fbpx
Next Generation Endpoint Security

Next Generation Endpoint Security

Getting Past the Hype of Next Generation Endpoint Security

We’ve heard the same story for years. Antivirus software is not effective in stopping cyber-attacks, as hackers have adapted their techniques to evade signature-based detections. Even next-generation antivirus, which applies techniques such as machine learning and behavioral analytics, is no more effective at protecting an organization than its older sibling. But why? The simple answer is that nearly all AV and NGAV solutions focus their primary value on the prevention of malicious files – an attack vector that is slowly but surely disappearing in favor of file-less capabilities and the subversion of users and trusted applications.

Worse than their hyper-focus on the irrelevant, they continue to rely on historical attack analysis as a basis for future detections which leaves them unable to make high fidelity preventions and detections in real-time. They lack the visibility and threat intelligence necessary to understand an attacker’s tactics and techniques, which means these so-called NGAV solutions lack the confidence in their ability to identify malicious activity. The evidence of this is when they introduce unnecessary latency with cloud and human analysis, which do not function at the speed required to defend against modern threats.

So where does that leave companies in their search for better protection?

A modern endpoint protection strategy must include prevention, detection, and response capabilities. Effective automation of threat intelligence for prevention, along with robust detection and response means security analysts can spend their time improving defenses instead of repeatedly reacting to incidents caused by the same lack of real-time capabilities and unnecessary latency.

The convergence of Endpoint Detection and Response (EDR) into the Endpoint Protection Platform (EPP) can replace core AV/NGAV capabilities, but can also improve protection against the following:

  • Malware variants, including malware-based ransomware
  • Obfuscated malware, unknown malware, and zero-day attacks
  • Malicious scripts that leverage PowerShell, Visual Basic, Perl, Python, and Java/JAR
  • Memory-resident attacks and other malware-less attacks
  • Malicious use of good software

Of the hundred plus endpoint security vendors, Endgame’s endpoint protection platform and single autonomous agent simplifies antivirus replacement through:

  • Earliest Prevention – Protection against exploits, malware, file-less attacks, and ransomware
  • Fastest Detection and Response – Stops all attacks at the earliest stages of the MITRE ATT&CK™ matrix
  • Automated Threat Hunting – Built in discovery, deployment, and dissolvable agent

Endgame’s Artemis, the first intelligent security assistant, elevates and accelerates operators and analysts by responding to plain English questions and commands.  With Artemis, analysts can prioritize, triage, and remediate alerts in minutes across hundreds of thousands of endpoints that would have otherwise taken hours or days with traditional tools.

In an extremely crowded market, endpoint security tools must provide a simple, cost-effective replacement for antivirus while increasing value. With Endgame, your organization can quickly prevent malware and modern attacks across the entire MITRE ATT&CK framework with a single, autonomous agent.

 

Next Generation Endpoint Security  By: Matt Alderman

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Mid-April Security Alerts

Mid-April Security Alerts

Cisco Issues 31 Mid-April Security Alerts

Among them, two are critical and six are of high importance.

A busy month for Cisco router owners got busier yesterday when the networking giant introduced 31 new advisories and alerts. These announcements came on top of 11 high- and medium-impact vulnerabilities announced earlier in the month.

Of the 31 alerts, 23 are of medium impact, six are of high impact, and two are of critical impact to the organization and its security team.

Most of the medium-impact alerts are for cross-site scripting vulnerabilities, denial-of-service vulnerabilities, or vulnerabilities affecting unauthorized users and access. These were found on devices ranging from LAN controllers to wireless network access points to Cisco’s new Umbrella security framework.

The two critical alerts are for two very different vulnerabilities. In one, a vulnerability in Cisco IOS and IOS XE could allow an attacker to reload the system on a device (potentially replacing the legitimate system with one containing malicious code), or remotely execute code at a privilege level above the level of the user being spoofed to gain access.

This vulnerability is found in the Cisco Cluster Management Protocol (CMP) and was discovered when the documents in the infamous Vault 7 disclosurewere analyzed. That’s bad news because those documents have been available to hackers around the world for more than two years. And the news gets worse: Researchers at Cisco Talos have published a blog post showing this vulnerability has been exploited in the wild as part of a DNS hijacking campaign dubbed “Sea Turtle.”

Cisco already has released a software patch for this critical vulnerability, which has no operational workaround for successful remediation.

The second critical vulnerability could allow a remote attacker to gain access to applications running on a sysadmin virtual machine (VM) that is operating on Cisco ASR 9000 series Aggregation Services Routers. This vulnerability, Cisco says, was found during internal testing and has not yet been used in the wild. The source of the vulnerability – insufficient isolation of the management interface from internal applications – has been fixed in a pair of Cisco IOS XR software releases and does not, therefore, warrant a separate update, Cisco says.

Between the medium and critical vulnerabilities are six high-importance vulnerabilities that affect systems including telepresence video servers, wireless LAN controllers (three separate vulnerabilities), Aironet wireless access points, and the SNMP service.

 

Cisco ranks the severity of vulnerabilities using the Common Vulnerability Scoring System (CVSS) Version 3. Vulnerabilities with a CVSS score of 9.0 to 10.0 are critical, those in the range of 7.0 to 8.9 are high, and a score of 4.0 to 6.9 warrants a medium label. Anything ranking below medium is given an informational alert only.

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like to discuss how Liquid Video Technologies can help you secure your data or would like to discuss your next Home Security System, Networking, Access ControlFire, IT consultant or PCI Compliance, needs.  Please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Cyber Security Doesn't Discriminate

Cyber Security Doesn’t Discriminate

Russian hackers are targeting European embassies, according to new report

Russian hackers recently attacked a number of embassies in Europe by emailing malicious attachments disguised as official State Department documents to officials, according to a new report from Check Point Research.

The hackers targeted European embassies in Nepal, Guyana, Kenya, Italy, Liberia, Bermuda, and Lebanon, among others. They typically emailed the officials Microsoft Excel sheets with malicious macros that appeared to have originated from the United States State Department. Once opened, the hackers were able to gain full control of the infected computer by weaponizing installed software called Team Viewer, a popular remote access service.

“It is hard to tell if there are geopolitical motives behind this campaign by looking solely at the list of countries it was targeting,” the press release says, “since it was not after a specific region and the victims came from different places in the world.”

Government finance officials were also subject to these attacks, and Check Point notes that these victims were of particular interest to the hackers. “They all appear to be handpicked government officials from several revenue authorities,” the press release says.

The hackers appeared to be highly sophisticated, carefully planning out the attacks, using decoy documents tailored to their victim’s interests, and targeting specific government officials. At the same time, other stages of the attack were carried out with less caution leaving personal information and browsing history belonging to the perpetrator exposed.

Check Point identified several other similar attack campaigns, including some targeting Russian-speaking victims as well.

While Russian in origin, it’s unlikely that these attacks were state-sponsored. One perpetrator was traced back a hacking and carding forum and registered under the same username, “EvaPiks,” on both. EvaPiks posted instructions for how to carry out this kind of cyber attack on forums and advised other users as well.

Due to the attackers’ background in the illegal carding community, Check Point suggested that they could have been “financially motivated.”

Updated 4/22/19 at 12:20 p.m. EST: The previous headline suggested that the Russian hackers attacked U.S. embassies, when the attackers targeted European embassies. The article has been updated to clarify this.

 

By: Makena Kelly

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

 

U.S. Patent Granted for Blockchain

U.S. Patent Granted for Blockchain

Blockchain Patent Granted to Cybersecurity Company Owned by U.S. Defense Contractor

 

Documents published by the United States Patent and Trademark Office (USPTO) on April 16 reveal that Texas-based cybersecurity company Forcepoint has been awarded a blockchain-related patent.

Forcepoint is owned by U.S. defense contractor Raytheon and private equity firm Vista Equity Partners, and Crunchbase estimates its yearly revenue to be $600 million.

The system described in the patent appears to be a complex user behavior monitoring and management system. The system would aim to store data about electronically-observable user interactions and then use this data to identify known good, anomalous and malevolent user actions to enhance the system’s cybersecurity.

Some versions of the system employ blockchain technology, according to the patent:

“In certain embodiments, the association of the additional context may be accomplished via a blockchain block within a user behavior profile blockchain […] implemented with appropriate time stamping to allow for versioning over time. ”

Furthermore, the patent also provides the possibility of storing user behavior data on the blockchain directly, noting that advantages of the solution are immutability and tamper-evident.

As Cointelegraph recently reported, digital payments giant PayPal has won a cybersecurity patentto protect users from crypto ransomware.

Also, at the beginning of the current month, global consulting company Accenture has patentedtwo solutions focused on blockchain interoperability.

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

 

 

Things Aren't As They Seem

Things Aren’t As They Seem

Mueller report details how Russians reached millions of US Facebook and Twitter users and brought them out to real-life rallies

Special counsel Robert Mueller’s report released Thursday says Russia’s Internet Research Agency, or IRA, reached millions of U.S. users on Twitter, Facebook and Instagram leading up to the 2016 presidential election. Russian operatives also communicated with the Trump campaign under false identities “without revealing their Russian association” and interacted with prominent pro-Trump activists to arrange political rallies, “confederate” events and even a #KidsforTrump organization, the report says.

“IRA-controlled Twitter accounts separately had tens of thousands of followers, including multiple U.S. political figures, who retweeted IRA-created content,” the report says. Facebook has estimated that IRA-controlled accounts reached up to 126 million people, with Twitter notifying 1.4 million people they may have been in contact with a Russia-controlled account.

The Mueller document gives a fuller picture of how both technical and in-person intelligence operatives worked together to influence sentiment leading up to the 2016 election.

An odyssey that ramped up in 2014

Russian operatives had been dabbling in social media until around 2014, when they consolidated their efforts under a single program known internally as the “translator department,” according to the report. They later began sending operatives to the U.S. to further the election goals of the program.

In June 2014, four members of the department lied to the U.S. State Department, claiming to be “friends who met at a party.” Two of them, Anna Bogacheva and Aleksandra Krylova, received visas to enter the U.S. In 2016, other operatives were seen holding up signs at an event near the White House purportedly celebrating the birthday of Yevgeniy Prigozhin, a Russian tycoon alleged to have funded some of the interference campaigns and their associated social media ad buys.

On Twitter, the IRA program broke its operation into two strategies: creating real Twitter accounts meant to represent “individual U.S. personas,” and a separate, IRA-controlled network of automated Twitter bots “that enabled the IRA to amplify existing content on Twitter.”

One of the IRA accounts, which claimed to be that of a Trump supporter from Texas, had 70,000 followers. Another anti-immigration persona had 24,000 followers. A third, called @march_for_trump, organized a series of rallies in support of Trump across the U.S. The accounts posted 175,993 tweets, though the report says only 8.4% of those were election-related.

“U.S. media outlets also quoted tweets from IRA-controlled accounts and attributed them to the reactions of real U.S. persons,” the report says.

Influential conservatives also interacted with the accounts, including TV commentator Sean Hannity, Roger Stone, former U.S. Ambassador to Russia Michael McFaul and Michael Flynn Jr.

From Twitter to real life

“The Office identified dozens of U.S. rallies organized by the IRA,” the report says. “The earliest evidence … was a ‘confederate rally’ in November 2015. The IRA continued to organize rallies even after the 2016 U.S. presidential election.”

Many of the rallies drew few participants, while others drew hundreds. “The reach and success of these rallies was closely monitored” by the Russian team, the report says.

The report clarifies that in the cases in which a pro-Trump, IRA-organized rally also coordinated with Trump’s campaign, the campaign was not aware of the origins of the organizers. “The IRA’s contacts included requests for signs and other materials to use at rallies, as well as requests to promote the rallies and help coordinate logistics.”

“The investigation has not identified evidence that any Trump campaign official understood the requests were coming from foreign nationals,” the report says.

Another two-part campaign, against Hillary Clinton

As with the IRA’s Twitter strategy, Russia’s GRU intelligence agency broke its campaign of interference against Hillary Clinton’s presidential campaign into two parts. One group developed specialized malware — malicious software used, in this case, to monitor communications. A second group was charged with honing and launching mass spearphishing operations, meant to identify key targets within Clinton’s campaign and craft believable emails persuading them to click and, therefore, install the custom malware.

The GRU officers sent hundreds of these emails to Clinton staffers, including official campaign accounts and Google accounts used by staffers.

 

Things Aren't As They Seem By: Kate Fazzini

 

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

IoT And Your Digital Supply Chain

IoT And Your Digital Supply Chain

IoT And Your Digital Supply Chain

“Money, it’s a gas. Grab that cash with both hands and make a stash”, Pink Floyd is always near and dear to my heart. No doubt the theme song to a lot of producers of devices that fall into the category of Internet of Things or IoT.

I can’t help but to giggle at the image that comes to mind when I think about IoT manufacturers. I have this vision in my head of a wild-eyed prospector jumping around after finding a nugget of gold the size of a child’s tooth. While this imagery may cause some giggles it also gives me pause when I worry about what these gold miners are forgetting. Security comes to mind.

I know, I was shocked myself. Who saw that coming?

While there is a mad rush to stake claims across the Internet for things like connected toasters, coffee makers and adult toys it seems security falls by the way side. A lot of mistakes that were made a corrected along the way as the Internet evolved into the monster that it is today are returning. IoT appears to be following a similar trajectory but, at a far faster pace.

With this pace we see mistakes like IoT devices being rolled out with deprecated libraries and zero ability to upgraded their firmware or core software. But, no one really seems to care as they count their money while they’re still sitting at the table. The problem really comes into focus when we realize that it is the rest of us that will be left holding the bag after these manufacturers have made their money and run.

Of further concern is the fractured digital supply chains that they are relying on. I’m worried that with this dizzying pace of manufacture that miscreants and negative actors are inserting themselves into the supply chain. We have seen issues like this come to the forefront time and again. Why is it that we seem hell bent on reliving the same mistakes all over again?

One of my favorite drums to pound on is the use of deprecated, known vulnerable, libraries in their code. I’ve watched talks from numerous presenters who unearthed this sort of behavior at a fairly consistent pace. What possible rationale could there be for deploying an IoT device in 2016 with an SSL library that is vulnerable to Heartbleed?

I’ll let that sink in for a moment.

And this is by no means the worst of the lot. These products are being shipped to market with preloaded security vulnerabilities that can lead to all manner of issues. Data theft is the one that people like to carry on about a fair bit but, it would be a fairly trivial exercise to compromise some of these devices and have them added to a DDoS botnet.

What type of code review is being done a lot the way by code written by outsourced third parties? This happens a lot and really does open a company up to a risk of malicious, or poor, code being introduced.

The IoT gold rush is a concern for me from a security perspective. Various analyst firms gush about the prospect of having 800 gajillion Internet enabled devices online by next Tuesday but, they never talk about how we are going to clean up the mess later on. Someone always has to put the chairs up after the party is over.

 

IoT And Your Digital Supply Chain By:  Dave Lewis

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Cybersecurity Risks Identified

Malware And Malicious Insiders Accounted For One-Third Of All Cybercrime Costs Last Year, According To Report From Accenture And Ponemon Institute.

The cost to companies from malware and “malicious insider”-related cyberattacks jumped 12 percent in 2018 and accounted for one-third of all cyberattack costs, according to new research published today by Accenture (NYSE: ACN) and the Ponemon Institute.

Based on interviews with more than 2,600 security and information technology (IT) professionals at 355 organisations worldwide, Accenture’s 2019 “Cost of Cybercrime Study” found that the cost to companies due to malware increased 11 percent, to more than US$2.6 million per company, on average, and the cost due to malicious insiders — defined as employees, temporary staff, contractors and business partners — jumped 15 percent, to US$1.6 million per organisation, on average.

Together these two types of cyberattacks accounted for one-third of the total US$13.0 million cost to companies, on average, from cybercrime in 2018, an increase of US$1.3 million in the past year. Similarly, the cost to companies from phishing and from social engineering increased to US$1.4 million per organisation, on average.

The study calculated cybercrime costs as what an organisation spends to discover, investigate, contain and recover from cyberattacks over a four-consecutive-week period, as well as expenditures that result in after-the-fact activities — i.e., incident-response activities designed to prevent similar attacks — and efforts to reduce business disruption and the loss of customers.

“From people to data to technologies, every aspect of a business invites risk and too often security teams are not closely involved with securing new innovations,” said Kelly Bissell, senior managing director of Accenture Security. “This siloed approach is bad for business and can result in poor accountability across the organisation, as well as a sense that security isn’t everyone’s responsibility. Our study makes it clear that it’s time for a more holistic, proactive and preventative approach to cyber risk management involving full business engagement across the entire ecosystem of partners.”

Other notable findings of the study include:

In 2018, surveyed companies each recorded an average of 145 cyberattacks — resulting in the infiltration of a company’s core networks or enterprise systems — an 11 percent increase over 2017 and 67 percent higher than five years ago.
Malware is the most expensive type of attack, costing companies US$2.6 million, on average, followed by web-based attacks, at US$2.3 million.
The number of organisations experiencing ransomware attacks increased by 15 percent in 2018, with the costs increasing 21 percent, to approximately US$650,000 per company, on average. The number of ransomware attacks more than tripled in the past two years.
Six in seven companies (85 percent) experienced phishing and social engineering cyberattacks in 2018 — a 16 percent increase over 2017 — and three-quarters (76 percent) suffered web-based attacks.
Automation, orchestration and machine-learning technologies were deployed by only 28 percent of organisations — the lowest of the technologies surveyed — yet provided the second-highest cost savings for security technologies overall, at US$2.9 million.

Companies in the United States experienced the greatest increase in costs due to cybercrime in 2018, at 29 percent, with a cost of US$27.4 million per company, on average — at least double that of companies in any other country surveyed. Japan was the next highest, at US$13.6 million, followed by Germany, at US$13.1 million, and the U.K., at US$11.5 million. The countries with the lowest total average costs per company were Brazil and Australia, at US$7.2 million and US$6.8 million, respectively.

“Increased awareness of people-based threats and adopting breakthrough security technologies are the best way to protect against the range of cyber risks,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Our report not only illustrates our joint commitment with Accenture to keep security professionals informed about the nature and extent of cyberattacks, but also offers practical advice for companies to improve cybersecurity efforts going forward.”

For more information on security investments that can help organisations effectively deal with cyber risks, visit: https://www.accenture.com/us-en/insights/security/cost-cybercrime-study.

Methodology
The study, conducted by the Ponemon Institute on behalf of Accenture, analyses a variety of costs associated with cyberattacks to IT infrastructure, economic cyber espionage, business disruption, ex-filtration of intellectual property and revenue losses. Data was collected from 2,647 interviews conducted over a seven-month period from a benchmark sample of 355 organisations in 11 countries: Australia, Brazil, Canada, France, Germany, Italy Japan, Singapore, Spain, the United Kingdom and the United States. The study represents the annualised cost of all cybercrime events and exploits experienced over a one-year period from 2017 to 2018. These include costs to detect, recover, investigate and manage the incident response. Also covered are costs that result in after-the-fact activities and efforts to contain additional expenses from business disruption and the loss of customers.

About Accenture
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialised skills across more than 40 industries and all business functions — underpinned by the world’s largest delivery network Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With 469,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.

Accenture Security helps organisations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture protects organisations’ valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.

This document makes descriptive reference to trademarks that may be owned by others. The use of such trademarks herein is not an assertion of ownership of such trademarks by Accenture and is not intended to represent or imply the existence of an association between Accenture and the lawful owners of such trademarks.

Learn More Here…

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Is somebody watching you

Is somebody watching you?

Is somebody watching you? How to stop apps from tracking your location

While location-tracking data is often anonymized before being sold on, it can reveal an alarming amount of information about your activity. It’s not just about where you shop — it shows everywhere you go, which may include anything from a prenatal clinic visit to an AA meeting, revealing potentially sensitive details about your life.

If you’re concerned about your privacy, or just kind of creeped out, you can take action to prevent apps from tracking your location. Here’s how to prevent app location tracking on Android or iOS.

FIND OUT WHICH APPS HAVE LOCATION DATA ACCESS

It’s a very good idea to start with a review of the apps on your phone that have access to location data. There are legitimate reasons for many apps to track your location, so be aware that denying access to location tracking may prevent some apps from working properly. A navigation app like Google Maps, for example, is not going to be anywhere near as useful if it doesn’t know where you are.

HOW TO PREVENT LOCATION TRACKING ON AN ANDROID PHONE

If you have an Android device, and you want to turn off location tracking entirely, then it’s easy to do, although the precise instructions will differ slightly from phone to phone.

On a Google Pixel 3, go to Settings > Security & location > Location and toggle Use location off.

On a Samsung Galaxy S9 Plus, go to Settings > Connections > Location and toggle it off.

On a Huawei P20 Pro, go to Settings > Security & privacy > Location services and toggle off Access to my location.

This will turn off all location tracking, so no apps will be able to access your location. It also means that, in theory, Google won’t track or save your location, though there’s evidence it will anyway. You may also still get ads based on your IP address location.

Unfortunately, turning off location altogether also means that you can’t track your phone if it goes missing, you can’t see or share your location in Google Maps, and some other services and apps may not work as well as they otherwise would.

Another setting worth looking at if you want to limit Google’s tracking is your Web & App Activity. You can find full instructions on how to control and delete searches and browsing activity, which sometimes also includes location, from Google.

HOW TO JUST RESTRICT SPECIFIC APPS IN ANDROID

If you decide that turning off location tracking altogether is a step too far, you can still toggle off specific apps that you’d prefer not to have location access. Once again, the instructions will vary a little depending on your phone.

For example, on a Pixel, go to Settings > Apps & notifications > Advanced > App permissions > Location.

On a Samsung Galaxy, it’s Settings > Apps > Menu (three dots at top right) > App permissions > Location.

On a Huawei phone, it’s Settings > Apps & notifications > Permissions > Your location.

Review the list and toggle off anything that you’d prefer did not have the ability to track your location.

HOW TO PREVENT LOCATION TRACKING ON AN IPHONE

Things are a little more straightforward with iOS, so if you want to turn off location tracking on your iPhone, or just restrict certain apps, then you need to go to Settings > Privacy > Location Services, where you can choose to toggle Location Services off completely.

Bear in mind that this will impact some services and apps, such as Maps and Find My iPhone, so it might be a step too far. Although, it’s worth noting that Location Services can be re-enabled on the device if it’s in Lost Mode. You can put your iPhone into Lost Mode via iCloud.

In Settings > Privacy > Location Services, you’ll also see a list of apps that have location data access and you can tap on each one and decide whether it should be allowed to access your location NeverWhile Using the App, or Always.

WHAT ABOUT THE LOCATION DATA ALREADY RECORDED?

Now that you’ve prevented various apps and services from tracking your location going forward, you may be wondering whether you can delete the location data that companies have already collected about your movements.

If you have an Android phone, then you can ask Google to delete your location history. Simply follow that link, make sure you’re signed into your Google account, and tap the red Delete Location History button. Bear in mind that it will delete the information permanently and you won’t be able to get it back.

If you have an iPhone, then go to Settings > Privacy > Location Services and scroll down to find System Services > Significant Locations, then tap Clear History at the bottom. Apple claims this information is encrypted and can’t be read by Apple, so this may be unnecessary.

As for the location data collected by other companies through the apps you’ve been using, there’s no easy way to find out what it is or to delete it. You could start by referring to the organization in question’s privacy policy and get in touch with them, but it’s very possible they’ve already sold your data and they don’t have any legal duty to help you in the U.S.

If you’re in the European Union, you do have a legal right to request a copy of the data that a company has collected on you, including location data, and to insist that they delete it. Check out the U.K. Information Commissioner’s Office guide for details on your rights and how to request data, but be prepared to jump through some hoops.

To further safeguard your privacy, we recommend using one of the best Android VPN apps or the best iPhone VPN apps.

 

Is somebody watching you?By: Simon Hill

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Google confirms it tracks users

Google confirms it tracks users

Google tracks your location — even when you deny it permission

Google confirms it still tracks users who turn Location History off

BREAKING: Google clarifies to users it still tracks their location even after they turn off location history, following AP report.

The AP first started looking into the issue when K. Shankari, a graduate researcher from University of California, Berkeley, turned off her Location History on her Android device — but still received a notification asking to rate a shopping trip to Kohl’s.

While Google does ask permission to use location information (such as requesting access for use in navigation), the issue lies within the Location History setting. Google’s support page states: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored,” but the AP’s investigation found this to not be true.

The in-depth report includes a map that illustrates the commute of Gunes Acar, a Princeton privacy researcher. Even with “Location History” turned off on his Android phone, the map pinpoints exactly where he traveled and saves the data to his Google account.

Even if users “pause” Location History to keep the company from noting where they’ve been, the AP says “Google apps still automatically store time-stamped location data without asking.”  AP found that pausing it doesn’t keep the company from being able to store a snapshot whenever you open Maps, or pinpoint where you are when your Android device automatically updates to give you the weather.

A quick Google search for random items on your device apparently isn’t safe from tracking either. Even though your search isn’t related to location, it still allows the device to determine your location and save it to your Google account.

In response to the findings, Google issued a statement to the AP:

“There are a number of different ways that Google may use location to improve people’s experience, including: Location History, Web and App Activity, and through device-level Location Services. We provide clear descriptions of these tools, and robust controls so people can turn them on or off, and delete their histories at any time.”

The tech giant says that users can turn off another setting called “Web and App Activity,” which is enabled on your device automatically. It’s a setting that stores information from Google apps and websites to your Google account.

Turning it off will prevent Google from saving location markers, along with information based on your search and activity. But the AP also notes that turning this setting off could alter how effective Google Assistant is, which could greatly affect those who rely on it often.

 

 The Associated Press

Google confirms it tracks usersBy: Brenda Stolyar

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Cyber Culture

Organizational Approach to Cyber Culture

Organizational Approach to Cyber Culture

Predictions aren’t easy, especially in the chaotic world of cybersecurity. The threat landscape is ever-growing, all thanks to offensive and defensive technologies and nation-state attacks emerging at a fanatic pace with advanced scope and sophistication. The following post emphasizes how one can improve a company’s cyber security culture.

What is a security culture? A facet of the broader corporate culture, it encourages employees to make decisions and fulfill day-to-day duties – while adhering to the organization’s ongoing security policies. By using security best-practices, employees can mitigate cyber risks and improve compliance with even the most severe regulations. A security culture, however, is a healthy mix of knowledge and follow-through.

Why it’s essential to build a healthy security culture?

Do you know what an organization’s culture requires the most? Care and feeding on a daily basis; with security emerging as a critical issue, business owners are investing heavily in promoting a security-aware culture. Now, do you think a sustainable security culture is just a single event? Definitely not! When a security culture is sustainable, chances are it transforms security from a one-time event into a lifecycle that generates security returns forever.

What makes a sustainable security culture? It’s based on four features: It must be deliberate and disruptive. Second, it has to be engaging and fun. Third, it turns out to be rewarding. Fourth, it provides a great return on investment.

Most important of all, a sustainable security culture has to be persistent. Don’t consider it as a one-time investment – it’s embedded in everything you do.

What follows are several tips that can improve a company’s security culture:

Make security accessible

Security constraints and skill shortages are some of the biggest challenges. It’s a common, but misleading, belief that only the most senior executives should handle security.  That’s not the case at all. Instead, everyone should own a company’s security solution and culture.

While this might seem difficult, it’s not impossible. All you need to do is incorporate security at the highest level of your existing environment. Moreover, keep updating software, corporate policies and make sure that security remains a non-negotiable agreement for a lifetime. This means those who have (CISO, CSO) in their titles won’t be the only ones with clear access to security. Access and responsibility is from C-level execs – all the way down to individual managers.

Train employees

Many people may find cybersecurity training quite labor intensive. However, if we view cybersecurity training in the long-term, it’s not so! The good news is there’s a variety of training available – from traditional PowerPoint presentations conducted by an IT team member to more modern options. Another interesting way to foster a security-centric culture is by conducting role-playing games. For example, let employees review security-related cases and decide how to solve specific problems in alignment with your company’s security policy. Using this approach makes learning in a fun, yet practical way to follow security policy – without posing any risk to the organization.

Secure executive support

There is no harm in seeking executive support to create a successful cyber culture. This eventually helps boost profitability to a great extent. In addition, when building support – try to set realistic expectations.

Ask employees to report incidents

Communication is key to success. A company is more like a community of employees that ends up being socially responsible. Here, management should encourage employees to report not just full-fledged incidents, but even the smallest suspicious activities encountered throughout the day. By getting employees on board with reporting, you’ll increase the rate of spotting cybersecurity issues – and hopefully reduce the chance of serious incidents.

Building a strong security culture takes work. As the old expression goes: “Slow and steady always wins the race”. –This means you must continuously promote cybersecurity awareness. Approach information security with the same level of engagement and responsibility as you would with financial and other corporate risks.

Final thoughts

Incorporating an effective security culture can positively change how an organization approaches it. Keep in mind that change takes time, so expecting employees to become pen-testing Ninjas or experts who can write secure code while they sleep is a waste of time. But with the right process and attitude, you’ll eventually get there.

So it’s time to brush up your defense skills that embrace and reward the adoption of good cyber security behavior.

What kind of security culture do you have? 

by Vikash Chaudhary

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

1 2