Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
For those of us who have a credit report, there’s a good chance that our sensitive personal information was exposed in a data breach at Equifax. They have since published steps to take to help protect information from being misused.
Although we are unlikely to know the full effects of the Equifax security breach any time soon, there are key actionable takeaways we can use to better protect ourselves from future security attacks.
1. Weak passwords matter
If you use weak passwords on any system, it makes the chances of it being coerced much higher. But people who use weak passwords also tend to use the same or similar passwords across multiple systems. If your password is “leadership”, then a hacker will check variants of that as well to see what other places you have used that password. Cyber attackers have built systems to automatically check obvious derivatives, adding numbers, and a symbol to the beginning or end are just the start. Using databases of known passwords allow them to quickly identify derivatives.
If you also use your corporate email address as your login name, then becoming an online copy of you is even easier. For example, if you use your corporate ID as a login for Linkedin, and that account is broken into, then the hacker can easily pretend to be you on Linkedin, speak to your clients, prospects and colleagues, and use this to socially engineer them into providing further private information.
Always use complex and/or long passwords to minimize this risk. Your IT department can help you force good password policy across your organization.
2. Pony Attacks
One of the ways that cyber attackers targeted Equifax customers was through the “pony” exploit. Pony malware is a Russian password stealer kit. It performs data exfiltration on the credentials of 90+ applications when it gains access to the machine. This type of malware can execute through a simple phishing attack or by a web application. Once the pony has its passwords, it deletes itself and becomes undetectable. There was also evidence of third-party application breaches, such as through LinkedIn, Dropbox, Forbes.com, Last.fm, and other hacktivism sets.
What this means is that malware was running on end users computers, and it stole their logins to multiple systems, including their login to Equifax. The only way to protect your users (and yourself) from malware infections is to run an Advanced Endpoint Protection (AEP) solution that both detects known malware and prevents infection from as yet unknown malware. Make sure all your endpoints are using an AEP solution that doesn’t just detect known malware, but also stops even unknown malware from infecting your systems.
3. The guidance of passwords issued by NIST have changed
Passwords are only one of many lines of defense, but it’s important to implement strong passwords using the best available practices. The National Institute of Standards and Technology (NIST) has published new guidance, and it’s worth noting. Here is the detail from NIST.
The guidance is this:
I would encourage you to read the link above for full details, but the key thing is to make sure you and your users are aware that passwords are just one link in the website security chain, and make use of advanced platforms for security monitoring and administration, such as the Comodo cWatch web and Comodo cWatch network platforms available for all sizes of business and enterprise. Your IT Department can ensure that good password policies are delivered across your organization.
A final word
As a final note, to keep informed about the evolution of malware around the globe, you can sign-up for the weekly Comodo Treat Intelligence Lab update at https://comodo.com/lab. It’s free and you will automatically receive a detailed weekly report on the spread of malware around the globe, plus when something important needs to be shared, we will also send you special reports.
What Is ITSM
Tags: Comodo endpoint protection,IT Security
Reading Time: 3 minutes With cybersecurity playing such an essential role in modern-day business culture, many companies are sourcing highly specialized personnel to help keep their organizations secure. While departmental structures vary from company to company, many would agree a dedicated Chief Information Security Officer (CISO) provides the best bang for buck when establishing sustainable security practices now and…
Reading Time: 3 minutes Celebrate National Cybersecurity Awareness Month By Learning to Protect Against Ransomware Attacks It’s the season for pumpkin picking, leaves changing color, getting ready for Halloween parties and trick-or-treating. But ghosts and ghouls aren’t the only scary things you’ll be seeing this month: October is also National Cybersecurity Awareness Month, a time when business leaders and…
Reading Time: 3 minutes The 5 Most Common Pitfalls in Your Security Stack That Put You at Risk for a Breach It can take 6 months or more for an organization to realize a data breach has occurred. Meanwhile, malware has entered your network and is waiting for the command to attack. Intrusions happen all over the world, but…
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
agreecheck
See how your organization scores against cybersecurity threats
Advanced Endpoint Protection, Endpoint Detection and Response Built On Zero Trust Architecture available on our SaaS EPP