Regardless of an organization’s security posture, there is no perfect security. On the other hand, there is no excuse not to implement fundamental security best practices. All organizations, regardless of size, must plan for inevitable attacks and loss of (or loss of access to) critical data. By recognizing risks, planning ahead and instilling a culture of security and privacy in the entire organization, losses and their impact can be minimized. As in previous years, OTA analyzed reported breaches through Q3 2017 and found that 93% were avoidable, which is consistent with previous years’ findings. Of the reported breaches, 52% were the result of actual hacks, while 11% were due to lack of internal controls resulting in employees’ accidental or malicious events. Regular patching and paying close attention to vulnerability reports has always been a best practice and neglecting them is a known cause of most breaches,24 but this category received special attention this year in light of the Equifax breach.

The vast majority of other types of attacks – ransomware and BEC – are initiated by deceptive or malicious emails. Analysis reveals that these too are avoidable, by blocking fake messages and training users to recognize spearphishing attacks. In addition to better processing of email, there are several other steps that can prevent or limit the impact of ransomware, which include updated system and security software as well as regular data backups.25 Since BEC attacks rely almost entirely on “social engineering” deception and rarely include any malicious links or attachments, better processing of email can generally stop these attacks in their tracks. Unfortunately, the day-to-day urgency of business often prevents organizations from appropriately defending against these emailbased attacks.

Key avoidable causes for incidents:

• Lack of a complete risk assessment, including internal, third-party and cloud-based systems and services • Not promptly patching known / public vulnerabilities, and not having a way to process vulnerability reports • Misconfigured devices / servers • Unencrypted data and/or poor encryption key management and safeguarding • Use of end of life (and thereby unsupported) devices, operating systems and applications • Employee errors and accidental disclosures - lost data, files, drives, devices, computers, improper disposal • Failure to block malicious email • Users succumbing to Business Email Compromise & social exploits

Coincheck, a Tokyo-based cryptocurrency exchange, has suffered what appears to be the biggest hack in the history of cryptocurrencies, losing $532 million in digital assets (nearly $420 million in NEM tokens and $112 in Ripples). Apparently, the cryptocurrency markets reacted negatively to the news, which resulted in 5% drop in Bitcoin price early this morning.

In a blog post published today, the Tokyo-based cryptocurrency exchange confirmed the cyber heist without explaining how the tokens were stolen, and abruptly froze most of its services, including deposits, withdrawals and trade of almost all cryptocurrencies, except Bitcoin.

Coincheck also said the exchange had even stopped deposits into NEM cryptocurrencies, which resulted in 16.5% drop in NEM coin value, as well as other deposit methods including credit cards.

During a late-night press conference at the Tokyo Stock Exchange, Coincheck Inc. co-founder Yusuke Otsuka also said that over 500 million NEM tokens (then worth around $420 million) were taken from Coincheck's digital wallets on Friday, but the company didn’t know how the tokens went missing, according to new source Asahi.

The digital-token exchange has already reported the incident to the law enforcement authorities and to Japan's Financial Services Agency to investigate the cause of the missing tokens.

"We will report on the damage situation and cause of the case, measures to prevent recurrence, but first we would like you to take every possible measure to protect our customers," said Executives of the Financial Services Agency (translated).

This incident marks yet another embarrassing hack in the world of digital currency technology, once again reminding us that the volatility in cryptocurrency prices is not going away anytime soon.

Security experts at Checkmarx discovered two security vulnerabilities in the Tinder Android and iOS dating applications that could be exploited by an attacker on the same wi-fi network as a target to spy on users and modify their content. Attackers can view a target user’s Tinder profile, see the profile images they view and determine the actions they take.

“The vulnerabilities, found in both the app’s Android and iOS versions, allow an attacker using the same network as the user to monitor the user’s every move on the app. It is also possible for an attacker to take control over the profile pictures the user sees, swapping them for inappropriate content, rogue advertising orother type of malicious content (as demonstrated in the research).” reads the analysis published by Checkmarx.

“While no credential theft and no immediate financial impact are involved in this process, an attacker targeting a vulnerable user can blackmail the victim, threatening to expose highly private information from the user’s Tinder profile and actions in the app.”

An attacker can conduct many other malicious activities, including intercepting traffic and launching DNS poisoning attacks.

The first issue is related to the fact that both the iOS and Android Tinder apps download profile pictures via insecure HTTP connections, this means that an attacker can access the traffic to determine which profiles are viewed by a Tinder user.

“Attackers can easily discover what device is viewing which profiles,” continues the analysis. “Furthermore, if the user stays online long enough, or if the app initializes while on the vulnerable network, the attacker can identify and explore the user’s profile.” “Profile images that the victim sees can be swapped, rogue advertising can be placed and malicious content can be injected,”

Obviously, such kind of issue could be mitigated with the adoption of HTTPS.

Checkmarx also discovered another issue related to the use of HTTPS, the flaw was called “Predictable HTTPS Response Size”.

“By carefully analyzing the traffic coming from the client to the API server and correlating with the HTTP image requests traffic, it is possible for an attacker to determine not only which image the user is seeing on Tinder, but also which action did the user take.” states Checkmarx. “This is done by checking the API server’s encrypted response payload size to determine the action,” 

An attacker that is in the position of analyzing the traffic can discover the user’s interest in a specific profile by detecting a 278-byte encrypted response that is delivered by the API server when he swipes left on a profile picture. Swiping right, the Tinder user likes a particular profile, in this case, the response generated is composed of 374 bytes.

The researchers also noticed that Tinder member pictures are downloaded to the app via HTTP connection, this makes possible for an attacker to view the profile images of those users being swiped left and right.

In order to mitigate this issue, researchers suggest padding requests, if the responses were padded to a fixed size, it would be impossible to discriminate the user’s action.

Checkmarx disclosed both vulnerabilities to Tinder.

Dealing with files on your Android phone or tablet can be intimidating, especially since there are several file transfer standards and dozens of different apps for file management. Do you find yourself overwhelmed by all the different Android file management options? Or are you just not sure where to get started?

Don’t worry. Today we’ll go over everything you need to know about file management on Android, including the best apps for managing files and how to transfer files seamlessly to other devices.

Utilize the Built-In Android File Manager

Android got a native file manager in Android 6.0 Marshmallow. It’s pretty barebones, but it gets the job done for basic file management.

Here’s how to access it on your stock Android device running 6.0 Marshmallow or higher.

Open Settings > Storage & memory. Here, you should see what files are hogging up space on your device. You should see a visual breakdown of your device’s storage into various categories like Apps, Images, Video, Audio, Cached data, etc.

To access the traditional Android file manager, scroll down and tap Explore. Switch to the Storagetab. You should see various partitions such as internal storage, external storage (if your phone supports SD card or USB OTG), and Google Drive.

You can tap on a particular item to cut, copy, delete, share or perform other file manipulation operations.

If your phone is running Android 8.0 Oreo, the location of the file manager is different. Open the Downloads app from the app drawer. Tap the three-dot overflow menu button and select Show internal storage. Here, you can manage your files and perform file manipulation operations such as cut, copy, delete, share, etc.

Note that if your device is not running stock Android, the built-in file manager might look pretty different. Some manufacturers, like Samsung, include their own file managers with their modified version of Android.

Use Third-Party File Managers for Extra Functionality

While the native Android file manager works great for basic file operations, it lacks advanced features. If you’re looking to do more with your files, a third-party file manager is what you need.

Here are some of our favorite third-party file managers for Android.

Solid Explorer

Solid Explorer is a powerful file manager wrapped with the beautiful material design. It features a dual-pane setup, rich customization options, and supports various network protocols like FTP, SFTP, WebDAV, etc.

For the uninitiated, FTP lets you host files in one location and access them from anywhere. Perhaps the best thing about Solid Explorer is that it supports extensions, so you can extend its functionality.

Download: Solid Explorer (Pro version, 14-day free trial)

ES File Explorer

ES File Explorer has lately faced criticism for its heavy advertising nature and unnecessary bloatware. While it’s true to some extent, there’s no denying that the once-favorite file manager still comes with a powerful set of features.

It boasts of real-time search, built-in support for compression and encryption, and remote file management using FTP.

Download: ES File Explorer (Free with ads, $2.99 for Pro)

Transferring Files Between Android Phone and PC

Now that we have seen various apps for on-device file management, here’s how to simplify file transfers between your Android phone and your computer.

Transfer Files With a USB Cable

This one is fairly obvious, but it’s still pretty reliable. Simply connect your phone by plugging it via USB to your computer. Unlock your device and tap the “USB for…” notification. Select Transfer Files. A file transfer window should pop up on your computer. You can now transfer files seamlessly.

If you’re using a Mac, you need to download Android File Transfer first. Then connect your phone by plugging it into your Mac. Android File Transfer should launch automatically. Unlock your Android device. You should be able to transfer files back and forth between your Mac and your Android device.

Transfer Files Using Bluetooth

Bluetooth transfer can be pretty slow, but it’s always nice to have a quick, easy wireless option.

Start by pairing your Android device with your PC or your Mac. To transfer a file, just hit the Share button inside any file manager app and select the paired computer from the list.

USB On-the-Go

Most Android phones these days support USB On-The-Go. USB OTG lets your Android device read data from a USB connection without requiring a PC. This essentially means that you can connect a USB flash drive or a portable hard drive directly to your Android phone and transfer files easily.

To check if your device supports USB OTG, you can download this free app called USB OTG Checker. Alternatively, you can check the device specifications on the manufacturer’s website.

Transfer Files Using AirDroid

If you don’t like fumbling around with USB cables, you can transfer files remotely using AirDrop. To begin, download AirDroid on your Android device and your desktop. After you sign up for a free account, you can easily transfer files to nearby devices and other registered devices. You can transfer files remotely even when the devices aren’t connected to the same Wi-Fi network.

Download: AirDroid for Android (Free) | AirDroid Desktop Client (Free)

Browse Your Files Remotely From Anywhere

Until now, we’ve seen how to manually transfer files between your computer and your Android phone. But what if you forget an important file on your work computer, and have no physical access to the computer?

Pushbullet provides an easy solution. Pushbullet’s Remote Files feature lets you access your files remotely from anywhere. To get started, download Pushbullet and sign up for a free account. Head over to Pushbullet’s support page for instructions on how to enable Remote Files.

Download: Pushbullet (Free)

Transfer Files Between Android Devices Using Files Go

Late last year, Google launched Files Go, its very own file manager app aimed at lower-end smartphones. Its primary focus is to make storage management easier, but it also comes with a nifty feature to transfer files securely without the internet.

To use it, both the Android devices should have Files Go installed.

To send a file, switch to the Files tab and tap on Send. If you’re using it for the first time, tap Allow to grant the required permissions and enable Allow modify system settings. Enter your name and tap Next. The setup is now complete.

Ask your friend to open the app and tap Receive. It creates a secure Bluetooth connection to let you share files quickly. It might take a while to transfer the file to the other device, depending on the file size.

Note that you can alternatively use AirDroid and Pushbullet to transfer files between Android devices.

Download: Files Go (Free)

Transfer Files From Android to iPhone Using ShareIT

ShareIT has been the go-to app for sharing files between Android and iOS devices for a while now. It doesn’t require an active internet connection, but it requires both devices to be connected to the same WiFi network. It utilizes a feature called WiFi Direct for blazing fast transfer speeds.

Download: ShareIT for Android (Free) | ShareIT for iOS (Free)

Automatically Sync All Your Files Across Several Devices

Do you have some important files on your Android that you want to keep up-to-date always, across all your devices?

Enter Resilio Sync.

Resilio Sync lets you sync all your files/folder across your phone, computer, and NAS. Every time you make changes to a file, it instantly syncs the changes seamlessly across all your registered devices. It also features a proprietary file transfer service that the company claims “skips the cloud and finds the shortest distance between devices.”

Download: Resilio Sync ($59.99, business plans start at $29/mo)

These days, note-taking apps tend to add a whole lot of features. Most OneNote or Evernote users aren’t utilizing half of those features. In fact, these simpler, uncomplicated notepad apps can actually make you more productive.

A lot of productivity is about discarding unnecessary things that you think are necessary. Strip the useless bits of note-taking apps and you’re left with lean and mean productivity tools, ready to get things done. It’s something that the Notes app on macOS and the ever-popular Simplenote app do well. And that’s the philosophy that more apps have taken up.

So try out these free web-based notepads, ready to jot down what you have to say. And each adds a little something to make your life easier.

Nooot (Web): Always-Saving Web Notebook With a Unique URL

Notepads and notebooks are best when you don’t need to actually click the save button. When you type anything, they should save it automatically. Not only does Nooot do that, it also gives you a unique URL.

Here’s how it works. Go to the site and choose a unique URL to type into the box Nooot provides. If successful, that’s your notepad from now on, saved forever. And yes, it’s completely free. Any time you want to access that notepad, just go to Nooot and type it in the box again. Simple, eh? Plus, you can make as many such notepads as you want.

The only missing feature is any password protection in your Nooot. That means anyone with your Nooot URL can also visit your notepad. If you plan on saving any sensitive information, make your URL like a unique password.

Take A Note (Web): Password-Protected Quick Notepad

So let’s say you want something more than what Nooot offers, especially some password protection. Turn to Take A Note. But only if you want the password protection because otherwise, Nooot is better.

Take A Note is a large, blank notepad ready for you to write notes immediately. You can also change the URL to a custom address you remember. And there’s the ability to add a password at any time you want so that no one can tamper with your notes.

Be careful though, the password protection turns the note into read-only mode. If you want to edit it, you’ll need to remove the password, delete or add text, and then password-protect it again.

Dictation.io (Web): Quick Voice Notes and Support for Multiple Languages

Don’t you love it when a no-fuss, no-signup productive app does everything right? Meet Dictation.io, a voice notes app that works through your browser and supports multiple languages. I haven’t seen anything like it before.

Using the app is as simple as it gets. Fire it up, choose the language you are going to speak in, and click the Start button to begin talking. Dictation.io will listen to what you say and turn it into written sentences in the notepad. Apart from the Roman alphabet, it can take dictation in other scripts like Espanol, Russian, Arabic, Hindi, Japanese, and more.

The notepad itself also includes some cool features. You can format the text with basic formatting tools, like bold, italics, strikethroughs, and so on. And the entire notepad can be saved to your hard drive or exported as an email or tweet. And of course, you can print it out if you want to.

RexPad (Web): Powerful Yet Fast Full-Featured Notes App

With the number of things RexPad packs in, you’d expect it to be a little slow. But this app surprises you with how fast and lightweight it is, while still offering the kind of features you see in heavy apps like OneNote or Evernote.

RexPad is text-only, but it achieves everything you want in a text-only notepad. You can write notes with full text formatting, to-do lists, bulleted lists, and anything else you can think of. The to-do lists actually have checkboxes to tick once you’re done. You can add hashtags to tag similar notes, and the powerful search feature is lightning-quick at finding what you want.

The app also includes a simple note-sharing feature to collaborate with others. Share the link with any email address, and they can see and edit the note as long as they register for Rexpad. Give it a try, the look and feel of this one might be just what you have been looking for in a notes app.

Snippetnote (Web): Notes That You Copy-Paste Often

There are somethings that you tend to write often in different places, like your full home address or a favorite emoticon like the shruggie. It’s easier to use a text expander for these, or copy-paste them from a clipboard. Snippetnote does just that.

It can seem a little strange to use a clipboard as a notepad, but try it out. The Snippetnote developers are on to something here. Start adding notes you use often to the app, and see how it retains text formatting to ensure a good copy-paste experience. In fact, Snippetnote works exceptionally well with code syntax and highlights, making it a valuable tool for coders.

It’s also nice to have an app that works across devices, where all you need to do is sign into a website to access your frequently used snippets. Given that it’s mobile-friendly, the cross-use between desktop and mobile is welcome.