Bitdefender’s BOX: All-in-one Cybersecurity from one App

Gee, if your home is connected to lots of different devices, doesn’t it make sense that your cybersecurity integrates all your connected devices? Meet the Bitdefender BOX, a network bulletproofing hardware cybersecurity tool for the home that embraces smart home protection focusing on the Internet of Things with remote device management offering next generation privacy protection.

boxBOX description:

  • One complete security solution for connected homes
  • Sets up to a router
  • Is controlled by the user’s mobile device and hence, can be controlled anywhere
  • Everything is protected: not just your computer, but all of your connected devices, like your baby monitor, TV, thermostat, garage door opener and house alarm system. You name it; it’s protected from hackers.
  • BOX works with an annual subscription much like most cyber security “security as a service” technologies.

Features:

  • Easy Setup. Just plug and play.
  • Advanced Threat Protection. In and outside your home network. You’re safe on the go as well!
  • Management and Control. All available in one app, at your fingertips, anywhere you are.

So, protection from hackers means that you can have peace of mind knowing that BOX is warding off attempts at ID theft, fraudulent activities, cyber snooping and other threats.

All you need to do is connect BOX to your router via one of its ethernet ports. Then get the BOX application going. Its user friendly and you just follow its easy instruction: all of a few minutes’ worth. BOX then goes to work to intercept cyber threats at the network level. And all from just one app.

So yes, you need a smartphone (Android or iOS) to take advantage of BOX. If you’ve been on the fence about getting a mobile device, move out of your cave, junk your Pinto, cut your mullet, and get the BOX.

Think of how great it would be to be alerted of network events through this does-it-all application that you can control no matter where you’re located. This means you can control all of your connected devices.

One of BOX’s features is the Private Line. This protects your Internet browsing experience, including making you anonymous. Other features:

  • Protection against hacking attempts including lures to malicious sites.
  • Protection against viruses, malware including downloads, phishing, etc.
  • Protection against anyone wanting to pry open your files and see what’s in them or steal them.
  • Protection occurs even when you’re using public Wi-Fi, such as at a hotel, airport or coffee house!

Who needs BOX?

Everyone who has connected devices at home and uses the Internet. This is like asking, who needs a lock on their home’s door? Anyone who lives in a home.

Think about a home and home security as an example. If you’re going to have a lock, it should be a good lock, right? But the lock is only effective if you actually lock it. You also need to lock up your windows and consider a home security system. These are all “layers of protection. Well, the BOX is multiple layers of protection for protecting your online experience as well as computer files.

BOX is designed for non-techy users, so if you’re one of those people who is “not good with computers,” you’ll still find BOX’s setup and navigation quite friendly. It also helps set up password-protected Wi-Fi network does for you and you can even let guests use a secured Wi-Fi network. This post is brought to you by Bitdefender BOX.

Sales Staff Targeted by Cyber Criminals

Companies that cut corners by giving cybersecurity training only to their technical staff and the “big wigs” are throwing out the welcome mat to hackers. Cyber criminals know that the ripe fruit to pick is a company’s sales staff. Often, the sales personnel are clueless about the No. 1 way that hackers “get in”: the phishing e-mail. Salespeople are also vulnerable to falling for other lures generated by master hackers.

11DIn a recent study, Intel Security urges businesses to train non-technical (including sales) employees. Sales personnel are at highest risk of making that wrong click because they have such frequent contact in cyberspace with non-employees of their company.

Next in line for the riskiest positions are call center and customer service personnel. People tend to think that the company’s executives are at greatest risk, but look no further than sales, call center and customer service departments as the employees who are most prone to social engineering.

It’s not unheard of for businesses to overlook the training of sales employees and other non-technical staff in cybersecurity. Saving costs explains this in some cases, but so does the myth that non-technical employees don’t need much cybersecurity training.

Intel Security’s report says that the most common methods of hackers is the browser attack, stealth attack, SSL attack, network abuse and evasive technologies.

In particular, the stealth attack is a beast. Intel Security has uncovered 387 new such threats per minute. IT teams have their work cut out for them, struggling to keep pace with these minute-by-minute evolving threats. This doesn’t make it any easier to train non-technical staff in cybersecurity, but it makes it all the more crucial.

Training non-technical staff, particularly those who have frequent online correspondence and have the gift of cyber gab, is the meat and potatoes of company security.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention

Very Bad People for hire online

The Deep Web is not a nice place. Here, people can hire assassins, take ransomware payments, purchase U.S. citizenship without revealing their identity, among other things, says an article on darkreading.com.

6DThis information comes from Trend Micro, which used a tool called the “Deep Web analyzer,” something of a web crawler, that collected URLS that were linked to TOR- and I2P-hidden sites, domains with nonstandard TLDs and Freenet resource identifiers, says darkreading.com.

The Deep Web is that portion of cyberspace that’s not indexed by the search engines. The Dark Web is part of the bigger Deep Web, accessible only via special tools.

A Dark Web user could literally hire a rapist or assassin. In fact, assassins even advertise, such as the group C’thulhu. Pay them their fee and they’ll maim, cripple, bomb and kill for you.

$3,000 will get you a “simple beating” to a “low-rank” target. $300,000 pays for the killing of a high-ranking political figure, staged to look like an accident.

Users can also hire (and do so much more commonly than the above) cybercriminals and child exploitation services.

The article points to additional research of the Deep Web, that cybercrooks use anonymization tools in creative ways. In fact, they are using TOR for the hosting of their command-and-control infrastructure. TorrentLocker is a type of malware, and it uses TOR to accept Bitcoin payments and host payment sites.

In other words, cybercriminals are using the Deep Web/Dark Web more and more commonly these days. TOR is being used for cybercriminals to receive payments for their hacking services.

But that’s not the biggest problem of the deep, dark Web, is it? As mentioned, it can be used to hire someone to murder. Just what will all of this eventually evolve into in the next 10 years?

Robert Siciliano personal and home security specialist to BestHomeSecurityCompanys.com discussing burglar proofing your home on Fox Boston. Disclosures.

A look into Cyber Weapons of the Future

Remember the good ‘ol days when you thought of a finger pushing a button that launched a Russian missile that then sped at seven miles per second towards the U.S. to blow it up?

http://www.dreamstime.com/stock-images-online-risks-sign-road-banner-image34668294Little did we know back then what would one day be a way for the Superpowers to war on each other: cyber technology!

A new book is out called Ghost Fleet: A Novel of the Next World War, written by Peter W. Singer and August Cole. WWIII certainly won’t be wrought with speeding missiles and hand-to-hand combat in the trenches—at least not the bulk of it.

An article on vice.com notes that the Third World War will take place in cyberspace (in addition to land, sea and air).

Vice.com contacted Singer about his novel. One of the villains is China, even though much of the attention has been on the Middle East and so-called terrorist attacks by radical Muslims.

To write the novel, the authors met with a wide assortment of people who, if WWIII were to come about, would likely be involved. This includes Chinese generals, anonymous hackers and fighter pilots. This gives the story authenticity, realism…a foreshadowing.

Singer explains that his novel is so realistic that it’s already influencing Pentagon officials in their tactics.

The Third World War will probably not require so much the ability to do pull-ups, slither under barbed wire and rappel down buildings, but the mastering of cyberspace and outer space: It’s likely that the winner of this war will be king beyond land, sea and air: lord over the digital world and the blackness beyond our planet’s atmosphere.

Projected Weapons of WWIII

  • A kite-shaped Chinese drone, massive enough to take out stealth planes and ships
  • Drones that, from high altitude, could get an instant genetic readout of an individual
  • Smart rings that replace computer mouses
  • Brain-machine interfaces. This already exists in the form of paralyzed people using their thoughts (hooked up to a computer) to move a limb (their own or robotic). This technology has applications in torturing the enemy.

That old saying, “What the mind can conceive and believe, can be achieved,” seems to be becoming more truer by the second. Imagine being able to wipe out the enemy by plugging your thoughts into a computer and imagining them having heart attacks.

Robert Siciliano is an identity theft expert to TheBestCompanys.com discussing  identity theft prevention.

3 Ways We are Tricked into Cyber Attacks

So just how are hackers able to penetrate all these huge businesses? Look no further than employee behavior—not an inside job, but innocent employees being tricked by the hacker.

9Drecent survey commissioned by Intel Security reveals that five of the top seven reasons that a company gets hacked are due to employee actions.

One of the things that make it easy to trick employees into giving up critical information is the information employees share on social media about their company.

People just freely post things and tweet all day long about company matters or other details that can be used by a hacker to compromise the company. What seems like innocuous information, such as referring to a company big wig by their nickname, could lead to social engineering (tricking users into believing the request is legitimate so the user gives up sensitive information).

Between social media and the golden nuggets of information on Facebook, Twitter, LinkedIn and other platforms, hackers have a goldmine right under their nose—and they know it.

3 Key Pathways to Getting Hacked

  1. Ignorance. This word has negative connotations, but the truth is, most employees are just plain ignorant of cybersecurity 101. The survey mentioned above revealed that 38% of IT professionals name this as a big problem.
    1. Do not click on links inside emails, regardless of the sender.
    2. Never open an attachment or download files from senders you don’t know or only know a little.
    3. Never visit a website on the job that you’d never visit in public. These sites are often riddled with malware.
  2. Gullibility. This is an extension of the first pathway. The more gullible, naive person is more apt to click on a link inside an email or do other risky tings that compromise their company’s security.
    1. It’s called phishing(sending a trick email, designed to lure the unsuspecting recipient into visiting a malicious website or opening a malicious attachment. Even executives in high places could be fooled as phishing masters are truly masters at their craft.
    2. Phishing is one of the hacker’s preferred tools, since the trick is directed towards humans, not computers.
    3. To  check if a link is going to a phishing site, hover your cursor over the link to see its actual destination. Keep in mind that hackers can still make a link look like a legitimate destination, so watch our for misspellings and bad grammar.
  3. Oversharing. Malicious links are like pollen—they get transported all over the place by the winds of social media. Not only can a malicious link be shared without the sharer knowing it’s a bad seed, but hackers themselves have a blast spreading their nasty goods—and one way of doing this is to pose as someone else.
    1. Be leery of social media posts from your “friends” that don’t seem like things they would normally post about. It could be a hacker who is using your friend’s profile to spread malware. Really think…is it like your prude sister-in-law to send you a link to the latest gossip on a sex scandal?
    2. Don’t friend people online that you don’t know in real life. Hackers often create fake profiles to friend you and then use their network of “friends” to spread their dirty wares.
    3. Take care about what you post online. Even if your privacy settings are set to high, you should think that when you post on the Internet, it’s like writing in permanent ink—it’s forever. Because did we all really need to know that time you saw Kanye from afar?

All of us must be coached and trained to keep ourselves and our workplaces safe, and that starts with practicing good cyber hygiene both at home and at work.

Robert Siciliano is an Online Safety Expert to Intel Security. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! Disclosures.

Cross-Site Scripting Criminal Hacks

Secure computing requires an ongoing process, as you learn about risks and then implement processes and technology to protect yourself. Without a concerted effort to defend your data, you will almost certainly by victimized by some type of cyber-invasion.

JavaScript is everywhere, making the Internet pretty and most websites user friendly. Unfortunately, hackers have learned to manipulate this ubiquitous technology for personal gain. Java can be used to launch a cross-site scripting attack, which leverages a vulnerability often found in applications that incorporate Java. The vulnerability allows hackers to insert code into a website you frequent, which will infect your browser and then your PC.

Following links without knowing what they point to, using interacting forms on an untrustworthy site, or viewing online discussion groups or other pages where users may post text containing HTML tags can put your browser at risk.

Facebook, one of the most popular websites, is a likely place for JavaScript hacks, due to cross-site scripting vulnerabilities and the overall lack of security of Facebook users. This allows hackers to read a victim’s private Facebook messages, to access private pictures, to send messages to the victim’s contacts on his or her behalf, to add new (and potentially dangerous) Facebook applications, and to steal the victim’s contacts.

Beware of going down the rabbit hole when browsing the Internet. Once you start clicking link after link, you may find yourself on an infected site. And look out for scams such as contests that require you to paste code into Facebook, your blog, or any other site.

To protect yourself from cross-site scripting attacks, update your browser to the most recent version, with the most current security settings.

McAfee offers a free tool, SiteAdvisor, which helps detect malicious sites. In Firefox, you can install NoScript, a plug-in that lets you control when to enable JavaScript. NoScript also includes a list of good and bad sites. In Chrome, you can disable JavaScript in preferences, and in Internet Explorer, you can fiddle with the settings and adjust “Internet Zones,” but the default settings are best for most people. In Adobe Reader, JavaScript can be disabled all together, under “Edit” and then “Preferences.”

That being said, after messing with default browser or program settings, the reduced functionality may impede your ability to do anything online. The trick is to have the most updated security software and to avoid social engineering scams that ask you to click links or copy code.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses scammers and thieves on The Big Idea with Donnie Deutsch. (Disclosures)