How do I select a SIEM solution for my business?

A Security Information and Event Management (SIEM) solution collects and analyzes activity from numerous resources across your IT infrastructure. A SIEM can provide information of critical importance, but how do you find one that fits your organization?

To select an appropriate SIEM solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals in order to get insight to help you get started.

SIEM is a mature product category and continues evolving. However, SIEM needs to enable teams to evolve, as SecOps transforms from “traditional” to “adaptive.”

Let’s start with people — traditional skillsets are based on tools (e.g., vulnerability, firewall, IDS/IPS, etc.), but broader skillsets are needed to help practitioners adapt quickly. Manipulating and analyzing data, performing collaborative research, understanding adversaries/tradecraft — SIEM must help augment and develop these skillsets.

Next is process — with improved skills, alerts no longer rule (unless allowed to), and pre-defined, static SOPs / playbooks alone are not enough. Teams now require real-time analysis to hunt — including performing research, reverse-engineering and simulating threats, and more. Context is everything. Hunting and operationalizing effectively requires full visibility — not in a separate tool, but within the SIEM.

Finally, technology. Full visibility isn’t just broad coverage, but fast insights. Also, detections need to work OOTB. Consider endpoint — there, OOTB detections have high accuracy. The same principle should apply in SIEM, without requiring every analyst to be an expert rule author. SIEM isn’t just “technology” — it needs real-world-validated security content.

As SecOps matures, major investments are often required for the care and feeding of a SIEM. You have to stop threats and justify your investment. Give yourself the runway to be confident that once deployed the SIEM can meet your fast-evolving needs, and ask hard questions around scale and flexibility — from detections to integrations, to deployment options, to pricing metrics.

Christopher Meenan, Director, QRadar Product Management and Strategy, IBM Cloud and Cognitive Software

The first thing to think about is what use cases you need to address. Your requirements will look very different depending on whether you need to secure your organization during a cloud transformation, build a unified IT and OT security operations program, or simply address compliance. Your use cases will drive requirements around integrations, use case content, analytics, and deployment methods.

Ask the vendors how they can help address your requirements. Understand which integrations and use case content are included, versus which require a separate license or custom development. Understand what analytics are available and how those analytics are used to detect known and unknown threats. Ask what frameworks, such as MITRE ATT&CK, are natively supported.

If you’re like most companies, your team is understaffed – which means you need usable products that help shorten the learning curve for new analysts and make your experienced team members more efficient. Ask how each solution measurably increases efficiency during the detection, investigation and response processes. Also ask about SaaS deployments and MSSP partnerships if to reduce on-going management requirements.

Most importantly, don’t be shy. Ask for a proof of concept to make sure the tools you’re considering will work for you.

Stephen Moore, Chief Security Strategist, Exabeam

The most seasoned and well-resourced security teams can be easily overwhelmed by the volume of organizational alerts they receive in a day and that complexity – coupled with the inherent difficulties of detecting credential-based attacks – means many SOC analysts now experience several pains that traditional SIEMs can’t solve, including alert fatigue, a lack of skilled analysts and lengthy investigation times.

Many organizations are now migrating their SIEM to the cloud, which allows analysts to harness greater compute power, sift through, interpret and operationalize SIEM data. Now more of their time is spent finding bad things versus platform and server support. But to choose the right SIEM for ‘the business’ you need to consult with it. You need to align its capabilities to the goals, concerns and expectations of the business – which will undoubtedly have changed over the last few months. Above all else, this requires taking the time to ask the questions.

Then, make choices based on known adversary behavior and breach outcomes – focusing specifically on credentials – ensuring your platform is adversary adaptable and object centered. Ask, will it improve your time to answer (TTA) questions, such as ‘which account or asset is associated with this alert?’ or ‘what happened before, during, and after?’

Finally, any solution needs to help your SOC analysts focus on the right things. Key to this is automation – both in the form of incident timelines that display the full scope, acting as the storyboard of the incident, as well as an automated incident response capability for when action must be taken to return the environment to normal. Providing automation of the necessary investigation steps is the most important thing an incident responder can have so they may take action faster and most importantly minimize the risk of an incomplete response.

Wade Woolwine, Principal Security Researcher, Rapid7

While the term SIEM has “security” as the very first word, event and log management isn’t just for security teams.

When organizations look to invest in a SIEM or replace an existing SIEM, they should consider use cases across security, IT/cloud, engineering, physical security, and any other group who may benefit from a centralized aggregation of logs. Once the stakeholders have been identified, documenting the specific logs, their sources, and any use cases will ensure the organization has a master list of needs against which to evaluate vendors.

Organizations should also recognize that the use cases will change over time and new use cases will be implemented against the SIEM, especially within the security team. For this reason, organizations should also consider the following as hard requirements to support future growth:

• Support for adding and categorizing custom event sources by your own team
• Support for cloud based event sources
• Field searching level with advanced cross-data-type search functionality and regular expression support
• Saved searches with alerting
• Saved searches with dynamic dashboard reporting
• Ability to integrate threat feeds
• Support for automation platform integration
• API support
• Multi-day training included with purchase

Jesper Zerlang, CEO, LogPoint

As the complexity of enterprise infrastructures is increasing, a key component of a Modern SIEM solution is the ability to capture data from everywhere. This includes data on-premises, in the cloud, and from software, including enterprise applications like SAP. In today’s complex threat landscape, a SIEM that fully integrates UEBA and allows enterprises to relevantly enhance security analytics instantly is an absolute necessity.

The efficiency of your SIEM solution is entirely dependent on the data you feed into it. If the license model of a SIEM solution relies on the volume of data ingested or the number of transactions, the cost will be ever-increasing due to the overall growth in data volumes. As a consequence, you may select to skip SIEM coverage for certain parts of your infrastructure to cut costs, and that can prove fatal.

Choose a SIEM with a license model that that support the full digitalization of your business and allows you to fully predict the future cost. This will ensure that your business needs are aligned by your technology choices. And last but not least: Select a SIEM solution that has documented short time-to-value and complete your SIEM project on time. SIEM deployments, whether initial implementation or a replacement, are generally considered complicated and time-consuming. But they certainly don’t have to be.

from Help Net Security https://ift.tt/3ePjGll

Ransomware attacks are increasing, do you have an emergency plan in place?

39% of organizations either have no ransomware emergency plan in place or are not aware if one exists. This is despite more ransomware attacks being recorded in the past 12 months than ever before, Ontrack reveals.

Cyberattacks and data breaches can have serious implications for organizations in terms of downtime, financial damage and reputation of the business. Ransomware attacks that seek to encrypt a victim’s data and demand a fee to restore it continue to be prevalent. Unfortunately, the damage caused can be severe and widespread.

The largest ransomware attack to date – WannaCry – was estimated to have affected more than 200,000 computers across 150 separate countries. Ransomware today is rife and has been exacerbated by the current work-from-home trend.

Working backup access denied

21% of the survey respondents said they had experienced a ransomware attack, and of those, 26% admitted they couldn’t access any working backup after the attack. Even when organizations could access a working backup, 22% of them could either only restore a partial amount of data or none at all.

In most countries, employees have been working under a completely different set of parameters for a couple of months; ones where new security risks are high and where cybercriminals are finding new ways to exploit any weaknesses they can find.

“We have seen a sharp increase in the number of ransomware cases since lockdown began,” comments Philip Bridge, president of Ontrack. “Unfortunately, this is at a time when more distractions at home have led to an increased amount of complacency by staff. For example, clicking on ransomware- infected links that they wouldn’t click if they were in the office.”

Remote working creating major vulnerabilities

Whilst there are numerous benefits, the remote working seen during lockdown can leave a business’s IT network and systems vulnerable. It adds a huge number of endpoints to organizations that may not have been there previously. Plus, many of them are considered shadow IT and have not been vetted by the employer.

“The threat of ransomware has never been greater. The fact that only 39% of respondents to our survey have an emergency plan in place for a ransomware attack is shocking. They are gambling with their and their customer’s data.

“It is imperative, now as ever, to ensure your organization has processes and procedures in place to mitigate the impact of any cyber-attack and protect sensitive data,” adds Bridge.

from Help Net Security https://ift.tt/3dOKfWL

Surge in unique clients reporting brute-force attack attempts

There’s a significant uptick in the number of unique clients who have reported brute-force attack attempts, ESET reveals.

Trend of RDP attack attempts against unique clients (per day) detected by ESET

The trend has been observed since the onset of the global pandemic. The COVID-19 crisis has radically changed the nature of everyday work, forcing employees to manage large parts of their jobs via remote access.

Cybercriminals exploiting remote work

Cybercriminals – especially ransomware operators – are aware of the shift and attempt to exploit the new opportunities and increase their illicit earnings. In the period between January 2020 and May 2020, the United States, China, Russia, Germany and France topped the list of countries with most IPs used for brute-force attacks.

“Before the lockdown, most employees worked from the office and used infrastructure monitored and controlled by their IT department. But the coronavirus pandemic has brought a major shift to the status quo.

“Today, a huge proportion of ‘office’ work occurs via home devices, with workers accessing sensitive company systems through Windows’ Remote Desktop Protocol (RDP), a proprietary solution created by Microsoft to allow connecting to the corporate network from remote computers,” explains Ondrej Kubovič, ESET Security Research & Awareness Specialist.

“Despite the increasing importance of RDP, as well as other remote access services, organizations often neglect its settings and protection. Employees use easy-to-guess passwords, and without additional layers of authentication or protection, there is little that can stop cybercriminals from compromising an organization’s systems,” Kubovič continues.

According to telemetry, most of the blocked IPs in January–May 2020 were seen in the United States, China, Russia, Germany and France. Countries that had the largest proportion of targeted IPs were Russia, Germany, Japan, Brazil and Hungary.

RDP has become a popular attack vector

RDP has become a popular attack vector in the past few years, especially among ransomware gangs. These cybercriminals often brute-force their way into a poorly secured network, elevate their rights to admin level, disable or uninstall security solutions, and then run ransomware to encrypt crucial company data.

However, other malicious actors try to exploit poorly secured RDP to install coin-mining malware or create backdoors, which can be used in case their unauthorized RDP access has been identified and closed.

from Help Net Security https://ift.tt/2VA8DF9

Organizations need an agile response to unexpected risks

The average $5 billion company incurs delays of roughly 5 weeks per year in new product launches due to missed risks, with a $99 million opportunity cost, according to Gartner.

Opportunity costs from missing risks

A survey of more than 382 strategic initiative leaders quantified the cost of missing risks in strategic initiatives. For an average $5 billion revenue company it amounts to $99 million annually in opportunity cost from delayed new product launches alone. Initiatives where unexpected risks are not surfaced and mitigated in a timely fashion are delayed by an average of five weeks per year.

Moreover, in a related survey of 111 emerging risk management (ERM) leaders just 6% felt that their organization’s risk response was timely during strategic initiatives.

“These findings show that risk response usually is not timely,” said Emily Riley, senior principal, research in the Gartner Audit and Risk practice. “But they also show the huge cost of an untimely response. The recent COVID-19 pandemic illustrates the need for an agile response to unexpected risks.”

Benefits of a timely risk response

Experts looked at how strategic initiatives performed against several measures and how this was affected by the timeliness of risk responses.

“The performance benefits of a timely risk response stand out clearly,” said Ms. Riley. “There’s a business opportunity here because ERM leaders expressed their desire to be more involved in supporting strategic initiative success.”

Seventy six percent of ERM heads said they wanted to increase the proportion of their time they spend on strategic initiatives. More than half said that their involvement should come at the earliest stages of a strategic initiative. Yet currently just 11% feel they are involved before an initiative’s execution.

Unexpected risks and information roadblocks

“The problem we often see is initiative teams are not getting the information they need to act on risks in a timely manner,” said Ms. Riley. “This is one area where ERM teams can add value.”

This can have several root causes. Sometimes many individuals are involved in an initiative without clear accountability to one another. There is also often a sensitivity to candidly sharing information about threats to high stakes projects. Another common cause is a focus on performance metrics that overshadows forward-looking considerations.

“ERM’s role should be to connect initiative teams with subject matter experts, to facilitate opportunities for anonymous sharing of concerns, and to develop risk indicators that consider leading indicators of project success,” said Ms. Riley.

from Help Net Security https://ift.tt/3ePBFbk

Realizing cybersecurity risks does not mean sticking to the rules

72% of remote workers say they are more conscious of their organization’s cybersecurity policies since lockdown began, but many are breaking the rules anyway due to limited understanding or resource constraints, Trend Micro reveals.

The study is distilled from interviews with 13,200 remote workers across 27 countries on their attitudes towards corporate cybersecurity and IT policies. It reveals that there has never been a better time for companies to take advantage of heightened employee security awareness.

The survey reveals that the approach businesses take to training is critical to ensure secure practices are being followed.

High level of security awareness

The results indicate a high level of security awareness, with 85% of respondents claiming they take instructions from their IT team seriously, and 81% agree that cybersecurity within their organization is partly their responsibility. Additionally, 64% acknowledge that using non-work applications on a corporate device is a security risk.

However, just because most people understand the risks does not mean they stick to the rules.

For example:

• 56% of employees admit to using a non-work application on a corporate device, and 66% of them have actually uploaded corporate data to that application.
• 80% of respondents confess to using their work laptop for personal browsing, and only 36% of them fully restrict the sites they visit.
• 39% of respondents say they often or always access corporate data from a personal device – almost certainly breaking corporate security policy.
• 8% of respondents admit to watching / accessing porn on their work laptop, and 7% access the dark web.

Productivity still wins out over protection

Productivity still wins out over protection for many users. 34% of respondents agree that they do not give much thought to whether the apps they use are sanctioned by IT or not, as they just want the job done. Additionally, 29% think they can get away with using a non-work application, as the solutions provided by their company are ‘nonsense.’

Dr Linda Kaye, Cyberpsychology Academic at Edge Hill University explains: “There are a great number of individual differences across the workforce. This can include individual employee’s values, accountability within their organization, as well as aspects of their personality, all of which are important factors which drive people’s behaviors.

“To develop more effective cybersecurity training and practices, more attention should be paid to these factors. This, in turn, can help organizations adopt more tailored or bespoke cybersecurity training with their employees, which may be more effective.”

Rik Ferguson, Vice President of Security Research at Trend Micro, argues: “It’s really heartening to see that so many people take the advice from their corporate IT team seriously, although you have to wonder about the 15% who don’t… At the same time those people also accept their own role in the human firewall of any organization.

“The problem area seems to be translating that awareness into concrete behavior. To reinforce this, organizations to take into account the diversity across the organization and tailor training to identify and address these distinct behavioral groups.

“The time to do this is now, to take advantage of the new working environment and people’s newfound recognition of the importance of information security.”

from Help Net Security https://ift.tt/38eWeeM

D-Link’s PoE surveillance switch series is designed for surveillance in homes and small offices

D-Link announced its new PoE surveillance switch series, which includes the 9-Port PoE Unmanaged Surveillance Switch (DSS-100E-9P) and the 18-Port PoE Unmanaged Surveillance Switch (DSS-100E-18P).

Supporting long range PoE delivery, DSS-100E switches are a cost-effective solution that provide a versatile and reliable surveillance network. Long-reach PoE connection that can reach 250 meters enables the switch to power devices in far-reaching or remote network deployments.

Combined with the DPE-302GE PoE Extender, the connection can reach 650 meters, maximizing user deployment flexibility while also saving time and cost. Simple plug-and-play installation allows users to easily connect and supply power to PoE-capable devices.

The switches also offer 6kV surge protection, enhancing safety and reliability for the switch and all connected devices. The DSS-100E series switches are also capable of supplying up to 30 watts per port.

The 9-Port PoE Unmanaged Surveillance Switch offers eight 10/100Mbps PoE ports and 1 Gigabit uplink port with Max PoE power budget of 92W. With auto detect mode, the DSS-100E-9P can detect long range requirements and automatically activate extended mode without any manual configuration, making life easy for users.

The 18-Port PoE Unmanaged Surveillance Switch features 16 10/100Mbps PoE Ports with 1Gbe port and Gbe/SFP combo port and its max PoE power budget is 230W. Users can effortlessly configure with a DIP switch that supports three operating modes (Standard, Isolation, and Extended) depending on what is the most suitable for their deployment needs.

from Help Net Security https://ift.tt/3ihBSGy

SafeGuard 7.6: Improved threat visibility, defense and protection across social platforms

SafeGuard Cyber announced the release of new capabilities within its flagship collaboration, chat, and social media security platform. SafeGuard 7.6 now performs threat analysis on managed social and digital accounts to detect and remediate malware, including zero day exploits and associated messaging, file attachments, and links that are shared on these channels.

Rapid adoption of social collaboration channels, coupled with the quick migration to work-from-home during the COVID pandemic, has created a broad attack surface with huge risk exposure.

Social, mobile chat & digital channels are subject to malware-based attacks, such as spear-phishing, ransomware, and APT cyber-espionage attacks, and are proving to be a more vulnerable attack vector compared to email.

The fact that these vulnerabilities have captured the attention of cybercriminals and nation-state actors has created a ‘perfect storm’ for which immediate preventative countermeasures are needed.

SafeGuard Cyber is the only solution proven to systematically secure a comprehensive set of social, mobile chat, and digital collaboration channels against malware attacks. This addition to the platform automatically scans file attachments and links for malware and zero-day exploits.

Sandboxing features force execution of all possible malware code paths without exposing the enterprise to risk, thus increasing the probability of detecting and stopping evasive zero-day attacks.

The benefits of threat analysis within SafeGuard Cyber 7.6 include:

• Improved visibility. Threat activity occurring within messaging across 50+ social and digital channels including Facebook, Instagram, Twitter and LinkedIn; mobile apps like WhatsApp, and collaboration tools such as Slack, Microsoft Teams and Salesforce.
• Advanced defense. SafeGuard Cyber takes immediate action to quarantine files and links associated with malware indicators of compromise and stop these attacks before they can spread to other accounts or propagate to physical endpoints.
• Extended protection. SafeGuard Cyber 7.6 improves the security posture of the enterprise by extending digital risk protection and alert notifications on malware attacks to EDRs, SIEMs, SOCs for attack correlation and comprehensive threat response.

“In just a few short months the world flipped on its axis, forcing organizations globally to rethink their entire digital security posture amidst the abrupt shift to remote work, which has unfortunately opened a Pandora’s Box of new cyber threats from malicious and state actors,” stated Otavio Freire, Co-Founder & CTO of SafeGuard Cyber.

“We’re proud to be able to help our customers enable business continuity in this ‘new normal’, while fortifying these growing digital collaboration and social channels against malware, ransomware and other threats.”

from Help Net Security https://ift.tt/2NM2h1b

SevOne Data Insight 3.0: Ensuring continuous performance for hybrid networks

SevOne announced the launch of Data Insight 3.0, an integrated component of the SevOne Network Data Platform.

This release of Data Insight 3.0 and availability of solutions for SD-WAN, Wi-Fi, and SDN completes the product transformation from a network monitoring appliance to an integrated network data platform to ensure continuous network performance.

To advance their digital transformations, enterprises, CSPs and MSPs are moving from their old, static, hardware-centric architectures to dynamic networks. In these new, software-driven environments, things move quickly and change rapidly—too fast, in fact, for traditional network management systems. The mismatch between modern networks and legacy monitoring creates blind spots with enormously negative consequences.

Data Insight 3.0 addresses these issues by allowing users to easily find, use and share valuable insights hidden in network performance data. Data Insight 3.0 leverages real-time monitoring and offers simple, reusable and scalable reporting, and troubleshooting workflows that enable operational consistency, with a new system architecture and an enhanced user experience.

Data Insight 3.0 delivers a series of new features and enhancements, including:

• Day one report library: Users can now leverage a library of more than a dozen auto-populating reports and templates for the most common network performance needs. Some of these customizable reports include: Alert dashboards, TopN views, and summary reports coupled with device, object and indicator templates.
• Metric pivoting via intelligent chaining: IT Operations teams can now quickly pivot on a target metric and visualize dependent flow and alert data leveraging intelligent chaining.
• Embed expertise in troubleshooting workflows: IT Operations teams can now increase operational consistency and minimize triage time by embedding expertise into troubleshooting workflows and sharing best practices across teams.
• In-context report launching: Users can now set context across multiple widgets, simultaneously, to initiate parallel reporting, filter the necessary data, and obtain insights faster.

“To close the gap between modern networks and legacy monitoring, IT operations teams require network monitoring capabilities that are just as fast, flexible and scalable as their new networks,” said Jim Melvin, COO at SevOne.

“More specifically, they require faster, smarter, and easier ways to gather and analyze performance data, shape the resulting operational insights, and share them with all types of users across their organizations.”

“Our recently published Network Management Megatrends 2020 research showed that customizable reporting, customizable dashboards, collaboration tools/workflows, network visualization and API integration with other tools were five of the top six features in a network management product,” said Shamus McGillicuddy, Vice President of Research for Network Management at Enterprise Management Associates.

“The release of SevOne Data Insight 3.0, as part of the SevOne Network Data Platform, addresses these requirements directly. In particular, the ability to flexibly create workflows and share them across teams is crucial for continuous network performance as companies find their networks increasingly burdened.”

from Help Net Security https://ift.tt/2AmSknQ

Zyxel Nebula update enhances WiFi security and opens API for use by MSPs

Zyxel Networks announced the release of the latest update to its Nebula Cloud Networking Solution. The upgrade, which is available now as a free firmware release for Zyxel Nebula managed access points, switches and security gateways, incorporates key features that enhance WiFi security and enable vertical partners to incorporate the delivery of new value-add services.

WiFi access management made easy and secure

A new feature included in the Nebula update makes the management of Wifi access for multiple users simple, convenient and secure. Available for the first time to the SMB market, Dynamic Personal Pre-Shared Key (DPPSK) enables businesses to greatly increase wireless network security by eliminating the sharing of a single WiFi password for all guests and employees.

The ability to issue a unique WiFi password for each user with the tap of a button greatly reduces unauthorized access that can place network-connected resources and other network users at risk. Passwords can be customized to expire or last for a particular timeframe.

Open API enables integration of value-add applications by technology partners

The new update opens up the Nebula API to make it easier for technology partners to integrate their systems with Nebula. Managed Service Providers (MSPs) and system integrators are now able to incorporate their own services such as WiFi onboarding systems which can be combined with DPPSK technology to improve network access for guests and employees while strengthening network security protocols.

SSID NAT function expands AP functionality to reduce costs for small businesses

Nebula’s new SSID NAT function enables small businesses to set up Nebula-compatible access points as a router or gateway capable of assigning IP addresses to wireless clients, such as customer or staff devices and laptops. This capability reduces the overhead required for additional infrastructure, lowering costs and simplifying network management for small businesses.

“The Zyxel Nebula Cloud Networking Solution continues to expand and evolve to meet the unique and ever-changing requirements of small- and medium-sized business across a wide variety of industries,” explained Shawn Rogers, Market Development Manager at Zyxel.

“This major update to the Nebula system shows Zyxel’s dedication to bring enterprise-class networking technologies and capabilities to the SMB sector as well providing the ability for our technology partners to utilize our platforms to expand their own service offerings.”

Update adds existing products to the Nebula solution

The new update adds the GS1350 Gigabit Ethernet Smart Managed PoE Switches of CCTV surveillance switches to the portfolio of Nebula-capable solutions. The GS1350 series provides extended range over all ports enabling PoE-enabled devices to be deployed over distances up to 250 meters.

Nebula also now supports Zyxel’s new WiFi 6 access points including the NWA110AX 802.11ax (WiFi 6) Dual-Radio PoE Access Point, WAX510D 802.11ax (WiFi 6) Dual-Radio Unified Access Point and WAX650S 802.11ax (WiFi 6) Dual-Radio Unified Pro Access Point.

Zyxel Nebula products carry lifetime limited warranties and are available now through all Zyxel authorized resellers and e-Commerce partners.

from Help Net Security https://ift.tt/2YNzijW

A Boxcryptor audit shows no critical weaknesses in the software

More and more companies, self-employed and private customers are using Boxcryptor to protect sensitive data – primarily in the cloud. Boxcryptor ensures that nobody but authorized persons have access to the data. Cloud providers and their staff, as well as potential hackers are reliably excluded. The audit verified whether this protection is guaranteed.

During the audit, Kudelski was given access to the source code of Boxcryptor for Windows and to the internal documentation.

“All these components were logically correct and did not show any significant weakness under scrutiny. It is important to note that the codebase we audited was not showing any signs of malicious intent.”

The goal of the audit

The goal of the audit was to give all interested parties an indirect insight into the software so that they can be sure that no backdoors or security holes are found in the code.

Robert Freudenreich, CTO of Boxcryptor, about the benefits of an audit: “For private users, Boxcryptor is a means of digital self-defense against curious third parties, for companies and organizations a way to achieve true GDPR compliance and complete control over business data. With software that is so security relevant, it is understandable that users want to be sure that the software is flawless.”

The audit process started at the beginning of May with short communication lines to the developers and managers in the Boxcryptor team. If Kudelski had found a serious security vulnerability, they would not have held it back until the final report, but would have reported the problem immediately.

A problem rated as “medium”

The problem rated as medium is a part of the code that affects the connection to cloud providers using the WebDAV protocol. Theoretically, the operators of such cloud storage providers could have tried to inject code into Boxcryptor for Windows.

In practice, however, this code was never used by Boxcryptor, so there was no danger for Boxcryptor users at any time. In response to the audit, this redundant part of the code was removed.

Two problems classified as “low” and further observations

One problem classified as low concerns the user password: to protect users with insecure passwords, it was suggested that passwords be hashed even more frequently and that the minimum password length be increased, which we implemented immediately.

The second problem classified as low was theoretical and concerned the reading of the Boxcryptor configuration.

from Help Net Security https://ift.tt/3ii7DiJ

Siemens adopts the Everbridge CEM Platform to safeguard people and operations

Everbridge announced that Siemens will adopt the Everbridge CEM Platform to help protect Siemens’ workforce and operations against critical events of all kinds, from the COVID-19 pandemic and political unrest to sudden economic changes and more.

The two companies have also formed a technology alliance in which Siemens will share domain know-how, artificial intelligence (AI) and machine learning technology to enhance Everbridge capabilities.

“We are very excited about our shared vision of combining Everbridge’s top-of-class Critical Event Management portfolio with our own capabilities in the field of data analytics, machine learning and artificial intelligence into one end-to-end platform to keep people safe and operations running,” said Marco Mille, Chief Security Officer, Siemens.

“Corporate security executives’ ability to ensure business resilience globally, through fast and bespoke response strategies based on comprehensive and pro-active incident monitoring and assessment, will be a key success factor in the coming years.”

Over 5,000 businesses, governments, and healthcare organizations currently rely on Everbridge’s CEM Platform to assess threats, monitor the wellbeing of their workforces, rapidly communicate warnings, protect supply chains, and accelerate the analysis of their operational response.

With its holistic approach to critical events, Everbridge will enhance Siemens’ capabilities to rapidly pinpoint threats and automate response to avoid costly impact—whether it’s the ongoing pandemic, cyberattacks, an IT outage, severe weather, workplace violence, or any number of critical events that impact life safety, business assets, supply chain or brand.

“With critical events such as COVID-19 on the rise, we are proud to form an alliance with such a forward-thinking global brand like Siemens,” said Javier Colado, Senior Vice President, International at Everbridge.

“We are excited to work with Siemens to roll out CEM as part of our recent launch of the platform in Europe and to also collaborate in the areas of AI and machine learning to continue to advance our capabilities.”

As the global leader in critical event management and public warning, Everbridge and its platform reach over 550 million people across the world while serving leading Fortune 500 companies as well as cities, states, and entire countries.

“Given Siemens role as a technology leader, their alliance with Everbridge represents a significant milestone in the continued adoption of our CEM platform in the DACH region,” said Andreas Junck, GM of Everbridge DACH Region.

In response to COVID-19, Everbridge quickly launched a coronavirus data feed which supplements its existing real-time risk intelligence based on 22,000 data sources across 175 countries.

To date, the Everbridge platform has delivered over 600 million communications specific to coronavirus, and launched its COVID-19 Shield™ rapid deployment software templates to protect people and maintain operations amid the pandemic.

More recently, Everbridge introduced its COVID-19 “Return to Work” and Contact Tracing solutions to help customers manage the process of bringing back their people to offices and other public places, while mitigating the threat of coronavirus.

from Help Net Security https://ift.tt/3dOeAVp

Figuring Out Sex Toy Storage, Part 2: Lockboxes

5 Neat Things5 Neat ThingsJolie Kerr is a cleaning expert, advice columnist and the host of the podcast “Ask a Clean Person.” Each week, she’ll round up five essential cleaning products, tools and organizational systems to help you live your tidiest lives.

As part of a continuing series exploring the wide world of sex toy storage options, today we’ll take a look at lockboxes that can house your collection—and keep prying eyes away 👀—when it’s not in use.

One important thing to do before purchasing any kind of storage piece or system is to measure the toys you have to be sure they’ll fit. It’s also worth considering what accessories you need to store in addition to the toys themselves; things like lube, condoms, chargers, etc. should all have a home in whatever storage system you hit on. And finally, it’s always a good idea to invest in storage that allows your collection to grow (if you’re in the market for something new to play with, we have recommendations!)

---

Joyboxx | $44 | Amazon

Graphic: Jolie Kerr

Joyboxx | $44 | Amazon

The Joyboxx is, essentially, a Caboodles for your sex toys: It’s a plastic, flip-top storage box designed for sex toys up to 12 inches. It comes in two colors, purple or black, and it’s dishwasher-safe, so keeping it clean is super easy. Speaking of cleaning! A great feature of the Joyboxx is that it’s designed with cleaning and safe storage in mind, which is an important part of sexual health; there is an antimicrobial silver ion agent mixed into the plastic to keep bacterial at bay while the toys aren’t in use, and the box is fitted with a removable tray that can be used as a “coaster” for dirty toys. When the time comes to wash the toys, the tray serves as a washing and drying rack, as well. The Joyboxx is lockable, and has a hidden USB hole to keep toys charged up while in storage.

G/O Media may get a commission

Toy Chest | $99 | Ella Paradis

Graphic: Jolie Kerr

If you want something a little less Caboodles-looking, the Toy Chest lockable adult toy storage box will serve you well. Its exterior has a black matte finish, and it is 8.5" tall and 15" wide, so it can accommodate almost all toys, regardless of length. Its interior is lined and has an adjustable shelf, so you can configure it to fit your collection. The Toy Chest also comes in pink, as well as in a smaller size (11" x 3.5"). Ella Paradis offers Inventory readers 50% off its storage and cleaning products; discounts will be applied to your cart automatically.

There are also storage options that aren’t specifically designed for adult toys but that will do the job just fine, like this hidey-hole masquerading as a dictionary. It has a combination lock, and an interior compartment that is 5.75" x 9" x 1.75", so it can be used to store toys up to 9" in length. This box doesn’t offer any bells and whistles, like charging ports or antimicrobial fabrication, and air circulation may also be an issue, since it’s not designed specifically with sex toys in mind—this is something to keep in mind, generally, when picking out storage for these items.

Makeup and toiletries bags make excellent storage for sex toys. This one is especially versatile because its interior is fitted with six adjustable dividers, so it can be configured to fit toys of different shapes and sizes—plus, it has a double zipper that could be secured with a cable lock if you need to add a layer of security. It also has a zipper side pocket for storing charging cords, condoms, toy wipes, etc., and the flip-up top is fitted with pockets that can hold bottles of lube or slimmer, shorter toys. If you’re going to go the makeup bag route, look for one that is waterproof to make cleaning it easier.

Lockbox | $35 | Amazon

Graphic: Jolie Kerr

This lockbox is secured with a key, and has interior that can be customized by rearranging the adjustable partitions to fit whatever it is that you’re storing. The top is fitted with a removable zip-up mesh bag for storing charging cords and other small accessories, and it comes in four styles: Black with a black interior, white with a turquoise interior, glittery pink with a pink interior, and black & white polka dot with a pink interior.

---

from Lifehacker https://ift.tt/3dHcvKB

Cloud Security Alliance and ISSA unite to build, support, and strengthen the cybersecurity community

The Cloud Security Alliance (CSA) and the International Systems Security Association (ISSA) announced that the two parties have signed a memorandum of understanding (MOU) to collaborate on a variety of initiatives with the goal of both supporting and strengthening the cybersecurity profession.

“Our partnership with ISSA heralds an exciting opportunity for both organizations to collaborate and bring our strengths and unique sets of expertise to the table to benefit cloud and cybersecurity professionals across the spectrum,” said Jim Reavis, co-founder and CEO, Cloud Security Alliance.

“Our mutual vision will translate into increased opportunities for research and professional development for all parties involved.”

“We are thrilled to be embarking on a partnership with CSA that will support cybersecurity professionals and the cybersecurity community at-large,” said ISSA International President Director Candy Alexander.

“We plan to invest our resources to bring vital research to both memberships and lend our security expertise to CSA’s working groups.”

As part of this new relationship, CSA and ISSA will support each other’s initiatives and meetings, including along with a number of key areas including:

• ISSA stakeholdership in CSA’s Certificate of Cloud Auditing Knowledge program
• The sharing and mapping of curated education content using the ISSA Cyber Security Career Lifecycle as a framework
• Shared research findings from the ISSA/ESG annual global survey
• Special offers for ISSA members to achieve Certificate of Cloud Security Knowledge (both exam and online, self-paced course)
• Promotion of CSA working groups to ISSA chapters and its broader membership
• Participation in CSA’s SECtember conference, September 14-18, 2020 in Seattle, WA
• Use of ISSA’s Special Interest Groups to support CSA working groups as appropriate

from Help Net Security https://ift.tt/2AjnSLl

Upwork and Citrix team up to power flexible work

Upwork is teaming with Citrix Systems to power flexible work. Upwork announced the launch of the Upwork Talent Solution with Citrix Workspace, a unique offering designed to deliver a best-in-class secure remote infrastructure for companies to boost efficiency and productivity as the world increasingly adopts the benefits of remote, on-demand talent.

Research shows businesses are increasingly moving to more remote and flexible workforces. According to Gartner, nearly a quarter of CFOs said they will move at least 20% of their on-site employees to permanent remote positions. But as workforces go remote, ensuring the right collaborative technology and security remain top of mind for executives.

PwC’s COVID-19 CFO pulse survey reveals close to half of executives anticipate that a lack of remote work capabilities will lead to productivity loss, and 19% expect insufficient staffing to result in an inability to accomplish critical work.

“While many companies viewed it as a short-term response to the COVID-19 pandemic, an increasing number are realizing that remote work must be part of their long-term plans, as it will enable them to attract the talent they need to operate in the unpredictable business environment we’ll be functioning in for the foreseeable future,” said Tim Minahan, Executive Vice President of Business Strategy and Chief Marketing Officer, Citrix.

With the Upwork Talent Solution with Citrix Workspace, businesses can efficiently and effectively integrate remote independent professionals with quick access to company tools and resources from anywhere and to any device, all while meeting rigorous security requirements.

“Against a backdrop of unprecedented and rapid change in the workforce, this quickly evolving shift to remote work is accelerating the cultural workforce trend that was already in motion,” said Lars Asbjornsen, Senior Vice President of Marketing, Upwork.

“Our collaboration with Citrix represents over fifty years of combined experience marshalled to help businesses and institutions further accelerate growth by removing IT barriers and enabling quick, secure onboarding and resource provisioning for on-demand remote talent.

“With today’s announcement, we are delivering the agility and security needed for businesses to realize the potential of tomorrow’s workforce today.”

Citrix Workspace is a unified, secure, and intelligent work platform that transforms the employee experience by organizing, guiding, and automating all activities people need to do their best work.

With Citrix Workspace, employees are more productive and engaged, while IT receives more visibility and control for simplified management, security, and compliance. And in using the solution alongside the Upwork Talent Solution, companies can:

• More easily access a wide range of proven, expert professional talent.
• Utilize best-in-class secure remote infrastructure to rapidly onboard (and offboard) independent professionals and agencies.
• Provide independent contractors and agencies with secure, reliable access to company tools and resources by easily provisioning needed apps or complete managed desktops from any device.
• Reap the benefits of a flexible, pay-as-you-go model.

Upwork will deliver Citrix Workspace to its customers through Citrix Service Provider and Solution Advisor A2K Partners. “Now more than ever, companies must focus on enabling and empowering people to deliver their very best work in the most productive and efficient ways possible. Businesses have a new choice to meet their most critical business needs on-demand.

“With the Upwork Talent Solution with Citrix Workspace, companies can fuel a superior user experience, giving independent professionals and agencies the freedom to securely access their work⁠ — from anywhere, on any device — in a way that delivers peace-of-mind and successful outcomes for everyone,” said Ray Wolf, CEO, A2K Partners.

from Help Net Security https://ift.tt/2ZoMjiT

Adriana Gil Miner joins Qumulo as chief marketing officer

Qumulo announced the appointment of Adriana Gil Miner as chief marketing officer (CMO). In this role, Gil Miner will be responsible for leading Qumulo’s global marketing and brand strategy as the company helps customers innovate faster and leverage the power of cloud data services.

Gil Miner brings more than 20 years of experience as a results-driven marketing executive, elevating brands and introducing new products and services in high growth markets. Most recently, she was Senior Vice President of Brand, Communications and Events at Tableau Software.

“Adriana’s demonstrated expertise in building and scaling high performing marketing teams will play a critical role in Qumulo’s future growth and success as we expand our leadership in cloud file data services,” said Bill Richter, President and CEO at Qumulo.

“Her technology marketing and enterprise software experience, coupled with her passion for bringing together the art of storytelling, technology and marketing make her a great asset to our team.”

During her six-year tenure at Tableau, Gil Miner helped establish the company as a category leader in data analytics, helping grow its revenue from $250 million to more than $1 billion.

She drove Tableau’s brand recognition globally with top analyst firms and media coverage, built marketing programs and functions from inception, scaled them globally, fostered and expanded the global Tableau community with Tableau Public and expanded the academic program, and supported the transition from traditional software to SaaS and cloud models.

Prior to joining Tableau, Gil Miner was the CMO for Artefact, where she established the company as one of the top design firms in the industry and led the go-to-market strategy and public launch for Artefact’s first spin-off startup, 10,000ft.

“It is a privilege to join a rocketship company with a track record for excellent technology that helps customers and a clear vision for the future of the cloud in data-driven businesses,” said Gil Miner.

“As a marketer with a passion for building world-class brands that make a positive difference in the world, I am excited to join the talented team at Qumulo and look forward to galvanizing the user community and boosting new experiences to customers around the globe.”

Gil Miner has worked on an array of projects bringing new technologies to market, from launching Samsung 3D televisions to building digital platforms at American Express.

She earned a bachelor’s degree in Mass Communication at the Universidad del Zulia in her native home of Venezuela and holds a master’s degree in Digital Communication from the University of Washington.

from Help Net Security https://ift.tt/38es9fm

How to Safely Hang Dumbbells From a Barbell

If you have a barbell but not quite enough plates, you’ve probably spent this quarantine hanging things off it in extremely sketchy ways. On social media I’ve seen people put weights in tote bags, hang water bottles off their barbell, and more. A lot of these DIY solutions are injuries waiting to happen, but recently I saw a clever solution from u/nachosun on Reddit.

This hack is a simple one: use figure-8 deadlift straps to hang dumbbells off your bar. I tried it, and can report it actually works, and it’s secure if you use appropriately sized dumbbells.

I’ll show you what I mean. This is a figure-8 deadlift strap. If you do strongman events or really heavy rack pulls, you probably already have a pair. They help you hold onto a bar even when a regular set of deadlift straps would come loose. But here, we’re using them in a different way.

Remove one end of an adjustable dumbbell, put one loop on the dumbbell handle, and then fold the strap over the bar. Now, you can put the other loop on the dumbbell, and reattach the plates on the dumbbell.

G/O Media may get a commission

I do it this way, rather than slipping a small dumbbell through the loops, because you want it to be impossible for the dumbbell to slide out. When you do it this way, with adjustable dumbbells, you can make sure that the plates on the end of the dumbbell are too big to fit through the strap’s loop. That way, even if things shift while you’re lifting, you won’t suddenly lose the weight.

Even so, you’ll want to check that the dumbbell itself will not fall apart. This is one advantage of the screw type collars, because they may loosen but they’ll never fail suddenly. Remember, if you lose a weight off one end, not only might it fall on your toe while you’re squatting, it could cause the bar to teeter-totter the other direction and throw off your balance. Enjoy your lifting hacks responsibly.

from Lifehacker https://ift.tt/38dO1rm

Android Apps Stealing Facebook Credentials

Google has removed 25 Android apps from its store because they steal Facebook credentials:

Before being taken down, the 25 apps were collectively downloaded more than 2.34 million times.

The malicious apps were developed by the same threat group and despite offering different features, under the hood, all the apps worked the same.

According to a report from French cyber-security firm Evina shared with ZDNet today, the apps posed as step counters, image editors, video editors, wallpaper apps, flashlight applications, file managers, and mobile games.

The apps offered a legitimate functionality, but they also contained malicious code. Evina researchers say the apps contained code that detected what app a user recently opened and had in the phone's foreground.

from Schneier on Security https://ift.tt/3gc9weP

Take a Virtual Trip to Central Park to Learn About #BirdingWhileBlack

Photo: Shutterstock (Shutterstock)

Though many people were first introduced to Christian Cooper via his now-viral video of a woman calling the police on him while he was birdwatching in Central Park, he has been a fixture of the birding community for years. Not only did that racist confrontation on May 25, 2020 make news, but it has also prompted more people to try in birding (especially since it’s usually a pandemic-friendly activity). Today, Cooper will host a livestreamed session on #BirdingWhileBlack, as well as a virtual tour of Central Park and a session on birdwatching. Here’s how to attend.

#BirdingWhileBlack seminar

If you’re interested in birding, or want to learn more about Cooper’s work, today’s your chance. The PBS science series NOVA is hosting a virtual field trip and presentation called “Central Park Birder Christian Cooper on Birding and Inclusion,” today, Tuesday, June 30 at 2p.m. EST. The event will feature a discussion and Q&A with Cooper, who isn’t just an avid birder, but also a board member of the New York City Audubon. In addition, he’s a former editor and writer for Marvel Comics, and is currently a biomedical editor with Health Science Communications. (So basically some type of superhero whose power is fighting racism through science and birding.)

In the livestreamed session, Cooper will talk provide general tips for birdwatching, as well as his experiences of birding while Black, and the viral video. He’ll also discuss his advocacy work toward making birding more inclusive for people of color (particularly the racial profiling many Black birders experience in outdoor spaces) and the LGBTQ+ community.

G/O Media may get a commission

How to watch

The event today is free to attend, and will be livestreamed on Nova’s YouTube page and Facebook page at 2p.m. EST. If you’re not able to watch live, you can catch the videos after the event takes place on the same pages mentioned above.

from Lifehacker https://ift.tt/2NDQdiu

Get a $200 Gift Card When You Buy the Samsung Galaxy A51 on Visible

Best Tech DealsBest Tech DealsThe best tech deals from around the web, updated daily.

$200 Gift Card w/ Samsung Galaxy A51 Purchase | $408 | Visible

Needed a good reason to give Visible a try? We’d say getting a $200 gift card with your purchase of one of the best mid-range phones on the market qualifies. The Samsung Galaxy A51 is on tap for $408, or $17 per month for qualified buyers.

Factoring in the Mastercard virtual account you’ll get after your first two months, you’re essentially paying just above $200 for a smartphone with a 6.5" Super AMOLED display, a 48MP quad camera, in-display fingerprint, octa-core Exynos performance with 4GB of RAM, and more, all running on Verizon’s 4G LTE network through Visible’s no-nonsense plans. Check it out at Visible.

---

from Lifehacker https://ift.tt/2NJyExA

How to Get Your Kids to Read More This Summer

Getting our kids to read consistently can be a challenge. But given how the end of the school year just went down, you may be especially worried that you need to help them step up their reading game, at least so they don’t slip backward in the months leading up to whatever fall will bring. We’ve written quite a bit about reading over the years, so I’ve curated for you some of our best tips for little kids and big kids, as well as some overall trickier tactics we endorse.

For little kids

Little kids often love to read. They love the one-on-one time with their parent or caregiver, they love to flip the pages and to read the same books over and over so they know what is coming up next. And yet, you may still find yourself in a rut, reading the same books at the same time every day.

Here are a few tactics you can take to freshen up the reading experience for both of you (if you’re reading together) or for them (if they’re going it solo):

G/O Media may get a commission

For older kids

Older kids can be a tougher sell when it comes to regular reading time. Around age nine, many kids stop reading for fun. Their schedules become packed (or, at least, this was true pre-pandemic). Adults have stopped reading to them. They begin to see it as something that is less for personal enjoyment and more as something that is expected of them. But there are still some things you can do with your older kids to keep them reading, even if they’re a bit unconventional:

At any age, trick ‘em a little

I’m not saying you should all-out deceive your children into reading, but I am saying that reading doesn’t only “count” when the words are part of a written book or magazine.

My son went through a massive Pokémon phase during which he would pore over the cards, reading what were honestly pretty advanced words and names. When his teacher assigned his class extra nighttime and weekend reading, we decided that studying his Pokémon cards would count for at least a portion that time, particularly since he read the facts out loud to us.

You can also:

Figure out what they’re into right now and feed that passion with words. Get books on their favorite sport or topic. Get zombie books or magic books or joke books. Get them into comic books—comic books are books, you know. Get them Mad Libs!

Reading shouldn’t feel like a chore, so there’s no reason to make it one; it’s good to be a little flexible here.

---

Meet the smartest parents on Earth! Join our parenting Facebook group.

from Lifehacker https://ift.tt/38f6Vhv

The Best Remedies for Common Headaches

Photo: optimarc (Shutterstock)

Whether it’s the pulsating pain of a migraine or the behind-the-eyes pressure of sinus congestion, nobody likes a headache. And if you suffer from them, you may need to cycle through a dozen different treatments to find one that works. The thing is, headaches—and their causes—are all different. With that in mind, here are the causes of, and treatments for, the most common types of headaches.

The National Headache Foundation lists 30 different varieties of headache on its Complete Headache Chart, and their causes range from forgetting to eat to simple genetics. Most of us will never (hopefully) experience all 30 types, but a few common types do exist that we’re all prone to. Here’s how to deal with them.

Tension Headaches

Tension headaches are the most common type of headache. They’re accented by mild to moderate pain, tightness and pressure in the forehead or back of the neck. Typically, the pain can be described as “throbbing,” and although these headaches are annoying, they won’t usually ruin your day.

Causes

As tension headaches are so common, the causes are pretty widespread. Triggers include anxiety, eye strain, caffeine intake, particular foods, poor rest, bad posture, stress, hunger or just about anything else you can change up in your daily schedule. Tension headaches are also usually the type of headache you end up with after a night drinking alcohol. Essentially, if something is abnormal about your day, whether you had a late lunch or are facing a series of deadlines at work, a tension headache might pop up.

G/O Media may get a commission

Treatment

Tension headaches are usually best handled with an over-the-counter painkillers like aspirin or ibuprofen before the pain gets severe. These aren’t cures, but they make the pain go away for a while. In general, your best bet is to rest and relax in a darkened room until the headache goes away. Oddly, a hot pepper may provide some relief. If your headaches occur often enough, your doctor may suggest other solutions. Otherwise, it’s good to find your triggers, minimize them and fight back. If a headache comes from stress, meditation may help. If you’re hungry, eat. If eyestrain is causing you pain, step away from the computer for a while.

Prevention

Tension headaches are best prevented by tuning your routine to minimize potential triggers. It will take a little trial-and-error to find the exact cause of a tension headache, but if you know they come around when you’re stressed, hungry or tired, you can work on preventing them. Even certain food allergies can trigger a headache.

If you get a headache (or you’re getting them a lot), think back through the day and see what you did differently. If something stands out, it could be your trigger. If you need a little help, an app like Migraine Buddy can make it easier to track your day and root out the causes.

Of course, if alcohol is the cause, there are a few ways of dealing with it. The same goes for those headaches caused by 3D movies, or other types of eyestrain. In fact, if you suspect eyestrain is an issue, it’s also worth checking if you need glasses (or cleaning yours if you’re already wearing some). If your headaches come from bad posture, that can be improved; ergonomically optimizing your workspace can help as well.

Migraines

Migraines are typically described as a moderate to severe pounding pain that can last for between three hours to several days. You can also experience symptoms like sensitivity to light, noise, or odors, as well as nausea and loss of appetite.

Causes

According to the Mayo Clinic, the exact causes of migraines are still unclear, though it’s thought genetics and environment can both play a role (for around 80 percent of migraine sufferers, the problem runs in their family). It’s thought that hormonal changes, stress, unusual sensory stimuli (like weird odors or bright lights), changes in sleep patterns and even a change in the weather can act as potential triggers for a migraine. Your diet can also play a roll in migraines.

Treatment

Treatments are a mixed bag when it comes to migraines, but doctor-prescribed triptans (like Imitrex, Zomig and Maxalt) are the most commonly effective pain reliever for people when over the counter solutions like Excedrin Migraine don’t work. A quick jolt of caffeine can offer some relief, especially if taken along with an over-the-counter painkiller. If you’re mid-migraine, stretching can also relieve some symptoms. While you’re waiting out the pain, a cold head wrap may provide a little relief.

Prevention

While migraines may be hereditary, they’re still usually caused by triggers, so use a headache tracking app to identify and avoid them. It’s also thought that light exercises like walking can help prevent migraines; sufferers who practice yoga regularly may also experience less frequent and less intense headaches. A recent Chinese study suggests acupuncture treatments may have preventative effects. While inconclusive, certain remedies like butterbur (a plant extract), magnesium (found in wheat bread, almonds, spinach, and more) and riboflavin (found in cereals, pastas, sauses, and more) may be effective in reducing the frequency of attacks. Getting enough sleep every night is also thought to help decrease the frequency of migraines.

Sinus Headaches

Sinus headaches are characterized by constant pain in the bridge or your nose, around the cheek bones or forehead or a throbbing feeling behind your eyes. Even better, these painful headaches are also usually accompanied by other unpleasant symptoms like ear aches, fever, swelling in the face and a runny nose.

Causes

Sinus headaches come about when the sinus gets inflamed, usually from an allergic reaction (that causes sinus congestion) or infection (like a cold or flu). As the sinuses get inflamed, the inflammation causes swelling and increased mucus, and everything gets blocked up.

Treatment

Treatment of a sinus headache is a tricky business as you need to attack the problem on two different fronts: relieving the pain of the headache itself, and treating the sinus infection. According to WebMD, the best treatment is usually an antibiotic to deal with the infection and antihistamines to help you deal with the symptoms. In the heat of a sinus headache, drinking lots of fluids is key to recovery. A humidifier or salt water nasal spray is often helpful. If you’ve never used a neti pot to flush your sinuses before, it’s probably not a bad idea. Just make sure to use them safely—getting a brain-eating amoeba will definitely cause you more than a headache.

Prevention

As sinus headaches often stem from two sources, prevention is all about lowering your exposure to both. For allergy related headaches, changing your furnace filter, ditching your carpet, using a dehumidifier, dosing yourself with a nasal spray or even getting allergy shots might help. Certain dietary supplements may also help, including bromelain (found in pineapple stems), and quercetin (found in brewed black or green teal, kale, red onions, and others). Lowering your contact with allegens is key to preventing sinus infections.

Of course, if your sinus infection is due to a cold or flu, then your best bet is to avoid getting sick (which you are no doubt very good at by now). Getting enough sleep, washing your hands (you’re probably not bad at that either) and cutting out cigarettes and alcohol are great ways to prevent illness (also, you know, wear a mask).

As mentioned at the outset, at least 30 different kinds of headaches exist, and all of them with a variety of causes. If headaches are a chronic problem for you, it’s a good idea to visit your doctor. Come prepared to talk about your headache frequency, how long they last, the type of pain you experience along with any associated symptoms), your sleeping habits, and more to help them diagnose the problem.

This article was originally published on February 6, 2013 by Thorin Klosowski and updated on June 30, 2020 by Joel Cunningham. Updates included updating the lede, checking links for accuracy and refreshing dead links throughout, adding additional information on treatments and preventative measures and changing the header photo.

from Lifehacker https://ift.tt/2CV6oG2

Your ISP's Quarantine-Inspired 'Unlimited Data' Plan Ends Tomorrow

Remember when COVID-19 really started making waves, we were all sent home to quarantine, and all these internet service providers suddenly came out of the woodwork to graciously offer everyone unlimited data? I was as floored as you; who would have ever thought that they had so much room in their magical internet pipes to give everyone the “unlimited” service they want, not the data-capped service they probably get.

I hate being the bearer of bad news, because I, too, have been enjoying Comcast’s limitless service for the past month and a half or so. However, all good things must end, and the generous “unlimited data” you’ve been getting for your home internet as an AT&T or Comcast subscriber expires at the end of the month. That’s ... today.

What does that mean? If you listen to AT&T or Comcast’s PR fluff, it means nothing. Because so few of its customers ever come close to the 1TB data cap they get, you’ll be fine to stream all the Netflix you usually do, and play games, and send emails, and download major operating system updates, and install a bunch of apps or games, et cetera.

But, really, your days of downloading whatever you want are at an end.

How do I keep myself under my “new” data caps?

Before I get to some tips, take a moment to see what your ISP promised, if anything. Make sure you take some time to visit their website which, ideally, has some information about their response to COVID-19. If you’re lucky, maybe they extended their “no data caps” policy another month (or forever—a boy can dream).

G/O Media may get a commission

If you’re back to a data cap, though, don’t ignore it—especially if you’ve got your monthly bill set to autopay. While you, individually, might not be able to hit 1TB of data use in a single month, it’s not impossible. And if you’re living with roommates or a pretty connected family, it’s certainly possible. In fact, I can attest that in my living situation, our house has hit the 1TB cap so much from streaming that it’s forced us to cough up extra to Comcast so we don’t suffer their even-more-expensive overage fees.

I’ve also found that it’s also difficult to control other peoples’ data use, because they simply aren’t interested in not being able to do whatever they want online. Yes, I know there are technological solutions that could mitigate how much data people use on a network. Unfortunately, when you live with others, capping their ability to use the internet—instead of conversing with them regularly when the “data use” graph inches closer and closer to 1TB—is a solution that doesn’t help keep the peace in one’s home.

If your household does a ton of streaming, then maybe dialing back from 4K to 1080p could give you a little extra room for data if you’re hitting (or just barely going over) your cap. Otherwise, it might be time to sit down and have a practical conversation about everyone’s data use. Is everyone grabbing all sorts of new apps and operating system updates? These shouldn’t push you over the edge regularly, but they’re worth sharing. Do you have a gamer in the house who is going wild with the Steam downloads or Fortnite updates? Perhaps someone doing a bit too much BitTorrenting for their own good?

Add in some cloud backups or some streaming game services (or all-digital consoles), and it’s not that hard to envision how a normal family, even a family of two techies, could blow right past a standard 1TB data cap.

But, as always, it’s worth going through the basics: Change your wifi password to make sure your neighbors (or anyone else) aren’t sucking your limited data pool dry. Run malware and antivirus scans on your desktops and laptops to confirm that background apps aren’t destroying your data cap. Disable WPS on your router. Use WPA2 encryption for your wireless network. Convince your loved ones to dial down the backup schedule a bit (as much as it pains us to say that), or consider switching to a NAS box at home instead of a cloud backup service.

What to do if you still blow past that data limit

If you’ve tried everything you can think of and you still exceed that 1TB limit each month, you might have other options. First off, does your ISP offer any other plans that give you actual unlimited data? This might require a phone call instead of a web search—at least, that’s how I found out about a new plan from Comcast that gets me the same level of service with a slight fee tacked on for truly unlimited data (so long as I agree to use their cable modem, not mine).

While you’re on the phone, you might want to inquire about business-level service, too. This could cost you a little extra each month, but it might also get you (actual) unlimited service for less than what you’re paying for your consumer-grade plan plus all the fees you’re being hit with for going over your data cap.

If that doesn’t work, and no amount of begging can reduce your monthly fees or increase your data cap, it might be time to start shopping around for another ISP. If you already have great service, odds are good that you won’t find anyone better—ah, monopolies—but it’s worth a shot.

Hit up DSLreports and use the site’s Review Finder to see what’s available where you live. Smartmove can also help, as can HighSpeedInternet.com or even the FCC’s Fixed Broadband Deployment site. I wouldn’t buy an internet plan if any of these websites offer them; rather, I’d use them to at least note what’s available near me. I’d then visit each ISP’s website and see what they’re offering, including any special sign-up bonuses or promotions. Fingers crossed that you can get decent fiber.

You could mess with smarter routers that can alert you when you’re getting close to your data cap, but knowing you’re about to hit 1TB at day 15 in your monthly cycle doesn’t do you much good—especially if you’re properly quarantining and are stuck at home most of the day, anyway.

Unfortunately, modifying your behavior is a better approach: cutting down on your video quality, reducing the amount of stuff you’re automatically downloading, and perhaps putting off huge downloads for next month if you’re coming close to your limit (which your ISP can easily tell you via some online portal, no doubt).

Instead of clinging to Netflix to distract yourself while you’re stuck at home, go bargain-bin some Blu-rays. Buy an over-the-air antenna. Don’t leave your TV on 16 hours a day (or, worse, have it on as background noise while you sleep). Don’t download your entire game library to your Xbox if you can avoid it, or just download the one or two games you know you’ll play that month.

Yes, I hate this, too, because “unlimited” should be just that. Unlimited, with no restrictions on use. The quarantine has shown us that ISPs aren’t hurting when they let everyone do whatever they want on their networks as much as they can do it. Unfortunately, that doesn’t really matter when Comcast, AT&T, or whoever can make just a wee bit more from your downloading habits. So, modify your behavior or pay up—isn’t quarantine life grand?

from Lifehacker https://ift.tt/38cQCC1

Fake “DNS Update” emails targeting site owners and admins

Attackers are trying to trick web administrators into sharing their admin account login credentials by urging them to activate DNSSEC for their domain.

Scam emails lead to fake login pages

The scam was spotted by Sophos researchers, when the admin(s) of their own security marketing blog received an email impersonating WordPress and urging them to click on a link to perform the activation (see screenshot above).

The link took them to a “surprisingly believable” phishing page with logos and icons that matched their service provider (WordPress VIP), and instructed them to enter their WordPress account username and password to start the update.

“The scam then shows you some fake but believable progress messages to make you think that a genuine ‘site upgrade’ has kicked off, including pretending to perform some sort of digital ‘file signing’ at the end,” Sophos’s security proselytiser Paul Ducklin explained.

Finally, either intentionally or by mistake, the victim is redirected to a 404 error page.

Customized phishing pages

The malicious link in the email contained encoded banner and URL information that allowed researchers (and attackers) to customize the scam phishing page with different logos, to impersonate numerous different hosting providers.

“We didn’t even need to guess at the banner names that we could use, because the crooks had left the image directory browsable on their phishing site. In total, the crooks had 98 different ripped-off brand images ready to go, all the way from Akamai to Zen Cart,” Ducklin noted.

The attackers check HTTP headers for information about the target’s hosting provider and customize the scam email and the phishing site accordingly:

Users who fall for the scam, enter their login credentials into the phishing site and don’t have 2-factor authentication turned on are effectively handing control of their site to the scammers.

Ducklin advises admins never to log in anywhere through links sent via email, to urn on 2FA whenever they can, and to use a password manager.

“Password managers not only pick strong and random passwords automatically, but also associate each password with a specific URL. That makes it much harder to put the right password into the wrong site, because the password manager simply won’t know which account to use when faced with an unknown phishing site,” he noted.

from Help Net Security https://ift.tt/2YMz0ti

iOS 14 flags TikTok, 53 other apps spying on iPhone clipboards

TikTok, for one, promised to knock this off months ago but was caught red-handed, still at it, by the new clipboard notification in iOS 14.
from Naked Security https://ift.tt/2NFabZZ

Critical flaw opens Palo Alto Networks firewalls and VPN appliances to attack, patch ASAP!

Palo Alto Networks has patched a critical and easily exploitable vulnerability (CVE-2020-2021) affecting PAN-OS, the custom operating system running on its next generation firewalls and enterprise VPN appliances, and is urging users to update to a fixed version as soon as possible.

The US Cyber Command has echoed the call for immediate action, saying that nation-state-backed attackers are likely to try to exploit it soon.

About the vulnerability (CVE-2020-2021)

CVE-2020-2021 is an authentication bypass vulnerability that could allow unauthenticated, remote attackers to gain access to and control of the vulnerable devices, change their settings, change access control policies, turn them off, etc.

Affected PAN-OS versions include versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0 (EOL). Version 7.1 is not affected.

Also, the vulnerability is exploitable only if:

• The device is configured to use SAML authentication with single sign-on (SSO) for access management, and
• The “Validate Identity Provider Certificate” option is disabled (unchecked) in the SAML Identity Provider Server Profile

“Resources that can be protected by SAML-based single sign-on (SSO) authentication are GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN, Authentication and Captive Portal, PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces, and Prisma Access,” Palo Alto Networks shared.

While the aforementioned configuration settings are not part of default configurations, it seems that finding vulnerable devices should not be much of a problem for attackers.

“It appears that notable organizations providing SSO, two-factor authentication, and identity services recommend this [vulnerable] configuration or may only work using this configuration,” noted Tenable researcher Satnam Narang.

“These providers include Okta, SecureAuth, SafeNet Trusted Access, Duo, Trusona via Azure AD, Azure AD and Centrify.

Even the PAN-OS 9.1 user guide instructs admins to disable the “Validate Identity Provider Certificate” option that when setting up Duo integration:

Palo Alto Networks says that there is currently no indication of the vulnerability being under active attack.

But given that SSL VPN flaws in various enterprise solutions have been heavily exploited in the last year or so – both by cybercriminals and nation-state attackers – it is expected that this one will be as soon as a working exploit is developed.

What to do?

As mentioned before, implementing the security updates is the best solution.

Enterprise admins are advised to upgrade to PAN-OS versions 9.1.3, 9.0.9 or 8.1.15 if possible. Palo Alto Networks has provided instructions for doing that in a way that doesn’t break the authentication capability for users.

If updating is not possible, the risk can be temporarily mitigated by using a different authentication method and disabling SAML authentication.

Admins can check for indicators of compromise in a variety of logs (authentication logs, User-ID logs, GlobalProtect Logs, etc.)

from Help Net Security https://ift.tt/2BTqK1G