thursday. Users in more than 90 countries, including the U.S., are affected by this, the researchers said:

The malware, called called Cosiloon, overlays advertisements over the operating system in order to promote apps or even trick users into downloading apps. The app consists of a dropper and a payload. “The dropper is a small application with no obfuscation, located on the /system partition of affected devices. The app is completely passive, only visible to the user in the list of system applications under ‘settings.’ We have seen the dropper with two different names, ‘CrashService’ and ‘ImeMess,'” wrote Avast.

The dropper then connects with a website to grab the payloads that the hackers wish to install on the phone. “The XML manifest contains information about what to download, which services to start and contains a whitelist programmed to potentially exclude specific countries and devices from infection. However, we’ve never seen the country whitelist used, and just a few devices were whitelisted in early versions. Currently, no countries or devices are whitelisted. The entire Cosiloon URL is hardcoded in the APK.”

Well. That’s not cool. These companies need to explain why their phones ship with this stuff. Or better yet, I say that governments should say that if this stuff is on phones when they ship, then they can’t be sold. But I suspect that neither is going to happen and consumers will have to fend for themselves by sticking to iOS or the Samsungs or LGs of the world and avoiding this low end market entirely.

500K Routers Worldwide Pwned By VPNFilter Malware

Posted in Commentary with tags on May 23, 2018 by itnerd

Cisco’s Talos Intelligence Group is sounding the alarm about a new type of malware called VPNFilter. The malware contains a killswitch for routers, can steal logins and passwords and can monitor industrial control systems. And an attack would have the potential to cut off internet access for all the devices connected to the router. Ukraine seems to be particularly hard hit, which combined with what has been discovered about the malware, implies that this is Russian in origin.

Routers from Linksys, MikroTik, Netgear and TP-Link are affected. Netgear has suggested to users everywhere to upgrade the firmware on their routers. Nobody else seems to have any specific advice for users of their products. Which is of course bad.

In terms of protecting yourself, here’s the best that from Cisco’s Talos Intelligence group:

  • Users of SOHO routers and/or NAS devices reset them to factory defaults and reboot them in order to remove the potentially destructive, non-persistent stage 2 and stage 3 malware.

And that’s pretty much all the average end user can do. Hopefully more robust advice comes in the days ahead as this is far from trivial.

Back Door Account Found in DLink DI-620 Routers Can Lead To Epic Pwnage

Posted in Commentary with tags , on May 23, 2018 by itnerd

Kaspersky Lab researchers have discovered a back door account on DLink DI-620 routers which if you have said router configured for admin access via the Internet, can lead a miscreant to pwn your router, and by extension your network. While this is an older device, there are a fair number of them floating around. Thus this discovery is not trivial. Because of that, Kaspersky is not disclosing the full details of this exploit to protect those who own this router, and are likely now considering using another router as we speak. For what it is worth, the best way to protect yourself is to ensure that the ability to log into this router from the Internet is disabled. I say that because DLink isn’t going to fix this as it is such an old device. Which I think says something about DLink.

Oh by the way, Kaspersky found three other security issues with this router. Which I think says something else about DLink.

Chinese Researchers Find Flaws In BMW Infotainment Systems….. And Fixes Are On The Way From BMW

Posted in Commentary with tags , on May 23, 2018 by itnerd

Chinese security firm Keen Labs have been looking at a variety of BMW vehicles over the last year and have released a 26-page technical report that details 14 vulnerabilities that allow a BMW to be pwned via the infotainment system. The researchers have released their findings to BMW who are working on updates to fix this. Likely when the cars come in for service. Now some of these flaws are hard to exploit. But it is possible which is why some details have been withheld in the report.

This highlights something that I have been saying for a while now. Car makers really need to up their game when it comes to the security of the cars that they make because they’re now rolling computers that people are going to try and hack. Thus automotive manufacturers have to be looking for vulnerabilities constantly, and when they find them, fix them quickly. Then roll them out in a manner that is easy for every car owner to get. That way we are all safer as a result.

The FBI “Grossly Inflated” Stats On Investigations Stymied By Encrypted Smartphones

Posted in Commentary with tags on May 23, 2018 by itnerd

The Washington Post is reporting that the FBI who aren’t fans of encrypted smarphones provided Congress with “grossly inflated” statistics on the number of electronic devices it has been been unable to access due to encryption:

The FBI’s initial assessment is that programming errors resulted in significant over-counting of mobile devices reported,” the FBI said in a statement Tuesday. The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of the same phones. Tests of the methodology conducted in April 2016 failed to detect the flaw, according to people familiar with the work.

And that my friends is a problem because the FBI used those numbers to argue that companies like Apple and Google need to either do away with encryption entirely or create “back doors” for law enforcement. Now the FBI still says that encryption is a problem that needs to be addressed, but they’re going to get few people buying into that after this bit of news.


Oh Noes! Even More Spectre Like CPU Flaws Found

Posted in Commentary with tags , on May 22, 2018 by itnerd

Google and Microsoft are out with details on yet another Spectre like CPU flaw which is documented in CVE-2018-3639. It is similar to the other Spectre flaws as it stems from speculative execution. This is a technique that modern chips use to optimize their performance by making assumptions about upcoming operations. In this case if the CPU begins a process that doesn’t take place, then it should unwind and delete all of the related data. But sometimes it doesn’t do that which means that someone could get access to that data and here we are talking about it.

Intel has said that the fixes it has already deployed for other variants of this flaw should make this more difficult to exploit. And new fixes are on the way. But they may impact performance. Thus they will be off by default because the risk level is low. But the risk exists so you should expect to see some action on this front in the near future.