É o Dia Mundial do Backup! Veja como pode preservar seus arquivos

Read Time:4 Minute, 42 Second

Vamos jogar um jogo. Acesse o aplicativo Fotos em seu telefone e veja o número total de vídeos e imagens em seu aparelho: todas aquelas lembranças preciosas de férias em família, clipes do seu show favorito e as inúmeras fotos do seu bicho de estimação. Em seguida, abra seu laptop ou desktop e verifique quantos documentos você salvou. Talvez todos os relatórios de pesquisa salvados para defender sua tese de graduação ou uma importante apresentação com slides que você mostrará ao seu chefe na segunda-feira. Se tivesse que adivinhar, você diria que há milhões desses dados no total? Agora imagine se todos eles tivessem desaparecido de repente. O que faria?

Você pode estar pensando: “Isso nunca vai acontecer comigo”. No entanto, essa situação é mais comum do que se imagina. Mais de 60 milhões de computadores terão problemas no mundo este ano. Além disso, mais de 200 mil smartphones são perdidos ou roubados a cada ano. É por isso que estamos comemorando o Dia Mundial do Backup. Queremos mostrar como você pode fazer backup de seus arquivos e encontrar paz de espírito, sabendo que seus dados estão sãos e salvos.

O que são os backups e qual a sua importância?

Uma cópia de segurança é uma cópia separada de seus arquivos e informações digitais importantes e sentimentais. Armazenar todos esses dados em um só lugar, como um computador pessoal ou smartphone, pode ser inseguro. A criação de outra cópia desses dados através de um backup garantirá que eles sejam armazenados e mantidos com segurança em outro lugar, caso seu dispositivo seja apagado ou roubado.

É importante reconhecer que a perda de dados não é algo que só acontece com grandes corporações ou vítimas em filmes de espionagem. Todos são suscetíveis à perda ou roubo de dados. O backup desses dados é um passo simples para proteger todas as suas informações e evitar que os cibercriminosos tomem o que não é deles.

Introdução ao armazenamento de dados

Os dados são um dos ativos mais importantes do mundo moderno. Como ilustramos anteriormente, as pessoas acumulam inúmeros arquivos que contêm informações valiosas que desejam manter em segurança. Felizmente, há duas formas comuns e baratas de um usuário armazenar seus dados e seus sempre importantes backups.

Armazenamento na nuvem

Embora “a nuvem” tenha se tornado uma palavra importante, sua definição ainda pode causar confusão. A nuvem existe em centros de dados remotos que você pode acessar através da Internet. Qualquer dado que você tenha carregado na nuvem existe em servidores dedicados e volumes de armazenamento alojados em armazéns distantes, muitas vezes situados em locais cheios de tais armazéns. Os centros de dados são de propriedade de provedores de serviços na nuvem, que são responsáveis por manter os servidores em funcionamento.

Para manter seus dados fisicamente seguros contra roubo e destruição, e para garantir que estejam disponíveis sempre que você quiser acessá-los, os centros de dados operam sistemas de refrigeração extensivos para evitar o superaquecimento do equipamento eletrônico. Além disso, têm pelo menos um gerador de reserva em caso de quedas de energia. Mas como eles garantem que esses dados fiquem seguros na mundo cibernético? Os sistemas em nuvem utilizam processos de autenticação como nomes de usuário e senhas para limitar o acesso, e criptografia de dados para proteger os dados roubados ou interceptados. Entretanto, é importante lembrar que as senhas podem ser descobertas. Normalmente, o prestador de serviços detém as chaves de criptografia de seus dados, o que significa que empregados desonestos poderiam, teoricamente, acessá-los. Da mesma forma, seus dados também podem ser potencialmente pesquisados e apreendidos por entidades governamentais.

Isto suscita a pergunta: confiar ou não confiar? Como as empresas de armazenamento em nuvem vivem e morrem por sua reputação, você pode ter certeza de que elas se esforçam ao máximo para usar as técnicas de segurança mais avançadas e fornecer o serviço mais confiável possível. Para ajudar a garantir a segurança de seus dados caso você opte por armazená-los ou fazer backup na nuvem, mantenha qualquer informação verdadeiramente sensível em uma nuvem privada atrás de um firewall.

Disco rígido externo

Com um disco rígido externo, você mesmo pode fazer backup manualmente de todos os seus dados e arquivos em um dispositivo físico, podendo acessá-lo em qualquer momento. Esses discos são uma maneira confiável de conseguir redundância de dados. Um disco rígido externo não depende do acesso à Internet como os serviços baseados na nuvem. É uma solução fácil para transferir dados a um novo dispositivo. Entretanto, o uso de discos rígidos externos requer uma abordagem mais prática para fazer o backup de seus dados. É sua responsabilidade fazer backups regularmente e armazenar seu disco rígido em um local seguro. Enquanto as soluções em nuvem oferecem enormes quantidades de armazenamento, o espaço de armazenamento em discos rígidos é limitado, portanto você pode ter que comprar mais de um dispositivo. Procure um drive externo com pelo menos um terabyte de espaço para acomodar todos os seus dados, o que tende a se acumular rapidamente.

Dê o pontapé inicial em sua limpeza digital

Quando limpar a garagem e arrumar sua casa, tenha o mesmo cuidado de fazer alguma limpeza digital neste Dia Mundial do Backup. Dê aos seus dispositivos, aplicativos e contas on-line uma boa limpeza. Fique tranquilo ao saber que todos os seus dados valiosos são armazenados em um lugar seguro… E que você tem um backup no caso de algo dar errado. Lembre-se: a proatividade vai muito além da segurança cibernética e da proteção de suas informações.

The post É o Dia Mundial do Backup! Veja como pode preservar seus arquivos appeared first on McAfee Blog.

Read More

It’s World Backup Day! Here’s How You Can Preserve Your Files

Read Time:4 Minute, 29 Second

Let’s play a game. Go to the Photos app on your phone and look at the total number of videos and images on your device – all those precious memories of family vacations, clips from your favorite concert, and the countless snapshots of your furry companion. Next, open your laptop or desktop and check to see how many documents you have saved — perhaps all the research reports you have saved to defend your graduate thesis or an important slideshow you’re presenting to your boss on Monday. If you had to guess, would you say the total number of these various pieces of data is into the thousands? Now imagine if all this data was suddenly gone. What would you do?  

You might be thinking, “That will never happen to me.” However, this situation is more common than you think. More than 60 million computers will fail worldwide this year, and over 200,000 smartphones are lost or stolen every year. That’s why we’re celebrating World Backup Day by sharing how you can properly back up your files and find peace of mind knowing that your data is safe and sound.  

What Are Backups and Why Are They Important? 

A backup is a separate copy of your important and sentimental digital files and information. Storing all that data in one place, like a personal computer or smartphone, can prove unsafe. Creating another copy of that data through a backup will ensure that it’s stored and kept safe somewhere else should your device get wiped or stolen. 

It’s important to recognize that data loss isn’t something that only happens to huge corporations or unsuspecting victims in spy movies. Everyone is susceptible to data loss or theft and backing up that data is an easy step to protect all your information and prevent cybercriminals from taking what isn’t theirs. 

Data Storage 101 

Data is one of the most important assets in the modern world. As we illustrated earlier, people collect countless files that contain valuable information they want to keep safe. Luckily, there are two common and inexpensive ways that a user can store their data and their ever-important backups.  

Cloud storage  

Although “the cloud” became a major buzzword years ago, its definition is still cloudy for some folks. The cloud exists in remote data centers that you can access via the internet. Any data you’ve uploaded to the cloud exists on dedicated servers and storage volumes housed in distant warehouses, often situated on campuses full of such warehouses. Data centers are owned by cloud service providers, who are responsible for keeping the servers up and running.  

To keep your data physically safe from theft and destruction, and to make sure it’s available whenever you want to access it, data centers run extensive cooling systems to keep the electronics from overheating and have at least one backup generator in case of power outages. But how do they make sure that this data is secure in the cybersphere? Cloud systems use authentication processes like usernames and passwords to limit access, and data encryption to protect data that is stolen or intercepted. However, it’s important to remember that passwords can be hacked. Typically, the service provider holds the encryption keys to your data, meaning that rogue employees could, theoretically, access it. Likewise, your data could also potentially be searched and seized by government entities. 

This begs the question: Trust or don’t trust? Because cloud storage companies live and die by their reputation, you can rest assured knowing that they go to great lengths to use the most advanced security techniques and provide the most reliable service possible. To help ensure the security of your data should you choose to store or back it up to the cloud, keep anything truly sensitive in a private cloud behind a firewall.  

External hard drive  

With an external hard drive, you can manually back up all your data and files yourself onto a physical device that you can access anytime. These drives are a reliable way to achieve data redundancy. An external hard drive doesn’t rely on internet access like cloud-based services and is an easy fix when transferring data to a new device. However, using external hard drives requires a more hands-on approach to backing up your data. It’s your responsibility to regularly perform backups yourself and store your hard drive in a safe location. While cloud solutions offer huge amounts of storage, storage space on hard drives are limited, so you may have to purchase more than one device. Look for an external drive with at least a terabyte of space to accommodate all your data, which tends to accumulate quickly. 

Kickstart Your Digital Spring Cleaning  

As you’re cleaning out your garage and tidying up your home, take the same care to do some digital spring cleaning this World Backup Day. Give your devices, apps, and online accounts a good decluttering and gain more peace of mind knowing that all your valuable data is stored in a safe, secure place … and that you have a backup in case something goes awry. Remember, proactivity goes a long way toward shoring up your cybersecurity and protecting your information.   

The post It’s World Backup Day! Here’s How You Can Preserve Your Files appeared first on McAfee Blog.

Read More

Chrome Zero-Day from North Korea

Read Time:1 Minute, 58 Second

North Korean hackers have been exploiting a zero-day in Chrome.

The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for the express purpose of serving attack code on unsuspecting visitors. One group was dubbed Operation Dream Job, and it targeted more than 250 people working for 10 different companies. The other group, known as AppleJeus, targeted 85 users.

Details:

The attackers made use of an exploit kit that contained multiple stages and components in order to exploit targeted users. The attackers placed links to the exploit kit within hidden iframes, which they embedded on both websites they owned as well as some websites they compromised.

The kit initially serves some heavily obfuscated javascript used to fingerprint the target system. This script collected all available client information such as the user-agent, resolution, etc. and then sent it back to the exploitation server. If a set of unknown requirements were met, the client would be served a Chrome RCE exploit and some additional javascript. If the RCE was successful, the javascript would request the next stage referenced within the script as “SBX”, a common acronym for Sandbox Escape. We unfortunately were unable to recover any of the stages that followed the initial RCE.

Careful to protect their exploits, the attackers deployed multiple safeguards to make it difficult for security teams to recover any of the stages. These safeguards included:

Only serving the iframe at specific times, presumably when they knew an intended target would be visiting the site.
On some email campaigns the targets received links with unique IDs. This was potentially used to enforce a one-time-click policy for each link and allow the exploit kit to only be served once.
The exploit kit would AES encrypt each stage, including the clients’ responses with a session-specific key.
Additional stages were not served if the previous stage failed.

Although we recovered a Chrome RCE, we also found evidence where the attackers specifically checked for visitors using Safari on MacOS or Firefox (on any OS), and directed them to specific links on known exploitation servers. We did not recover any responses from those URLs.

If you’re a Chrome user, patch your system now.

Read More

ESET refreshes enterprise products, embraces XDR

Read Time:34 Second

ESET announced a host of changes to its cybersecurity product line Wednesday. Changes include making it easier to manage risks in its ESET Protect software, rebranding its Enterprise Inspector offering as ESET Inspect Cloud, and refreshing its endpoint solutions for Windows, macOS and Android.

ESET Inspect Cloud gives the company’s flagship product ESET Protect extended detection and response (XDR) capabilities, with the cloud offering able to identify post-execution malicious code and the protect solution able to provide security teams with full visibility into the response to the code. XDR capabilities include advanced threat hunting, incident response, full network visibility, and cloud-based threat defense,

To read this article in full, please click here

Read More

Praetorian launches ML-powered Nosey Parker secrets scanner

Read Time:25 Second

Texas-based cybersecurity vendor Praetorian has launched a new machine learning-based secrets scanner, called Nosey Parker, onto its Chariot Platform, which provides attack surface management and offensive security managed services. 

Nosey Parker is a machine learning-based service developed using the regular expression (regex) pattern matching technique to detect sensitive secrets like passwords, API keys, access tokens, asymmetric private keys, client secrets and credentials left inadvertently in source code and configuration files. 

To read this article in full, please click here

Read More

7 ways to defend against a credential stuffing attack

Read Time:5 Minute, 26 Second

This blog was written by an independent guest blogger.

Credential stuffing attacks essentially doubled in number between 2020 and 2021. As reported by Help Net Security, researchers detected 2,831,028,247 credential stuffing attacks between October 2020 and September 2021—growth of 98% over the previous year. Of the sectors that did experience credential stuffing during that period, gaming, digital and social media, as well as financial services experienced the greatest volume of attacks. What’s more, the United Kingdom was one of the top three regions that launched the most credential stuffing attacks in the world, followed by Asia and North America.

Looking towards the rest of 2022, the security community expects the volume of credential stuffing attacks to grow even further. “Expect to see credential stuffing attacks double in number again in 2022,” noted Forbes.

Why is credential stuffing a concern for organizations?

First, the role of automation in credential stuffing makes it possible for anyone—even attackers with low levels of expertise—to perpetrate these attacks. A low barrier of entry helps to explain why credential stuffing is so pervasive and why it’s expected to continue in this way for 2022.

Let’s examine the flow of credential stuffing to illustrate this fact. According to the Open Web Application Security Project (OWASP), a credential stuffing attack begins when a malicious actor acquires compromised usernames and passwords from password dumps, data breaches, phishing campaigns, and other means. They then use automated tools to test those credentials across multiple websites including banks and social media platforms. If they succeed in authenticating themselves with a credential set, they can then conduct a password reuse attack, harvest the compromised account’s information/funds, and/or monetize it on the dark web.

Which brings us to our second reason why credential stuffing is so concerning: the impact of a successful attack can be far-reaching. The applications of a successful credential stuffing attack are tantamount to a data breach, so organizations can bet that all data privacy regulations will be enforced.

Meaning? Organizations could incur fines totaling millions of dollars in the aftermath of credential stuffing, per Cybersecurity Dive. Those penalties don’t include the costs that organizations will need to pay to understand the impact of the attack, figure out which data the malicious actors might have compromised, and remediate the incident. They also don’t cover the brand damage and legal fees that organizations could face after notifying their customers.

Credential stuffing defense best practices

To avoid the costs discussed above, organizations need to take action to defend themselves against a credential stuffing attack. Here are seven ways that they can do this.

1. Make credential stuffing defense an ongoing collaborative discussion

Organizations can’t tackle credential stuffing if there’s not even a discussion about the threat. Acknowledging this reality, TechRepublic recommends that organizations bring their security, fraud, and digital teams together to discuss credential stuffing, among other fraud trends, along with ways that they can use digital metrics to coordinate their defense efforts.

2. Implement multi-factor authentication

Credential stuffing hinges on the fact that malicious actors can translate access to a credential set into access to an account. Multi-factor authentication (MFA) denies this pivot point, as it forces attackers to also provide another factor such as an SMS-based text code or a fingerprint for authentication. This raises the barrier of taking over an account by forcing malicious actors to compromise those additional authentication factors in addition to the original credential set.

3. Use security awareness to familiarize employees with password best practices

Organizations can go a long way towards blocking a credential stuffing attack by cultivating their employees’ levels of security awareness. For instance, they can educate their employees on how malicious actors can leverage password reuse as part of a credential stuffing campaign. Per How-To Geek, organizations can also provide employees with a password manager for storing credentials that they’ve created in accordance with company password policies.

4. Analyze and baseline traffic for signs of credential stuffing

Infosecurity Magazine recommends that organizations create a baseline for their traffic including account activity. They can then use that baseline to monitor for anomalies such as a spike in failed login attempts and unusual account access requests.

5. Prevent users from securing their accounts with exposed passwords

The last thing security teams want is for their employees to use a password that’s been exposed in a previous security incident. Malicious actors use data breaches, information dumps, and other leaks to power automated tools used in credential stuffing, after all. Acknowledging this point, infosec personnel need to monitor the web for data breaches, information dumps, and other leaks that malicious actors could use to engage in credential stuffing. They can actively monitor the news for these types of incidents. They can also rely on receiving alerts from data breach tracking services such as Have I Been Pwned (HIBP).

6. Implement device fingerprinting

Infosec teams can use operating system, web browser version, language settings, and other attributes to fingerprint an employee’s device. They can then leverage that fingerprint to monitor for suspicious activity such as a user attempting to authenticate themselves with the device in a different country, noted Security Boulevard. If a circumstance like that arises, security teams can then prompt employees to submit additional authentication factors to confirm that someone hasn’t taken over their account.

7. Avoid using email addresses as user IDs

Password reuse isn’t the only factor that increases the risk of a credential stuffing attack. So too does the reuse of usernames and/or account IDs. Salt Security agrees with this statement.

“Credential stuffing relies on users leveraging the same usernames or account IDs across services,” it noted in a blog post. “The risk runs higher when the ID is an email address since it is easily obtained or guessed by attackers.”

Subsequently, organizations should consider using unique usernames that malicious actors can’t use for their authentication attempts across multiple web services.

Beating credential stuffing with the basics

Credential stuffing is one of the most prevalent forms of attack today. This popularity is possible because of how simple it is for malicious actors to obtain exposed sets of credentials on the web. However, as discussed above, it’s also simple for organizations to defend themselves against credential stuffing. They can do so in large part by focusing on the basics such as implementing MFA, awareness training, and baselining their traffic.

Read More

CVE-2021-20729

Read Time:12 Second

Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.

Read More