Benefits of Symantec MPKI for SSL

Symantec

 

 

 

 

Benefits of Symantec MPKI for SSL.

Symantec™ Managed PKI (MPKI) for SSL cloud-based management console provides centralized control and delegated administration of all your Symantec SSL and code-signing certificates. Extended Validation (EV) and premium certificates include vulnerability assessments and malware scanning to assist in website protection. MPKI for SSL is ideal for a large enterprise that needs to deploy and manage large numbers of SSL certificates.

Symantec MPKI for SSL

 

Secure Multiple Subdomains with One Certificate

Secure Multiple Subdomains

Secure Multiple Subdomains with One Certificate

Symantec SSL certificate with Wildcard is one of several options available for Enterprise to secure their website.Symantec SSL Certificate Wildcard option provides encryption and authentication for multiple subdomains on a single server.Secure Multiple Subdomains

There are several best practice deployments of Symantec SSL Certificate Wildcard option:

  • Secure multiple subdomains starting from several levels down from the top level domain, example, sublevel three or four.
  • Secure multiple domains with domain names that are frequently changing.
  • Secure large number of subdomains (extremely large SANs).
  • Secure multiple different domains.
  • Secure the base subdomain

What is WiFi

What is WiFi?

Wi-Fi (or WiFi) is a local area wireless computer networking technology that allows electronic devices to connect to the network.To access this type of connection, one must have a wireless adapter on their computer. Wi-Fi provides wireless connectivity by emitting frequencies between 2.4 GHz to 5 GHz based on the amount of data on the network. Areas which are enabled with Wi-Fi connectivity are known as Hot Spots. One can use advanced softwares like Wirelessmon to detect and request connection to Hotspots. To start a Wireless connection, it is important that the wireless router is plugged into the internet connection and that all the required settings are properly installed.wifi

What is WiFi and how does it work?

Wireless technology has widely spread lately and you can get connected almost anywhere; at home, at work, in libraries, schools, airports, hotels and even in some restaurants.
Wireless networking is known as Wi-Fi (Wireless Fidelity) or 802.11 networking as it covers the IEEE 802.11 technologies.
The major advantage of Wi-Fi is that it is compatible with almost every operating system, game device and advanced printer.

Like mobile phones, a Wi-Fi network makes use of radio waves to transmit information across a network.
The computer should include a wireless adapter that will translate data sent into a radio signal.
This same signal will be transmitted, via an antenna, to a decoder known as the router. Once decoded, the data will be sent to the Internet through a wired Ethernet connection.
As the wireless network will work as a two-way traffic, the data received from the Internet will also pass through the router to be coded into a radio signal that will be receipted by the computer’s wireless adapter.

A wireless network will transmit at a frequency level of 2.4 GHz or 5GHz to adapt to the amount of data that is being sent by the user.
The 802.11 networking standards will somewhat vary depending mostly on the user’s needs, as explained below:

1. The 802.11a will transmit data at a frequency level of 5GHz. The Orthogonal Frequency-Division Multiplexing (OFDM) used enhances reception by dividing the radio signals into smaller signals before reaching the router. You can transmit a maximum of 54 megabits of data per second.
2. The 802.11b will transmit data at a frequency level of 2.4GHz, which is a relatively slow speed. You can transmit a maximum of 11 megabits of data per second.
3. The 802.11g will transmit data at 2.4GHz but can transmit a maximum of 54 megabits of data per second as it also uses an OFDM coding.
4. The more advanced 802.11n can transmit a maximum of 140 megabits of data per second and uses a frequency level of 5GHz.

The term Hotspot is used to define an area where Wi-Fi access is available.
It can either be through a closed wireless network at home or in public places like restaurants or airports.

As stated earlier, to be able to access Hotspots your computer should include a wireless adapter.
If you are using an advanced laptop model, it will probably include a built-in wireless transmitter already.
Otherwise you can purchase a wireless adapter that will plug into the PCI slot or USB port. Once installed, your system will automatically detect the Wi-Fi hotspots and request connection.
If not, you should use a software to handle this task for you.

How to make a WiFi connection

1. To start your connection with a wireless router, ensure that it is plugged into the internet connection point.
2. You should turn on your external modem first before plugging the router into your computer via an Ethernet cable.
3. Switch on your wireless router until it fully starts up and open your internet browser.
4. For Belkin users, enter http://192.168.0.1.
5. For Linksys users, enter http://192.168.1.1
6. If you are not using either service, enter http://192.168.2.1
7. Then, you can file in your router’s username and password.
8. Set the SSID (wireless capability) active.
9. Type in the username and password provided by your ISP and select either WEP or WPA security. Then, choose a new passkey.

Courtesy :-ccm.net

Global Crackdown on 37,000 Fake Shopping Sites

Ecommerce websites are all the rage around the world today, and millions of goods exchange hands over the festive season in particular. There are several popular sites that a majority of people prefer shopping over; however, some people also choose some relatively unknown sites due to bigger discounts or more enticing deals. This may not be such a great idea after all, keeping in mind the latest news that has come to light about a global crackdown by the US Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI) unit on more than 37,000 fake shopping websites across 27 countries.

These efforts were not taken in isolation and actively involved the assistance of local law enforcement agencies as well, notably Europol and Interpol were also involved. Most of the sites were discovered to be selling counterfeit goods and were then subsequently shut down due to their fraudulent nature. These efforts have been regularly undertaken by the HSI and this is the 6th year in a row of its operations.

Some of the popular and notable fake goods that were discovered to be sold by these fake shopping sites were as follows:

  • Headphones and earphones
  • Sports clothing and shoes
  • Toiletries
  • Mobile phones
  • Consumer electronics
  • Luxury goods

A lot of these sites used a simple method of lowering the prices of their products in order to entice users and trick them into making purchases over their fake portals. This also led to countless other cases of data theft, privacy violation and credit card fraud. You can read more about this global crackdown here.

7 Reliable Tips for Safe Online Shopping

In the meantime, whenever you decide to shop online, keep these 5 safety tips in mind and you’ll not have to worry about getting your safety or privacy compromised.

  1. Carefully read product reviews and site reviews before purchasing
  2. From an unknown site, always choose the Cash On Delivery (COD) option
  3. Keep a regular check on your bank statements and keep SMS updates ON
  4. Be aware that deals that appear too good to be true are usually fraudulent in nature
  5. Watch out for the HTTPS prefix and the lock symbol before making a purchase
  6. 6. Don’t click on advertising links directly from emails that reach your inbox
  7. Keep a different card with limited account balance that you use only for online shopping

Courtesy :- QuickHeal

 

How to securely manage your finances online

Say goodbye to paper bills, stamps and envelope licking. Say hello to the easy way to manage your finances

 When once checking bank accounts, credit reports and making transfers meant a journey into the local branch of the bank or building society, online banking has dramatically changed the way in which the average person manages their finances.Almost all banks and building societies now have websites and apps that allow users with access to the Internet to manage their various bank accounts. It has always created a paper-free statement system that not only helps to preserve the planet and reduce litter, but to stay more conveniently organised at the same time.
With the rise of online banking allowing users to make quick and easy transfers along with checking bank accounts and statements, online security has also become a greater need for the everyday Internet user, especially as sensitive financial information is so readily accessible.

Managing your investments

How’s your investment portfolio doing today? Well, you could call your broker and ask. Or wait until the end of the month and check your statement. Or go online and take a look right now. You can ask your broker to set up online access for you, or you can go online and sign up yourself. Once online you can:
• Monitor the total value of your portfolio or check the
current price of each security.
• View trends for the whole portfolio or individual securities.
• Buy and sell securities (before you do this, be sure to
get input or recommendations from a licensed broker or,
at the very least, do some astute research of your own).
There have been scams where cybercriminals have accessed the online portion of financial services companies and posed as the account owners to transfer funds overseas. Ask your financial advisor about fraud alerts or additional security measures to prevent such crimes.

Monitoring your credit cards

According to the Federal Bureau of Investigation, credit card fraud is the most common form of consumer fraud. Online monitoring of your credit card transactions can help keep you from becoming a fraud victim and a statistic.

• Go to your credit card company’s website and sign up for online access to your account.
• Monitor your account frequently and identify each transaction.
• If you see a transaction that is suspicious, call the credit card company and report it.
• If the transaction is found to be fraudulent, you can have the charge reversed and, if necessary, your account frozen and a new card issued with a new account number.
By using the various online and mobile tools available from your bank, your credit card provider and your financial investment service, you can stay well informed about the state of your financial affairs. You will also be able to spot fraudulent charges or unauthorized transactions, giving you the ability to stop a cybercrime quickly and limit the damage.

Knowing your credit report and your rights

A credit report is essentially a report about your credit accounts that includes your financial information, transactions and history of repayments. Due to the delicate nature of these reports, a bank, building society or other lender is only given access with your specific permission, though many transactions such as phone contracts and loans require a credit report check.

The report is designed to help lenders assess whether you are a reliable person to lend to. The information comes from some public information, such as court judgements and the electoral roll information, along with credit history information to give a snapshot into your ability to repay previous loans.

As a person’s credit report can influence major aspects of a person’s life including the ability to buy a home, there are certain rights each individual has in regards to their report.

Under the Data Protection Act, everyone has a right to:
• Receive a copy of their credit report within seven working days of a request.
• Dispute any inaccurate information and have this investigated.
• Have the errors corrected within 28 days of reporting the inaccuracy.
In the UK, there are several agencies that are designed to help those either struggling to improve their credit report or who may have questions and queries about the information appearing on the report, along with those who may have concerns about identity theft. The major agencies include the Citizen’s Advice Bureau, the Consumer Credit Counselling Service and the National Debtline.

Taking basic security precautions

Is all this safe? Well, nothing is absolutely safe, but you can take precautions to make sure that your online financial management activities are at least as safe as the same activities would be in the offline world, maybe even safer. You should be aware, vigilant and take routine precautions such as these:

•Secure. Look for the lock icon and/or a Web address that starts with “https://” (the “s” stands for secure). This isn’t a guarantee, but is generally a good indication of a secure site.
•Create strong passwords of at least eight characters that combine letters, numbers, and symbols. Use a different password for each account, and don’t use the same password that you
use to access your PC. Change your passwords frequently and don’t store them on or near your computer.
• When you’re finished with your transaction, log out of the account.
• Secure your PC with Internet security software, such as Norton 360 or Norton Internet Security.
Keep that software updated.
• If you see a transaction that is suspicious, call the credit card company and report it.
• Don’t respond to emails or pop-up windows that ask you to update your security information. Your bank, credit card or investment firm won’t ask you to do that.
• Remember any offer that seems too good to be true probably is. Don’t respond.

Protecting your bottom line

As long as you do everything you reasonably can to secure your PC and take standard precautions in making online transactions, the benefits of managing your finances online will outweigh safety concerns. Say goodbye to paper bills, stamps and envelope licking. Say hello to the easy way to manage your finances (but please be careful).

Courtesy :- Symantec

First Line of Defense: Operation Black Atlas Put Small and Medium-Sized Businesses At Risk With PoS Malware

First Line of Defense Trend Micro

Operation Black Atlas

Operation Black Atlas Put Small and Medium-Sized Businesses At Risk With PoS Malware

In 2013, Target suffered the biggest PoS malware attack where tens of millions of transaction data were stolen. The breach started the same time Black Friday kicked off that year and extended its operation till the tail end of December. Since then, there were several PoS attacks that came after, but thankfully not as damaging. But now, a new campaign involving a bigger PoS threat is already working its way through networks around the world. Our researchers have recently found a powerful, adaptable, and invisible botnet that searches for PoS systems in any network. We are calling this cybercrime campaign as Operation Black Atlas.

” Cybercriminals are utilizing a shotgun approach to PoS malware in which they try to affect as many companies as they can regardless if it’s a major enterprise or a start-up company.”

Operation Black Atlas was operating as early as September2015, doing groundwork for major shopping events such as Thanksgiving, Black Friday, Cyber Monday, and the rest of the holiday season. Besides retail industries and companies, Black Atlas aims to target any industry it can find that rely on credit card payments. This is highly problematic given that most shoppers still rely on credit cards for non-cash payments. And in our paper Follow the Data: Dissecting Data Breach and Debunking Myths, we stated that 47.8% of data breaches come from the retail sector.
The tools used by operators of Operation Black Atlas are what make it dangerous. These cybercriminals basically possess tools of different functions. The tools enable them to penetrate and steal information from different network and security setups. So far, the malware used in Operation Black Atlas includes variants of Alina, NewPOSThings, a Kronos backdoor, and BlackPOS. Alongside the tools, cybercriminals are utilizing a shotgun approach in PoS malware in which they try to affect as many companies as they can regardless if it’s a major enterprise or a start-up company.

With this global threat, we may still experience the crippling power of PoS malware even with new payment processing technologies. Small- and medium-sized business owners are strongly advised to boost their PoS security by using a multi-tiered PoS defense system. For holiday shoppers, make sure you have switched to EMV or chip-and-pin credit cards, or use other payment processing systems when making in-store purchases. To learn more about Operation Black Atlas, read the full article on how Operation Black Atlas threatens the SMB sector, and our updates on Operation Black Atlas.

Ransomware

As 2015 comes to a close, it’s time to gain perspective of the future by taking a look back at the present year’s events – in this case, the ransomware.

Some Quick Stats about the Ransomware’s Menace in 2015

• A new variant of the ransomware family – Teslacrypt, was seen in early 2015. It specifically targets computers with saved games files. Read more about Teslacrypt here.

• A massive surge was detected in the CTB Ransomware – a relatively new variant.

• India seemed to have been hit with the highest number of ransomware attacks this year; accounting to 16000 infections.

• The FBI reported a loss of $18 million because of ransomware attacks worldwide.

Ransomware infections are deemed nasty to such a level that even the FBI stated that they often advise people to pay the ransom. Joseph Bonavolonta, Assistant Special Agent in Charge of the Cyber and Counterintelligence Program in the FBI’s Boston office quoted “The ransomware is that good… To be honest, we often advise people just to pay the ransom.”

So, what’s the prediction for ransomware in 2016?

By the looks of the alarming rate at which the ransomware family is growing, it is wise to assume that this malware is here to stay and not going away anytime soon. For 2016, here’s what ransomware authors may be gearing up for:

1. Getting more personal – hackers may threaten people of releasing encrypted information in public. Instances of this have already occurred. ‘Chimera’ – a recently launched ransomware campaign in Germany, threatened to release the victims’ encrypted files in public, if the ransom was not paid.

2. Targeting Macs – with Mac becoming more popular among users, they are likely to become an attractive prey for ransomware.

3. Extending the ransomware circle – rookie cybercriminals may start offering ransomware as a service, transforming it into a large-scale business-like operation.

4. Targeting Android – attempts of bringing ransomware to the mobile platform have already been noticed in 2015; a popular example is SimpleLocker. In the coming year, we can expect advanced and more complex variants of the same and others alike.

5. Better delivery – hackers will use more sophisticated mechanisms to spread ransomware and more valuable ways to extort money from their victims.

6. Other targets – as more users are becoming aware and getting educated about how to fight ransomware, hackers will target avenues which are still security-deficient such as smart TVs, smart houses, smart fridges, Internet-enabled cars; in short, the Internet of Things.

7. Life Threatening – Frighteningly, ransomware attacks can turn out to be more than a digital threat to people – it can become life-threatening. Attackers are now suspected to go after lifesaving medical devices. There could be a horrid situation where a patient is demanded to pay a ransom in order for their pacemaker to be released from a ransomware’s clutches. Read more on this here.

Ransomware

Steps you Must Take

Cyber criminals don’t take time off from creating and improving upon their tactics and that’s why it is essential that we don’t let our guard down against them. Here are some of the best ways you can protect your device from ransomware:

• Never download attachments or click links in emails received from unwanted or unexpected sources, even if the source looks familiar.

• Don’t respond to unwanted pop-up ads or alerts while visiting unfamiliar or even familiar websites.

• Apply all recommended security updates to your OS, software, and Internet browsers, if not already.

• Take regular backups of all the important files you have on your computer. We recommend you to begin the backup procedure offline and not when you are connected to the Internet. Doing this will ensure that you do not have to meet the ransomware’s demands.

• Have a security software installed in your PC that efficiently blocks spam and malicious emails, and automatically restricts access to malicious websites. Antivirus has an inbuilt anti-ransomware defense that detects and stops ransomware that encrypt data. This defense mechanism works on a behavior-based module – which means, it analyzes programs based on their behavior and the activities carried by them on the users machine. This helps Quick Heal detect malware like ransomware in real-time and prevent possible infections. This anti-ransomware feature remains active in the system even if the antivirus software itself is turned off for some reason.

Courtesy :- Quick Heal

Simplified email routing settings in the Google Apps Admin console

The email routing settings in the Admin console allow Google Apps admins to set up default mail routing options across their domain, or for specific organizational units. For example, you may want to route certain incoming mail to different server locations or recipients based on the nature of its content, or require that outbound mail pass through a gateway before being sent for greater security.

These settings provide admins with a high level of granular control, but we realized that they can be complicated to find and use in their current structure in the Admin console. That’s why with today’s launch, we’re taking the first step towards significantly simplifying the experience for email routing settings by adding a new section called Routing under Gmail > Advanced settings > General settings.

email routing
This new Routing section will consolidate the following existing settings into one location, making them easier to manage: Sending routing, Receiving routing, Outbound gateway, Default routing, and Email routing. The new Routing settings will coexist with your existing routing settings for the short term, and any routing policies previously set will not be impacted.

In the future, we’ll further improve the email routing experience by migrating and consolidating additional existing settings into the new centralized location. Stay tuned for more information on these plans.

Admins creating new email routing policies are encouraged to use the new Routing settings for enhanced functionality. In addition to being easier to use, the new Routing settings will apply to SMTP-relayed messages as well as messages sent to email groups. These features are not available using the previous settings.

Check out the Help Center for more details on the new Routing settings.

Launch Details
Release track:
Launching to both Rapid release and Scheduled release

Rollout pace:
Full rollout (1-3 days for feature visibility)

Impact:
Admins only

Action:
Admin action suggested/FYI

Reference by Google.com

Use templates to create files in the Google Docs, Sheets, and Slides mobile apps

Templates allow you to quickly and easily create files with specific purposes—for instance, you can pull together a project proposal in Google Docs, an invoice in Google Sheets, or a case study in Google Slides without spending unnecessary time or resources on formatting. In September, we launched templates in Docs, Sheets, and Slides on the web; today, we’re rolling out that same functionality for their corresponding Android and iOS apps.

Starting now, when you go to create a new document, spreadsheet, or presentation on your Android or iOS device (by clicking the red “+” button in the bottom right corner of your screen), you’ll be given the option to choose a template. These templates will be the same as those available to you in Docs, Sheets, and Slides on the web, including a meeting agenda, pitch deck, expense report, and more.

Templates

 

 

 

 

 

 

 

 

 

Focus on your content, not your formatting. Check out the Help Center article below for more information on getting started with templates.

Launch Details
Release track:
Launching to both Rapid release and Scheduled release

Rollout pace:
Gradual rollout (potentially longer than 3 days for feature visibility)

Impact:
All end users

Action:
Change management suggested/FYI

Reference by google.com

Phishing

Phishing

Phishing is essentially an online con game and phishers are nothing more than tech-savvy con artists and identity thieves. They use SPAM, malicious Web sites, email messages and instant messages to trick people into divulging sensitive information, such as bank and credit card accounts.
How Do You Know
· Phishers, pretending to be legitimate companies, may use email to request personal information and direct recipients to respond through malicious web sites
· Phishers tend to use emotional language using scare tactics or urgent requests to entice recipients to respond
· The phish sites can look remarkably like legitimate sites because they tend to use the copyrighted images from legitimate sites
· Requests for confidential information via email or Instant Message tend to not be legitimate
· Fraudulent messages are often not personalized and may share similar properties like details in the header and footer

Vulnerabilities

Vulnerabilities are flaws in computer software that create weaknesses in the overall security of the computer or network. Vulnerabilities can also be created by improper computer or security configurations. Threats exploit the weaknesses of vulnerabilities resulting in potential damage to the computer or personal data.
How Do You Know
· Companies announce vulnerabilities as they are discovered and quickly work to fix the vulnerabilities with software and security “patches”
What To Do
· Keep software and security patches up to date
· Configure security settings for operating system, internet browser and security software
· Develop personal security policies for online behavior
· Install a proactive security solution like Norton Internet Security to block threats targeting vulnerabilities

Courtesy :- Symantec