Biz Builder Mike

You can't sail Today's boat on Yesterdays wind - Michael Noel

cybersecurity

Michigan Secure App – Powered by Zimperium – Protects Citizens from Mobile Attacks

Michigan Secure App - Powered by Zimperium - Protects Citizens from Mobile AttacksMichigan Secure App - Powered by Zimperium - Protects Citizens from Mobile Attacks

According to a recent Michigan Department of Technology, Management and Budget (DTMB) news release, “the state of Michigan is now providing residents access to a free mobile application that can detect threats to their mobile devices. The Michigan Secure app alerts an individual of suspicious activity on their mobile device, allowing them to interact with the digital world with greater confidence.”

This is the latest zSecure app, developed by Zimperium, to provide citizens peace of mind by giving them free access to privacy-protecting, on-device protection for their mobile devices. Citizens in New York City and now Michigan citizens will be using the same solution – zIPS – used by top Fortune 100 companies and government agencies around the world.

“Our reliance on mobile devices has been met with a surge in activity by cybercriminals looking to access those devices to steal our personal information, and possibly much worse,” said DTMB Director and State Chief Information Officer Brom Stibitz. “The Michigan Secure app is a huge step towards protecting Michiganders from these criminals and giving us all some peace of mind as we use our phones and tablets.”

As with NYC Secure, Michigan Secure empowers users by informing them of the threats they encounter as they interact with an increasingly technology-driven world. The application warns users if the Wi-Fi they are trying to connect to could be compromised. It can also scan other Android mobile apps for potential threats and alert users before they are downloaded. Michigan Secure even has a database of potential threat indicators to notify individuals of activity on their phone that matches a documented threat.

“While the security of our mobile devices is critical, it is also important to respect people’s privacy,” explained Brom. “Michigan Secure does not require anyone to share their personal information or mobile data. It exists for the sole purpose of detecting threats and notifying the user.”

The Michigan Secure app – like NYC Secure – does not collect, store, or monitor the personal information of users that download it. The app’s code and privacy configuration settings have received the approval of the American Civil Liberties Union for the way they protect individual privacy.

[embedded content]

For more information 

Michigan Secure is available for mobile devices running iOS 11 or higher, Android 6.0 or higher, and Chromebooks with Android Apps Support. You can download Michigan Secure on the App Store or Google Play. Visit Michigan.gov/MichiganSecureApp.

For Michiganders interested in learning more about how to protect themselves and their loved ones online, visit the Michigan Cybersecurity website at Michigan.gov/Cybersecurity for information ranging from how to practice proper cyber “hygiene” to learning about what to do if you are a victim of a cybercrime.

To learn more about Zimperium’s zSecure solution, contact us

Previous Zimperium Mobile Security Blog PostPrevious Zimperium Mobile Security Blog Post Zimperium Impresses; Named Top Cybersecurity Startup for 2021

Michigan Secure App – Powered by Zimperium – Protects Citizens from Mobile Attacks

Source

Zimperium Impresses; Named Top Cybersecurity Startup for 2021

Zimperium Impresses; Named Top Cybersecurity Startup for 2021Zimperium Impresses; Named Top Cybersecurity Startup for 2021

“So, get ready to be really impressed,” Max Kurton of EM360 – a global technology platform – exclaimed as he revealed Zimperium as the number one cybersecurity startup of EM360’s Top 5 Cybersecurity Startups for 2021. 

In the article – part of EM360’s Emerge5 series – Max writes, “With new technology comes new adversaries and with new adversaries comes new solutions. From typosquatting to machine learning poisoning, the last decade proved to us that threats can come in any form. The best way to protect yourself is to equip yourself with the latest breakthroughs in the industry from modern cybersecurity startups with modern solutions.” 

Max had the opportunity to interview our CEO, Shridhar Mittal, and asked him about the current state of mobile security, challenges in securing mobile endpoints compared to traditional employee laptops, and what makes Zimperium so unique. 

To watch the full interview:
[embedded content]

What’s the current state of mobile security looking like? 

Shridhar brought up several salient points, including: 

  • Almost every company in the world is encouraging a “Work anytime from anywhere” culture. To be able to put this in action the companies have to provide more access to corporate data to their employees’ mobile devices – whether they are phones or tablets.
  • This is adding a completely new threat vector to the company that they have never experienced before.
  • The challenge is employees are the administrator on these mobile devices – they control when to update the operating system, they download all kinds of apps on their devices, are connecting to public Wi-Fi networks and worst of all – clicking on all kinds of links which could lead to them getting phished.
  • Luckily, CISOs are recognizing the fact that these mobile devices have to be regarded with the same seriousness as traditional endpoints like PCs and Macs.
  • This has led to mobile security becoming a top five initiative for most CISOs and has become a huge growth market for us.
  • This is getting further accelerated as the security world moves towards a zero trust model.

What further challenges does securing mobile endpoints bring in comparison to securing, say, employee laptops?

  • The biggest one is privacy. Most employees use their mobile devices for not just business purposes but also for personal activities like reading news, following sports, social media, messaging with friends and family. They really don’t want their employers to be tracking everything that they are doing on those devices. 
  • Therefore any mobile security solution should be able to secure the devices without violating the employee’s privacy or the company’s privacy policy. 
  • The detections should be done locally on the device without streaming personal information to the cloud for analysis.
  • Now couple that with the fact that these devices impose additional constraints on any security solution – closed operating system, limited computing power, smaller batteries, limited visibility to other apps running on these devices. This is a very hard problem to solve. 
  • You cannot take the same approach that has worked on traditional endpoints and be successful on mobile devices.
  • This is why the US DOD selected the Zimperium solution after an extensive evaluation process.

Zimperium’s offering is already one of a kind, but could you tell us more about what makes this company unique?

  • As you said our product is definitely our biggest differentiator. The fact that we can secure mobile devices from all kinds of attacks and do it without violating privacy is unique in our industry.
  • However, there are two other aspects that I am quite proud of:
  • One – we know that we are just one part of a large security ecosystem in most companies. Our engineering team has done a fantastic job of creating an open solution with out of the box integrations to most industry leading solutions that we touch – MDMs, SIEM, XDR, zero-trust, etc.
  • Second, is our approach towards customer success. We understand that getting value out of a mobile security solution is not just a technical implementation – which could be done in a matter of days. It is a journey to help customers start with basics and then lead them stepwise through a maturity model that culminates in getting a large amount of value at the end of the journey. That is why our adoption rates and retention rates are industry leading.

Learn more

To learn more on how Zimperium can help protect your enterprise, contact us

Previous Zimperium Mobile Security Blog PostPrevious Zimperium Mobile Security Blog Post Apple’s Latest Security Fix Shows Why Enterprises Need MTD

Zimperium Impresses; Named Top Cybersecurity Startup for 2021

Source

Network File-Sharing Service Suffers Cryptojacking Attack 

QNAP Inc., a company specializing in building file-sharing and storage management applications, has warned users about an ongoing crypto mining attack on its network-attached devices. According to a recent Bleeping Computer report, the attack is essentially a cryptojacking operation, forcing connected devices to mine Bitcoin.

Blaming Weak Passwords

A Taiwanese company, QNAP Systems is a giant in the file storage and memory devices space. The company provides a backup hub for storing files, essentially operating as a hard drive that users can access anywhere and anytime.

As Bleeping Computer reported, security experts have named the malware installed on connected devices as “Dovecat.” They explained that it had been affecting computer systems since November 2020, and QNAP appears to have been its most prominent target. With access to thousands of connected devices, the malware can get a massive amount of processing power for its mining operation.

QNAP explained to the news source that customers’ weak passwords were to blame for the malware intrusion. The company has asked that users replace weak passwords with stronger ones while installing malware blockers and updating their network-attached devices.

Will 2021 Continue Where 2020 Left Off?

Cryptojacking has been one of the most famous malware variants for the past year. With more people and companies requiring effective internet connection and support, hackers have had a vast network of victims to take advantage of.

Last June, Russian cybersecurity firm Kaspersky reported that Singapore alone had seen a significant spike in the number of cryptojacking cases in the first quarter of the year. Per the report, January to March 2020 saw 11,700 cryptojacking complaints from the country – up from 2,900 in the first three months of the previous year.

Mexico saw a similar trend, where local news source El Economista confirmed that more individuals and firms had fallen victim to crimes like cryptojacking and ransomware attacks than ever before.

The report explained that several companies had complained about unknown entities accessing their cloud computing systems and using them for cryptocurrency mining. However, a cybersecurity expert also told the news medium that many of the firms don’t seem to know much about cloud security, to begin with.

Network File-Sharing Service Suffers Cryptojacking Attack 

Source

Breach at Indian exchange BuyUCoin allegedly exposes 325K users’ personal data

Users of Indian crypto exchange BuyUCoin have reportedly been affected by a breach compromising personal data of more than 325,000 people.

According to a report from Indian news outlet Inc42, a hacking group by the name of ShinyHunters leaked a database containing the names, phone numbers, email addresses, tax identification numbers and bank account details of more than 325,000 BuyUCoin users. However, a later report from Bleeping Computer shows the leaked data may only contain information from 161,487 BuyUCoin members.

Cybersecurity researcher Rajshekhar Rajaharia posted screenshots of the leaked data — recorded until September 2020 — to Twitter last week, which included trading activity and BuyUCoin referral codes.

BuyUCoin initially claimed that “not even a single customer was affected” by the data breach and referred to the reports as “rumors,” but has since released a statement saying it was “thoroughly investigating each and every aspect of the report about malicious and unlawful cybercrime activities by foreign entities.” The exchange added that all user funds were “safe and sound within a secure environment” as it reported 95% were kept in cold storage.

Though no funds have reportedly been affected in the breach of the exchange, there are still potential risks to BuyUCoin users. Like the exchange’s customers, Ledger users had their personal data compromised in a June and July 2020 data breach affecting 272,853 people who ordered hardware wallets. Some users have since reported receiving threatening emails with demands for a crypto ransom to be paid within 24 hours or they will face “horrifying” consequences.

While real world attacks to steal crypto are much rarer than hacks or scams, they do occur. Whether concerned for their data or their physical well being, some BuyUCoin users expressed their frustration with the reports of the breach.

“What if someone used my account in any illegal activity?” said Rajaharia — also a BuyUCoin user — in a follow-up tweet, calling the exchange’s initial response “irresponsible.”

Cointelegraph reached out to BuyUCoin CEO Shivam Thakral for comment, but did not receive a response at the time of publication.

Breach at Indian exchange BuyUCoin allegedly exposes 325K users’ personal data

Source

YIELD App, Created by Fintech and Cybersecurity Experts, to Expand its DeFi focused Digital Banking Solution to Avalanche

YIELD App is getting ready to expand its decentralized finance (DeFi) banking solution to Avalanche.

According to a blog post published on January 22, 2021 by Ava Labs, which supports the ongoing development of Avalanche, a distributed ledger technology (DLT)-focused platform and project, this new integration will allow YIELD users to more easily gain access to new opportunities within Avalanche’s evolving DeFi ecosystem so they can “maximize their crypto returns.”

As confirmed in the update, the YIELD App will be expanding to Avalanche following the completion of the integration during the second quarter of this year. The initiative will aim to take advantage of the “rapid growth of opportunities” in Avalanche’s DeFi ecosystem.

As noted in the announcement:

“YIELD App is led by an experienced team of capital markets, Fintech, cybersecurity, and crypto professionals, and adheres to internationally recognized standards under global financial, regulatory, and licensing best practices.”

The YIELD App’s main product combines two major components its team believes were not found in the majority of DeFi apps. They include a “proprietary” portfolio management engine on the back-end and a digital banking and wealth management app on the front-end.

By leveraging all these capabilities, the app can regularly monitor and assess/evaluate the overall profitability of strategies across the DeFi space, such as liquidity mining, arbitrage, liquidations, margin and collateralized lending, and various other income-generating methods.

It employs an advanced risk management solution, allowing consumers to “achieve their optimal risk/reward ratio.”

YIELD App users are able to generate a “minimum of 12% APY and up to 20% APY–returns are maximized by eliminating gas fees and paying interest daily,” the announcement noted.

Tim Frost, CEO of YIELD App, stated:

“DeFi’s growth has been undeniable, but in order to bring it into the mainstream, hybrid crypto financial services providers, DeFi project owners, and innovators must collaborate to build better, more accessible products and services. This collaboration with Avalanche provides an opportunity for YIELD App to work with a best-in-class DeFi protocol developer and blockchain pioneer to make it easier for all investors to acquire digital assets and participate in DeFi services.” 

YIELD App’s user-friendly application and web platform allow users across the globe to generate fairly  high returns from various DeFi products “without having to go through a lengthy, complex, and often costly learning process.”

YIELD provides an investment fund that’s managed by a team with considerable experience in the Fintech and cybersecurity space.

As noted in the update, at “the core of its strategy is the YLD token, which rewards community members and allows them to boost their APY from 12% to 20%.”

As previously reported, Avalanche is an open-source platform for creating DeFi apps and enterprise-grade blockchain or DLT deployments in “one interoperable, highly scalable ecosystem.” Software engineers who create solutions on Avalanche are reportedly able to develop robust, reliable, and highly-secure software and customized DLT networks with “complex rulesets” or build on various private or public subnets (sub-networks).

Source