HeartBleed "Open - SSL" Vulnerability
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
The Top 5 Security Threats to Watch for in 2014
The year's barely started, and we've already had enough data breaches at major retailers to make a barter economy seem like a good idea. Unfortunately, there are yet more security threats to look forward to in 2014. Below are some of the primary predictions from industry experts:
The absence of any notoriously successful mobile exploit has lulled users into a false sense of confidence about the level of danger they face.
The Internet of things:
Connected devices can make life more convenient, but they also create additional opportunities for the bad guys.
Virtual currencies under siege:
Though they remain a fringe phenomenon, virtual currencies like “Bitcoin” have achieved a level of success and growth that can't be ignored.
The ancient operating system retains significant market share in the desktop OS category, and it powers a wide spectrum of kiosks and embedded devices. As of April 2014, Microsoft will no longer support Windows XP, which means no more patches and no more security updates.
More data breaches:
The data breaches keep coming, and there's no reason to believe they will subside anytime soon. The Target debacle that closed out 2013 continues to grow in scope as the investigation continues. The original estimate of 40 million has been revised to 110 million, and now additional retailers such as Neiman Marcus are discovering that their customer data storage systems have been breached.
Hottest Security Stories of 2013
Data loss, privacy violations, stolen source code, malware development, and more. In hindsight, 2013 was busy year for security professionals, as well as a costly one for the organizations and individuals targeted by criminals.
As mentioned, 2013 was a busy year with regard to security incidents with over one-hundred forty million (140,000,000) plus records having been compromised during the past twelve months. The sources of these losses have been blamed on everything from nation state attacks and activists, to hackers with an agenda.
1. Eric Snowden – NSA classified security leaks
2. Target Corporation – 40 Million credit cards compromised
3. Adobe – 38 Million Users accounts compromised
4. Bit9 – Digital certificates, digital signatures compromised
5. Digital Activism – DDOS attacks, business slowdowns
6. The Syrian Electronic Army – Media Attacks
7. Watering Hole Attacks –Facebook, Twitter, Apple compromises
8. China’s APT1 – State sponsored cyber attacks
9. South Korea – Banking and television attacks (shut down)
Are you still running Windows XP at home?
On 08 Apr 2014, Microsoft will stop providing any type of security updates for Windows XP, possibly leaving your home system vulnerable, and potentially any of your on-line personal information (such as: medical records, on-line banking, on-line shopping, on-line taxes, pictures and music collections) could become at risk.
Mr. Frank Hunt, of the PWC Planning Department, has put together some very valuable information for the PWC Home users to consider as the Windows XP operating system reaches end of life.
Click on image to view poster
Contacts: Chief Information Security Officer
Phone: 703-792-7956; 703-792-7179