3 Companies that faced security breaches in the last two years & what enabled hacking:

1. Yahoo

In September 2016, the once dominant Internet giant, while in negotiations to sell itself to Verizon, announced it had been the victim of the biggest data breach in history, likely by “a state-sponsored actor,” in 2014. The attack compromised the real names, email addresses, dates of birth and telephone numbers of 500 million users. The company said the “vast majority” of the passwords involved had been hashed using the robust bcrypt algorithm.

A couple of months later, in December, it buried that earlier record with the disclosure that a breach in 2013, by a different group of hackers had compromised 1 billion accounts. Besides names, dates of birth, email addresses and passwords that were not as well protected as those involved in 2014, security questions and answers were also compromised. In October of 2017, Yahoo revised that estimate, saying that, in fact, all 3 billion accounts had been compromised.

The breaches knocked an estimated $350 million off Yahoo’s sale price. Verizon eventually paid $4.48 billion for Yahoo’s core Internet business. The agreement called for the two companies to share regulatory and legal liabilities from the breaches. The sale did not include a reported investment in Alibaba Group Holding of $41.3 billion and an ownership interest in Yahoo Japan of $9.3 billion. Yahoo, founded in 1994, had once been valued at $100 billion. After the sale, the company changed its name to Altaba, Inc.

2. eBay

The online auction giant reported a cyberattack in May 2014 that it said exposed names, addresses, dates of birth and encrypted passwords of all of its 145 million users. The company said hackers got into the company network using the credentials of three corporate employees, and had complete inside access for 229 days, during which time they were able to make their way to the user database.

It asked its customers to change their passwords, but said financial information, such as credit card numbers, was stored separately and was not compromised. The company was criticized at the time for a lack of communication informing its users and poor implementation of the password-renewal process.

CEO John Donahue said the breach resulted in a decline in user activity, but had little impact on the bottom line – its Q2 revenue was up 13 percent and earnings up 6 percent, in line with analyst expectations.

3. Target

In this incident, Credit/debit card information and/or contact information of up to 110 million people were compromised.

The breach actually began before Thanksgiving, but was not discovered until several weeks later. The retail giant initially announced that hackers had gained access through a third-party HVAC vender to its point-of-sale (POS) payment card readers, and had collected about 40 million credit and debit card numbers.

By January 2014, however, the company upped that estimate, reporting that personally identifiable information (PII) of 70 million of its customers had been compromised. That included full names, addresses, email addresses and telephone numbers. The final estimate is that the breach affected as many as 110 million customers.

Target’s CIO resigned in March 2014, and its CEO resigned in May. The company recently estimated the cost of the breach at $162 million.

The company was credited with making significant security improvements. However, a settlement announced in May 2017 that gave Target 180 days to make specific security improvements was described by Tom Kellermann, CEO of Strategic Cyber Ventures and former CSO of Trend Micro, as a “slap on the wrist.” He also said it, “represents yesterday’s security paradigm,” since the requirements focus on keeping attackers out and not on improving incident response.

Source: https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html

 

3 antivirus software applications, advantage and disadvantage of each, recommendation to students, and whether antivirus alone is sufficient for network security:

An anti-virus software is used to detect, quarantine, and remove viruses from either the computer files or the computer systems infected with them either from corrupted data files or programs. When one installs an anti-virus software on their computer, he or she gets protection against not only viruses but Trojan horses, worms, spyware, adware, rootkits, and keyloggers as well.

The answer to what is the best really depends on a number of factors:
1. Is price a factor?
2. Is this for just detections or for performance as well?
3. What versions of the programs are you comparing?

As far as just the three of these are concerned, Kaspersky has the best comprehensive protection with their Internet Security Suite. This not only provides anti-virus scans but also a firewall and other useful utilities. It’s also decently priced.

McAfee has a popular name these days. The biggest problem though is that not only are their definition files a little behind on the latest threats, but they also have very passive protection. The passive protection is okay for someone who is careful on the internet and does not like to be bothered by pop ups.

Avira is the most cost effective of the three. For a free antivirus software it’s protection is amazingly thorough and highly recommended over any other free program.

It’s clear that both Kaspersky and McAfee have support for various devices such as Windows, Mac, Android and iOS. That having said, only Kaspersky is offering the support for iOS devices like iPhone or iPad. For its price compared to provisions and coverage, I would recommend Kaspersky over McAfee or Avira. Antiviruses alone aren’t sufficient on their own, however, for network security. Therefore, they should be paired with firewalls and adblockers.

Source: https://antivirusinsider.com/mcafee-vs-kaspersky/