Home Tags Seagate

Tag: Seagate

HGST drives still offer impressive reliability, enterprise models less clear-cut

After scoring a pricing deal, Backblaze now has a couple thousand enterprise spindles.

13% off Seagate Backup Plus Slim 2TB Portable External Hard Drive...

The Backup Plus Slim Portable Drive is the simple, one-click way to protect and share your entire digital life.

At 12.1 millimeters thin and a generous 2TB of storage, it’s ready to take with you and go. All your photos, movies, and videos can be backed up using the downloadable Seagate Dashboard software, including the ones you’ve shared on Facebook, Flickr, and YouTube. Run a one-click backup or schedule an automatic backup plan to protect your files on your Backup Plus Slim Portable Drive at your convenience. High-speed USB 3.0 and 2.0 connectivity offers plug-and-play functionality without the need of an external power supply. Compatible with both PC and Mac systems.

The drive averages 4 out of 5 stars from over 11,600 people on Amazon (read reviews).

The typical list price has been reduced 13% to just $69.99 for the 2TB model.
See it now on Amazon.To read this article in full or to leave a comment, please click here

21% off Seagate Backup Plus Hub for Mac, 4TB External Desktop...

Back up your files, precious photos and videos while connecting to and recharging any USB device, such as your tablet, smartphone or camera -- even if your system is off or in standby mode.

The Backup Plus Hub for Mac is fully compatible with Time M...

Seagate Advises Global Business Leaders And Entrepreneurs To Sharpen Focus On...

Total Worldwide Data Will Swell to 163ZB by 2025 - 10 Times the Amount Today; Majority Will Be Created and Managed by EnterprisesApril 4, 2017: In response to a new study forecasting a 10-fold rise in worldwide data by 2025, global data and storage lea...

38% off Seagate Backup Plus Ultra Slim 2TB Portable External Hard...

The Backup Plus Ultra Slim Portable Drive is one of Seagate's thinnest and most eye-catching portable hard drives.

Available in stunning gold and platinum colors- style meets storage- and easily slips into your backpack along with your other essentials.

At 9.6mm thin, capacity is not sacrificed with 1TB and 2TB options-bring your most important files and head out the door.

Back up and manage your favorite files from your computer, tablet and mobile devices using the Seagate Dashboard. Run a one-click backup or schedule an automatic backup plan to help protect your files.

Convenient tools for local, mobile, cloud and social media backup at the ready. With high-speed USB 3.0 and 2.0 connectivity, you can depend on seamless plug-and-play functionality.

And the USB bus-power eliminates the need for an external power supply, letting you access your files while on the move.

The Lyve mobile and desktop app gives you the ability to access a single, consolidated and personalized photo and video library. When you purchase a Backup Plus Ultra Slim Portable Drive, you get 200GB of OneDrive cloud storage for 2 years (US$95 value).   The Backup Plus Portable Drive averages 4.5 out of 5 stars on Amazon (read reviews).
It's typical list price of $129.99 has been reduced 38% to $79.99 on Amazon.To read this article in full or to leave a comment, please click here

21% off Seagate Expansion 1TB Portable External Hard Drive USB 3.0...

The Seagate expansion desktop drive provides extra storage for your ever-growing collection of files.
Instantly add space for more files, consolidate all of your files to a single location, or free up space on your computer's internal drive to help improve performance.
Setup is straightforward; simply plug in the included power supply and USB cable, and you are ready to go.
It is automatically recognized by the Windows operating system, so there is no software to install and nothing to configure.
Saving files is easy too-just drag-and-drop.

Take advantage of the fast data transfer speeds with the USB 3.0 interface by connecting to a SuperSpeed USB 3.0 port.  This drive receives 4.5 out of 5 stars on Amazon, where its typical list price of $70 has been reduced 21% to $55. See it now on Amazon.To read this article in full or to leave a comment, please click here

Seagate wants to push huge 16TB HDD out the door in...

12TB and 14TB drives are also on the horizon.

The Limitations Of Phishing Education

Human nature means that education will only go so far.

Technology needs to take up the slack. In the past 12 months, millions of organizations, spanning all industries and sizes, became targets of cyberattacks.

According to a recent report, 400,000 phishing sites were detected per month in 2016, and the Anti-Phishing Working Group concluded that phishing attacks reached an "all-time high" in the second quarter. Not only are attacks proliferating, but the perpetrators have evolved into professional cybercriminals with plenty of time and resources.

For these reasons, it's unrealistic to entrust the workforce with the massive responsibility of stopping phishing. While this many sound ironic coming from someone involved in phishing mitigation, I recognize that phishing education has proved beneficial only to a certain extent.

The reality is that the imperfection of humans makes it all but impossible for us to teach everyone how to spot and avoid phishing — and if phishing efforts aren't detected and eliminated fast enough, someone eventually will click, and then it's game over. When it comes to employee expectations, the digital-native millennial generation, now the largest workforce demographic, is perhaps the most careless when it comes to cybersecurity, opting for expedience over security. Other workforce demographics, such as Generation X and baby boomers, are forced to learn new "detective" skills for identifying and reporting suspicious emails, despite being unfamiliar with technically advanced processes. Frankly, it's very hard to change behavior.
In fact, it's proven that users, regardless of training and awareness, will still click on phishing links or download attachments because of a variety of factors, including curiosity, greediness, distraction, well-crafted impersonations, and/or simply failing to learn from past mistakes.

For example: A culture of distraction: People are easily distracted by their daily tasks, especially under stressful environments, making them likely to click on a malicious link or download a suspicious file.

According to a study from Microsoft, people generally lose concentration after eight seconds, a shorter attention span than a goldfish. With an abundance of smart devices available, and an increasingly digital lifestyle, it's easy to see how so many stimuli could make it difficult to identify a suspicious email, particularly if the email intentionally includes multiple streams of media for the purpose of distracting the receiver. Spearphishing can be almost undetectable: Some attacks are just so good that it's impossible to spot them by the naked eye. What happened to Snapchat and the Clinton campaign are two examples of how sophisticated phishing attacks can trick employees through highly targeted campaigns that impersonate internal executives or well-recognized vendors.
Seagate also fell victim to a similar phishing scam, and its staff has since filed a lawsuit against the company after personal information was exposed. Phishing attacks have become so realistic that even the most cyber-aware recipient can be fooled into providing sensitive information.  Curiosity is king:  Sometimes, curiosity is stronger than the sense of security, especially when it comes to an employer's computer.

According to a recent study by FAU researchers in Germany, 56% of email recipients clicked on a link from an unknown sender despite knowing the risks. Why? Most reasoned that they were curious about the content of the photos or the identity of the sender.

According FAU, curiosity and interest are natural human traits and, with the right timing and context, people will click on a link despite their security awareness. Though employee training will always play a role in phishing mitigation, and it should, recent events prove it's not effective on its own. With increasingly clever and deceptive scams, matched with the massive amount of phishing emails sent daily, employees don't stand a chance in successfully defeating the phishing epidemic on their own. Instead, organizations should turn to next-generation technologies to fill the gap and empower employees. While some argue encryption, multifactor authentication, and database security can be effective in deterring phishers, they're outdated techniques with risks and shortcomings.

Today, forward-thinking organizations are implementing newer strategies to aid in phishing support such as sender reputation and email verification programs, including DomainKeys Identified Mail, Sender Policy Framework, and Domain Message Authentication & Reporting Conformance.

They're not perfect, however. they won't identify suspicious links and attachments or stop a determined attacker who buys a domain and installs Domain Name System records to tell servers which IP address each domain is associated with. In the future, the use of artificial intelligence and machine learning to identify phishing emails, learn from reported attacks, and create real-time signatures will help companies prepare for and prevent attacks that have been attempted around the world, without the need for human interaction.   Related Content: Eyal Benishti has spent more than a decade in the information security industry, with a focus on software R&D for startups and enterprises.

Before establishing IRONSCALES, he served as security researcher and malware analyst at Radware, where he filed two patents in the ...
View Full Bio More Insights

Shadow Brokers Releases Second Trove of Spying Tools

The new leak appears to disclose NSA tactics. Shadow Brokers, a secretive online group that in August published details of hacking tools allegedly belonging to the NSA, released new leaks this week that appear to expose more of the agency's cyber strategies, as well as those from multiple foreign countries. The leak discloses NSA-style code names, including "Jackladder" and "Dewdrop," the Associated Press reports.
It also appears to offer a list of servers compromised by the Equation Group, a separate hacking organization with ties to the NSA. In a post on Medium in broken English, Shadow Brokers referenced Equation Group twice and suggested that its motivation for exposing the server information was related to the US presidential election.

The post also demands a ransom payment, although it does not suggest a specific amount of money. Named after its penchant for encryption algorithms, the Equation Group has hacked targets in more than 30 countries—including Iran, Russia, Pakistan, Afghanistan, India, and China, according to security firm Kaspersky.
Its focus is on government, nuclear research, military, and nanotechnology organizations, as well as companies developing cryptographic technologies. The hackers' malware can reprogram hard drive firmware, and has been found on devices from Seagate, Western Digital, and Samsung.

The exploit, carried out via physical interceptions like infected USB drives and CD-ROMs, is undetectable and cannot be removed. It is unclear how Shadow Brokers wound up with data from Equation Group.

This week's leak also raises questions about possible ties to Harold Martin, the former NSA contractor who was arrested in August for allegedly stealing more than 50 terabytes of classified data.

Authorities are attempting to prove that the Equation Group got its information from Martin.

Seagate NAS hack should scare us all

No fewer than 70 percent of internet-connected Seagate NAS hard drives have been compromised by a single malware program. That’s a pretty startling figure. Security vendor Sophos says the bitcoin-mining malware Miner-C is the culprit. I’m surprised this story hasn’t garnered more attention. Perhaps it’s because we’re talking only 7,000 hard drives possibly in total, or perhaps it’s because the mainstream media doesn’t understand what NAS means. Either way, it has colossal implications. Apparently, storage admins: Aren’t very diligent about scanning for malware Fail to change default NAS passwords Allow direct connections to their huge network storage arrays without another authentication requirement Put their companies at risk of attack by malicious intruders More to the point, this attack means that over the last 13 years we’ve learned nothing. We are no more prepared for a bad malware outbreak than before. We’re lucky that Miner-C program is only a bitcoin miner. It’s bad. It’s unethical. It’s illegal. But it’s not intentionally killing data and bringing down businesses. Unfortunately, the minimal effort expended by Miner-C attackers to break into Seagate NAS software is identical to that needed by those wielding a highly malicious program. In fact, hackers reading about this particular attack could use the exact same tricks to bring those companies down. Ransomware, anyone? If I were a ransomware maker and read that many of the world’s hard drives were unprotected, including those at large companies, the first thing I’d do is recode my ransomware to take advantage of it. Of course, anyone who falls victim to ransomware should be able to restore the data from the latest known good backup and call it a day without paying the ransom -- except that, uh-oh, even corporations often lack good backups. If they can’t prevent malware from infecting hard drives, are we supposed to believe they actually have good backups? It doesn’t stop with Seagate NAS When you see a major instance of any type of vendor-specific exploitation, one of the first questions to ask is how many other similar products could be impacted. News of this Seagate hack didn’t alarm me because 70 percent of 7,000 Seagate hard drives were involved -- it was the realization that many other hard drives arrays have the same issues. They're connected to the internet, allow remote connections, come with default passwords, and so on. Even “little data” needs to be concerned. A lot of small businesses are eating up “consumer level” NAS devices that have the same feature sets. The customer plugs them in and forgets they connect to the internet and have default passwords that need to be changed. They have no idea that they are running little computers exposed to the internet. They will have no idea when those hard drive arrays become compromised -- until the attacker decides to do something more malicious than generate bitcoins with them. Besides, we’re really talking about much more than storage arrays. We’re talking every internet-connected device running an embedded computer. It’s the internet of things, wireless routers, security cameras, and more. Most of these items run unpatched versions of insecure software -- software that would be very insecure even if fully patched -- accessible to the internet. I would venture to guess that a lot of us are unintentionally hosting massive bot net nodes because we really don’t know what’s running on those devices. How to protect yourself The list of how to protect your company from these sorts of threats simply reflects all the best practices you should have already been following, including: Install latest security patches, including latest firmware Change default passwords Don’t allow regular, unauthenticated connections from the internet Make sure you have regular, confirmed offline backups of all your critical data Plan ahead for how your company would respond if its data was deleted or held for ransom Seagate NAS devices are canaries in the coalmine. What the Seagate story tells me is that the professionals who are supposed to be minding the store aren’t minding the store. If they aren’t doing what they should be doing, then the rest of the world -- whose primary job isn’t to provide safe and reliable data storage -- is faring far worse. I bet a 70 percent infection rate wouldn’t be the highest infection rate if we were to do a massive internet-connected inventory. Whenever I look at today’s internet-connected world, I realize that the security problems and risks are far worse and far more pervasive than anything I could have predicted 10 years ago. We’ve not only failed to make our internet lives safer, we haven’t fixed any of the problems and behaviors we’ve known about for decades.

Thousands of infected FTP servers net attackers $88k in cryptocurrency

EnlargePander reader comments 27 Share this story Attackers are draining the CPU and power resources of thousands file transfer protocol servers by infecting them with malware that surreptitiously mints the relatively new crypto currency called Mon...

SOHOpeless Seagate NAS boxen become malware distributors

All attackers have to do is upload a file into a public folder. No password. No nothing Sophos researchers say they've uncovered a malware strain that targets Seagate's network-attached storage appliances and turns them into distribution points for cryptocurrency-mining malware. Attila Marosi, a senior threat researcher, explains the attack in a document titled Cryptomining malware on NAS servers (PDF). “Attack” is being kind: Marosi notes that the NAS at the heart of the problem - the “Seagate Central “ - has a public folder that can be written to by default when remote access is enabled. All you need to do to access that folder is FTP in with publicly-published credentials. The Seagate Central is promoted as a great way to access your media from anywhere, so remote access is wide open on many of the devices. The malware spreads when users open the NAS device's public folder. Marosi found 7,000 of the devices online with remote access enabled, of which 70 per cent were infected by Mal/Miner-C malware, which mines the minor cryptocurrency Monero. Marosi speculates that the malware's masters figured out that Bitcoin are harder to mine, but that a newer cryptocurrency would be easier to coin. But the crims behind the malware are picky: the first thing it does is run a script that retrieves information on CPU and GPE, because the crims prefer machines that have enough grunt to do a lot of hashing and therefore coin it faster. The Seagate boxen eventually contributed about 2.5 per cent of the malware's mining colony, yielding around US$86,000 over six months. The market for small NAS devices is tiny, so this kind of attack is not likely to make a massive impact. On the downside, the small size of the market means it may not be attracting top-notch security thinkers as open FTP access is pretty amazingly bad even by the standards of the SOHOpeless security so often found in devices intended for home use. ®