• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » Cyber Security News Update 12/15/2017

Cyber Security News Update 12/15/2017

2017-12-15 by Max

Enterprise cyber security is a group effort, if everyone is working with proper cyber security protocols in mind then everyone else’s efforts are lessened. This isn’t to say that you shouldn’t pursue cyber security across your entire company, just know that a single weak link is all it takes to create an opening. Redundant systems and multi-factor verification can make up for short-comings, but they have to be implemented first. There is an advantage to forcing verification at the corporate level, rather then relying on your employees to get around to it. The most common security slip-ups by employees are saving their passwords, and sending work documents to/from personal devices. These actions are dangerous because they can bypass most security measures, but both of them can be combated with proper security protocols. Multi-factor verification stops password saving, because some other vector is necessary to successfully login. Requiring a code to be sent to a phone or other device, and then entered within a short time-frame, can cut down on unwanted access. Restrictions can be put in place so that documents and other work related files can’t be sent to a device that’s not on the network.
Source: You’re probably putting your company’s cybersecurity at risk

In a startling display of failed quality assurance, HP sent out several laptops with a keylogger program installed on it. The program is turned off by default, but that’s not very comforting when it comes to a dangerous piece of malware. Keyloggers are extremely threatening programs, they do exactly as their name says: Every keystroke you make is logged and sent to someone else. With some patience and a program to sift through the data, an attack can easily find every bit of information you’ve used your keyboard to enter. Some advanced programs also track mouse movements and clicks, so an attack can recreate your entire experience as they get into whatever secure areas you have access too. HP did release a patch to remove this software once they were notified, but its mere presence raise the question: How did malware get installed on the devices in the first place? Why would HP ever even need a keylogger program in the first place, they’re a hardware manufacturer not an intelligence agency. It also begs the question: What else is unknowingly installed on HP devices? They’re could be any number of programs that slipped through the cracks.
Source: Oops… Some HP Laptops Shipped With Hidden Keylogger

Triton, Industrial Control System (ICS) malware, is ravaging the Middle East where it resides in critical infrastructure. Triton, also known as Trisis, is designed to target Triconex Safety Instrumented Systems ICS software by Schneider Electric. This software works as a safeguard against dangerous industrial accidents and is an independent program that double-checks other safeguards. This redundancy adds resistance to cyber attacks that neutralize other safety programs, improves response times by having a watchdog program that can act on its own to stop deadly situations and allows for another level of safety. Secure systems, like those usually found in industrial plants, are supposed to be air-gapped. This means that the computers have no connection to the internet, and nothing they’re connected to has access to the internet. Essentially, the entire network is a closed system. It would appear that the infected computers were supposed to be air-gapped, but were either connected to the outside world or someone brought in an infected device that spread Triton.
Source: TRITON Malware Targeting Critical Infrastructure Could Cause Physical Damage

Filed Under: News

About Max

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version