The Age Old Question: Who pays when your bank account is drained?

TRC Oil, Kern County

This week Brian Krebs followed up on a story of a lawsuit brought by a California oil company, whose account was siphoned of $299,000 by Ukrainian hackers, against the bank it did business with at the time of the crime.

Last week insurers for United Security Bank of Fresno cut a check for $350,000 to TRC Operating Company of Taft, CA, before the case went to trial. The settlement agreement required neither party to admit fault for the hack. Indirectly, the bank assumed the financial loss, which may have implications for future cases of this kind.

Initially, the bank blamed TRC for the negligence of an employee, who was tricked into downloading malware via a phishing exploit. While that was probably true, the bank’s IT department failed to provide evidence that this was the case, which ended up costing them the case.

What Krebs said bears repeating: “As we have seen time and again, a single virus can ruin your company. And I wouldn’t count on the lawyers to save your firm from the very real cost of a cyberheist: These court challenges can just as easily end up costing the victim business well more than their original loss.”

In the escalating war on cyber crime, preemptive action against phishing scams includes educating employees about malicious email, and includes EdgeWave’s military-quality combination of the strongest artificial intelligence and human analysis on the market. www.edgewave.com

Read the story here: http://krebsonsecurity.com/2014/06/oil-co-wins-350000-cyberheist-settlement/#more-26503

Gmail’s first decade: growing pains just like any other 10-year-old

Capture

Google celebrated Gmail’s 10th Birthday on April fool’s day this year with over 500 million users. Ten years ago Gmail changed the email game by offering a gig of storage and pioneering the mobile experience. Now Gmail offers 15 GB of free storage, handy keyword search capability of our thousands of stored messages, chat, calendar and productivity apps.

And based on Apple iOS market share, this translates to roughly 100 million individuals using Gmail on iPhones and iPads for work and play.   Unfortunately this also means that 100 million people are vulnerable to an Apple device iOS “Man-in-the-Middle” exploit delivered specifically through Google’s email application.

This vulnerability allows hackers to impersonate a legitimate server (i.e. performing a Man-in-the-Middle) through the usage of a spoofed SSL certificate, enabling them to  bypass encryption and view and modify all communications in plain-text, including passwords, emails, and chats.  This puts not only the individual’s personal data at risk, but their company’s sensitive data as well.

The exploitation of trusting people is the most common and effective way for hackers to invade your network.   That is why the most powerful defense against hackers is a security system that can detect the intent of a website or email message before it compromises any device that accesses your network. Call EdgeWave at 1-800-782-3762 for a conversation with a security expert who can help you protect your people and your network from exploitation.

Wired Money 2014: Financial Institutions Must Collaborate and Innovate

 

 

Evgeniy Mikhailovich

The network security community is more than a little concerned about the latest variation of the continuously evolving GameOver Zeus botnet. The malware is responsible for siphoning over $100 million from bank accounts worldwide, and was thought to have been contained by a global crime-fighting effort.

The bot has morphed. It is still delivered in a zip file via phishing in email spam. But once launched, the newer version of the executable uses fast-flux hosting rather than the P2P code in the original malware. This means that it directs to domain names associated with IP several addresses and continuously cycles through different hosting locations until it can successfully download onto the targeted host computer.

Hackers are skilled business people who get up and go to work each day with one mission: to steal your assets using innovative tactics designed to get around your conventional security system.

Security expert Keren Elazari said at the Wired Money Conference in early July:

“How about we take a moment to learn from the bad guys. Because the tables have turned and criminals are innovating faster than most of us. They are innovating, automating, iterating, diversifying. The reality is the bad guys are extremely motivated and undeterred. They are not afraid to use new technologies or business models.”

More than 6,000 companies world-wide rely on EdgeWave’s complete security system. Our military-quality, continuously evolving security technology, combined with human analysis which detects the intent of email before it is delivered, provides the best protection on the market. www.edgewave.com

A good explanation of fast-flux service networks: https://www.honeynet.org/node/132

 

TopTenReviews says “You can depend on EdgeWave”

top10

In March 2014 TopTenReviews.com scored EdgeWave ePrism Email Encryption an 8.7 out of 10 in their annual Email Encryption Review. Advantages include “EdgeWave’s ePrism Email Security is one of the best solutions for those who have strict compliance requirements”.

Read TopTenReview’s full comments below:

How EdgeWave made TopTenReviews.com

Email encryption is a vital part of most business’ Internet security plans. With hacking attacks and corporate espionage both on the rise, businesses need to protect emails from being intercepted by unauthorized persons. EdgeWave is one of the best email encryption and Internet security programs out there, which is why it made the list at TopTenReviews.com.

Puts Security in the Hands of Administrators

Top Ten Reviews applauded EdgeWave’s decision to give administrators complete control over email security. While some Internet security programs force senders to take responsibility for making sure email is secure, EdgeWave allows administrators the ability to monitor incoming and outgoing messages for security risks. Administrators can set up the software to flag emails for whatever concerns they wish, including the presence of sensitive personal information such as credit card numbers or proprietary information such as trade secrets. Once EdgeWave is set up according to company policy, it will automatically detect and encrypt or block emails that contain information of concern, ensuring employees no longer have to worry about remembering to encrypt emails prior to sending.

Easy to Use

Email encryption may sound complicated, but EdgeWave is easy for both administrators and email recipients to use.

Administrators can easily implement the software; once emails are set up to route through the SMTP software, it’s merely a matter of configuring EdgeWave to meet the company’s specifications. The software comes with a variety of features to make this process easier for administrators, including customizable word lists designed for the financial and medical industries to comply with privacy policies, and these lists can be added to in order to bring other types of companies into compliance with individual privacy and security policies.

Email recipients also find the software easy to use. When a sender receives an encrypted email, he or she merely has to sign in to a Web portal to read and respond to the email.

State-of-the-Art Tools

EdgeWave features cutting edge technology that allows administrators to easily flag emails that contain objectionable content and decide what to do about that content. When administrators configure EdgeWave, they tell it what to do when it encounters certain content. EdgeWave can either quarantine, ignore, encrypt or block each type of objectionable content. Administrators do not have to review flagged emails on a case-by-case basis; once the software is configured, it automatically does what it has been configured to do. As TopTenReviews notes, “Once everything is set up, encryption is all hands free, and there are no keys to manage.”

Reporting Options

Not only does EdgeWave monitor emails for potential security breaches and automatically respond to problematic content, but it also generates reports based on the results of its monitoring. All emails sent and received on an EdgeWave-based system are archived within the software; in addition, EdgeWave can be configured to automatically generate reports such as reports of flags, number of encrypted emails or usernames that generated flagged emails. This allows administrators to easily produce any paperwork needed in order to comply with company policies or respond to litigation.

Internet security is of primary importance to businesses. Not only do they need to protect themselves from cyber-attacks and corporate espionage, but they must comply with a variety of regulations in order to avoid legal problems and stay in business. EdgeWave allows administrators to keep email secure without interfering with the smooth running of day-to-day operations.

 

The whole article and ranking can be found here: http://email-encryption-software-review.toptenreviews.com/edgewave-review.html

Like TopTenReviews on Facebook and Follow them on Twitter

New Cyber Security Bill Passed: Benefits Organizations with Security Systems

Senate Floor

A new Cyber Security Bill passed by the U.S. Senate yesterday encourages companies to share information about hacking attempts and other cyber security issues with other organizations and the government as a unified attempt to curtail the explosion of threats .

“Cyber attacks present the greatest threat to our economic security today, and the magnitude of the threat is growing,” said Senator Diane Feinstein. “ This bill is an important step toward curbing these dangerous attacks.”

Three important pieces to the bill when it passes:

1. Companies would monitor their networks, or those of consenting customers, and share cyber threat data (not including personally identifiable information) with each other and the government

2. Department of Homeland Security will build and manage a portal to increase the amount of information the government shares with private firms

3. Companies that implement security measures, monitor their networks and share cyber threat data will receive liability protections

A cooperative position among government, organizations and private companies will strengthen the security of all sectors.

The underlying message is: every manufacturing business, educational institution, financial organization and healthcare entity must have a strong analytical, military-grade security system in place. EdgeWave offers a complete security suite suitable for organizations of every size in all sectors, along with continuous award-winning support. Visit www.edgewave.com to learn more.