Avast blog: Cryptojacking is back in the news – and it’s increasing

In my latest blog for Avast, I discuss the current state of affairs regarding cryptojacking — malware which takes root on your computers and generates crypto currency “mining” and creation. How it is detected and prevented. It has lots of current appeal to criminals because it continues to provide low risks for the rewards and profits generated: typically, the profit margin is about two percent of the computing costs for the resulting coins mined.

CSOonline: Secure web browsers for the enterprise compared

The web browser has long been the security sinkhole of enterprise infrastructure. While email is often cited as the most common entry point, malware often enters via the browser and is more difficult to prevent. Phishing, drive-by attacks, ransomware, SQL injections, man-in-the-middle, and other exploits all take advantage of the browser’s creaky user interface and huge attack surface, and the gullibility of most end users.

Enter the secure browser, which is available in a variety of configurations (as shown above) that can help IT managers get a better handle on stopping attackers from getting a foothold inside our networks.

I looked at four browsers in a variety of configurations in my latest review for CSOonline:

Avast blog: Beware of SEO poisoning

Holy SEO Poisoning Attack Example: SolarMarker Malware - Blog | Menlo  Security

Getting infected with malware isn’t just clicking on an errant file, but it usually occurs because an entire ecosystem is created by attackers to fool you into actually doing the click. This is the very technique behind something called SEO poisoning, in which seemingly innocent searches can tempt you with malware-infested links. The malware chain begins by an attacker generating loads of fake web content that are intended to “borrow” or piggyback on the reputation of a legitimate website. The fakes contain the malware and manage to get search results to appear higher on internet search engines. In this post for Avast’s blog, I describe the practice and offer some tips on how to steer clear of this problem.

These two political opposites can agree on these five things

By David Strom and David Strom  

No you are not seeing double: we are two different people. Democrat David Strom and Republican David Strom. 

Having a well-worn internet presence means that after some time, you get to meet some of your namesakes. Since both of us are authors (Minneapolis David is a Republican who writes on conservative political topics. And as you know me — St. Louis David — as a Democrat who writes about business technology), we thought we would jointly pen a blog post about things that we can both agree on — and where we diverge as well — for our respective audiences. We found these five broad topics.

1) A path towards legal immigration

We both agree that our immigration laws should be updated to allow for a legal path towards citizenship for those who come to our country. That leaves plenty of daylight between us in terms of how this will be implemented, but both of us aren’t happy with the current situation. 

Minneapolis David: It’s not just a truism that immigrants built this country–they continue to make enormous contributions to America. But you can have too much of a good thing, and as we have seen open borders have created a crisis that is splitting this country apart. It’s time to get control of our border and a consensus on the number of immigrants the country can import without causing social distress. 

St. Louis David: I was surprised when I learned how few countries offer birthright citizenship. We need some consistent policy among the various government branches and across federal, state and local authorities. Wishful thinking, I know.

2) Respect for the rule of law and individual decency

BOTH DAVIDS: Calling for the overthrow of our government by anyone shouldn’t be tolerated. The same holds for threatening law enforcement members, or members of Congress, or really anyone for that matter. We should tolerate people of different points of view — one of the reasons why we are jointly writing this blog post. (Democrat David is married to a conservative Republican, BTW.) And by tolerate we mean being able to disagree without the threat of any violence on that person.

Talk of a civil war–and the increasing number of violent incidents related to political disagreements–make solving real problems nearly impossible. Distrust begets distrust. Neither of us have any idea how to solve the problem, but we need to get a handle on it. Political leaders need to take the first step to calm down the rhetoric. 

3) Understanding the role played by the First Amendment and freedom of speech

Until this year, this amendment only applied to government entities. Now we have two court rulings in Texas and Florida that have different interpretations when it comes to the role of social media and how freedom of speech protections should apply. We both deplore and avoid hate speech.

St. Louis David: Regardless of how these cases play out, all of us should be allowed to say what we want, as long as we aren’t promoting violence on a particular group.  

Minneapolis David: Maybe I read John Stuart Mill at an impressionable age, but I have long believed that the more you suppress ideas, the more disastrous the outcome. Let people speak. Some people will say things that are wrong, stupid, or just different from what you think is responsible. A lot of people will think the same of you. Deal with it. 

4) Importance of science research and respect for the scientific method

St. Louis David: This should be easy. Those people who want to “do their own research” or criticize our scientists for explaining a particular result should fully understand the scientific method of testing hypotheses and running double-blind experiments. Part of respecting scientific research is believing that innovation is a key element of this activity, and accepting the role played by innovation in our society. We may differ on how our governments implement these results, however. Neil DeGrasse Tyson offers some sound advice in his latest book: “Do whatever it takes to avoid fooling yourself into believing that something is true when it is false,  or that something is false when it is true.

Minneapolis David: I agree with St Louis David, with a big “but.” I think that scientists have played a big role in the loss of trust in science. Science is about discovery. Its results are better or worse hypotheses. The goal is truth, but we can only approximate the truth asymptotically (look it up!). Scientists need to project more humility, or their mistakes will only undermine confidence. Example: nutrition science, where it seems like they get it wrong all the time, but with great confidence. 

5) Respect for life 

Both of us agree that we should respect life, which we hinted at above. But we realize that we all might have different definitions of what constitutes the precise moment when we think it begins or ends. Polling shows that there is ample room for reasonable compromises. 

St. Louis David: I believe that our government should allow women to choose, and not make their choices a criminal act. 

Minneapolis David: I consider myself “pro-life” in the sense that you know it. I also understand that there are legitimate differences about how we can best determine when life begins. We need to get beyond shouting at each other and have serious discussions, not shouting matches. 

One final note on something we can also agree on: both of us are Mac/iPhone users, and both of us have re-invested in Apple products this past year. 

Nicki’s Central West End blog: Coding camps in the neighborhood

I live in an area of St. Louis called the Central West End, and we are fortunate to have not one but two world-class computer coding training facilities located here: Launchcode and Claim Academy. Both have been in operation for several years and have trained numerous programming professionals through some innovative instruction techniques and by focusing on non-traditional sources for their students. By non-traditional, I mean classes designed for people that have little or no formal programming experience and who want to make a mid-course career correction. In this post for a local blog, I describe their programs, their cost, and their advantages in training newbie programmers.

If you are interested in a programming career, you might want to first read a blog post that I wrote many years ago on how to pick the right online class for Computerworld. I cover things such as knowing what type of learner you are (visual, auditory, etc), figuring out if you have the necessary bandwidth to devote to the classes, thinking about what other support you will need besides the lectures, and understanding what learning programming skills really means.

Avast blog: Your out-of-date medical device could be leaving you vulnerable

Roughly a third of all connected devices have insecure defaults, such as no or weak password protection or poor software design, that make them ripe for exploits.

Last week, the FBI’s Internet Crime Complaint Center issued a public warning claiming that they have “identified an increasing number of vulnerabilities posed by unpatched medical devices.” They stated that these devices, such as insulin pumps and pacemakers, are running outdated firmware. They also lack adequate security features, meaning that hackers could change device settings and create dangerous conditions for the patients who literally depend on them. All of this isn’t a new problem, but the FBI’s notice is a good reminder of how law enforcement might focus its attention in this area. There is more to this story, read my blog post for Avast here.

Avast blog: How Uber was hacked — again

Last week, an 18-year old hacker used social engineering techniques to compromise Uber’s network. He compromised an employee’s Slack login and then used it to send a message to Uber employees announcing that it had suffered a data breach. Uber confirmed the attack on Twitter within hours, issuing more details on this page.

CSO went into details about how the attack happened.

The company claims no user data was at risk, they have notified law enforcement, and all of their services have been restored to operational status. In this post for Avast, I explain what happened and suggest a few lessons to be learned from the experience on how to prevent a similar attack from happening to your business.

CSOonline: CNAPP buyer’s guide

Cloud security continues to be a vexing situation, and the tool set continues to become more complex, riddled with acronyms. Enter the Cloud Native Application Protection Platform or CNAPP. IT managers are looking for a few basic elements from these products, including more accurate threat detection, support for all workloads across multiple cloud deployments, and ways to implement preventable controls.

cso cnapp vendors tableEven still, that is a lot of software to manage, integrate, and understand. However, almost none of the products that claim to be CNAPP have a full set of features that incorporate all four of these categories. In this post for CSOonline, I explain the landscape and show you how to navigate amongst the contenders.

Avast blog: The latest privacy legal environment is getting interesting

California’s privacy laws have now been in effect for more than two years, and we are beginning to see the consequences. Earlier this month, the California Attorney General’s office released the situations where various businesses were cited and in some cases fined for violations. It is an interesting report, notable for both its depth and breadth of cases.

The CalAG is casting a wide net and in my blog for Avast I discuss what happened there and how the  privacy legal situation is evolving elsewhere. I also offer some words of advice to keep your business from getting caught up in any potential legal action.

Avast blog: The rise of ransomware and what can be done about it

new report by John Sakellariadis for the Atlantic Council takes a deeper dive into the rise of ransomware over the past decade and is worth reading by managers looking to understand this marketplace. In my latest blog for Avast, I explore the reasons for ransomware’s rise over the past decade — such as more targeted attacks, inept crypto management, and failed federal policies — as well as measures necessary to start investing in a more secure future.