Category Archives: Security

Privacy and Mobile Device Apps

This post was originally published on this site

Original release date: July 9, 2019

What are the risks associated with mobile device apps?

Applications (apps) on your smartphone or other mobile devices can be convenient tools to access the news, get directions, pick up a ride share, or play games. But these tools can also put your privacy at risk. When you download an app, it may ask for permission to access personal information—such as email contacts, calendar inputs, call logs, and location data—from your device. Apps may gather this information for legitimate purposes—for example, a ride-share app will need your location data in order to pick you up. However, you should be aware that app developers will have access to this information and may share it with third parties, such as companies who develop targeted ads based on your location and interests.

How can you avoid malicious apps and limit the information apps collect about you?

Before installing an app

  • Avoid potentially harmful apps (PHAs) – Reduce the risk of downloading PHAs by limiting your download sources to official app stores, such as your device’s manufacturer or operating system app store. Do not download from unknown sources or install untrusted enterprise certificates. Additionally—because malicious apps have been known to slip through the security of even reputable app stores—always read the reviews and research the developer before downloading and installing an app.
  • Be savvy with your apps – Before downloading an app, make sure you understand what information the app will access. Read the permissions the app is requesting and determine whether the data it is asking to access is related to the purpose of the app. Read the app’s privacy policy to see if, or how, your data will be shared. Consider foregoing the app if the policy is vague regarding with whom it shares your data or if the permissions request seems excessive.

On already installed apps

  • Review app permissions – Review the permissions each app has. Ensure your installed apps only have access to the information they need, and remove unnecessary permissions from each app. Consider removing apps with excessive permissions. Pay special attention to apps that have access to your contact list, camera, storage, location, and microphone.
  • Limit location permissions – Some apps have access to the mobile device’s location services and thus have access to the user’s approximate physical location. For apps that require access to location data to function, consider limiting this access to when the app is in use only.
  • Keep app software up to date – Apps with out-of-date software may be at risk of exploitation of known vulnerabilities. Protect your mobile device from malware by installing app updates as they are released.
  • Delete apps you do not need – To avoid unnecessary data collection, uninstall apps you no longer use.
  • Be cautious with signing into apps with social network accounts – Some apps are integrated with social network sites—in these cases, the app can collect information from your social network account and vice versa. Ensure you are comfortable with this type of information sharing before you sign into an app via your social network account. Alternatively, use your email address and a unique password to sign in.

What additional steps can you take to secure data on your mobile devices?

  • Limit activities on public Wi-Fi networks – Public Wi-Fi networks at places such as airports and coffee shops present an opportunity for attackers to intercept sensitive information. When using a public or unsecured wireless connection, avoid using apps and websites that require personal information, e.g., a username and password. Additionally, turn off the Bluetooth setting on your devices when not in use. (See Cybersecurity for Electronic Devices.)
  • Be cautious when charging – Avoid connecting your smartphone to any computer or charging station that you do not control, such as a charging station at an airport terminal or a shared computer at a library. Connecting a mobile device to a computer using a USB cable can allow software running on that computer to interact with the phone in ways you may not anticipate. For example, a malicious computer could gain access to your sensitive data or install new software. (See Holiday Traveling with Personal Internet-Enabled Devices.)
  • Protect your device from theft – Having physical access to a device makes it easier for an attacker to extract or corrupt information. Do not leave your device unattended in public or in easily accessible areas. (See Protecting Portable Devices: Physical Security.)
  • Protect your data if your device is stolen – Ensure your device requires a password or biometric identifier to access it, so if is stolen, thieves will have limited access to its data. (See Choosing and Protecting Passwords.) If your device is stolen, immediately contact your service provider to protect your data. (See the Federal Communications Commission’s Consumer Guide: Protect Your Smart Device.)

References

Author: CISA

This product is provided subject to this Notification and this Privacy & Use policy.

Special Webcast: Leading Change for CISOs – July 3, 2019 10:30am US/Eastern

This post was originally published on this site

Speakers: Lance Spitzner

Board members, executives, and CISOs around the world are all realizing the same thing Cybersecurity is no longer just an IT problem, but an organizational problem. The challenge has become how can CISOs got beyond technology embed security at an organizational level. The concept is called Change Management, and other fields have been leveraging it decades. Its time to apply lessons from Change Management leaders such as John Kotter, Simon Sinek or Chip and Dan Heath.

Learn how to become a far more effective CISO as create change and embed security at an organizational level. Key things you will learn include

– What is culture, Change Management and how it impacts security

– Learn the 8 proven steps to organizational change.

– Leveraging accelerators at an organizational level.

– Learn why emotion often trumps numbers / statistics, and how to leverage that to your advantage.

Special Webcast: Effective Threat Hunting – July 3, 2019 3:30pm US/Eastern

This post was originally published on this site

Speakers: Chris Dale

Prevention is not everything, and without detection, we’re sitting ducks. In this talk, Chris Dale will present on the concept of Threat Hunting and introduce good and effective threat hunting techniques for your security teams. How can we detect the bad guys, even the more notorious and advanced threats; with the goal to kick them out before they can secure their objectives? There will always be a way for a threat actor to find a way inside your network, whether it be criminals after monetization, Advanced Persistent Threats or inside threats. What are effective ways of finding them before damage is done?

Special Webcast: Adversaries have goals too! – July 1, 2019 2:00pm US/Eastern

This post was originally published on this site

Speakers: Maxim Deweerdt

Adversaries only have to find one flaw in our defense in order to get in. And they do – consistently. Even with our modern tools, skilled personnel and higher levels of security awareness, we fail to timely detect that our environments have been breached. Time for a new mindset: our adversaries have goals in mind when they breach our environment. What if our detection mechanisms would be focusing on those goals? During this webcast, Maxim will offer a sneak peek into the actionable mindset that SEC511: Continuous Monitoring and Security Operations teaches.

Special Webcast: Next-Gen Vulnerability Management: Clarity, Consistency, and Cloud – June 28, 2019 3:30pm US/Eastern

This post was originally published on this site

Speakers: David Hazar

Effective vulnerability management (VM) requires more than just identifying and reporting on vulnerabilities. In order to succeed, programs need to provide clear, actionable, concise findings in a format that is familiar to those who will be acting on this information. Findings must also be integrated into existing business processes and include the proper context to streamline processes related to VM. Both VM and VM-related processes must be well-defined, proactive, and consistent. Finally, organizations need to understand what changes may be needed to deal with public, hybrid, and private cloud services along with new operational paradigms (e.g. DevOps), and how these new services and operational processes can help organizations improve vulnerability management.

In this webcast, we will examine common anti-patterns for effective vulnerability management and discuss new opportunities and strategies for overcoming these problems.

This webcast is based on the new SANS class, MGT516: Managing Security Vulnerabilities: Enterprise and Cloud. The primary goal of this course is to equip those responsible for managing the infrastructure and application vulnerabilities with strategies and solutions that overcome the challenges and stumbling blocks they may encounter. By understanding the problem and potential solutions, participants will be better prepared to meet this challenge and determine what might work for their organization.

Special Webcast: Hitting the Silent Alarm on Banking Trojans – June 27, 2019 10:30am US/Eastern

This post was originally published on this site

Speakers: Jake Williams, Rohan Viegas, Tamas Boczan

Banking Trojans are a complex, expensive type of malware with a wide range of features. Unlike common infostealers – which are sold to anyone for a few dollars – Banking Trojans are purchased by fewer, more professional threat actors. Some of these malware families have eventful histories spanning a decade, involving constant code changes, and occasionally arrests and leaks.

Banking Trojans focus on stealing customer banking information but can often do much more. Threat actors pay a premium for this capability. They contain a far more extensive set of features than run-of-the-mill malware, usually packaged as a complex, modular framework. Modules of the malware can implement lateral movement, all types of credential stealing possible, botnet features, backdoors, cryptomining or deploying secondary payloads such as ransomware.

In this SANS Webcast, VMRay Sr. Threat Analyst Tamas Boczan, Product Manager Rohan Viegas and SANS Analyst Jake Williams will answer:

  • What are the most common banking Trojans in the wild?
  • Which techniques do they use?
  • How can security professionals improve their detections?

Special Webcast: Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks – June 27, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Michael Correa

Critical infrastructure organizations are increasingly becoming targets of malware campaigns. This rising tide of cyberthreats, coupled with the increased exposure of OT networks to the Internet is making ICS network protection a strategically important issue. To stay cyber resilient in todays environment, asset owners need a fresh approach to cybersecurity.

During this webinar, we will discuss an anonymized investigation conducted by our team to identify a real malware infection on a production network, the tools and techniques used to contain this threat and how to use threat intelligence and visibility to stay ahead of cyber adversaries.

We will focus on improving security strategy in four key areas, in the context of the SANS Top 20 CIS Controls:

  • Asset visibility and network baselining
  • Continuous network monitoring
  • Threat intelligence ingestion
  • Thorough incident response plans

Special Webcast: Gaining Complete Visibility of Your Environment with Attack Surface Monitoring – June 26, 2019 10:30am US/Eastern

This post was originally published on this site

Speakers: Jon Hart and Tori Sitcawich

Join Rapid7 and SANS for an in-depth look into Attack Surface Monitoring with Rapid7s Project Sonar research and industry reports. Learn how data from these sources can be leveraged in Rapid7s industry-leading vulnerability management solution, InsightVM, to provide complete visibility into your environment.

During this webinar, youll learn about:

● The importance of having complete visibility of both your organizations known and unknown assets

● Rapid7s unique research project, Project Sonar, that regularly catalogs the public internet

● Industry reports released by Rapid7 based on data from Project Sonar, among other sources

● How data from Project Sonar can be leveraged within Rapid7s industry-leading vulnerability management tool, InsightVM

Special Webcast: Practical Approach to Vendor Risk Management & Data Privacy – June 26, 2019 3:30pm US/Eastern

This post was originally published on this site

Speakers: Norman Levine

This webcast will provide an overview of what elements are required to implement and deliver a successful Vendor Risk and Data Privacy agreement. It will cover company culture, how to prepare a checklist for an agreement and the essential IT elements within the agreement itself. Required policies and 3rd party certifications will be discussed along with key elements of focus. Included within the presentation will be a discussion on data privacy and what is necessary to potentially avoid costly fines. Key topics include the following:

  • The cultural affects Dont change the culture but work within it
  • IT Checklist With what data are you dealing and understanding what is required
  • Data Security Addendum What are the essential requirements you need to know
  • Managing data privacy To what standard should you ascribe and why
  • Reviewing the Information Security Program and other policies within a company
  • 3rd Party Certifications Continuous Monitoring The importance and why
  • Summary Putting it all together

Special Webcast: Malicious Bots: How they became #1 New Threat and How to Stop Them – June 26, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Arif Husain

Representing roughly 1/3rd of all web traffic, malicious bots have quietly become the #1 threat to your public facing applications and the business assets behind them. Using stolen credentials, attack toolkits and infrastructure from the dark web, bad actors programmatically target your web, mobile and API-based applications with fake account creation, account takeovers, loyalty program fraud, gift card theft and content scraping.

Join us as we dive into specific use cases so you can see firsthand how bad actors execute these attacks. Well then provide a hands-on demonstration showing how Cequence Securitys award-winning platform can discover, detect, and defend against attacks to keep you safe from fraud, financial loss, and competitive deceit.