Cyber Defense eMagazine December 2019
Cyber Defense eMagazine January Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group with Pierluigi Paganini, Yan Ross as International and US Editors-in-Chief and many more hard working amazing contributors!
Cyber Defense eMagazine January Edition for 2020 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group with Pierluigi Paganini, Yan Ross as International and US Editors-in-Chief and many more hard working amazing contributors!
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
54<br />
devices. Russian actors can extract device configurations, collect login credentials and impersonate<br />
privileged users, among other actions. By understanding threats to this level of detail, the appropriate<br />
mitigations can be implemented. Make threat intelligence actionable intelligence.<br />
Zombie devices to botnets. While your local coffee shop may seem like a great place to get some<br />
online shopping done, remember that free, public wireless networks make it easier for cyber hackers to<br />
obtain your information. Make sure you use WPA-2 for authentication and 802.1x for remote access using<br />
IPsec/VPN tunnel before entering your personal information for an online order. Be aware of the VPN<br />
you utilize because not all VPNs are 100% secure. As of October <strong>2019</strong>, an advanced persistent threat<br />
(APT) was discovered to exploit vulnerabilities in Palo Alto, Fortinet and Pulse Secure products, which<br />
allow actors to collect credentials. These stolen credentials can later be used at accessing a root shell<br />
for increased privileged activity.<br />
Metadata spoofing attacks. <strong>Cyber</strong> criminals exploit vulnerabilities of web-based applications due to<br />
vulnerabilities associated with various apps, especially when they are outdated. Keep up with the latest<br />
security updates on your computers, browsers and mobile devices. Setting your antivirus software to<br />
auto-update will also help safeguard your computer from the latest viruses.<br />
In addition, ensure that you remain abreast of threat intelligence and immediately apply required patches<br />
to your systems. Many examples have been encountered in which patches were available but had not<br />
been installed as directed, resulting in an information assurance event or compromise. Think back to the<br />
Marriott, Target and Office of Personnel Management hacks – each could have been prevented by<br />
appropriate patching.<br />
Authentication attacks. Once malware has been unleashed onto an electronic device, cyber criminals<br />
use brute force attacks to break the encrypted password saved in the form of an encrypted text. Never<br />
save your personal information – including your name, passwords, address and credit card information<br />
– using the remember me feature on shopping websites. Logging out of your account after each purchase<br />
ensures that your personal information won’t be compromised if your online retailers have a data breach.<br />
People often make the mistake of using the same password for multiple applications, even adding add a<br />
number or symbol to the original password after it expires. With an inverse correlation between security<br />
and convenience, users must carefully assess their circumstance. A trusted password manager can<br />
assist in producing strong and random passwords.<br />
Masquerading emails. During this time of the year, email marketing campaigns are prevalent, and<br />
phishing is an area of major concern. The Anti-Phishing Working Group (APWG) reported that phishing<br />
attacks have increased to their highest levels since 2016. Simple Mail Transfer Protocol does not possess<br />
the necessary mechanisms to verify legitimate email addresses. Users cannot trust in Domain-based<br />
Message Authentication, Reporting and Conformance (DMARC) to protect them from spoofed emails.<br />
As you’re sifting through your inbox for the best holiday sales, verify the sender’s credentials before<br />
clicking any links. Even e-mail attachments and links forwarded from trusted entities may have a<br />
malicious code. Get in the habit of manually typing websites in your internet browser to avoid any<br />
unforeseen cyberattacks.<br />
In addition to phishing, malicious actors are also exploiting vishing and smishing approaches. Always be<br />
suspicious of unsolicited information requests and make sure you know where your information is going.