Anti-Ransomware Advice

Here is a really good list of steps to help keep you safe from Ransomeware. The article is long, but stick with it and read all the headings – there are some good ideas you can easily implement. There are also some suggestions that are hard to stomach, but knowledge is power.

The Anti-Ransomware Protection Plan You Need to Follow Today

Personally, I use Time Capsule (network backup solution) for my Mac and it is a bummer to think that Ransomeware could find this network device and encrypt my backups too. I’ve taken to making a monthly snapshot on a USB drive for worst case recovery.

FDIC disabling removable storage

The US FDIC has recently come under fire for a series of insider data leakages. Getting hacked by your own employees is the elephant in the room for every organization. We harden our organizations from outside attacks, but insiders need efficient access to data in order to do their jobs.

FDIC to Enhance Cyber Security after Insider Attacks

One of the big changes happening at FDIC is disabling removable storage like USB keys and drives. I’ll be curious to see how this works from both an efficiency and effectiveness standpoint.

In most of my dealings (with smaller companies), the thought of clamping down on removable media is impractical.  Anyone who has millennials in their workforce know that restrictive technology policies are anathema to these energetic workers. Check out this excerpt from Fortune magazine.

The companies that top Great Place to Work’s first-ever ranking of the 100 Best Workplaces for Millennials stand out for their ability to engage this generation, recognize their talents and give them a significant role where they can make a difference. At these companies, pay, profit sharing, and promotion decisions are executed fairly; everyone gets a shot at special recognition; and workers have a say in decisions that affect them. These workplaces exhibit strong, open, two-way communication; a high tolerance for risk-taking; high levels of cooperation and support among employees; and reduced roadblocks to innovation, such as internal politics.

The best solutions I’ve found for insider threats are training and strong corporate culture. Make sure your employees know the policies and that your culture promotes the benefits of protecting all that information they are entrusted to access.  Protecting your organization from insider leaks with technology is super difficult — and it won’t prevent a determined insider from getting data out.

Most Exploited Bugs

A new major study conducted by Hewlett Packard Enterprise has some really good information. Get your copy here:

My favorite finding from ReversingLabs is that the most exploited bug in 2015 was the same as in 2014 — it was discovered in 2011 and patched in 2012 and again in 2015. CVE-2010-2568 is an old Windows shell bug with .pif files.  Patch this now!

Not sure exactly what it says about ReversingLabs’ clients that they have all this data and yet can’t deploy this patch.


Father of Bitcoin?

Australian Chris Wright has claimed to be Satoshi Nakamoto — the creator of Bitcoin. If true, this puts an end to one of the biggest cyber mysteries of the 21st century.

The Bitcoin faithful will spend the next year on conspiracy theories, but I’m guessing the Economist and BBC did their homework before publishing.

If Chris Wright is Satoshi, then I’d love to hear his take on Bitcoin being the payment method of choice for illegal activity like ransomeware and money laundering.

UPDATE May 24, 2016: The hoax is on.  Or is it?  Check out how Wright is keeping the story alive.  Lots of room for belief and disbelief.

How Craig Wright Privately ‘Proved’ He Created Bitcoin