• CYBER SECURITY
    FOR THE 21ST CENTURY

    Many organizations have security policies, IDS or encryption’s in place. However, they are still being compromised and are not focused on the most effective practices. This is where Milli Micro Systems comes in. Rely on us to stop major breaches of security and even the most elementary of mistakes.

ABOUT MILLI MICRO SYSTEMS

OFFERING VITAL SECURITY
TRAINING FOR A
DANGEROUS WORLD

The Military uses independent training programs,
can you afford not to?

Our customers have included the US Army, US Navy,
US Air Force, National Guard, Department of Interior,
Department of Veterans Affairs, Metropilitan
Water District, County of Los Angeles, State of
California, Chicos FAS, and many more.

CYBER NEWS FEED
  • MongoDB tool vulnerable to remote code execution flaw March 16,2015

    MongoDB tool vulnerable to remote code execution flaw

    MongoDB, one of the Web's leading NoSQL platforms, is a popular alternative to table-based relational databases. One of the GUI tools used to manage MongoDB (phpMoAdmin) has a serious vulnerability that, if exploited, allows an attacker to execute commands on the server.Written in PHP,...

  • BrandPost: Subpar IP Decisioning Data Can Drive Risky Security Decisions September 26,2017

    BrandPost: Subpar IP Decisioning Data Can Drive Risky Security Decisions

    Arguably, the most recognized – and perhaps most overused – cliché in the computer industry is “garbage in, garbage out.” Of course, there’s good reason why this phrase has had such staying power, and why it has migrated far beyond its original computational confines. “Garbage in,...

  • BrandPost: One Day Is a Lifetime in Container Years October 11,2016

    The average life span of a container is short and getting shorter. While some organizations use containers as replacements for virtual machines, many are using them increasingly for elastic compute resources, with life spans measured in hours or even minutes. Containers allow an organization to...

  • 36% off 1byone Amplified HDTV Antenna With 50 Miles Range – Deal Alert October 26,2016

    36% off 1byone Amplified HDTV Antenna With 50 Miles Range - Deal Alert

    This highly rated super thin antenna receives free broadcast High Definition TV signals (such as ABC, CBS, NBC, PBS, and Fox) and supports 1080p...

  • To punish Symantec, Google may distrust a third of the web’s SSL certificates March 24,2017

    To punish Symantec, Google may distrust a third of the web's SSL certificates

    Google is considering a harsh punishment for repeated incidents in which Symantec or its certificate resellers improperly issued SSL certificates. A proposed plan is to force the company to replace all of its customers’ certificates and to stop recognizing the extended validation (EV) status...

  • IDG Contributor Network: My obligatory 2017 predictions December 13,2016

    IDG Contributor Network: My obligatory 2017 predictions

    Many CISSPs finish December in a panic as they try to complete their required CPEs for the year. The good news is that there’s large number of vendor webinars for the cybersecurity year in review, and 2017 cybersecurity predictions, which a CISSP can view to finish the year in good standing.As...

  • 30% off Garmin Forerunner 230 Running and Activity Tracking Watch – Deal Alert April 3,2017

    30% off Garmin Forerunner 230 Running and Activity Tracking Watch - Deal Alert

    Forerunner 230 is a running watch and activity tracker with smart features. It records steps, even when you’re not running. Tracks distance, pace, time, heart rate and VO2 Max on your runs. And when paired to your phone see incoming email, text messages, call alerts, calendar reminders and...

  • IDG Contributor Network: Avoid these 5 IT vendor management worst practices to avoid IT audit trouble June 30,2017

    IDG Contributor Network: Avoid these 5 IT vendor management worst practices to avoid IT audit trouble

    Many articles and conference presentations focus on how to choose IT vendors, what to include in contracts and the need for oversight of these vendors after the contract is signed. Because of the nature of contract negotiations, companies may need to compromise on what they are able to include...

  • HackerOne CEO: ‘We’re building the world’s biggest security talent agency’ September 28,2016

    HackerOne CEO: 'We’re building the world’s biggest security talent agency'

    Marten Mickos, a veteran executive with companies from MySQL to Sun, Nokia and HP, was not particularly excited about his meeting to explore a leadership role with HackerOne, a fledgling security company. Security is hard, it’s unpleasant, it doesn’t work very well. But he perked up fast after...

  • IDG Contributor Network: Accessing Hollywood October 31,2017

    IDG Contributor Network: Accessing Hollywood

    Every episode of Mission Impossible starts the same way, a shadowy figure enters a seemingly nondescript location and retrieves a secret message beginning with the famous words, "your mission, should you choose to accept it...." A seemingly impossible task with high stakes and dire consequences...

  • OpenSSL update fixes DROWN vulnerability March 1,2016

    OpenSSL update fixes DROWN vulnerability

    An international team of researchers has uncovered an attack that can compromise encrypted network traffic in a matter of hours.The DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) attack successfully decrypts TLS (transport layer security) sessions by exploiting a vulnerability in...

  • Companies ramp up recruiting veterans as cybersecurity urgency grows May 22,2017

    Companies ramp up recruiting veterans as cybersecurity urgency grows

    Managed security services provider Proficio, Inc., plans to grow its cybersecurity team from about 100 employees today to more than 450 people by the end of 2018.  It may seem like a daunting task for most companies given the shortage of workers with cybersecurity skills, but Proficio...

  • FCC hit with DDoS attacks after John Oliver takes on net neutrality May 9,2017

    FCC hit with DDoS attacks after John Oliver takes on net neutrality

    The U.S. Federal Communications Commission's website slowed to a crawl after comic and political commentator John Oliver urged viewers to flood the agency with comments in support of net neutrality, in what appeared to be a repeat of a 2014 incident.With the FCC headed toward a repeal of net...

  • Free tool protects PCs from master boot record attacks October 20,2016

    Free tool protects PCs from master boot record attacks

    Cisco;s Talos team has developed an open-source tool that can protect the master boot record of Windows computers from modification by ransomware and other malicious attacks.The tool, called MBRFilter, functions as a signed system driver and puts the disk's sector 0 into a read-only state. It is...

  • Proposed data breach notification bill criticized as too weak March 18,2015

    Proposed data breach notification bill criticized as too weak

    Proposed legislation that would require U.S. businesses to notify affected customers after data breaches is too weak because it would preempt stronger breach notification laws in several states and it wouldn't cover several classes of data, including geolocation and health information, critics...

  • 16% off AVerCapture HD 1080p Game Stream Video Capture Device – Deal Alert March 13,2017

    16% off AVerCapture HD 1080p Game Stream Video Capture Device - Deal Alert

    AVerCapture HD is a USB capture card that can record and stream Xbox One, Xbox 360, PlayStation 4, WiiU or PC gameplay up to full HD 1080p with HDMI and component input. It features built in H.264 hardware encoder for ultra-low latency to perfectly synchronize gameplay and voice commentary....

  • Get 2 USB-C to USB 6-foot Cables For $9.49 Right Now On Amazon January 23,2018

    Get 2 USB-C to USB 6-foot Cables For $9.49 Right Now On Amazon

    When you find a good cable for a cheap price, it never hurts to grab it. Anker's USB-C to USB cables feature a double-braided nylon exterior, toughened aramid fiber core and laser-welded connectors, which Anker says makes them more reliable and longer lasting.  With this deal, you'll get two...

  • Does security awareness training need a new, stronger name? November 21,2016

    Does security awareness training need a new, stronger name?

    During the 2016 National Cyber Security Awareness Month in October, Frederick Scholl wrote an intriguing article for CSO Magazine entitled, “Time to kill security awareness training.” Many people expressed the view that the headline was a shocker.Some security pros who commented on the...

  • IBM readies cybersecurity simulation center November 16,2016

    IBM readies cybersecurity simulation center

    CAMBRIDGE -- Government agencies, law enforcement, security experts, and businesses joined IBM Security as they opened the industry's first commercial Cyber Range at their new global headquarters in Cambridge, Mass., today.The range is a live operational environment where they kicked off a...

  • Dyn attack highlights 2016 security industry woes December 16,2016

    Dyn attack highlights 2016 security industry woes

    This has been another eventful year in the realm of cyber security—with a number of high-profile data breaches that affected large numbers of people and technological developments that promise to impact the market for years to come. Here are some of the more notable developments, according to...

GET THE LATEST CYBER SECURITY NEWS & UPDATES
WHAT TO KNOW

IMPORTANCE

Why Is Cyber Security Important?
The increasing number and sophistication of cyber threats (targeting phishing scams, data theft, and other online vulnerabilities) require us to remain vigilant securing our systems and information.

The average computer does not have proper security controls in place. New attack methods are found every day. There were 183 million accounts compromised in Q3 of 2014 [1]. The number of phishing sites leaped by 10.7 percent over the fourth quarter of 2013[2]. These are just a few examples, and they highlight the importance of cyber security for protecting data and systems.

With BYOD becoming ubiquitous in the workplace, the “trend in cyber security is that IT leaders are losing control of their technology. It’s a trend that obliterates how security has traditionally worked and it can’t be stopped.”[3] Refusing to adapt is more expensive than investing in a new approach.

MMS has that new approach. We know Cyber Security should never be an afterthought, but instead integrated into every new project from the start. Our 5-step program is designed to deal with 95% of security problems right off the bat.

But wait, why aren’t all computer systems secure?
Partly due to hard technical problems, but also due to cost/benefits issues, Security costs and Security usually only pays off when there’s trouble. Typically, it’s the users’ perception that there is no real threat to themselves and they trust everyone, “Here is my password, I trust you’re not going to do anything bad, I don’t have any secrets.” and when that information gets out the user is now compromised. The user is not taking into account how their infected computer can hurt others.

This isn’t just an end user issue either, many key decision makers, as well as the employees in organizations, have this attitude. That is why we have added the 5th step to our program: Training. With the proper training stakeholders and employees can understand the importance of cyber security as a business process, not just something for the I.T. department. The I.T. department exists in an advisory and support capacity but cannot solve all problems by itself. It is in user’s and organization’s best interest to obtain the right knowledge to protect themselves from cyber threats. Our training in cyber security will ensure users will be aware of all important threats and how to be a smart user.

Cyber Security is an important Business issue, but like everything else unless you get buy-in across the board, Cyber Security policies and procedures will be ignored.

  1. http://www.safenet-inc.com/news/2014/q3-data-breaches-compromise-183-million-customer-accounts/
  2. http://docs.apwg.org/reports/apwg_trends_report_q1_2014.pdf
  3. John Pescatore, director of emerging security trends at the SANS Institute

LEADING THREATS

There are many threats, some more serious than others. Some examples of how your computer and systems could be affected by a cyber-security incident – whether because of improper cyber security controls, manmade or natural disasters, or malicious users wreaking havoc-include the following:

Interruption Threats:Denial-of-service refers to an attack that successfully prevents or impairs the authorized functionality of networks, systems or applications by exhausting resources. What impact could a denial-of-service have if it shut down a government agency’s website, thereby preventing citizens from accessing information or completing transactions? What financial impact might a denial-of-service have on a business? What would the impact be on critical services such as emergency medical systems, police communications or air traffic control? Can some of these be unavailable for a week, a day or even an hour?

Malicious Code Attacks:Malware, worms, and Trojan horses: These spread by email, instant messaging, malicious websites, and infected non-malicious websites. Some websites will automatically download the malware without the user’s knowledge or intervention. This is known as a “drive-by download.” Other methods will require the users to click on a link or button.

Botnets and zombies: A botnet, short for robot network, is an aggregation of compromised computers that are connected to a central “controller.” The compromised computers are often referred to as “bots” or “zombies”.These threats will continue to proliferate as the attack techniques evolve and become available to a broader audience, with less technical knowledge required to launch successful attacks. Botnets designed to steal data are improving their encryption capabilities and thus becoming more difficult to detect.

“Scareware” – fake security software warnings: This type of scam can be particularly profitable for cyber criminals, as many users believe the pop-up warnings telling them their system is infected and are lured into downloading and paying for the special software to “protect” their system.

Social Network Attacks: Social networks can be major sources of attacks because of the volume of users and the amount of personal information that is posted. Users’ inherent trust in their online friends is what makes these networks a prime target. For example, users may be prompted to follow a link on someone’s page, which could bring users to a malicious website.

Top 5 Social Networking Attacks

  1. Fake offering
    These offers invite users to use a free gift card or discount coupon; to receive these offers the user must share personal information with the scammer.
  2. Fake Plug-in Scams
    These trick the user into downloading a fake extension or web browser. The infected extension or browser will begin to steal password data and other sensitive information.
  3. Like-jacking
    The fake “Like” button on websites to get users to click on the button; once the user clicks on the “Like” button an installation begins with malware and other malicious code.
  4. Fake-Apps
    Typically, the app is legitimate, but it’s bundled with malware then released again by the attacked and once the user installs or uses the app the malware is released on their machine to wreak havoc.
  5. Manual Sharing
    User is sharing the infected offering that will intrigue other users without knowing what was shared was malicious.

For more information visit: http://msisac.cisecurity.org/

SECURITY VS SAFETY

Safety: Protection from negligence, accidental damage and hurt.

Security: Protection from malign intent.

The difference is People cause security events. This distinction is critical to understanding the role security must play in your organization. Security is therefore a “people problem.” Security programs are only effective when they control the people who have access to those assets.

There are many laws and regulations surrounding safety, but very little time and energy is based on security.

Security is often seen as a checkbox or a list of compliance requirement by an agency. It is often an afterthought and a poorly executed one at that. Frequently the focus is to just make it work and worry about security later. This is of course detrimental to the organization.

  1. http://www.rmasecurity.com/2014/07/the-difference-between-safety-and-security/


REQUEST MORE INFO.

Complete the request form below to learn more about Our Cyber Security Options.

captcha