fbpx

The dark web is full of dangerous stuff, but how does it affect your security directly?

The dark web is a mysterious place with a crazy reputation. Contrary to belief, finding the dark web isn't difficult. However, learning how to navigate it safely can be, especially if you don't know what you're doing or what to expect.

Hackers and scammers use the anonymity the dark web gives them to launch attacks on a wide range of targets, including consumers and businesses.

MakeUseOf spoke to Echosec Systems James Villeneuve about dark web threats, intelligence gathering, and security planning.

How Do Dark Web Threats Affect Corporate Security Planning?

The dark web is an ever-present backdrop for security planning. Just as cybersecurity firms do not underestimate the power of the dark web—that is, the users, forums, and organizations lurking there—corporate security planning is increasingly weighing those threats into their security planning.

James Villeneuve says:

Corporate security teams can no longer turn a blind eye to the growing threat landscape across the deep web and the dark web. With large corporations likely to experience, on average, one crisis per year, security planning has to identify where these crises are originating from online and begin developing a more proactive approach to monitoring.

Can Security Teams Actively Search the Dark Web for Threats?

One of the biggest draws of the dark web is privacy and anonymity. First, you can only access the dark web using specialized software, such as the Tor Browser. This software comes equipped with the special routing and privacy add-ons required to access the Tor network.

The structure of the dark web is meant to keep the sites, services, and users anonymous. When you use Tor to access the darknet, your internet traffic moves through several anonymous nodes from your computer to the site you want to visit.

Furthermore, the dark web isn't indexed in the same way as the regular internet. Websites on the Tor network don't use the DNS system that the normal internet uses.

Scanning the dark web for threats, then, requires special tools. For example, Echosec Beacon is a specialized threat intelligence tool that scans darknet marketplaces for stolen credentials, leaked data, and illicit goods, detects data breaches, and can provide early warning and insight into conversations relating to specific organizations on dark web forums.

Villeneuve explains:

Monitoring the communities that are discussing, planning, and propagating these threats, organizations are beginning to value and prioritize more proactive security strategies. With the average cost of a data breach now equalling over $3.86 million (IBM, 2019), the ability to prevent such breaches can save an organization millions in damages.

Does the Dark Web Provide a False Sense of Security?

As the dark web carries a strong reputation for privacy, it is no surprise that attackers and criminal organizations gather there to plan and launch attacks. The idea of a hidden service operating on a highly secure anonymous network provides users with a strong sense of privacy and security.

However, this feeling can lead users to make mistakes in their personal security. Furthermore, that sense of privacy and security provides the platform for people to discuss and plan "a great deal of nefarious activity... illegal goods sales, money laundering, and human exploitation" all happen on the dark web.

When users feel more comfortable in their surroundings, discussing plans for a cyber attack or details of their employer, they might give away more information than they realize.

In terms of "regular" dark web users, who are perhaps simply visiting the dark web version of Facebook or the BBC News website, these privacy issues aren't of a similar concern. The examples provided involve users interacting with and posting on dark web forums.

Posting to these forums can create traceability, especially if the users' operational security is poor (such as using the same username on multiple sites, revealing personal information, etc.).

Can Users Do More to Protect Themselves on the Dark Web?

When asked about security experience and responsibility, James Villeneuve says:

Your IT team simply cannot be the only team with security training. Security awareness training is paramount for all employees, in large corporations as well as SMEs. Empowering your staff with this knowledge can allow them to identify and prevent social engineering, spear-phishing, and ransomware attacks.

Security extends into all areas of life. So many of our important services are online. Learning how to use them safely is becoming a necessity, in that learning how to spot and detect phishing emails goes a long way in securing your online accounts. You should also consider how to create and use strong passwords.

But in terms of the dark web, the basics remain the same, with some extra tweaks. For example, aimlessly browsing the dark web isn't a good idea. You might click a link that takes you somewhere you don't want to go, with dangerous content at the other end.

Secondly, the dark web isn't really made for browsing in the same way as the regular internet.

Finally, there are hoaxes everywhere on the dark web. You'll almost certainly encounter sites offering services that simply don't exist.

Is the Dark Web Illegal?

The dark web itself isn't illegal. The dark web is an overlay network, which is a network that runs on top of another network. So, the network itself is completely legal.

However, there is illegal content on the dark web, some of which could land you in prison for a very long time if caught accessing it.

Then there is the exposure to other dangerous content, such as the darknet marketplaces and so on. Browsing a darknet marketplace isn't itself illegal, but purchasing the illicit goods on there is very likely to be, depending on your locale.

The other consideration goes to local laws regarding encryption. In some countries, the use of strong encryption is illegal as it makes government snooping much harder. Which, of course, they don't like.

You cannot access the dark web without using some form of encryption. The Tor network has strong encryption at its core. Accessing the dark web in a country with anti-encryption laws could see you fall foul of the government, so it pays to check before accessing the dark web.

Stay Safe on the Dark Web

You can access and use the dark web securely, but businesses and other organizations should be aware of the threats that can lurk there. Unfortunately, many of these threats are unseen, which is where dark web monitoring tools such as the Echosec System Platform can make a difference.

 [Source: This article was published in makeuseof.com By Gavin Phillips - Uploaded by the Association Member: Grace Irwin]
Categorized in Deep Web

(Sponsored Content) When your system is connected to a network, you cannot always guarantee the integrity of the person at the far end of a network connection. If your system is connected to the Internet, ethics go out the window altogether. You have to assume that the person at the far end is a bad guy, then proceed from there. With this tip, we’ll outline an approach to this problem that may help you to focus on how to deal with the bad guys wherever they may be.

Internet bad guys generally fall into two categories, sneaks, and bullies. The bullies you can probably identify easiest, are the ones who go after your system with active attacks. They will try to break into your system, trying just about everything in the book. On our test IBM I server in the office recently, we had a bully come by who tried to log on using over 700 different user profiles in a period of five minutes. Each logon attempt was met by our SafeNet/i exit point software and tossed out right at the point of entry with a security warning message to our security officer for each try. The user profiles were all different and all “typical” of what you might expect to see in just about any shop in the country. When bullies come after you, they do it with brute force. They can try to spoof your system, guess your passwords, deny others from using your system by keeping it overly busy dealing with their break-in attempt, and much more.

The sneaks are a lot more passive. Sneaks will sit back and monitor network traffic to your system and try to uncover secret information that will then give them what they need to gain access to your system “normally.” Sneaks are very hard to identify and they have insidious tools at their disposal to get the information they want. This can even include Trojan horses that gather the information for them. Since sneaks are so hard to identify, you should plan your security strategy assuming that someone is always watching your system.

To guard your system against both sneaks and bullies, you need to think about how to layer your system defenses to guard against anything and anyone. If your system is connected to the Internet, you must assume that a sneak or a bully is going to attempt to gain access and plan accordingly. The best defense is always a good offense and you should consider the various layers of your system and have a plan to deal with intruders at every level. This layered approach will help you develop a good defense. The layers you should give consideration to including:

  • System security – including your system-level use of user-profiles and regularly rotated passwords. For most IBM I shops, this will be your last line of defense, so plan it well. Consider using longer passwords or passphrases that are now supported by the IBM I OS.
  • Network security – this commonly involves the implementation of a firewall between your network and the Internet but can also include services available from your ISP. On the IBM I there are also things that can be done at the IBM I OS server-level via exit programs that can address network security issues.
  • Application security – your applications should be designed to integrate with your security policies. Application software can easily be misused and abused and your applications should be designed with this in mind, especially those applications that are open to network and Internet users.
  • Transmission security – when you use an uncontrolled network like the Internet, your data will be open to anyone while it is in transit from one place to another. To protect your data, you need to consider encryption techniques and the use of Secure Sockets Layer (SSL) on your IBM I along with encryption. Encryption should be required for all 5250 terminal connections.

In your plan for network and Internet security, you need to have a plan for each of these layers of control in order to safeguard your system. And, even then, a bully or a sneak might still get past you, so watch out.

[Source: This article was published in itjungle.com By Rich Loeber - Uploaded by the Association Member: Juan Kyser]
Categorized in Internet Ethics

(Sponsored Content) When your system is connected to a network, you cannot always guarantee the integrity of the person at the far end of a network connection. If your system is connected to the Internet, ethics go out the window altogether. You have to assume that the person at the far end is a bad guy, then proceed from there. With this tip, we’ll outline an approach to this problem that may help you to focus in on how to deal with the bad guys wherever they may be.

Internet bad guys generally fall into two categories, sneaks and bullies. The bullies you can probably identify easiest, they are the ones who go after your system with active attacks. They will try to break into your system, trying just about everything in the book. On our test IBM i server in the office recently, we had a bully come by who tried to log on using over 700 different user profiles in a period of five minutes. Each logon attempt was met by our SafeNet/i exit point software and tossed out right at the point of entry with a security warning message to our security officer for each try. The user profiles were all different and all “typical” of what you might expect to see in just about any shop in the country. When bullies come after you, they do it with brute force. They can try to spoof your system, guess your passwords, deny others from using your system by keeping it overly busy dealing with their break-in attempt, and much more.

The sneaks are a lot more passive. Sneaks will sit back and monitor network traffic to your system and try to uncover secret information that will then give them what they need to gain access to your system “normally.” Sneaks are very hard to identify and the have insidious tools at their disposal to get the information they want. This can even include Trojan horses that gather the information for them. Since sneaks are so hard to identify, you should plan your security strategy assuming that someone is always watching your system.

To guard your system against both sneaks and bullies, you need to think about how to layer your system defenses to guard against anything and anyone. If your system is connected to the Internet, you must assume that a sneak or a bully is going to attempt to gain access and plan accordingly. The best defense is always a good offense and you should consider the various layers of your system and have a plan to deal with intruders at every level. This layered approach will help you develop a good defense. The layers you should give consideration to include:

  • System security – including your system level use of user profiles and regularly rotated passwords. For most IBM i shops, this will be your last line of defense, so plan it well. Consider using longer passwords or pass phases that are now supported by the IBM i OS.
  • Network security – this commonly involves implementation of a firewall between your network and the Internet but can also include services available from your ISP. On the IBM i there are also things that can be done at the IBM i OS server level via exit programs that can address network security issues.
  • Application security – your applications should be designed to integrate with your security policies. Application software can easily be misused and abused and your applications should be designed with this in mind, especially those applications that are open to network and Internet users.
  • Transmission security – when you use an uncontrolled network like the Internet, your data will be open to anyone while it is in transit from one place to another. To protect your data, you need to consider encryption techniques and the use of Secure Sockets Layer (SSL) on your IBM i along with encryption. Encryption should be required for all 5250 terminal connections.

In your plan for network and Internet security, you need to have a plan for each of these layers of control in order to safeguard your system. And, even then, a bully or a sneak might still get past you, so watch out.

[Source: This article was published in itjungle.com By Rich Loeber - Uploaded by the Association Member: Eric Beaudoin]

Categorized in Internet Privacy

Popular search engines and browsers do a great job at finding and browsing content on the web, but can do a better job at protecting your privacy while doing so.

With your data being the digital currency of our times, websites, advertisers, browsers, and search engines track your behavior on the web to deliver tailored advertising, improve their algorithms, or improve their services.

In this guide, we list the best search engines and browsers to protect your privacy while using the web.

Privacy-focused search engines

Below are the best privacy-focused search engines that do not track your searchers or display advertisements based on your cookies or interests.

DuckDuckGo

The first privacy-focused search engine, and probably the most recognizable, we spotlight is DuckDuckGo.

Founded in 2008, DuckDuckGo is popular among users who are concerned about privacy online, and the privacy-friendly search engine recently said it had seen 2 billion total searches.

DDG

With DuckDuckGo, you can search for your questions and websites online anonymously.

DuckDuckGo does not compile entire profiles of user's search habits and behavior, and it also does not collect personal information.

DuckDuckGo is offered as a search engine option in all popular browsers.

In 2017, Brave added DuckDuckGo as a default search engine option when you use the browser on mobile or desktop. In Brave browser, your search results are powered by DuckDuckGo when you enter the private tabs (incognito).

Last year, Google also added DuckDuckGo to their list of search engines on Android and platforms. With iOS 14, Apple is now also allowing users to use DuckDuckGo as their preferred search engine.

Startpage

Unlike DuckDuckGo, Startpage is not crawling the internet to generate unique results, but instead, it allows users to obtain Google Search results while protecting their data.

Startpage started as a sister company of Ixquick, which was founded in 1998. In 2016, both websites were merged and Startpage owners received a significant investment from Privacy One Group last year.

This search engine also generates its income from advertising, but these ads are anonymously generated solely based on the search term you entered. Your information is not stored online or shared with other companies, such as Google.

StartPage

Startpage also comes with one interesting feature called "Annonymous View" that allows you to view links anonymously.

When you use this feature, Startpage renders the website in its container and the website won't be able to track you because it will see Startpage as the visitor.

Ecosia

The next search engine in our list is Ecosia.

Unlike any other search engines, Ecosia is a CO2-neutral search engine and it uses the revenue generated to plant trees. Ecosia's search results are provided by Bing and enhanced by the company's own algorithms.

Ecosia

Ecosia was first launched on 7 December 2009 and the company has donated most of its profits to plant trees across the world.

Ecosia says they're a privacy-friendly search engine and your searches are encrypted, which means the data is not stored permanently and sold to third-party advertisers.

List of privacy-friendly browsers:

Web browser developers have taken existing browser platforms such as Chrome and Firefox, and modified them to include more privacy-focuses features that protect your data while browsing the web.

Brave Browser

Brave is one of the fastest browser that is solely focused on privacy with features like private browsing, data saver, ad-free experience, bookmarks sync, tracking protections, HTTPs everywhere, and more.

Brave

Memory usage by Brave is far below Google Chrome and the browser is also available for both mobile and desktop.

You can download Brave from here.

Tor Browser

The Tor Browser is another browser that aims to protect your data, including your IP address, as you browse the web.

When browsing the web with Tor, your connections to web sites will be anonymous as your request will be routed through other computers and your real IP address is not shared. 

In addition, Tor bundles comes with the NoScript and HTTPS Everywhere extensions preinstalled, and clears your HTTP cookies on exit, to further protect your privacy.

Tor

firefox focus

Firefox Focus also comes with built-in ad blocker to improve your experience and block all trackers, including those operated by Google and Facebook.

You can download Tor browser from here.

Firefox Focus

Firefox Focus is also a great option if you use Android or iOS.

According to Mozilla, Firefox Focus blocks a wide range of online trackers, erases your history, passwords, cookies, and comes with a user-friendly interface.

 [Source: This article was published in bleepingcomputer.com By Mayank Parmar - Uploaded by the Association Member: Logan Hochstetler]

Categorized in Search Engine

Dark Web is that area of the internet that consists of encrypted content and is not indexed by search engines.

About 97% cybersecurity companies had their data exposed on the Dark Web in 2020.

Some data breaches occurred as recent as in end of August, a survey by security firm ImmuniWeb found.

The survey covered 398 cybersecurity companies headquartered across 26 countries including USA, UK, India, Canada and Germany.

Dark Web included both Deep Web and Surface Web in the survey. Dark Web consists of encrypted content that is not indexed by search engines.

More than 160 companies faced incidents as their employees used identical passwords on more than one breached system. Most of the passwords lacked basic security requirements - uppercase, numerical and special characters. Common passwords included ‘password’ and ‘123456’.

Half the exposed data consisted of plaintext credentials like financial and personal information.

US-based security firms showed most number of high-risk data breaches, followed by the UK. High-risk breaches include credentials with sensitive information.

A large number of leaks were silently performed by trusted third parties like suppliers or sub-contractors to the company.

Some stolen credentials came from incidents involving unrelated third parties where victims used work emails to sign into adult websites.

At least 5,121 stolen credentials were found in pornographic and adult-dating websites, ImmuniWeb said.

The report also stated that half the companies did not comply with General Data Protection Regulation (GDPR) rules owing to vulnerable software, lack of strong privacy policy, and missing cookie disclaimers when cookies contain traceable personal information.

More than a fourth of the vulnerabilities remain unpatched to date, the security firm said.

[Source: This article was published in thehindu.com By Sowmya Ramasubramanian - Uploaded by the Association Member: Nevena Gojkovic Turunz]

Categorized in Deep Web

The words “privacy” and “internet” are sort of an oxymoron because it’s incredibly hard to be truly safe and anonymous on the internet. ISPs, browsers, and websites are constantly monitoring everything people do online and collecting their data. Cybercriminals should also be a major concern to everyone as they’re always looking for new victims to target.

That said, unless someone’s a person of interest to government organizations or crime syndicates, they can achieve a robust level of online privacy. Check out these 5 ways to safely and privately browse the internet.

Why is More Privacy a Good Thing?

Browsing the internet and using apps generally means giving up a lot of personal data. That’s because governments, ISPs, browsers, websites, and apps are constantly monitoring what people are doing. With websites, for instance, this is done via cookies and trackers.

People have always been generally aware that their data is being gathered by companies, usually for either service improvement or ad purposes. But recently, it’s become apparent that companies and app developers are privy to people’s personal lives to an alarming degree.

Many people might reiterate that “nothing to hide” mantra for why they freely give away all this information. Explaining why that statement is heedlessly naive may well fill a whole book, so here are two short but powerful reasons instead:

– Online security has become directly linked to physical security. Nevermind the people potentially spying over a webcam or smart home camera. Stalking and swatting are two other real-life consequences. Jameson Lopp can certainly attest to that after being swatted and threatened numerous times by an anonymous attacker.

– The copious amounts of data breaches occurring every year is a testament to the fact that companies cannot be trusted with everyone’s personal data. The information they collect is extremely valuable to criminals, and they will go to great lengths to get it.

How to Stay Safe and Private While Browsing the Internet

1. Use a VPN

VPNs are constantly being mentioned these days, but what is a VPN, and how does it actually work?

Virtual private networks provide a way to have a private connection over a public network. The technology utilizes what’s called an encryption tunnel to make data hard to get and unreadable. It also sends the connection through a VPN server which replaces a device’s IP address and changes its owner’s location.

This all means that a person gains both privacy and security while browsing with a VPN turned on. Just keep in mind that this does not protect against malware and a compromised computer or device will still send unfiltered information to attackers.

2. Go Incognito

Browsing in private or incognito mode provides a modicum of privacy by preventing the browser from saving that session’s browsing history. Chrome has also recently added a feature that automatically blocks third-party cookies in incognito mode – but not all trackers. Making this great when combined with other privacy and security steps.

3. Don’t Log Into Anything

Naturally, this advice cannot be applied to everyday browsing as logging into an email or other accounts is sometimes necessary. This is especially true during work hours. There are times when logging in isn’t necessary, however.

Following privacy measures, like using a VPN, is canceled out when someone logs into their accounts, instantly identifying them. VPNs will keep the connection secure from outside threats like SSL-stripping, and incognito still means browsing history won’t be saved. 

4. Avoid Too Many Extensions

Extensions can be convenient and incredibly helpful, but they can also be a siphon for browsing data and personal information. It’s not that the extensions themselves are necessarily dangerous – though some are malware in disguise. Instead, it’s that they can be weak links in a browser’s security infrastructure. 

Extension developers don’t always keep up with security updates for their products, and some get abandoned entirely. Cybercriminals take advantage of those weaknesses to infiltrate people’s browsing sessions through their extensions.

This doesn’t mean they should be avoided altogether, as that’s not always possible. Do take care by properly vetting and managing extensions to ensure they remain safe to use.

5. Try a Privacy Browser

Privacy browsers are becoming more and more popular thanks to their focus on the user’s need for protection rather than their corporate greed. Browsers like Tor, DuckDuckGo, and Brave, block all trackers and don’t collect browsing history. Each privacy browser has its own list of beneficial features but the Tor browser warrants a special mention.

Tor utilizes a network of servers to anonymize a person’s browsing session. It sends their network requests through a series of “nodes” which replace a device’s IP address. Keep in mind, however, unlike a VPN, Tor does not anonymize any other online events, like apps, nor does it encrypt the connection.

Final Thoughts

It’s not fair that these are the lengths needed to ensure online privacy and security. Things are looking up, regulation-wise, but the reality is that privacy declines as technology improves. Already there have been major issues regarding the IoT and home smart devices being abused to spy on people.

[Source: This article was published in thebuzzpaper.com By Devashish Pandey - Uploaded by the Association Member: Clara Johnson] 

Categorized in Internet Privacy

LastPass' new Security Dashboard gives users a complete picture of their online security

Knowing if your passwords have been leaked online is an important step to protecting your online accounts which is why LastPass has unveiled a new Security Dashboard which provides end users with a complete overview of the security of their online accounts.

The company's new Security Dashboard builds on last year's LastPass Security Challenge, which analyzed users' stored passwords and provided a score based on how secure they were, by adding dark web monitoring. The new feature is available to LastPass Premium, Families and Business customers and it proactively watches for breach activity and alerts users when they need to take action.

In addition to showing users their weak and reused passwords, the new Security Dashboard now gives all LastPass users a complete picture of their online security to help them regain control over their digital life and know that their accounts are protected.

Dark web monitoring

According to a recent survey of more than 3,000 global consumers conducted by LastPass, 40 percent of users don't know what the dark web is. The majority (86%) of those surveyed claimed they have no way of even knowing if their information is on the dark web.

LastPass' new dark web monitoring feature proactively checks email addresses and usernames against Enzoic’s database of breached credentials. If an email address is found in this 3rd party database, users will be notified immediately via email and by a message in their LastPass Security Dashboard. Users will then be prompted to update the password for that compromised account.

Vice president of product management, IAM at LogMeIn, Dan DeMichele explained why LastPass decided to add dark web monitoring to its password manager in a press release, saying:

“It’s extremely important to be informed of ways to protect your identity if your login, financial or personal information is compromised. Adding dark web monitoring and alerting into our Security Dashboard was a no brainer for us. LastPass already takes care of your passwords, and now you can extend that protection to more parts of your digital life. LastPass is now equipped to truly be your home for managing your online security – making it simple to take action and stay safe in an increasingly digital world. With LastPass all your critical information is safe so you can access it whenever and wherever you need to.”

[Source: This article was published in techradar.com By Anthony Spadafora - Uploaded by the Association Member: Anna K. Sasaki]

Categorized in Internet Privacy

While the dark web offers a haven for criminals and serves as inspiration for Hollywood blockbusters, it’s much more mundane in real life. Still, many businesses feed into the fallacies surrounding the dark side of the Internet, ultimately delaying their ability to protect employees and consumers.

Our industry really needs to shed some light on the largest misconceptions associated with the dark web. Equipped with these new insights, we can empower security pros to explore the dark web and gain knowledge that will strengthen their security posture. But before we can debunk any misconceptions, companies must first understand the basics.

The dark web resides on a portion of the Internet where communications and transactions are carried out anonymously. Separate networks like TOR, Blockchain DNS, I2P, and ZeroNet make up the dark web and have different access requirements and resources. Cybercriminals and threat actors typically use these networks to securely and secretly coordinate crime functions, and openly discuss terrorist tactics, techniques and procedures (TTPs). The dark web also serves as a marketplace to buy or sell goods or services, such as credit card numbers, social security numbers, all manners of drugs, and stolen subscription credentials. It’s a long list.  

There’s also practical value for legitimate security organizations to access the dark web. Cybersecurity teams can track for evidence of attacks in various stages of execution. Today, companies are applying intelligence requirements processes to determine what they should do with the information they discover, like monitoring for vulnerabilities that are weaponized in malware families. To monitor the dark web successfully, organizations should carefully weigh options between people and technology. They must invest in both: people deliver context and expertise, while technology helps teams scale.  

Now that we understand a bit more about the dark web, let’s dive into the four biggest misconceptions:

Misconception: The dark web doesn’t have a good side.

Reality: Dissidents and civil rights advocates use the dark web to communicate in repressive governments around the world.

Understandably, the dark web gets a lot of bad press, which leads many to believe that it’s inhabited exclusively by nefarious types. However, it has many benign practices that organizations can partake in. For example, the Tor network was initially developed by the United States Naval Research Laboratory to protect U.S. intelligence communications from surveillance. Anonymity and protection from surveillance have made the Tor network and other parts of the dark web an invaluable tool for dissidents and civil rights advocates under repressive regimes, journalists, and whistle-blowers. The New York Times makes its website available as a Tor Onion Service for readers in countries that block access to the newspaper’s regular website, or who worry about their web activities being monitored.

Misconception: The dark web houses the majority of digital threats facing businesses.

Reality: Security pros find important communications tools on the dark web.

Contrary to popular belief, the dark web does not serve as a home to a majority of digital threats facing businesses. Although it includes a few thousand sites, it only makes up a relatively small portion of the deep web. People are often surprised to learn that more digital threats appear on the surface web than on the dark web. Communication, collaboration and transactional tools are all available on the dark web. These include forums and chat rooms, email and messaging applications, blogs and wikis, and peer-to-peer file-sharing networks.

Misconception: Organizations can’t mediate or anticipate dark web threats.

Reality: Security teams comb the dark web to prevent future attacks and takedown bad sites.

Although organizations can’t influence sites or marketplaces found on the dark web, the material found there can help discover sites and social media accounts on the surface web used for launching attacks, carrying out phishing campaigns, and selling counterfeit and stolen goods. By leveraging insights from the dark web, security pros can regularly “takedown” those websites and accounts from the surface web.

Misconception: Monitoring the dark web takes money – and it’s slow.

Reality: Doesn’t have to be that way with the right mix of people and technology.

Monitoring the dark web requires some skill, but it isn’t necessarily a slow and expensive process. Typically, organizations gravitate towards data loss protection (DLP) services, which ensure sensitive data doesn’t get lost, misused, or accessed by unauthorized users. Having the right technologies and people, and sometimes with outside DLP services, companies can prevent attacks and at a relatively modest cost.

Habitually categorized as an asylum for criminals of all stripes, the dark web holds an opportunity for organizations hoping to detect data breaches and anticipate and thwart attacks. While other companies are already profiting from monitoring and tracking certain areas of the dark web, others struggle to even understand and dispel its misconceptions. With some minimal investment, companies can establish comprehensive visibility across multiple digital networks. This will let them discover threats sooner and take action wherever attackers are vulnerable along their kill chain. With this level of visibility and understanding, companies can shed their fear of the dark web and have confidence in their digital risk protection program.

[Source: This article was published in scmagazine.com By Zack Allen - Uploaded by the Association Member: Alex Gray] 

Categorized in Deep Web

As we close out 2019, we at Security Boulevard wanted to highlight the five most popular articles of the year. Following is the fifth in our weeklong series of the Best of 2019.

Privacy. We all know what it is, but in today’s fully connected society can anyone actually have it?

For many years, it seemed the answer was no. We didn’t care about privacy. We were so enamored with Web 2.0, the growth of smartphones, GPS satnav, instant updates from our friends and the like that we seemed to not care about privacy. But while industry professionals argued the company was collecting too much private information, Facebook CEO Mark Zuckerberg understood the vast majority of Facebook users were not as concerned. He said in a 2011 Charlie Rose interview, “So the question isn’t what do we want to know about people. It’s what do people want to tell about themselves?”

In the past, it would be perfectly normal for a private company to collect personal, sensitive data in exchange for free services. Further, privacy advocates were almost criticized for being alarmist and unrealistic. Reflecting this position, Scott McNealy, then-CEO of Sun Micro­systems, infamously said at the turn of the millennium, “You have zero privacy anyway. Get over it.”

And for another decade or two, we did. Privacy concerns were debated; however, serious action on the part of corporations and governments seemed moot. Ten years ago, the Payment Card Industry Security Standards Council had the only meaningful data security standard, ostensibly imposed by payment card issuers against processors and users to avoid fraud.

Our attitudes have shifted since then. Expecting data privacy is now seen by society as perfectly normal. We are thinking about digital privacy like we did about personal privacy in the ’60s, before the era of hand-held computers.

So, what happened? Why does society now expect digital privacy? Especially in the U.S., where privacy under the law is not so much a fundamental right as a tort? There are a number of factors, of course. But let’s consider three: a data breach that gained national attention, an international elevation of privacy rights and growing frustration with lax privacy regulations.

Our shift in the U.S. toward expecting more privacy started accelerating in December 2013 when Target experienced a headline-gathering data breach. The termination of the then-CEO and the subsequent following-year staggering operating loss, allegedly due to customer dissatisfaction and reputation erosion from this incident, got the boardroom’s attention. Now, data privacy and security are chief strategic concerns.

On the international stage, the European Union started experimenting with data privacy legislation in 1995. Directive 95/46/EC required national data protection authorities to explore data protection certification. This resulted in an opinion issued in 2011 which, through a series of opinions and other actions, resulted in the General Data Protection Regulation (GDPR) entering force in 2016. This timeline is well-documented on the European Data Protection Supervisor’s website.

It wasn’t until 2018, however, when we noticed GDPR’s fundamental privacy changes. Starting then, websites that collected personal data had to notify visitors and ask for permission first. Notice the pop-ups everywhere asking for permission to store cookies? That’s a byproduct of the GDPR.

What happened after that? Within a few short years, many local governments in the U.S. became more and more frustrated with the lack of privacy progress at the national level. GDPR was front and center, with several lawsuits filed against high-profile companies that allegedly failed to comply.

As the GDPR demonstrated the possible outcomes of serious privacy regulation, smaller governments passed such legislation. The State of California passed the California Consumer Privacy Act and—almost simultaneously—the State of New York passed the Personal Privacy Protection Law. Both of these legislations give U.S. citizens significantly more privacy protection than any under U.S. law. And not just to state residents, but also to other U.S. citizens whose personal data is accessed or stored in those states.

Without question, we as a society have changed course. The unfettered internet has had its day. Going forward, more and more private companies will be subject to increasingly demanding privacy legislation.

Is this a bad thing? Something nefarious? Probably not. Just as we have always expected privacy in our physical lives, we now expect privacy in our digital lives as well. And businesses are adjusting toward our expectations.

One visible adjustment is more disclosure about exactly what private data a business collects and why. Privacy policies are easier to understand, as well as more comprehensive. Most websites warn visitors about the storage of private data in “cookies.” Many sites additionally grant visitors the ability to turn off such cookies except those technically necessary for the site’s operation.

Another visible adjustment is the widespread use of multi-factor authentication. Many sites, especially those involving credit, finance or shopping, validate login with a token sent by email, text or voice. These sites then verify the authorized user is logging in, which helps avoid leaking private data.

Perhaps the biggest adjustment is not visible: encryption of private data. More businesses now operate on otherwise meaningless cipher substitutes (the output of an encryption function) in place of sensitive data such as customer account numbers, birth dates, email or street addresses, member names and so on. This protects customers from breaches where private data is exploited via an all-too-common breach.

Respecting privacy is now the norm. Companies that show this respect will be rewarded for doing so. Those that allegedly don’t, however, may experience a different fiscal outcome.

[Source: This article was published in securityboulevard.com By Jason Paul Kazarian - Uploaded by the Association Member: Jason Paul Kazarian]

Categorized in Internet Ethics

Though Yahoo is a legitimate search engine, if it isn't your preferred site, it can be frustrating to have it continuously pop up every time you open your internet browser. But, you can easily resolve the issue -- here's how.

yahoo.jpg

If your default search engine keeps changing suddenly to Yahoo, your computer may have malware

The problem can likely be attributed to malware — specifically, the Yahoo search redirect virus. This virus works by rapidly redirecting your browser to an intermediary site (or sometimes to multiple sites) and then depositing you onto the Yahoo site. Any revenue then generated via clicks made on Yahoo will direct some revenue back to those intermediary sites. The hackers responsible for the virus also use it to collect your data and track your internet activity. 

So it's not Yahoo's fault, but it is an issue you need to clear up. You don't want to be forced to use Yahoo by malware that can track you and potentially harm your computer. 

flash.jpg

Beware of suspicious pop-ups like this one asking you to update Adobe Flash; these can be vehicles for the Yahoo redirect virus. 
Steven John/Business Insider

There are many ways your system can contract the redirect malware, but the solution is the same for most browsers: reset your browser's settings.

How to reset Safari browser settings

1. With Safari open, click the word "Safari" at the top left bar on your screen, then click "Preferences."

2. Click the gear wheel for "Advanced" and make sure the "Show Develop menu in bar" box is checked.

advanced.jpg

If “Show Develop menu in menu bar” is not selected already, click the box. 
Steven John/Business Insider

3. Click "Develop" in the top task bar, then click "Empty Caches" in the dropdown. 

4. Now click "History" from the top taskbar and clear all search history.

5. Finally, go back to "Preferences" and click "Privacy," then hit "Manage Website Data…" and "Remove All" on the pop-up window.

Now restart Safari and you should be all set.

How to reset Chrome browser settings

1. Open Chrome and click the three dots at the top right of the browser, then click "Settings."

google.jpg

Make sure you are logged into your account before trying to change settings. 
Steven John/Business Insider

2. Scroll down and click to expand the "Advanced" section, then click "Restore settings to their original defaults" under "Reset settings." 

3. Click "Reset settings" on the popup window to confirm.

Wiping your browser settings will clear all cookies and extensions and reset your search engine, new tab page, startup page, and pinned tabs. It will not erase your saved passwords, history, or bookmarks. Restart Chrome and off you go.

How to reset Firefox browser settings

1. Open Firefox and then click "Help" and then "Troubleshooting information."

2. Click the button that says "Refresh Firefox." 

3. In the popup window, click "Refresh Firefox" to confirm.

Your browser should now be clear of any malicious add-ons. 

[Source: This article was published in businessinsider.com By Steven John - Uploaded by the Association Member: Jay Harris]

Categorized in Search Engine
Page 1 of 8

AOFIRS

World's leading professional association of Internet Research Specialists - We deliver Knowledge, Education, Training, and Certification in the field of Professional Online Research. The AOFIRS is considered a major contributor in improving Web Search Skills and recognizes Online Research work as a full-time occupation for those that use the Internet as their primary source of information.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.