Home Tags Seagate

Tag: Seagate

21% off Seagate Backup Plus Hub for Mac, 4TB External Desktop...

Back up your files, precious photos and videos while connecting to and recharging any USB device, such as your tablet, smartphone or camera -- even if your system is off or in standby mode.

The Backup Plus Hub for Mac is fully compatible with Time M...

Seagate Advises Global Business Leaders And Entrepreneurs To Sharpen Focus On...

Total Worldwide Data Will Swell to 163ZB by 2025 - 10 Times the Amount Today; Majority Will Be Created and Managed by EnterprisesApril 4, 2017: In response to a new study forecasting a 10-fold rise in worldwide data by 2025, global data and storage lea...

38% off Seagate Backup Plus Ultra Slim 2TB Portable External Hard...

The Backup Plus Ultra Slim Portable Drive is one of Seagate's thinnest and most eye-catching portable hard drives.

Available in stunning gold and platinum colors- style meets storage- and easily slips into your backpack along with your other essentials.

At 9.6mm thin, capacity is not sacrificed with 1TB and 2TB options-bring your most important files and head out the door.

Back up and manage your favorite files from your computer, tablet and mobile devices using the Seagate Dashboard. Run a one-click backup or schedule an automatic backup plan to help protect your files.

Convenient tools for local, mobile, cloud and social media backup at the ready. With high-speed USB 3.0 and 2.0 connectivity, you can depend on seamless plug-and-play functionality.

And the USB bus-power eliminates the need for an external power supply, letting you access your files while on the move.

The Lyve mobile and desktop app gives you the ability to access a single, consolidated and personalized photo and video library. When you purchase a Backup Plus Ultra Slim Portable Drive, you get 200GB of OneDrive cloud storage for 2 years (US$95 value).   The Backup Plus Portable Drive averages 4.5 out of 5 stars on Amazon (read reviews).
It's typical list price of $129.99 has been reduced 38% to $79.99 on Amazon.To read this article in full or to leave a comment, please click here

21% off Seagate Expansion 1TB Portable External Hard Drive USB 3.0...

The Seagate expansion desktop drive provides extra storage for your ever-growing collection of files.
Instantly add space for more files, consolidate all of your files to a single location, or free up space on your computer's internal drive to help improve performance.
Setup is straightforward; simply plug in the included power supply and USB cable, and you are ready to go.
It is automatically recognized by the Windows operating system, so there is no software to install and nothing to configure.
Saving files is easy too-just drag-and-drop.

Take advantage of the fast data transfer speeds with the USB 3.0 interface by connecting to a SuperSpeed USB 3.0 port.  This drive receives 4.5 out of 5 stars on Amazon, where its typical list price of $70 has been reduced 21% to $55. See it now on Amazon.To read this article in full or to leave a comment, please click here

Seagate wants to push huge 16TB HDD out the door in...

12TB and 14TB drives are also on the horizon.

The Limitations Of Phishing Education

Human nature means that education will only go so far.

Technology needs to take up the slack. In the past 12 months, millions of organizations, spanning all industries and sizes, became targets of cyberattacks.

According to a recent report, 400,000 phishing sites were detected per month in 2016, and the Anti-Phishing Working Group concluded that phishing attacks reached an "all-time high" in the second quarter. Not only are attacks proliferating, but the perpetrators have evolved into professional cybercriminals with plenty of time and resources.

For these reasons, it's unrealistic to entrust the workforce with the massive responsibility of stopping phishing. While this many sound ironic coming from someone involved in phishing mitigation, I recognize that phishing education has proved beneficial only to a certain extent.

The reality is that the imperfection of humans makes it all but impossible for us to teach everyone how to spot and avoid phishing — and if phishing efforts aren't detected and eliminated fast enough, someone eventually will click, and then it's game over. When it comes to employee expectations, the digital-native millennial generation, now the largest workforce demographic, is perhaps the most careless when it comes to cybersecurity, opting for expedience over security. Other workforce demographics, such as Generation X and baby boomers, are forced to learn new "detective" skills for identifying and reporting suspicious emails, despite being unfamiliar with technically advanced processes. Frankly, it's very hard to change behavior.
In fact, it's proven that users, regardless of training and awareness, will still click on phishing links or download attachments because of a variety of factors, including curiosity, greediness, distraction, well-crafted impersonations, and/or simply failing to learn from past mistakes.

For example: A culture of distraction: People are easily distracted by their daily tasks, especially under stressful environments, making them likely to click on a malicious link or download a suspicious file.

According to a study from Microsoft, people generally lose concentration after eight seconds, a shorter attention span than a goldfish. With an abundance of smart devices available, and an increasingly digital lifestyle, it's easy to see how so many stimuli could make it difficult to identify a suspicious email, particularly if the email intentionally includes multiple streams of media for the purpose of distracting the receiver. Spearphishing can be almost undetectable: Some attacks are just so good that it's impossible to spot them by the naked eye. What happened to Snapchat and the Clinton campaign are two examples of how sophisticated phishing attacks can trick employees through highly targeted campaigns that impersonate internal executives or well-recognized vendors.
Seagate also fell victim to a similar phishing scam, and its staff has since filed a lawsuit against the company after personal information was exposed. Phishing attacks have become so realistic that even the most cyber-aware recipient can be fooled into providing sensitive information.  Curiosity is king:  Sometimes, curiosity is stronger than the sense of security, especially when it comes to an employer's computer.

According to a recent study by FAU researchers in Germany, 56% of email recipients clicked on a link from an unknown sender despite knowing the risks. Why? Most reasoned that they were curious about the content of the photos or the identity of the sender.

According FAU, curiosity and interest are natural human traits and, with the right timing and context, people will click on a link despite their security awareness. Though employee training will always play a role in phishing mitigation, and it should, recent events prove it's not effective on its own. With increasingly clever and deceptive scams, matched with the massive amount of phishing emails sent daily, employees don't stand a chance in successfully defeating the phishing epidemic on their own. Instead, organizations should turn to next-generation technologies to fill the gap and empower employees. While some argue encryption, multifactor authentication, and database security can be effective in deterring phishers, they're outdated techniques with risks and shortcomings.

Today, forward-thinking organizations are implementing newer strategies to aid in phishing support such as sender reputation and email verification programs, including DomainKeys Identified Mail, Sender Policy Framework, and Domain Message Authentication & Reporting Conformance.

They're not perfect, however. they won't identify suspicious links and attachments or stop a determined attacker who buys a domain and installs Domain Name System records to tell servers which IP address each domain is associated with. In the future, the use of artificial intelligence and machine learning to identify phishing emails, learn from reported attacks, and create real-time signatures will help companies prepare for and prevent attacks that have been attempted around the world, without the need for human interaction.   Related Content: Eyal Benishti has spent more than a decade in the information security industry, with a focus on software R&D for startups and enterprises.

Before establishing IRONSCALES, he served as security researcher and malware analyst at Radware, where he filed two patents in the ...
View Full Bio More Insights

Shadow Brokers Releases Second Trove of Spying Tools

The new leak appears to disclose NSA tactics. Shadow Brokers, a secretive online group that in August published details of hacking tools allegedly belonging to the NSA, released new leaks this week that appear to expose more of the agency's cyber strategies, as well as those from multiple foreign countries. The leak discloses NSA-style code names, including "Jackladder" and "Dewdrop," the Associated Press reports.
It also appears to offer a list of servers compromised by the Equation Group, a separate hacking organization with ties to the NSA. In a post on Medium in broken English, Shadow Brokers referenced Equation Group twice and suggested that its motivation for exposing the server information was related to the US presidential election.

The post also demands a ransom payment, although it does not suggest a specific amount of money. Named after its penchant for encryption algorithms, the Equation Group has hacked targets in more than 30 countries—including Iran, Russia, Pakistan, Afghanistan, India, and China, according to security firm Kaspersky.
Its focus is on government, nuclear research, military, and nanotechnology organizations, as well as companies developing cryptographic technologies. The hackers' malware can reprogram hard drive firmware, and has been found on devices from Seagate, Western Digital, and Samsung.

The exploit, carried out via physical interceptions like infected USB drives and CD-ROMs, is undetectable and cannot be removed. It is unclear how Shadow Brokers wound up with data from Equation Group.

This week's leak also raises questions about possible ties to Harold Martin, the former NSA contractor who was arrested in August for allegedly stealing more than 50 terabytes of classified data.

Authorities are attempting to prove that the Equation Group got its information from Martin.

Seagate NAS hack should scare us all

No fewer than 70 percent of internet-connected Seagate NAS hard drives have been compromised by a single malware program. That’s a pretty startling figure. Security vendor Sophos says the bitcoin-mining malware Miner-C is the culprit. I’m surprised this story hasn’t garnered more attention. Perhaps it’s because we’re talking only 7,000 hard drives possibly in total, or perhaps it’s because the mainstream media doesn’t understand what NAS means. Either way, it has colossal implications. Apparently, storage admins: Aren’t very diligent about scanning for malware Fail to change default NAS passwords Allow direct connections to their huge network storage arrays without another authentication requirement Put their companies at risk of attack by malicious intruders More to the point, this attack means that over the last 13 years we’ve learned nothing. We are no more prepared for a bad malware outbreak than before. We’re lucky that Miner-C program is only a bitcoin miner. It’s bad. It’s unethical. It’s illegal. But it’s not intentionally killing data and bringing down businesses. Unfortunately, the minimal effort expended by Miner-C attackers to break into Seagate NAS software is identical to that needed by those wielding a highly malicious program. In fact, hackers reading about this particular attack could use the exact same tricks to bring those companies down. Ransomware, anyone? If I were a ransomware maker and read that many of the world’s hard drives were unprotected, including those at large companies, the first thing I’d do is recode my ransomware to take advantage of it. Of course, anyone who falls victim to ransomware should be able to restore the data from the latest known good backup and call it a day without paying the ransom -- except that, uh-oh, even corporations often lack good backups. If they can’t prevent malware from infecting hard drives, are we supposed to believe they actually have good backups? It doesn’t stop with Seagate NAS When you see a major instance of any type of vendor-specific exploitation, one of the first questions to ask is how many other similar products could be impacted. News of this Seagate hack didn’t alarm me because 70 percent of 7,000 Seagate hard drives were involved -- it was the realization that many other hard drives arrays have the same issues. They're connected to the internet, allow remote connections, come with default passwords, and so on. Even “little data” needs to be concerned. A lot of small businesses are eating up “consumer level” NAS devices that have the same feature sets. The customer plugs them in and forgets they connect to the internet and have default passwords that need to be changed. They have no idea that they are running little computers exposed to the internet. They will have no idea when those hard drive arrays become compromised -- until the attacker decides to do something more malicious than generate bitcoins with them. Besides, we’re really talking about much more than storage arrays. We’re talking every internet-connected device running an embedded computer. It’s the internet of things, wireless routers, security cameras, and more. Most of these items run unpatched versions of insecure software -- software that would be very insecure even if fully patched -- accessible to the internet. I would venture to guess that a lot of us are unintentionally hosting massive bot net nodes because we really don’t know what’s running on those devices. How to protect yourself The list of how to protect your company from these sorts of threats simply reflects all the best practices you should have already been following, including: Install latest security patches, including latest firmware Change default passwords Don’t allow regular, unauthenticated connections from the internet Make sure you have regular, confirmed offline backups of all your critical data Plan ahead for how your company would respond if its data was deleted or held for ransom Seagate NAS devices are canaries in the coalmine. What the Seagate story tells me is that the professionals who are supposed to be minding the store aren’t minding the store. If they aren’t doing what they should be doing, then the rest of the world -- whose primary job isn’t to provide safe and reliable data storage -- is faring far worse. I bet a 70 percent infection rate wouldn’t be the highest infection rate if we were to do a massive internet-connected inventory. Whenever I look at today’s internet-connected world, I realize that the security problems and risks are far worse and far more pervasive than anything I could have predicted 10 years ago. We’ve not only failed to make our internet lives safer, we haven’t fixed any of the problems and behaviors we’ve known about for decades.

Thousands of infected FTP servers net attackers $88k in cryptocurrency

EnlargePander reader comments 27 Share this story Attackers are draining the CPU and power resources of thousands file transfer protocol servers by infecting them with malware that surreptitiously mints the relatively new crypto currency called Mon...

SOHOpeless Seagate NAS boxen become malware distributors

All attackers have to do is upload a file into a public folder. No password. No nothing Sophos researchers say they've uncovered a malware strain that targets Seagate's network-attached storage appliances and turns them into distribution points for cryptocurrency-mining malware. Attila Marosi, a senior threat researcher, explains the attack in a document titled Cryptomining malware on NAS servers (PDF). “Attack” is being kind: Marosi notes that the NAS at the heart of the problem - the “Seagate Central “ - has a public folder that can be written to by default when remote access is enabled. All you need to do to access that folder is FTP in with publicly-published credentials. The Seagate Central is promoted as a great way to access your media from anywhere, so remote access is wide open on many of the devices. The malware spreads when users open the NAS device's public folder. Marosi found 7,000 of the devices online with remote access enabled, of which 70 per cent were infected by Mal/Miner-C malware, which mines the minor cryptocurrency Monero. Marosi speculates that the malware's masters figured out that Bitcoin are harder to mine, but that a newer cryptocurrency would be easier to coin. But the crims behind the malware are picky: the first thing it does is run a script that retrieves information on CPU and GPE, because the crims prefer machines that have enough grunt to do a lot of hashing and therefore coin it faster. The Seagate boxen eventually contributed about 2.5 per cent of the malware's mining colony, yielding around US$86,000 over six months. The market for small NAS devices is tiny, so this kind of attack is not likely to make a massive impact. On the downside, the small size of the market means it may not be attracting top-notch security thinkers as open FTP access is pretty amazingly bad even by the standards of the SOHOpeless security so often found in devices intended for home use. ®

Seagate faces suit for getting phished

Employees angry that HR fell for scam Seagate is trying to fight off a suit filed by employees whose personal information was lost when the storage giant was hit with a phishing attack. The company is currently in the midst of a hearing over whether the aggrieved workers have grounds to sue their employer for negligence after someone in human resources was duped into handing over copies of employee W‑2 tax forms. The suit [PDF], originally filed in July through the Northern California District Court, accuses the hard drive maker of negligence and unfair business practices stemming from the March 1, 2016 incident when a phishing attack lead to the W‑2 information on all Seagate employees, as well as family members and beneficiaries named in employee W‑2 forms. The suit claims that the attackers have already begun using the information lifted in the breach.
It asks that Seagate be required to pay out damages and fees to a nationwide class of Seagate employees and others named in the pilfered W‑2s. "No one can know what else the cybercriminals will do with the employees' and third-party victims' personally identifiable information. However, the employees and third-party victims are now, and for the rest of their lives will be, at a heightened risk of identity theft," the suit alleges. "Many employees and third-party victims have already suffered out-of-pocket costs attempting to rectify fraudulent tax returns and engaging services to monitor and protect their identity and credit." The storage giant, however, disputes the claims and is trying to have the case thrown out of court. This week, Seagate has entered into hearings on a motion that the case be dismissed on the grounds that it should not be held responsible for the actions of the criminals who carried out the phishing attacks. "Plaintiffs seek to hold Seagate responsible for harm allegedly caused by third-party criminals," Seagate claims. "But Plaintiffs cannot state a claim based solely on the allegation that an unfortunate, unforeseen event occurred.

They must actually allege facts that show they are entitled to relief from Seagate." Should Seagate's motion to have the suit thrown out fail, the case will continue toward a jury trial later this year. ®

'Shadow Brokers' Claim to Breach NSA-Linked Hackers

The Shadow Brokers published hacking tools allegedly belonging to the NSA-linked Equation Group. A group calling itself The Shadow Brokers over the weekend published hacking tools allegedly belonging to the Equation Group, another hacking group reportedly linked to the NSA, and they plan to auction off those tools for a starting bid of 1 million bitcoin (nearly $570 million). "Attention government sponsors of cyberwarfare and those who profit from it," The Shadow Brokers wrote in a manifesto posted to Pastebin.
In broken English, the statement asks readers how much they would pay for their enemies' cyber weapons or other state-sponsored tool sets. They claim to have found cyber weapons made by the creators of Stuxnet, Duqu, and Flame, three strains of malware that have been connected to the US government. The announcement from The Shadow Brokers was also published on GitHub and Tumblr, but both entries were quickly deleted. As security firm Kaspersky reported last year, Equation Group is a mysterious and sophisticated malware distributor that is perhaps associated with the US National Security Agency (NSA). Named after its penchant for encryption algorithms, Equation Group targeted more than 30 countries—including Iran, Russia, Pakistan, Afghanistan, India, and China—with a focus on those in government, nuclear research, military, and nanotechnology, as well as companies developing cryptographic technologies. The hackers' malware can reprogram hard drive firmware, and has, in the past, been found on devices from Seagate, Western Digital, and Samsung.

The exploit, carried out via physical interceptions like infected USB drives and CD-ROMs, is undetectable and cannot be removed. According to Kaspersky, Equation Group dates back to 2001, but could have been active as early as 1996. The Shadow Brokers alledge to have breached the Equation Group and stolen its hacking tools. On Sunday, they tweeted a link to what they say are the documents—with names like "BANANAGLEE," "BANANASURPER," and "EPICBANANA." It remains unclear whether the data has indeed been stolen.

Either way, it caught Edward Snowden's attention.

The former NSA contractor, who leaked NSA documents to the press and is currently living in exile in Russia, today tweeted a series of comments on the hack. While the breach of an NSA malware staging server is not unprecedented, he writes, "the publication of the take is." 6) What's new? NSA malware staging servers getting hacked by a rival is not new.

A rival publicly demonstrating they have done so is. — Edward Snowden (@Snowden) August 16, 2016 9) This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server. — Edward Snowden (@Snowden) August 16, 2016 13) TL;DR: This leak looks like a somebody sending a message that an escalation in the attribution game could get messy fast. — Edward Snowden (@Snowden) August 16, 2016 Shadow Brokers promised more Equation Group files—"same quality, unencrypted, for free, to everyone"—if its ongoing auction raises 1 million bitcoin. "We want to make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control," the hackers wrote. "Your wealth and control depends on electronic data. You see what 'Equation Group' can do. … If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? … Wealthy Elites, you send bitcoins, you bid in auction, maybe big advantage for you?" The NSA did not immediately respond to PCMag's request for comment.