Zero Day Vulnerabilities: How Do You Stop a Threat You Can’t See Coming?

This past March, WikiLeaks dumped 8,761 CIA documents collectively known as “Vault 7”. These documents contained information about what was essentially the government agency’s armory of cyber threats. They included malware, viruses and Trojans used for espionage purposes. More importantly, they had information about zero day vulnerabilities the CIA had been using to hack computers, tablets, smartphones and other devices for intelligence gathering purposes. Frighteningly, all of it was made available to hackers in one fell swoop. Wired called it “a one-stop guide to zero day exploits.”

On the bright side, cyber security researchers have access to the same information, which means they have some time to steel the rest of us against any fallout that could ensue from these previously undisclosed cyber weapons. Nevertheless, these zero day threats are out in the open now, and they can be used against us.

With that in mind, there’s no better time than now to dive into the world of zero day exploits. This post looks at how zero days behave, assesses some of the most infamous examples of them, and perhaps most importantly, provides best practices for how to deal with these elusive threats.

Part 1: The Evolution of Zero Days A Sinister and Growing Cyber Threat

A zero day threat is a vulnerability that developers and security researchers have known about for less than a day. In many cases, these threats are first identified by penetration testers and white hats, which gives them time to issue emergency

Faronics Tech Roundup – March in Review

March has come and gone, and we saw the usual mix of good and bad news. From the fall of an operating system to the rise of blockchain, let’s take a look at the news highlights from the month that was:

Locky Hands the Baton to Cerber

Not surprisingly, ransomware has once again made headlines. On the positive front, Locky had the lowest infection rate since it was first launched in February 2016. The bad news, however, is that there’s a new sheriff in town: Cerber.

Cerber isn’t a new strain of ransomware. But in the past few months, its prevalence has waxed as Locky’s waned. This month, researchers discovered that the nasty strain of malware is now spreading through a new, sneaky social engineering scheme that leverages a DropBox link. Upon opening the link, Cerber’s payload downloads and self-extracts. Needless to say, we don’t expect to see the end of ransomware anytime soon.

Hasta la Vista, Vista

Microsoft’s Windows Vista operating system, on the other hand, is a different story. We all had an inkling that the OS’s end of life was nearing, but it came sooner than expected. The Redmond computing giant officially announced this month that it will stop supporting Windows Vista after April 11 this year.

Users will still have the option to keep running the OS, but since Microsoft will not longer be providing critical security patches, they do so at their own risk. It may be time to finally cave, and update to Windows 10.

Tips for Effective IT Endpoint Management in Airports

Aviation is one of several critical industries that has been transformed by the addition of internet-connected endpoints. By 2021, the global market for smart airport technology will be worth nearly $15 billion, exhibiting a 5.6 percent compound annual growth rate. With potential to provide a better customer experience and improve operations, it’s not hard to see why aviation industry leaders would want to adopt smarter technology. Before that happens, endpoint management must be streamlined. Every new computer or laptop on an airport or airliner’s network is a liability if not properly managed. Downtime from system failures, or worse, cyberattacks, must be abated.

Freeze Kiosk Configurations

Last October, San Jose International Airport unveiled three robotic customer kiosks named Norma, Amelia and Piper. Unlike your garden-variety airport check-in machines, these computers can, among other things, dance.

As nifty and endearing as they are, Norma, Amelia and Piper at their core are no different than any other kiosk. For instance, in the event that a software glitch causes the computer to lock up, they may require assistance from an IT technician, resulting in IT downtime – unless of course, their configurations are kept in a frozen state.

Today, an increasing number of airlines are freezing their kiosk configurations, both on the customer-facing end and on computers used by airline staff. In doing this, no permanent changes can be made to the endpoint. From a practical maintenance standpoint, this limits disruptions typically associated with IT troubleshooting. Likewise, malware intrusions, and even ransomware, can be

3 Ways to Ensure Effective IT Asset Utilization

As information technology becomes more central to business operations, IT leaders are under increasing pressure to allocate budget resources in the most effective manner possible. Digital transformation will almost inevitably require some trial and error – but that doesn’t mean you can’t reduce the number of trials and eventually eliminate errors. The best way to do this is with more effective IT asset utilization management.

Here are three ways to get the bird’s-eye view you need to make the most of your IT assets:

1. Aggregate Usage Metrics

A retailer, library or airliner can learn a lot about its investment priorities by collecting and analyzing IT usage metrics. They can determine, for instance, the frequency with which customers are using self-service kiosks, how they’re using them and how much time they’re spending during each session. By summarizing this data in graphical format, insights can be gleaned hastily and with ease. Ask and answer questions such as “do we really need this many kiosks?” or, “are certain applications being used more than others?” From here, it becomes a matter of adjusting asset investment according to utilization.

Over-deployed software can easily be avoided with the right approach to asset utilization.

2. Track Software Compliance

Over-deployed software can easily be avoided with the right approach to IT asset utilization.

Over-deployment of software licenses can also result in heavy vendor fines, and it can also put an organization at legal and

Managing Cyber Risks : 4 Common Practices that Organizations Follow

The risk-based approach to cybersecurity is more prevalent then it ever has been, and for good reason. Rather than blindly piecing together a cybersecurity strategy, organizations are trying to address cyber risk more foundationally. This entails identifying risks that are unique to the business and addressing them with proper security controls. While the exact nature of these controls will vary by organization, broadly speaking, there are several ways every business can be effectively managing cyber risks. They include the following:

Deploy Best-in-Class Cybersecurity Tools

Set-it and forget-it cybersecurity still has its place, but only if it actually does everything you need it to. A strong all-in-one solution should provide:

  • Active protection against viruses, spyware and rootkits.
  • Firewall and web filters.
  • Easily accessible reporting for network traffic, protection status and more.

Ideally, this solution would be lightweight enough to run in the background, but powerful enough to be comprehensive in its protection that it actually saves IT staffs’ time.

Create Best Practice Policies, Test Them

A written cybersecurity policy is a critical component of cyber risk management.

Organizations need to start implementing written security policies that all employees are expected to abide by. These don’t have to be Draconian measures, but they must be thorough enough to adequately address employee-introduced risk. Furthermore, they need to be explained to employees to be effective. Handing them a dense manifesto outlining cybersecurity protocols is hardly the best way to raise awareness.

Finally, and perhaps most importantly, verify the efficacy of these policies by testing them.