360,213,024 Users Credentials… From MySpace?

Posted on May 29, 2016 by Carmelo

If you re-use passwords and haven’t changed your login credentials from back when you used your MySpace page 10 years ago, then you are at risk!

The login details of more than 360,213,024 MySpace accounts have been leaked on the web, in what could be the largest data breach seen so far.

According to LeakedSource, which claims to have over 1.6 billion records in its database, the MySpace user information was provided by an anonymous user with an email address linked to the Russian-language exploit.im Jabber chat website. It is not clear how the data was obtained by the user.

The data is for sale on the darkweb for 6 bitcoin. Read more here.

Posted in Security Blog | Tagged , , , , , | Comments Off on 360,213,024 Users Credentials… From MySpace?

Every CEO, CIO, and CISO Needs to Watch Congressman Will Hurd Talk to the SSA on CyberSecurity

Posted on May 28, 2016 by Carmelo

Will Hurd, the CyberSecurity professional and Congressman. I can’t get enough of this guy!

Posted in Security Blog | Tagged , , , , , , , , , , | Comments Off on Every CEO, CIO, and CISO Needs to Watch Congressman Will Hurd Talk to the SSA on CyberSecurity

LinkedIn Breach Data Leaked

Posted on May 28, 2016 by Carmelo

Back in 2012, LinkedIn lacked some basic security requirements around password security and as a result, they were breached, data was stolen, and LinkedIn and most of the Internet media sites warned users to change their passwords. LinkedIn even enabled two-factor authentication for those who wanted to enroll in it.

The number of records stolen was greater than 100 million. The problem with a number that large is that many would not have seen the warnings about the breach and some don’t see the importance of having diverse passwords, know how to change their passwords, or know if they should care to change their passwords.

A hacker has come forward recently, pseudo-anonymously, named “Peace” who has claimed it was he (or she) and the data is up for sale on the darkweb for the low price of 5 bitcoins ($2,200 USD)… probably because some of the data is older and could be unusable.

It’s important to have diverse passwords, a different one for different services and accounts that are used. Sites, based on their content, will have different security requirements and will protect authentication data differently. A compromise of your credentials on a weak site can lead to the compromise of your account on a stronger site.

If a website offers two-factor or two-step verification, opt for it! It’s inconvenient, but much less likely that  your account will be compromised.

Posted in Security Blog | Tagged , , , , , , , , , , , , , | Comments Off on LinkedIn Breach Data Leaked

Julie and Tyler’s Wedding

Posted on May 14, 2016 by Carmelo

We attended Julie and Tyler’s wedding down in Yuma. It was a fun night! Damien got to visit his mom too.

20160515_001520394_iOS (2)

Jaime and Carmelo at Julie and Tyler’s wedding

20160515_005342110_iOS (2)

Brad,Carmelo, and Brent

20160515_020655891_iOS (2)

Julie and Tyler

20160515_033903703_iOS

Suzanne, Jaime, Julie, Brandee

Posted in life | Comments Off on Julie and Tyler’s Wedding

60% of BYOD Users Use the Same Device to Download Pirated Content

Posted on May 8, 2016 by Carmelo

In a recent poll in the UK, sixty percent of users who use their personal device for accessing corporate data, also use the exact same device to download pirated content off of ‘bad sites’ that are usually laden with nudity and malware.

Eighty percent of that sixty percent (which is 48%) consider the personal risks of doing so. Thusly, it can be abstracted that even less than the forty-eight percent are running any type of malware protection on their mobile device!

Most major anti virus/malware companies make protection for smartphones. Here are some on Amazon

Check out this cool infographic, it’s from 2015 so some of the numbers are out-dated, but it’s a great representation.

0883-16_IG_SmartphoneSecurity_v3F_sd

Here is the article that this post is based off of.

Posted in Security Blog | Tagged , , , , , , , , , , , , | Comments Off on 60% of BYOD Users Use the Same Device to Download Pirated Content

Smart Farming Vulnerabilities

Posted on May 7, 2016 by Carmelo

Smart farming is a real thing, it enables farmers to monitor their crops and gather visual analytics on big data. This allows for farmers to anticipate crop availability and forecast pricing.

This data is very valuable to the farmers and costly to produce. This isn’t confidential type of data and the average farmer doesn’t treat it as such, therefore they don’t put much protection surrounding the data or the environment hosting it. Without protection, it’s susceptible to theft.

In addition to theft, farm-level data may also be vulnerable to ransomware and data destruction. Ransomware has become a significant threat to US businesses and individuals. Perpetrators use ransomware to encrypt a user’s important files, rendering them unreadable until a ransom is paid. Hacktivists may also destroy data to protest, for example, the use of genetically-modified organisms (GMOs) or pesticides. The single most important protection measure against these threats is to implement a robust data back-up and recovery plan. Back-ups should be maintained in a separate and secure location so that malicious actors cannot readily access them from local networks.

Here is the official public notice from the FBI.

Posted in Security Blog | Tagged , , , , , , , , | Comments Off on Smart Farming Vulnerabilities

PCI DSS Version 3.2

Posted on May 7, 2016 by Carmelo

PCI DSS 3.2 is officially published

Here is the summary:

Multi-factor authentication will be required for all administrative access into the cardholder data environment.

The “Designated Entities Supplemental Validation” (DESV) – a set of steps that tell an entity how they can meet PCI DSS requirements – have now been incorporated into the standard.

Migration from SSL and TLS v1.0 to TLS v1.1 and higher must be performed by July 1, 2018

Service providers get several new requirements, such as maintaining a documented description of the cryptographic architecture and reporting on failures of critical security control systems, establishing responsibility for protection of cardholder data and the PCI DSS compliance program, regular penetration testing on segmentation controls, proving that its top executives have an understanding of PCI DSS compliance

Summary of Changes Document
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2_Summary_of_Changes.pdf

Full Data Security Standard
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2.pdf

Posted in Security Blog | Tagged , | Comments Off on PCI DSS Version 3.2

SNOWDEN

Posted on April 29, 2016 by Carmelo

There are a lot of mixed feelings regarding the Edward Snowden on social networks I frequent.

Posted in Security Blog | Tagged , , , , , , | Comments Off on SNOWDEN

Phishing Outlook Looks Legitimate

Posted on April 28, 2016 by Carmelo

When an attacker is using Microsoft Office 365’s Outlook paired with Microsoft Lync, it makes phishing emails look authentic and harder to detect without really checking it out.

See graphic below.

fbiphishing

Posted in Security Blog | Tagged , , , , , | Comments Off on Phishing Outlook Looks Legitimate

Wildlife World Zoo

Posted on April 24, 2016 by Carmelo

These are in reverse order.

IMG_0551 (2)

IMG_0491 (2)

20160425_000629060_iOS (2)

IMG_0455 (2)

20160425_000436729_iOS (2)

20160425_000233251_iOS (2)

20160424_234214589_iOS (2)

IMG_0425 (2)

20160424_231115015_iOS (2)

20160424_230248205_iOS (2)

20160424_224859240_iOS (2)

20160424_224843465_iOS (2)

20160424_224815843_iOS (2)

20160424_223102064_iOS (2)

20160424_215651819_iOS (2)

20160424_215635510_iOS (2)

20160424_215330229_iOS (2)

20160424_215205974_iOS (2)

20160424_215153334_iOS (2)

20160424_213104971_iOS (2)

20160424_212829500_iOS (2)

20160424_211016579_iOS (2)

20160424_210604047_iOS (2)

20160424_210029718_iOS (2)

Posted in life | Comments Off on Wildlife World Zoo