Source: The Blaze
Published: 02/24/14

Apple’s security protocol breach is nearly as bad as handing your credit card straight to a hacker rather than making them steal the information through the magnetic stripe readers.

The flaw in Apple’s iOs and OS X platforms essentially allows a hacker to get in between the initial verification “handshake” connection between the user and the destination server, enabling the adversary to masquerade as a trusted endpoint. This means the connection which is supposed to be encrypted between you and your bank, email server, healthcare provider and more is open to attack.

Secure Sockets Layers, and more recently, Transport Layer Security protocols have protected web users for years by creating a digital secure handshake to identify and encrypt data from the browser to the secure end site. The Apple flaw puts hackers in the middle of that handshake, by allowing the SSL/TSL routines to be bypassed. 

Security experts across the web recommend updating iPhones and iPads with the available iOS patches now, and using browsers other than Safari for OS X systems without an available Apple fix.   Read more >>

Publication Date: 02/03/15
Source: TheStar.com

Our growing connectedness — along with “simple cluelessness” — giving hackers an edge that’s only likely to get worse.

A security breach at a Web portal for the U.S. Department of Homeland Security has exposed private documents and some financial information belonging to at least 114 organizations that bid on a contract at the agency last year, reports KrebsOnSecurity.

A spokesperson for Department of Homeland Security said that as a result of this unauthorized access, 520 documents including white papers/proposals, decision notification letters, documents regarding contract and award deliverables and other supporting materials were improperly accessed.

Unfortunately, this just further confirms that no one is immune to cyber crime.  The office of the Director of National Intelligence of the United States recognizes cyber crime as the number one global threat, leaving weapons of mass destruction and terrorism and organized crime behind. 

James R. Clapper, Director of National Intelligence, Worldwide Threat Assessment of the US Intelligence Community, explained it well back in March of 2013: “We are in a major transformation because our critical infrastructures, economy, personal lives, and even basic understanding of…the world are becoming more intertwined with digital technologies and the Internet. In some cases, the world is applying digital technologies faster than our ability to understand the security implications and mitigate potential risks.”

This speaks well to the fact that the cyber threats have quickly evolved over the past 5 years and that they are increasingly well organized and funded.  Highly sophisticated and complex attacks are becoming common and the skills behind attacks are significant, in many cases, even greater than those on the side of the “good guys”.

All types of organizations, including small businesses, need an effective cyber risk management program as sophisticated cybercrime is growing fast and everyone is a target.

Please feel free to contact ABEX and WatSec for more information on how you can effectively manage your cyber risks.