As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
A recent sequence of fires and explosions at important Iranian facilities may have been caused by cyber attacks as part of an operation conducted by Israel.
Recently several major Iranian industrial facilities suffered a sequence of mysterious incidents. The media reported a fire at the Natanz nuclear enrichment site and an explosion at the Parchin military complex near Tehran, the latter is suspected to be a government center for the production of missiles.
The Iranian government is attempting to downplay the incidents, government officials declared that the explosion at the Parchin military complex was caused by a gas leak while the fire at the Natanz plant only impacted a warehouse that was under construction.
Security and intelligence experts believe the damage to the Iranian facilities was more severe, the fire at Natanz plant may have impacted a production facility.
“While offering no cause for Thursday’s blaze, Iran’s state-run IRNA news agency published a commentary addressing the possibility of sabotage by enemy nations such as Israel and the U.S. following other recent explosions in the country.” reported the Associated Press.
“The Islamic Republic of Iran has so far has tried to prevent intensifying crises and the formation of unpredictable conditions and situations,” the commentary said. But ”the crossing of red lines of the Islamic Republic of Iran by hostile countries, especially the Zionist regime and the U.S., means that strategy … should be revised.”
The Natanz plant made the headlines in 2010 when it was targeted with the Stuxnet malware as part of a campaign supposedly carried out by Israel and the US.
The Kuwaiti newspaper Al-Jarida cited an unnamed senior source as saying that the fire and the explosion are the results of cyber attacks conducted by Israel.
The newspaper also reported that last Friday Israeli F-35 stealth fighter jets bombed a site located in the area of Parchin.
Images of the Natanz site showed significant damage to one above-ground building, the roof was destroyed by the fire.
Late Thursday, the BBC’s Persian service revealed to have received an email prior to the announcement of the Natanz fire from a group identifying itself as the Cheetahs of the Homeland. The group took credit for the attack without providing details of the incident. The Cheetahs group claimed to be dissident members of Iran’s security forces.
An apparent Iranian dissident group calling itself “Cheetahs of the Homeland” has taken credit for the attack on the facility at Natanz, but it did not provide additional details.
“The disparate messages, as well as the fact that Iran experts have never heard of the group before, raised questions about whether Natanz again had faced sabotage by a foreign nation as it had during the Stuxnet computer virus outbreak believed to have been engineered by the U.S. and Israel.” states the Associated Press. “Tehran’s reaction so far shows Iranian officials are increasingly taking the possibility seriously.”
“If it is proven that our country has been attacked by cyberattacks, we will respond,” warned Gen. Gholam Reza Jalali, the head of Iran’s military unit in charge of combating sabotage, according to a report late Thursday by the Mizan news agency.
The tension between Iran and Israel is always high, in April Israeli authorities alerted organizations in the water industry following a series of cyberattacks that hit water facilities in the country.
Israel’s National Cyber Directorate received reports of cyber attacks aimed at supervisory control and data acquisition (SCADA) systems at wastewater treatment plants, pumping stations and sewage facilities.
Experts believe the attacks were launched by Iranian state-sponsored hackers.
(SecurityAffairs – hacking, Iran)
The post Alleged cyber attacks caused fire and explosions at nuclear and military facilities in Iran appeared first on Security Affairs.
French police hacked EncroChat secure phones, which are widely used by criminals:
Encrochat's phones are essentially modified Android devices, with some models using the "BQ Aquaris X2," an Android handset released in 2018 by a Spanish electronics company, according to the leaked documents. Encrochat took the base unit, installed its own encrypted messaging programs which route messages through the firm's own servers, and even physically removed the GPS, camera, and microphone functionality from the phone. Encrochat's phones also had a feature that would quickly wipe the device if the user entered a PIN, and ran two operating systems side-by-side. If a user wanted the device to appear innocuous, they booted into normal Android. If they wanted to return to their sensitive chats, they switched over to the Encrochat system. The company sold the phones on a subscription based model, costing thousands of dollars a year per device.
This allowed them and others to investigate and arrest many:
Unbeknownst to Mark, or the tens of thousands of other alleged Encrochat users, their messages weren't really secure. French authorities had penetrated the Encrochat network, leveraged that access to install a technical tool in what appears to be a mass hacking operation, and had been quietly reading the users' communications for months. Investigators then shared those messages with agencies around Europe.
Only now is the astonishing scale of the operation coming into focus: It represents one of the largest law enforcement infiltrations of a communications network predominantly used by criminals ever, with Encrochat users spreading beyond Europe to the Middle East and elsewhere. French, Dutch, and other European agencies monitored and investigated "more than a hundred million encrypted messages" sent between Encrochat users in real time, leading to arrests in the UK, Norway, Sweden, France, and the Netherlands, a team of international law enforcement agencies announced Thursday.
EncroChat learned about the hack, but didn't know who was behind it.
Going into full-on emergency mode, Encrochat sent a message to its users informing them of the ongoing attack. The company also informed its SIM provider, Dutch telecommunications firm KPN, which then blocked connections to the malicious servers, the associate claimed. Encrochat cut its own SIM service; it had an update scheduled to push to the phones, but it couldn't guarantee whether that update itself wouldn't be carrying malware too. That, and maybe KPN was working with the authorities, Encrochat's statement suggested (KPN declined to comment). Shortly after Encrochat restored SIM service, KPN removed the firewall, allowing the hackers' servers to communicate with the phones once again. Encrochat was trapped.
Encrochat decided to shut itself down entirely.
Lots of details about the hack in the article. Well worth reading in full.
The UK National Crime Agency called it Operation Venetic: "46 arrests, and £54m criminal cash, 77 firearms and over two tonnes of drugs seized so far."
Over 2000 accounts on the Roblox gaming platform have been hacked…
…not to make money or steal information, but to support Donald Trump’s re-election as US President.
A record number of teenagers have enrolled in the National Cyber Security Center’s (NCSC) CyberFirst summer courses this year, with classes held online for the first time due to the COVID-19 pandemic. As a result, the NCSC plans to offer a mix of classroom and virtual learning for future summer courses, even when social distancing restrictions have ended.
Taking place annually, the courses offer teenagers aged from 14-17 the opportunity to develop their digital and problem-solving skills as well as introduce them to the cyber-threat landscape. In the program, leading experts from industry and GCHQ teach topics including how to analyze common cyber-attacks, crack codes and defend devices and networks.
Moving the courses online has proved a resounding success, with a record number of applications received: 1700 students will be accepted this year, an increase of 600 compared to 2019.
Chris Ensor, deputy director for cyber-growth at the NCSC, commented: “Moving this year’s CyberFirst summer courses online has proven hugely popular, with a record number of boys and girls participating and developing their cyber-skills from home – in a way that is fun, insightful and engaging.”
Commenting on the news, Fiona Boyd, head of enterprise and cybersecurity at Fujitsu, said: “The record number of teenagers signing up to the NCSC’s CyberFirst summer courses is a fantastic first step towards tackling the STEM skills gap. The cybersecurity skills gap in particular is too large for organizations to ignore with a reported 3.5 million unfilled positions expected by 2021.
“Raising awareness of a cybersecurity career at an early age can help introduce younger students into the industry with a variety of ideas and ways of thinking. In turn, a well-trained cybersecurity team can not only prepare for the future, but stay ahead of emerging cybersecurity threats that may manifest from technologies such as AI and 5G.”
The UK government has recently introduced a number of other new initiatives to tackle the cybersecurity skills shortage. In May it announced the creation of a new online cyber-school to help develop a new generation of cybersecurity professionals.
You can’t control the emergence of cyber threats. But you can have complete control over your organization’s vulnerabilities and efficiently manage them.
Bad patch management has been one of the reasons behind the largest cyber-attacks to date. Remember the notorious WannaCry ransomware attack? Well, it happened due to unpatched systems that ended up being exploited by malicious hackers. Even though Microsoft had released a security patch that addressed the vulnerability in Windows OS two months before the ransomware attack began, many individuals and organizations alike did not update their systems in time and thus remained exposed.
As the speed of malware propagation increases and the vulnerability-discovery-to-attack time becomes increasingly shorter, how do businesses successfully fight and stop this threat?
Short answer – by having a top-notch patch management process in place.
Patch management is a procedure that has to be performed regularly without exceptions.
Why? Because the risks of delaying the process (or not patching at all) outweigh the effort involved. Inside a network, what it takes is only a single unpatched device, which can lead to a great security hole in your organization.
Patch management plays a significant role in ensuring strong organizational protection. However, by all means, it should not be viewed as the answer to solving all security issues, but as an essential layer of protection for your business, alongside DNS filtering, next-gen Antivirus & Firewall, and Privileged Access Management (PAM).
Patch management is a process that involves the acquisition, review, and deployment of patches on an organization’s systems. This practice helps IT staff keep up with newly released patches and make sure the updates are correctly deployed, check their status after deployment, and log the procedure.
To better understand the patch management process, I’ll first briefly explain what a patch is.
Simply put, a patch is a piece of software code that improves an installed program – you can literally think about it as a “bandage” applied to software. Every time a security flaw is discovered or the program’s functionality needs to be improved, software developers create a patch to address these aspects. The need to completely redesign the program is therefore out of the question.
Generally, software patches can be categorized into three different categories – feature updates, bug fixes, and security updates.
Patches can be deployed to your entire infrastructure including software/operating systems, routers, IoT equipment, servers, and more.
Now that you’ve understood what patch management is, you may still want to know why it is so important.
Through this process, people (and patch management software) determine whether required patches are available, if they are deployed, and if are running smoothly. Security vulnerabilities and system crashes can easily be prevented if all newly released patches are promptly installed. This is where the concept of patch management comes into play, allowing you to manage patches more efficiently and most importantly, safeguard your organization against cyber threats.
Keeping up with all patches that must be installed can become a tedious task for your staff to perform on their own. Automated Patch Management software lets them shift their focus from dreary tasks like manually dealing with patches to less labor-intensive and more pleasant activities.
Antivirus is no longer enough to keep an organization’s systems secure.
If you’ve never had to deal with a security incident, you might not fully comprehend the importance of the patch management process. However, you must keep in mind that ignoring the risks is not an option, as both small businesses and enterprises can be at high risk due to non-existent or delayed patching.
Here are the benefits of implementing an Automated Patch Management process inside your organization (in no particular order):
Have you ever experienced downtime due to system failures and crashes? Or have you ever been affected by malware?
Maybe not, but this does not mean your organization is highly unlikely to be affected – in other words, don’t fall into the trap of the optimism bias in cybersecurity that many people are experiencing.
With an automated patch management process in place, not only will you avoid the risk of malware and network errors, but you will also gain full visibility inside your IT environment and diligently keep track of vulnerabilities and patches – and the entire process will be fully automated. This means you can schedule the exact time that you want the updates to be installed and benefit from silent software and patches installation, on-the-fly, without any user interruption.
Failing to comply with the latest security regulations may result in your organization facing legal penalties. To become compliant with the current laws, you need to prove that you have taken all the necessary steps. For instance, auditors may need to see if and when patches were applied, thus it is crucial for your business to use the proper system that allows you to fully document the process.
An automated patch management solution like our X-Ploit Resilience ensures you stay within compliance and that you are provided with a complete CVE/CVSS audit trail.
Last, but not least, you can be assured your company is safe from a cybersecurity perspective.
Software is never developed without the need to be updated or enhanced. For this reason, as part of the software management and deployment activities in any organization, a routine of periodically installing updates and addressing any existing issues has to be established.
Thus, improved IT security is the most important and visible advantage of patch management.
The timely deployment of updates decreases the probability of your business becoming affected. By protecting your systems before cybercriminals leverage any flaws in your system, you prevent breaches and avoid compliance issues and reputational damage that frequently accompany organizations affected by cyber-attacks.
Creating the optimal patch management strategy starts with evaluating all the necessary steps involved.
Some of the most important ones include:
Identifying patching goals sets priorities and identifies objectives that are essential during the patch management process. It’s important to determine what software needs to be patched and set up a schedule to eliminate any confusion and allow for auditing practices.
Assigning tasks and duties promotes transparency, provides guidance and helps your staff follow an organized patch management process.
Using a good automated patch management tool is key.
With HeimdalTM Security’s X-Ploit Resilience, you can achieve compliance, mitigate exploits, close vulnerabilities, deploy updates, and install software anywhere in the world, and according to any schedule. Our tool covers both Windows and 3rd party application management and comes with customizable set-and-forget settings for automatic deployment of software and updates.
Not only that, but we also provide you with fully tested, repackaged, and ad-free updates using encrypted packages inside HTTPS transfers locally to your endpoints.
By efficiently managing vulnerabilities, you will demonstrate a high ROI within a short timeframe by gaining the ability to become resistant to vulnerabilities and gain a brand new and improved cybersecurity posture.
Simple Antivirus protection is no longer enough.
Good patch management is a crucial aspect when it comes to maintaining the security, integrity, and accessibility of the data and systems of every organization and the process should be as thorough as possible. The more you keep up with your patching and update all your critical (and non-critical) systems, the less likely it is that your company will be compromised.
Move beyond SCCM/WSUS and antiquated patch management techniques and discover our unique patch deployment solution. Clean up you patch management process and contact us today at email@example.com!
I remember reading once that, in this world, you can’t be certain of anything, except, of course, death and taxes. We should also add “malware” to that list, since, in today’s cyber-world, having to tackle malware and their aftereffects, is no longer of If; rather a When. Enterprise cybersecurity can no longer take the proverbial back seat – it’s riding shotgun or ditching the ride altogether.
Companies failing to employ cybersecurity countermeasures are just going to have to figure out a way to put hit-and-run hackers on their permanent payroll. It may very well sound too surrealistic, but the idea remains unchanged – no online (and offline) security infrastructure means that even the most inexperienced hacker can pick clean your company’s bank account.
The very first lesson they teach you in cybersecurity boot camp is that there’s no such thing as an invulnerable system. Virtually, any kind of electronic device or software on the said device can be a hacker or tampered with maliciously. This is the very reason why software companies often choose to employ pen testers; white-hat hackers that attempt to bypass security to highlight all vulnerabilities.
As one would imagine, pen-testing the products or the infrastructure regularly is a time- and resource-consuming process. The good news is that sysadmins can conduct these of their own accord, without the need of bringing a pen tester onboard every time the infrastructure requires a vulnerability assessment. To that end, I’ve put together this small article on the best (and free) vulnerability management tools your sysadmins can use to identify gaps in your company’s cybersecurity infrastructure.
Also called vulnerability scanning tools, these applications will help you identify the weaknesses in your security system. All of them have some sort of classification system (weak to critical) that is designed to show you the degree of exposure to malicious attacks. Apart from vulnerability classification, these tools also offer some insight into how to fix the discovered issue. Some tools have add-ons that will partly fix some of those issues, whether they’re network- or endpoint-related.
Here are my top 5 choices in vulnerability management tools. As the title suggests, in this list you will find both paid and open-source tools. Enjoy and don’t forget to use the Comments section to rate or berate your experience.
Wireshark is, undoubtedly, one of the most popular open-source network protocol analyzers. Oftentimes, it’s used as a teaching tool in an online course about networking fundamentals. The app itself is pretty straightforward, but it takes a while to learn how to work with it. As far as functionality is concerned, Wireshark allows you to identify network vulnerability through a technique called packet sniffing. Once installed on a machine, Wireshark will begin to analyze the network traffic. Should an anomaly be detected, the app will ‘strip’ the anomalous occurrence to ascertain whether it’s a network-delivered malicious attack or some type of error. Wireshark can also help you in drafting and implementing rules to protect your network.
Nmap is an open-source network vulnerability scanner. Much more sophisticated than Wireshark, Nmap can help you scan hundreds of machines on the fly, perform pin sweeps, investigate routing configurations, analyze firewall inbound/outbound rules, and much more. Compared to Wireshark, Nmap is somewhat difficult to master. There’s no GUI – only a command-type window where you can query your instructions. The good news is that Nmap allows the user to run custom scripts, which is very useful, especially when you’re searching for something very specific during your investigation.
The Burp Suite (yes, that’s what the app’s called) is a freeware web-based security testing software. PortSwigger’s Burp Suite is GUI-orientated just like Wireshark. However, Burp is lightyears ahead of Wireshark, not just on the aesthetical side, but also in terms of feature.
The app’s ultra-crisp, web-hosted UI allows you to view and review larger chunks of data and construct actionable web security reports. The freeware version of Burp has two network-scanning modes: crawl & audit and crawl. Users can take advantage of Burp’s malware library to simulate various types of attacks. Real-time collaboration is also possible via the Burp Collaborator, a tool that pools result from all users involved in the project.
The Open Vulnerability Assessment System is Greenbone Networks’ response to community-curated (and free) vulnerability management tools. OpenVAS offers hundreds of pen testing products and tests. To date, the app’s feed contains no less than 50,000 vulnerability tests and continuing to grow. OpenVAS’ major caveats are OS compatibility (can only be run in Linux) and it’s rather steep learning curve. Not a very ‘friendly’ tool if you’ve only just begun messing around with port scanners or port sniffers, but, if you’re up for a challenge, OpenVAS is a great choice.
Detectify is a web vulnerability scanner that helps your identity and remediates OS, system, and network vulnerabilities. The tool has three pricing tiers: Starter, Professional, and Advanced, but also comes with a 14-day free trial period. Unlike the other NVTs, Detectify works on a more set-and-forget basis, rather than hands-on.
The app is compatible with every operating system and Internet browser can carry out approximately 20,000 tests (more are added each day), has the ethical hacking community’s seal of approval, and can also help you fix the identified vulnerabilities, once you’ve upgraded to full, of course. Detectify’s UI is sleek, beautifully designed, and extremely intuitive, making it a great choice for sysadmins or IT managers who’ve never dabbled in pen testing or vulnerability management.
System admins waste 30% of their time manually managing user rights or installations.
Using vulnerability management tools like the ones discussed throughout the article is just one of the many ways of ensuring that there are no loose ends in your security. However, there’s still the matter of prevention. On that note, here’s a short list of the most common network vulnerabilities and some tips on how to fix them.
There’s a reason why every company should start embracing the Zero Trust model – if one device hooked up to the network, becomes compromised, the other ones will quickly follow. Malware will try what is called rights escalation to propagate throughout the network. This one of the many reasons why you should instate an access governance program. Working with existing AG frameworks like Microsoft Azure’ Active Directory can be challenging and, in the end, utterly useless, scalability-wise.
AG automation is the answer to eliminating creeper rights.
Heimdal Security’s Thor AdminPrivilege is a powerful Privileged Access Management (P.A.M) solution that, upon deployment, automatically de-escalates the users’ admin rights. The unified dashboard allows for granular control over all elevated rights requests.
Approval or denials are both logged and can be called up at any time for further investigation. Furthermore, AdminPrivilege is the only P.A.M solution on the market that de-escalates requested admin rights and kills admin-type tasks if a threat is detected on the machine (only works when associated with Thor Vigilance Enterprise).
I know that it sounds like a no-brainer, but the fact of the matter is that many people, including those handling highly sensitive data, forget to make backup copies. Why should you stress the importance of regularly backing up your work? In case of a ransomware attack, the backup can make the difference between telling the hacker to go take a hike (ransomware-encrypted data can easily be restored from backups) and having to pay a truckload of money to get your data back.
Passwords are your first lines of defense in case of a malicious attack. Weak passwords can be quickly bypassed. So, do yourself a world of good and put in place some sort of password-changing policy. More than that, you must also make sure that your employees abide by it.
Bear in mind that the above list is not all-inclusive. There are plenty of open-source and paid vulnerability management tools out there. Have you had the chance to test out these amazing tools? Hit the comments section and tell me about your experience.
The post 5 Vulnerability Management Tools to Help Your Company Seek and Fix Security Gaps appeared first on Heimdal Security Blog.
The popular security expert Victor Gevers from the non-profit GDI Foundation reported a new wave of attacks that are targeting unsecured MongoDB database servers exposed online. Threat actors are wiping the content of the databases and are demanding the payment of a ransom, they are threatening to leak the stolen data and report the owners for a violation of the EU privacy regulation GDPR.
Once they gain access to the MongoDB server, attackers wipe the databases and create a new database called “READ_ME_TO_RECOVER_YOUR_DATA.”
The database contains several items named ‘README’ that includes the ransom note.
The ransom note informs the victims that their database has been wiped after the data was backed up by the attackers that are demanding 0.015 BTC ($135.55) to recover them.
"All your data is a backed up. You must pay 0.015 BTC to 13JwJDaU3xdNFfcSySFCy95E2Tko18fiyB 48 hours for recover it. After 48 hours expiration we will leaked and exposed all your data. In case of refusal to pay, we will contact the General Data Protection Regulation, GDPR and notify them that you store user data in an open form and is not safe. Under the rules of the law, you face a heavy fine or arrest and your base dump will be dropped from our server! You can buy bitcoin here, does not take much time to buy https://localbitcoins.com with this guide https://localbitcoins.com/guides/how-to-buy-bitcoins After paying write to me in the mail with your DB IP: firstname.lastname@example.org"
Gevers scanned the interned for impacted MongoDB installs, he discovered 15,000 affected database servers using Shodan and more than 23,000 servers using the BinaryEdge search engine.
“When BleepingComputer performed a quick test of searching for MongoDB servers on Shodan, we quickly saw numerous servers being ransomed from this attack,” states BleepingComputer.
This type of extortion practice is not new, in the past crooks carried out numerous campaigns against unsecured MongoDB installs exposed online.
This time, hackers are threatening to report the owners for GDPR violations and force them to pay the ransom, this is a novelty in the threat landscape.
“After 48 hours expiration we will leaked and exposed all your data. In case of refusal to pay, we will contact the General Data Protection Regulation, GDPR and notify them that you store user data in an open form and is not safe. Under the rules of the law, you face a heavy fine or arrest and your base dump will be dropped from our servers,” the ransom note reads.
Attackers are demanding small ransoms, likely to tricking the victims that it is better to pay to avoid penalties for GDPR violations.
According to Gevers, likely the attackers aren’t backing up the data before wiping them, anyway, he is investigating the cases.
(SecurityAffairs – hacking, MongoDB)
Accounts on the popular online gaming platform keep getting hacked. So, how can you better protect your Roblox account?
Nearly 100,000 customers have had their sensitive personal data and revealing photos exposed online after a US-based fitness company misconfigured an Amazon database.
Las Vegas-headquartered V Shred left the S3 bucket containing over 1.3 million individual files publicly accessible, according to vpnMentor.
The research team discovered the leak on May 14 but it took a whole month for the company to disable access to the offending files. Initially, V Shred apparently claimed it was necessary for user files to be publicly available and denied that any PII data had been exposed. Once informed, it removed the PII but said it was leaving the other files publicly accessible, according to vpnMentor.
The 606GB trove contained three CSV files with PII on over 96,000 users, featuring full names, home and email addresses, phone numbers, birth dates, social security numbers, social media accounts, usernames and passwords, health conditions and more.
The database also contained meal plans, profile photos and “before and after” body photos for some customers, as well as details on 52 trainers, according to the report.
“Using the PII data exposed through the S3 bucket, malicious hackers and cyber-criminals could create very effective phishing campaigns targeting V Shred customers,” vpnMentor claimed.
“If the CSV files contained the social security numbers of any individuals, this would be a goldmine for cyber-criminals. They could utilize such information for a wide range of fraud and wholesale identity theft.”
Users could also be blackmailed with threats to release their before and after photos, it added.
The firm discovered V Shred’s misconfigured S3 bucket as part of a broader web mapping project which has already revealed multiple leaks, exposing hundreds of millions of sensitive records.
These include fitness tech firm Kinomap which accidentally leaked 42 million records, sports retailer Decathlon, which leaked 123 million, and a British printing company which may have exposed military secrets.
A mysterious uninstaller has been discovered in malware-laden tax software required for download by firms doing business in China, according to Trustwave.
The security vendor explained last week how it discovered a backdoor it named GoldenSpy inside Intelligent Tax software, produced by the Golden Tax Department of Aisino Corporation. A Chinese bank requires its business clients to download the software.
The security vendor claimed at the time that the powerful backdoor, which allowed for complete remote control of a victim’s network, could not be removed, even if Intelligent Tax was uninstalled.
However, after attracting widespread publicity, the backdoor has now been joined by a new file, discovered by Trustwave’s Threat Fusion team.
“This new sample’s sole mission is to delete GoldenSpy and remove any trace it existed. Including the deletion of registry entries, all files and folders (including the GoldenSpy log file), and finally, the uninstaller deletes itself,” explained the firm’s VP of cyber-threat detection and response, Brian Hussey.
“This GoldenSpy uninstaller will automatically download and execute, and effectively, will negate the direct threat of GoldenSpy in your environment. However, as the deployment of this uninstaller is delivered directly from the supposedly legitimate tax software, this has to leave users of Intelligent Tax concerned about what else could be downloaded and executed in a similar manner.”
It’s still unclear who seeded the original malware in the tax software. It could either have been done without the knowledge of the bank, or is part of a much wider conspiracy designed to monitor foreign firms doing business in the Middle Kingdom.
The swift appearance of an uninstaller would seem to favor the latter theory, as it’s unlikely that cyber-criminals would care if they were found out.
“Organizations must continuously be vigilant, always threat hunting, because our adversaries will continue to find new ways to trick, manipulate and socially engineer their way into environments,” Hussey argued.
“The value of the GoldenSpy case study is not the IOCs we provided, it’s the lesson that malware can be cleverly hidden in any software, regardless of its source or supposed legitimacy.”
Security researchers have discovered five dating apps in the US and East Asia which are leaking millions of customer records thanks to misconfigured cloud databases.
A team from WizCase led by Avishai Efrat explained that the Elasticsearch servers, MongoDB databases and AWS buckets they found were left publicly accessible with no password.
In the US, an Amazon bucket traced to CatholicSingles was found to be leaking a 17MB database of 50,000 records including names, email addresses, billing addresses, phone numbers, age, gender, occupation and education.
Another dating site hosted in the US, Yestiki, leaked around 4300 records (352MB) including phone numbers, names, addresses and GPS location data of date venues, as well as user ratings, activity logs and Foursquare secret key IDs.
Next up is SPYKX.com, the South Korean company behind the Congdaq/Kongdak dating app. It was found leaking 123,000 records (600MB) via an unprotected Elasticsearch server, including emails, cleartext passwords, phone numbers, dates of birth, gender, education and GPSdata.
Also in South Korea, dating app Blurry exposed 70,000 user records (3667MB) via an Elasticsearch server, including private messages sent between users – some of which contained sensitive information like social media handles and phone numbers.
Finally, Japanese dating apps Charin and Kyuun, which appear to be owned by the same company, leaked over 100 million records via the same unsecured Elasticsearch database sitting on an AWS EC2 server.
Compromised user information included email addresses and passwords, both hashed and cleartext, user IDs, mobile device information and dating preferences such as distance and age, according to WizCase.
The researchers also found an additional six exposed servers packed with dating app user information but couldn’t identify the owner, although it claimed they may be the product of a web scraping operation. Data from users of Zhenai, Say Love, Netease, Love Chat and Companion were found.
It’s unclear whether any of the companies WizCase contacted has addressed the configuration errors, but the firm warned users of potential follow-on identity fraud, phishing, blackmail and privacy risks.
Back in September last year, the same research team was able to access a database of around 77,000 users of Heyyo, a Turkey-based online dating service.
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about eight U.S. cities that recently had payment card data stolen via point-of-sale skimming malware on their Click2Gov online payment platforms. Also, learn about the cybersecurity behaviors of more than 13,000 remote workers across 27 countries in a new survey from Trend Micro.
Intelligent transportation systems (ITS) require harmonization among manufacturers to have any chance of succeeding in the real world. Successful ITS’ require interoperable components, especially for managing cybersecurity issues. The good news is we now have a standard for automotive cybersecurity (ISA/SAE 21434) that addresses all the major elements of connected car security. In this blog from Trend Micro, learn more about this standard for automotive cybersecurity.
Cybersecurity has shot to the top of many IT leaders’ priorities over the past few months as remote working became the de facto way of doing business. Yet despite more awareness of the security risks of working from home, employees are still showing a lax attitude when putting it into practice. Trend Micro recently surveyed more than 13,000 remote workers across 27 countries and found that 72% of respondents claimed to have gained better cybersecurity awareness during the pandemic.
Risk decisions are the foundation of information security – but sadly also one of the most often misunderstood parts. This is bad enough on its own but can sink any effort at education as an organization moves towards a DevOps philosophy. In this blog, check out a video on how to properly evaluate risk from Mark Nunnikhoven, vice president of cloud research at Trend Micro.
Eight U.S. cities recently had payment card data stolen via point-of-sale skimming malware on their Click2Gov online payment platforms, according to Trend Micro. Five of those cities had already been victims of similar Magecart-style attacks in recent years. This new round of attacks targeted payment card information, along with the card owner’s name and address.
On Thursday, June 25, Trend Micro hosted its first-ever virtual Perspectives event. As the session progressed, Trend Micro polled attendees, composed of more than 5,000 global registrants, on two key cloud security questions. In this blog, Trend Micro analyzes and shares the responses.
This week, Microsoft issued emergency security updates for two vulnerabilities that could allow attackers to run remote code execution against victims. One of the flaws, CVE-2020-1425, would allow attackers to gather information from victims about further compromising their targets. Abdul-Aziz Hariri, a vulnerability analysis manager for Trend Micro’s Zero Day Initiative, is credited for finding and reporting the vulnerabilities.
Development and application teams can be the initial entry point of a cloud migration as they start looking at faster ways to accelerate value delivery. In this video, Trend Micro’s Jason Dablow describes some techniques on how development staff can incorporate the Well Architected Framework and other compliance scanning against their Infrastructure as Code prior to it being launched into a cloud environment.
Las Vegas-based fitness brand V Shred, that offers fitness plans for women and men, exposed the personally identifiable information (PII) of more than 99,000 customers and trainers – and has yet to fully resolve the leaking database responsible. On Thursday, vpnMentor’s research team made the data leak public.
When remote work becomes not just an option but the only choice for many, it raises vital questions about the technical side regarding how to make the transition feasible and how to keep it secure. In this blog, Mark Liggett, CEO of Liggett Consulting and longtime IT and cybersecurity key player, sits down with Trend Micro to share his thoughts on the importance of connectivity and visibility in securing WFH setups.
Android mobile device users are being targeted in a new SMS phishing campaign that is spreading the FakeSpy infostealer. The malware, disguised as legitimate global postal-service apps, steals SMS messages, financial data and more from victims’ devices. The campaign was first discovered targeting South Korean and Japanese speakers, but it has now expanded to China, Taiwan, France, Switzerland, Germany, the United Kingdom and the United States.
This blog series from Trend Micro describes typical examples of general-purpose guidelines for ICS and OT security and helps readers understand the concepts required for security in smart factories. In part two, learn about the concepts of system design and security levels in IEC62443.
In this five-part blog series, Trend Micro looks at the security risks to be aware of when promoting smart factories by examining overlooked attack vectors, feasible attack scenarios, and recommended defense strategies. Wrapping up this series is a blog examining recommended security strategies and countermeasures to secure smart factories and to keep operations running.
How well do you think your organization’s employees are following security and IT procedures during quarantine? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
Sodinokibi ransomware (aka REvil) operators have breached the Brazilian-based electrical energy company Light S.A. and are demanding a $14 million ransom.
The company issued comments to a local newspaper confirming the attack,
Light S.A. admitted the intrusion to a local newspaper, but it did provide technical details of the security breach either disclose the type of ransomware that infected its systems.
“The company claims to have been the victim of a virus attack, but what motivated this attack has been kept confidential: hackers have invaded the system and sent a virus that encrypts all Windows system files.” reads the post published by the newspaper.
Researchers at AppGate have analyzed a sample of the malware allegedly employed in the attack and linked it to the Sodinokibi ransomware.
“Our malware analysis team had access to the binary that was likely used in the attack and we were able to confirm that the sample is from a family known as Sodinokibi (aka REvil).” reads the analysis published by AppGate. “Althought we can’t confirm that this was the exact same file used in the attack, the evidence points to being connected to the Light SA breach, such as the ransom price, for example.”
The binary was uploaded to a public sandbox, a circumstance that suggests the personnel at the company have submitted it to determine the nature of the file.
The sample is packed, its behavior is similar to the one associated with other binaries that the researchers have identified from this family. Upon unpacking the binary, experts were able to decrypt the configuration and access data about the ransomware, including the actor / campaign ID, and the URL provided to the victims to get instructions on how to pay the ransom.
The payment page is hosted on the Tor network, threat actors are demanding to the victim a ransom of 106,870.19 XMR (Monero) by June 19.
The time run out and ransomware operators are demanding an amount that is doubled (215882.8 XMR), approximately $14 million.
The payment page includes information about the attackers, it claims that attackers are the Sodinokibi gang.
“The whole attack looks very professional, the web page even includes a chat support, where the victim can speak directly with the attacker. Sodinokibi works as a RaaS (Ransomware as a Service) model, and the group behind the operation seems to be affiliated to “Pinchy Spider”, which is the same group behind GandCrab ransomware.” the researchers continue.
The experts explained that Sodinokibi is available as a RaaS (Ransomware-as-a-Service).
AppGate researchers noted that the sample of malware uses 32-bit and 64-bit exploits for the CVE-2018-8453 vulnerability to escalate privileges.
The ransomware employed in the attack has a whitelist based on location.
“Unfortunately, there is no global decryptor for the family, which means that the attacker’s private key is required to decrypt the files.” AppGate concludes.
“During the period of the attack, we noticed that the company’s website was offline, presenting an error message related to the database, which could be related to the attack.”
(SecurityAffairs – hacking, Sodinokibi)
The post Sodinokibi Ransomware Operators hit electrical energy company Light S.A. appeared first on Security Affairs.
With businesses from various industries tightening their belt due to pandemic-induced economic challenges, investing in data science applications and building out their teams may be taking a backseat. While the primary focus must be on preserving cash flow, what many companies don’t realize is the power evolving data science applications have on business continuity and growth during these uncertain times, and the importance of shifting data science roles in implementing effective solutions. Applying data science … More
The post How data science delivers value in a post-pandemic world appeared first on Help Net Security.
The lack of technology skills is contributing to a dent in productivity as workers struggle to adapt to working from home over prolonged periods. Questionmark is calling on employers to ensure that their people have the necessary technical skills as remote working looks set to continue. Productivity among remote workers has declined A study found that despite a greater familiarity with technology during lockdown, productivity among remote workers in the UK has declined by 20%. … More
The post Lack of technology skills creates a dent in remote workers’ productivity appeared first on Help Net Security.
In one second, the human eye can only scan through a few photographs. Computers, on the other hand, are capable of performing billions of calculations in the same amount of time. With the explosion of social media, images have become the new social currency on the internet. An AI algorithm will identify a cat in the picture on the left but will not detect a cat in the picture on the right Today, Facebook and … More
The post New technique keeps your online photos safe from face recognition algorithms appeared first on Help Net Security.
Enforcement of the California Consumer Privacy Act (CCPA), which begins on July 1, 2020, is going to put additional pressure on already overstretched IT resources and budgets, Netwrix reveals. Increase in DSARs According to the survey, 32% of financial organizations have already seen an increase in data subject access rights requests (DSARs) since the CCPA came into force on January 1, 2020. 73% of respondents stated that manual processing of these requests puts significant or … More
The post CCPA enforcement to put pressure on financial organizations’ IT resources appeared first on Help Net Security.
BeyondEdge announced the availability of a breakthrough integrated solution that simplifies the LAN PON network architecture via the BeyondEdge SD-LAN solution and the game-changing Tibit XGS-PON MicroPlug OLT. This disruptive, single solution offers enterprise network operators a truly cost-effective migration path to multi-gigabit PON networks in order to meet near-term and long-term requirements for higher-bandwidth, ultra-fast networks in campus, building, and greenfield environments. “BeyondEdge provides network operators with the right platform that opens the door … More
The post BeyondEdge unveils SD-LAN and Tibit XGS-PON MicroPlug OLT to simplify network architecture appeared first on Help Net Security.
Ordr announced new capabilities in the company’s Systems Control Engine (SCE) 7.2 software. This release further extends IoT and unmanaged device visibility and classification, enabling organizations to monitor for risks and proactively strengthen infrastructure via automated segmentation policy generation and enforcement. Enhanced analytics also provide organizations with insights into device utilization to inform budgetary and maintenance decisions, allowing for better management of capital resources. The 7.2 release also addresses and mitigates risks from Ripple20 vulnerabilities. … More
The post Ordr SCE 7.2: Enabling orgs to monitor for risks and proactively strengthen infrastructure appeared first on Help Net Security.
Vulcan Cyber, developers of the industry’s only end-to-end vulnerability remediation platform, announced customers can now add custom risk parameters to existing Vulcan Cyber vulnerability prioritization algorithms for efficient vulnerability remediation. With the addition of custom risk scripts Vulcan Cyber is first to help security and IT operations teams run more-targeted, end-to-end vulnerability remediation campaigns contextualized to the risk appetite of their business. Traditional approaches to vulnerability risk prioritization focus on inputs such as CVSS severity … More
Kyoto Semiconductor has developed a high-speed photodiode KP-H KPDEH12L-CC1C to support 400Gbps transmission systems that use PAM4 (Pulse Amplitude Modulation 4) inside and between data centers. With the introduction of this InGaAs photodiode, the company is continually supporting the increasing speeds and capacity requirements for transmission systems in 5G networks and beyond. Mass production will start in November, 2020. High-speed The size of the carrier on which the PD is mounted, and the width and … More
The post Kyoto Semiconductor develops photodiode with 400Gbps transmission speed appeared first on Help Net Security.
Red Hat announced that Red Hat Enterprise Linux provides the operating system backbone for the top three supercomputers in the world and four out of the top 10, according to the newest TOP500 ranking. Already serving as a catalyst for enterprise innovation across the hybrid cloud, these rankings also show that the world’s leading enterprise Linux platform can deliver a foundation to meet even the most demanding computing environments. In the top ten of the … More
The post Red Hat Enterprise Linux serves as operating system for supercomputers appeared first on Help Net Security.
Green House Data announced a strategic alignment with Zerto to accelerate digital transformation initiatives centered around hybrid cloud resilience and multi-cloud application migration. Zerto is an industry leading software solution that replaces legacy solutions with a single platform to enable disaster recovery, data protection, and workload mobility across hyperscale clouds, hosted services, and on-premise data centers. All of which reduces risk and complexity of modernization and cloud adoption. Together, the two organizations help enterprises architect, … More
The post Green House Data aligns with Zerto to accelerate digital transformation initiatives appeared first on Help Net Security.
PCI Pal, the global provider of secure payment solutions, announced that its Agent Assist solution is now compliant with key Avaya Contact Center solutions, enabling enterprises to integrate telephone payment security into their existing telephony systems to help achieve PCI DSS compliance for telephone and digital payments. Avaya Holdings is a global leader in solutions that enhance and simplify communications and collaboration. PCI Pal’s Agent Assist uses DTMF masking technology to intercept tones and hide … More
The post PCI Pal’s Agent Assist solution is now compliant with key Avaya Contact Center solutions appeared first on Help Net Security.
IDology, a GBG company, announced a partnership with Microsoft to integrate its innovative ExpectID identity verification and anti-fraud solution with the Microsoft Azure Active Directory (Azure AD) External Identities. ExpectID is now available to Azure Active Directory customers for easy, plug-and-play access to multi-layered global identity verification as a service that elevates trust, facilitates onboarding, increases business identity assurance and shuts down fraud. Sue Bohn, Partner Director of Program Experience, Microsoft Identity Division, at Microsoft … More
Aerospike announced two new partnerships in Japan with SmartScape and ASK Corporation to meet growth and demand for its solutions in the Asia Pacific (APAC) region. In just two years, Aerospike doubled headcount, customers, and revenues in the APAC region. Some of the largest, most innovative companies in the region leverage Aerospike to power their always-on, real-time applications at scale, including Airtel, McAfee, PhonePe, Snapdeal, Ola, Dream11, Gaana, InMobi and BigBasket. SmartScape and ASK Corporation … More
The post Aerospike announces new partnerships to meet growth and demand in the APAC region appeared first on Help Net Security.
ITC Secure (ITC), the managed security services provider (MSSP) and specialist advisory firm, and Identity Experts, Microsoft Gold Partner for Security, have formed a strategic partnership to offer fully managed security services built on Microsoft’s cutting-edge security stack. This announcement formalises the partnership between the two companies and addresses the growing need for cloud-based solutions and integrated technology to support organisations’ IT estates based in the cloud and on-premise. This need is especially important today … More
Snow Software announced it surpassed $100 million in annual recurring revenue (ARR). Fueled by skyrocketing cloud adoption, increasing security threats and the need to optimize IT budgets, Snow started the year with 40% year-over-year growth in total ACV bookings driven by 115% growth in subscription ACV bookings. These milestones were achieved as Snow successfully pivoted to a recurring revenue business model, now at 75% recurring revenue and growing, and remains on track to positive EBITDA … More
The post Snow Software exceeds $100M in ARR fueled by rising cloud adoption and need to optimize IT budgets appeared first on Help Net Security.
What is the Windows Store? The Windows Store is a digital platform that allows for the distribution of applications. This platform offers both free and paid. Users use the Window Store to install applications that are of interest to them. Can you disable the Windows Store? Windows Store can be disabled via group policy to […]… Read More
The post Checking the Windows Store for Patching the Codecs Library Vulnerability appeared first on The State of Security.
Motorola Solutions announced that Jason Winkler has been named executive vice president and chief financial officer, effective July 1, 2020. Winkler succeeds Gino Bonanotte, who has decided to retire from Motorola Solutions on December 31, 2020. Bonanotte will work closely with Winkler through the remainder of 2020 to ensure a smooth transition. “Jason’s financial expertise and deep operational understanding of our business will serve us exceptionally well as we continue to grow and drive total … More
The post Motorola Solutions names Jason Winkler executive vice president and chief financial officer appeared first on Help Net Security.
Awake Security announced a cohort of enterprise and public sector leaders that have joined its advisory board. The multidisciplinary team comprises experts from across the security industry, including Richard Clarke, a leading global expert on national and cyber security; Malcolm Harkins, former chief security and privacy officer at Intel; Elena Kvochko, former security leader at Bank of America and Barclays; and DJ Patil, former United States chief data scientist. “Awake has consistently sought out and … More
The post Enterprise and public sector leaders join Awake Security advisory board appeared first on Help Net Security.
MemSQL, The Database of Now for operational analytics and cloud-native applications, has named Jordan Tigani as chief product officer. Tigani was formerly the director of product management for Google BigQuery. Tigani assumes oversight of MemSQL’s engineering and product teams, with the goal of scaling these operations and expanding on the success of MemSQL’s cloud products. Tigani is acclaimed for having been one of the founders of Google BigQuery and leading its growth for the last … More
The post MemSQL appoints Jordan Tigani as chief product officer appeared first on Help Net Security.
As part of regular darkweb monitoring, researchers from threat intelligence firm has spotted the data leak of National Highways Authority of India (NHAI). The Maze ransomware operators allegedly breached the NHAI and leaked the data of their leak site.
The National Highways Authority of India (NHAI) is an autonomous agency of the Government of India, set up in 1988, and is responsible for the management of a network of over 50,000 km of National Highways out of 1,15,000 km in India. It is a nodal agency of the Ministry of Road Transport and Highways.
According to the Economic Times, the attack took place on Sunday night, hackers targeted the National Highways Authority Of India’s email server, but according to the Indian Agency, no data was stolen. The Authority had shut down the server in response to the intrusion.
The National Highways Authority of India (NHAI) on Monday said a cyber attack took place on its email server on Sunday night but prompt action resulted in no data loss. As a precaution, the Authority had shut down the server.
“A ransom ware attack on NHAI email server took place yesterday night. The attack was foiled by the security system and email servers were shut down from safety point of view,” NHAI Chief General Manager, IT, Akhilesh Srivastava, said.
“No data loss took place. NHAI data lake and other systems remained unaffected from this attack,”
Early this month, the government warned against a large-scale cyber attack against individuals and businesses in the country.
“India’s cyber security nodal agency, CERT-In had issued an advisory warning that the potential phishing attacks could impersonate government agencies, departments and trade bodies that have been tasked to oversee disbursement of government fiscal aid.” states the Economic Times.
Now Maze ransomware operators claim to have leaked only 5% (around 2GB) of the total volume of data exfiltrated by the Authority.
The Cyble Research Team analyzed the data leak and confirmed the presence of sensitive corporate operational documents.
“The Cyble Research Team identified and analyzed the data leak of around 2GB. The data leak includes sensitive corporate operational documents such as the company’s staff list, passport copy of ex-chairman of NHAI, details of dependent family members of NHAI employees, NHAI internal audit reports, and much more.” reads the post published by Cyble.
(SecurityAffairs – Maze ransomware, hacking)
The post Maze Ransomware operators hacked Highways Authority Of India (Nhai) appeared first on Security Affairs.
Cisco has addressed eight vulnerabilities affecting its products, including flaws in Small Business routers and switches.
The most severe flaw, tracked as CVE-2020-3297, affects Small Business and managed switches, it has been rated by Cisco as high severity. The vulnerability could allow a remote, unauthenticated attacker to access a device’s management interface by hijacking a legitimate user’s session.
“A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interface.” reads Cisco’s advisory “The attacker could obtain the privileges of the highjacked session account, which could include administrator privileges on the device.”
The vulnerability ties the use of weak entropy generation for session identifier values. An attacker could exploit this flaw to determine a current session identifier through brute force and reuse it to hijack the ongoing session.
Cisco also fixed a Cross-Site Scripting issue in Cisco Small Business RV042 and RV042G Routers. The issue tracked as CVE-2020-3431 could be exploited by tricking a user of the interface into clicking a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.
“The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.” reads the advisory published by Cisco.
The IT giant also fixed Stored Cross-Site Scripting issues in Cisco Identity Services Engine tracked as CVE-2020-3340.
“Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface.” reads the advisory published by the company.
“These vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface.”
The remaining vulnerabilities are all medium-severity issues affecting the Digital Network Architecture Center, Unified Customer Voice Portal, Unified Communications Manager, and the AnyConnect Secure Mobility Client for macOS.
These vulnerabilities can be exploited for DoS and XSS attacks, and lead information disclosure.
(SecurityAffairs – hacking, routers)
The post Cisco addresses flaws in Small Business Routers and Switches appeared first on Security Affairs.
Researchers have discovered a gaping hole in popular remote access system Apache Guacamole that puts thousands of companies with remote employees at risk. The flaw could allow attackers to control the software and the computers that connect to it. Luckily, there is a patch available.
With large numbers of employees now working from home, remote access systems that let users control computers in the office from their home machines are increasingly popular. One free version is the open source software Apache Guacamole.
Provided by the open source Apache Software Foundation, Guacamole is a gateway that enables remote clients to connect from a browser via various protocols, including Microsoft's Remote Desktop Protocol (RDP). It is a popular product, with over 10 million downloads of its docker container.
Researchers at Check Point began evaluating this software in mid-February as the company prepared to transfer over 5,000 employees to remote work during the early stages of the pandemic. They quickly found problems with the open source gateway. If it connects to a compromised computer inside the network, attackers can use that machine to take control of the entire gateway with potentially disastrous results, they warned.
"Once in control of the gateway, an attacker can eavesdrop on all incoming sessions, record all the credentials used, and even start new sessions to control the rest of the computers within the organization," said the researchers in their report. "When most of the organization is working remotely, this foothold is equivalent to gaining full control over the entire organizational network."
They found several critical reverse RDP vulnerabilities that the destination machine could use to control the gateway, along with new vulnerabilities in FreeRDP, which is Apache's free implementation of the proprietary RDP.
Between them, these vulnerabilities allow for Heartbleed-style information disclosure along with memory corruption. Chaining these together created arbitrary read and write capabilities on the gateway. The researchers then used a privilege elevation attack to gain control of the system.
They disclosed these vulnerabilities to Apache at the end of March, and it silently patched them on May 8 in an update to its GitHub repository. It then released an official patched version (1.2.0) on June 28.
The researchers note that all versions of Guacamole released before January 2020 are using vulnerable versions of FreeRDP, so it is important to patch now.
Schools and colleges in the US have leaked 24.5 million records since 2005, according to new research by technology website Comparitech. K–12 school districts across the country have suffered 1,327 breaches in the last 15 years—with last year's count setting an all-time high.
According to a list of data breaches compiled by the site and with the help of tools from the National Center for Education Statistics (NCES), the most common cause of data breaches in K–12 schools is hacking, representing 45.9% of all incidents. It's also the biggest cause of breaches in colleges. Unintentional disclosure comes in second, with 21% in schools and 27.3% in colleges, followed by theft or loss of portable devices (11.1% in schools, and 14.7% in colleges). K–12 schools saw 60 breaches in total last year, although they lost the most records in 2018, spilling 991,340.
"There doesn’t appear to be any kind of trend in the breach numbers for K–12 schools or colleges, nor does there seem to be a pattern with college records affected," said the report. "However, over the past few years, there has been a significant increase in the number of school records affected."
Colleges saw by far the largest proportion of breaches, at 74%. Public institutions were also the hardest hit, accounting for 77.7% of the breaches at both school and college level.
The report noted that many of the breaches affected more than one institution. One good example was a data breach at Pearson Education, which affected schools across the US. This demonstrates that not all these breaches are down to mismanagement on the part of a school or college; sometimes, it's a supply-chain issue.
At the state level, California experienced the most data breaches across colleges and schools combined, accounting for 11.8%. It also lost the most records among all states. As the report points out, though, this is to be expected given that the state harbors a large percentage of the US population (around one in eight people).
Over 30 news sites were compromised in the latest WastedLocker attack that affected many sites under a single parent company. Of the more than 30 companies targeted, eight belong to the Fortune 500 group and were in the early stages of a experiencing a fully encrypting ransomware attack. Luckily, security teams monitoring these sites acted quickly and were able to block attacks against some sites while mitigating extensive damage to others. The infiltration of these sites was caused by employees accessing previously injected websites and compromising themselves in the process.
Following a ransomware attack on the University of California San Francisco (UCSF) last month, officials have decided to pay a ransom of $1.14 million to decrypt several vital systems. The ransom amount was decided upon after negotiations between the university and the attackers. The original ask was around $3 million but was cut to less than half and was paid the following day. UCSF is one of three universities targeted with ransomware by the Netwalker hacker group in June that decided to pay a ransom to restore normal network function.
A new malicious actor has taken aim at MacOS with an info-stealer disguised as a ransomware attack that goes by the name of EvilQuest. Upon execution of the malicious installer, the malware begins encrypting files indiscriminately and displays a ransom note demanding only $50 in Bitcoin for decryption. The notice of encryption, however, is merely a cover for the damage occurring behind the scenes: sensitive files removed from the system with no way to retrieve them.
Researchers have spotted a new malicious email campaign that spoofs security companies and claims to offer a DNS update if the domain admin enters their credentials. Using a surprisingly accurate landing page, which mocks the real login sites convincingly, the site user is instructed to log in to update. To make matters worse, the attackers can scan for the site’s hosting service and customize the fake landing page to their specific victim, thus ensuring a higher probability of gaining their login info.
In the continuing saga of COVID19 HMRC scams, attackers in Great Britain have begun focusing on the passport details of self-employed individuals in hopes of attaining personal or banking information. The scam itself originates as a text message with an urgent warning for the recipient to access a legitimate looking Her Majesty’s Revenue and Customs site to receive a tax refund. Dozens of victims have been identified across London. With these login credentials alone, attackers could access much of the victims’ data.
The post Cyber News Rundown: WastedLocker Shuts Down US News Sites appeared first on Webroot Blog.
Law enforcement has arrested 746 people in the UK after cracking an encrypted phone network used for criminal activities. The UK National Crime Agency had been working with international partners to crack the EncroChat network since 2016, it revealed today.
EncroChat was one of the largest providers of encrypted mobile communications via its secure mobile phone network, operating from servers in France. It also offered an instant messaging service, the NCA said. It had 60,000 users worldwide, 10,000 of whom were in the UK. They used the network for trading illicit commodities, laundering money, and planning hits on rivals, it added.
The service used its own specialist devices, costing around €1000 each. It would then charge €1500 for a six-month subscription offering worldwide coverage. Devices didn't require users to associate a SIM card with their account, and they used a dual operating system with an encrypted interface designed to avoid detection.
The company also removed cameras, microphones, GPS capability, and USB ports from its hardware and enabled criminals to delete messages on the devices. It could also wipe them entirely from afar with a kill code.
Each message sent via the device used a different set of keys, according to EncroChat's website, which said: "If any given key is ever compromised, it will never result in the compromise of previously transmitted messages—or even passive observation of future messages."
That didn't stop police from cracking the system, though. Law enforcement said that EncroChat realized its network had been compromised and warned its users to throw away their handsets on June 13.
We may never know how police managed that decryption, and the French aren't talking, according to Europol. One clue might lie in EncroChat's apparent decision to cobble together its own encryption, which cryptography experts always warn against. Its website said:
"The algorithms employed are many times stronger than that of PGP (RSA+AES). We employ algorithms from different families of mathematics, which protects message content in the event that one encryption algorithm is ever solved."
French police began investigating the encrypted communication service in 2017 after finding the handsets cropping up repeatedly in criminal seizures. It filed a case with Eurojust, the EU Agency for Criminal Justice Cooperation, in 2019. In April this year, Eurojust set up a joint investigation team comprising French and Dutch police, with support from other countries including the UK, Sweden, and Norway.
The French, which also set up its own task force in March this year, led the investigation into EncroChat's encryption. It was eventually able to insert a device somewhere in the communication chain to access criminal correspondence.
The JIT got access to the network two months ago, harvesting data and sharing it via Europol. UK police used this data to plan Operation Venetic, an attack on the UK organized crime network.
"Operation Venetic is the biggest and most significant operation of its kind in the UK," the NCA said.
Working with local police, the NCA seized over ₤54m in raids on EncroChat users, along with 77 firearms and two tons of class A and B drugs.
If you’re older than 10 years of age you’ve undoubtedly heard the phrase “The world is your oyster.” This basically means that you are able to take the opportunities that life has to offer. Nothing could be more accurate in the description of technology of the world today. Now if we take some liberties with that phrase, we could also say that “the world is your authentication/identity oyster.” There are countless options available to the organizations as to how they want to execute on their vision.
Too long we’ve been collectively saddled with the prospect of passwords as one of the default authentication protocols. This has proven itself to be a standard in many respects. We’ve been taught for decades that passwords are some level of security that can be implemented to protect websites and so forth. This is an unfortunate notion that we need to dispel.
The problem here is that passwords have come to a point where they need to be replaced with an advanced system of security for authentication. Let’s take this as an example: If someone knows a password it by no means ensures who that person is who is utilizing it. Yes, there is some understanding of trust as to who has the use of said password, but over the years I’ve learned that this is by no means a guarantee. As an example, 86 percent of breaches were financially motivated, according to the 2020 Verizon DBIR.
When attackers managed to compromise a website they will re-use the credentials that they capture in a bid to increase their access to other websites simply because they understand that people are creatures of habit and will reuse the same password in multiple places in a bid to reduce the mental fatigue that comes with trying to remember them all. Even when I check in my own password manager application, I’ll note that I have over 900 passwords alone. It is too little surprise that people still write them on post-it notes to this very day.
There are so many options available to remedy our password predicament. MFA is an excellent example of how to move forward with a better solution to authentication. When we look at something such as MFA we have to understand that there is a culture shift involved. Eighty percent of security breaches involve compromised passwords. People can be hesitant and resistant to change but will embrace that change when security has been democratized.
If it is easy for a non-technical person to use, then they will adopt that and then by extension improve the security of your organization. Case in point, my mother can use the Duo app as an example to authenticate to her email and other applications. When you have applications written for engineers by engineers in the hands of the layperson you can imagine how that will end. The security tools need to be easy to use.
If you’re using a push-based application or even something with the W3C WebAuthN open standard, which can leverage an API to replace passwords, you can improve the security of your organization by removing passwords from the mix. Using technologies such as this in conjunction with Azure AD as an example will reduce the risk to an organization. You would have authenticated users access to your systems without having to wonder if the person with the password logging in from a coffee shop in London, New York, or Toronto is in fact who you assume they should be.
The tools are at your disposal today to improve your security posture, reduce risk, and ultimately costs when users can self-manage. When security technology has been democratized it leads to wider adoption by techno-savvy users and luddites alike.
Ready to get started? Sign up for a free trial at signup.duo.com.
Duo helps Azure Active Directory (Azure AD) customers move to the cloud safely and securely by verifying the identity of the users with strong multi-factor authentication (MFA), and the trust of the device using device hygiene insights. Our joint customers use that information to create robust access policies that are enforced before granting access to applications both on-premises and in the cloud.
How Duo helps protect Microsoft Applications: Duo + Microsoft Partnership Page
Learn more: Duo Security – Azure Active Directory
To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.
For more information about Microsoft Security Solutions, visit the Microsoft Security website. Bookmark the Security blog to keep up with our expert coverage of security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
The post The world is your authentication and identity oyster appeared first on Microsoft Security.
Apps – what would life be without them? Imagine opening a brand-new browser tab every time you wanted to check your email, access photos, connect with friends on social media, or even pay your bills online.
Apps have greatly enhanced the way consumers interact with and complete tasks on their mobile devices. But what many consumers don’t realize is that they are tracked by many of the apps they know and use daily. Tracking can stem from a variety of platforms, however one type in particular has brought this issue even more into the forefront: contact tracing apps, which can help slow the spread of COVID-19.
According to MIT Technology Review, technologists have been working to build contact tracing apps and systems to identify and notify those who have come in contact with a virus carrier. Tech giants and public health authorities worldwide have quickly signed up to build the application programming interfaces (APIs) and apps necessary to support this project’s scale. However, many users are skeptical that they know very little about these apps, what data is collected, and who this data is shared with.
The success of these contact tracing apps rests on user participation. However, for these apps to make a real impact, developers must overcome potential privacy and security risks to assure individuals their data will only be used to fight the virus’ spread.
According to Health IT Security, the American Civil Liberties Union and the Electronic Frontier Foundation released reports outlining potential privacy and security risks developers should consider when building APIs and drafting privacy policies. Some of these risks include geo-location tracking or tracking a device’s location in real-time.
Then there’s user behavior to keep in mind. Some individuals may not understand the extent of the information they share with an app, while others are uneasy about the idea that the government – or a hacker – could easily access their whereabouts. What’s more, users are concerned that data collection will fail to end after the pandemic and authorities will use it in the future for unwarranted public surveillance.
While the privacy concerns around contact tracing apps are genuine, it’s also important to consider how this technology could greatly benefit public health. Although the privacy protection instilled in some apps is still a work-in-progress, some technologies have successfully contact traced without putting users’ privacy at risk. For example, Singapore’s app TraceTogether only collects and gathers data at the point that someone 1) is confirmed to have COVID-19 and 2) consents to the scraping of that data. From there, the data is anonymized, encrypted, and doesn’t reveal the identity of the infected user or the person that may have come in contact with them. What’s more, the data is deleted automatically after 21 days. By employing a thoughtful approach to contact tracing, positive strides can be made towards stopping the virus’s spread without risking user privacy.
As a consumer living in a world riddled with uncertainty, you can take steps to help protect your digital life. When it comes to the rise of contact tracing technology and other apps you may use, here are some tips to consider to help safeguard your private information.
If you’re concerned about an app having permission to access your location, photos, or other data, check your settings to see which apps have access to this information. Change permissions by either deleting the app or changing your settings on your device.
If you are not comfortable downloading a contact tracing app on your device but would like to be informed of the virus’ spread, you can visit the CDC’s website for COVID-19 cases, which can be narrowed down by state and county.
Beware if you’re paying your bills for local government services – the payment information you type into that web form may be heading straight to cybercriminals.
Recently, Microsoft announced our acquisition of CyberX, a comprehensive network-based security platform with continuous threat monitoring and analytics. This solution builds upon our commitment to provide a unified IoT security solution that addresses connected devices spread across both industrial and IT environments and provides a trusted, easy-to-use platform for our customers and partners to build connected solutions – no matter where they are starting in their IoT journey.
Every year billions of new connected devices come online. These devices enable businesses to finetune operations, optimize processes, and develop analytics-based services. Organizations are clearly benefiting from IoT as shared in the IoT Signals research report produced by Microsoft. But while the benefit is great, we must not ignore the potential security risks. To talk about how companies can reduce their risk from connected devices, Dr. Andrea Little Limbago joined me on Cyber Tea with Ann Johnson.
Dr. Andrea Little Limbago is a cybersecurity researcher, quant analyst, and computational social scientist at Virtru. With a background in social science, Andera has a unique perspective that I think you’ll find interesting.
Andrea and I talked about the role of automation in attacks and defense and how privacy and security advocates can come together to accomplish their overlapping goals. We also talked about how to safeguard your organization when you can’t inventory all your IoT devices.
It isn’t just businesses that are investing in connected devices. If you have IoT devices in your home, Andrea offered some great advice for protecting your privacy and your data. Listen to Cybersecurity and IoT: New Risks and How to Minimize Them to hear our conversation.
Lack of visibility into the devices currently connected to the network is a widespread problem. Many organizations also struggle to manage security on existing devices. The acquisition of CyberX complements existing Azure IoT security capabilities. I’m excited because this helps our customers discover their existing IoT assets, and both manage and improve the security posture of those devices. Expect more innovative solutions as we continue to integrate CyberX into Microsoft’s IoT security portfolio.
In this important cyber series, I talk with cybersecurity influencers about trends shaping the threat landscape and explore the risk and promise of systems powered by AI, Internet of Things (IoT), and other emerging tech.
You can listen to Afternoon Cyber Tea with Ann Johnson on:
§ Apple Podcasts—You can also download the episode by clicking the Episode Website link.
§ Podcast One—Includes option to subscribe, so you’re notified as soon as new episodes are available.
§ CISO Spotlight page—Listen alongside our CISO Spotlight episodes, where customers and security experts discuss similar topics such as Zero Trust, compliance, going passwordless, and more.
If you are interested in how businesses across the globe are benefiting from IoT, read IoT Signals, a research report produced by Microsoft.
In the meantime, bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. Or reach out to me on LinkedIn or Twitter if you have guest or topic suggestions.
The post Afternoon Cyber Tea: Cybersecurity & IoT: New risks and how to minimize them appeared first on Microsoft Security.
Hackers are once again finding unsecured MongoDB databases, wiping their contents, and leaving ransom demands.
So far, so normal. But what’s different this time is that they’re also threatening to report their victims for violating GDPR.
Read more in my article on the Tripwire State of Security blog.
Security experts from Check Point Research have discovered multiple critical reverse RDP vulnerabilities in the Apache Guacamole, which is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH and allows system administrators to remotely access and manage Windows and Linux machines.
The vulnerabilities could be exploited by threat actors to achieve full control over the Guacamole server, intercept, and control all other connected sessions.
The issues are specifically critical now, in a ‘new normal’ scenario post-COVID-19.
Apache Guacamole allows users within an organization to remotely access their desktops simply using a web browser post an authentication process.
Apache Guacamole currently has amassed over 10 million downloads to date on Docker Hub.
“In particular, it was vulnerable to several critical Reverse RDP Vulnerabilities, and affected by multiple new vulnerabilities found in FreeRDP. In particular, all versions of Guacamole that were released before January 2020 are using vulnerable versions of FreeRDP.” reads the analysis published by CheckPoint Researchers.
“These vulnerabilities would allow an attacker, or any threat actor who successfully compromises a computer inside the organization, to attack back via the Guacamole gateway when an unsuspecting worker connect to his infected machine. This allows a malicious actor to achieve full control over the Guacamole server, and to intercept and control all other connected sessions.”
Once compromised a computer inside the target organization, an attacker can launch an attack on the Guacamole gateway when an unsuspecting worker attempt to connect to an infected machine. Another attack scenario sees a rogue employee who uses a computer inside the target network to hijack the gateway.
CheckPoint researchers reported the vulnerabilities to Apache on March 31, and the company addressed it with the release of a new version in June 2020.
“Knowing that our vulnerabilities in FreeRDP were only patched on version 2.0.0-rc4, this means that all versions that were released before January 2020 are using vulnerable versions of FreeRDP.” reads the report published by CheckPoint.
“We could have stopped here and estimated the high probability that most companies haven’t yet upgraded to the latest versions, and could already be attacked using these known 1-Days.”
Below the list of vulnerabilities found by the experts:
CheckPoint also spotted a third information disclosure vulnerability that is a variant of the above vulnerability that resides in a different channel called “guacai,” which is responsible for sound messages and is disabled by default.
By using vulnerabilities CVE-2020-9497 and CVE-2020-9498, “a malicious corporate computer (our RDP ‘server’) can take control of the guacd process when a remote user requests to connect to his (infected) computer.”
(SecurityAffairs – hacking, Apache Guacamole)
The post Critical Apache Guacamole flaws expose organizations at risk of hack appeared first on Security Affairs.
The forms of malware most frequently investigated by security analysts are not actually the most widespread ones used by cyber-attackers, according to a new study by Kaspersky. It revealed that whilst Backdoors (24%) and Droppers (23%) are amongst the top three most commonly sent free requests to the Kaspersky Threat Intelligence Portal, they only make up 7% and 3% of all malicious files blocked by the Kaspersky endpoint products, respectively.
The Kaspersky Threat Intelligence Portal is a means to help analysts to better understand the background of an attack following the detection of malicious activity in order to develop effective response and remediation measures.
Anonymized statistics from the portal show that 72% of the free requests sent related to three categories: Trojans (25%), Backdoors (24%) and Droppers (23%). Although figures from the Kaspersky Security Network demonstrate that Trojans are indeed usually the most widespread type of malware, the amount of Backdoors and Droppers are nowhere near as frequent as these requests would suggest.
The reason for this disparity is believed to be because researchers are often interested in the final target of the attack, whereas endpoint protection products aim to prevent attacks at an early stage, before they reach the user’s computer.
Kaspersky added that researchers could also be interested in analyzing certain kinds of threats in extra detail due to factors such as their novelty and media coverage.
Denis Parinov, acting head of threats monitoring and heuristic detection at Kaspersky, said: “We have noticed that the number of free requests to the Kaspersky Threat Intelligence Portal to check viruses, or pieces of code that insert themselves in over other programs, is extremely low – less than 1%, but it is traditionally among the most widespread threats detected by endpoint solutions.
“This threat self-replicates and implements its code into other files, which may lead to the appearance of a large number of malicious files on an infected system. As we can see, viruses are rarely of interest to researchers, most likely because they lack novelty compared to other threats.”
The cybercriminal behind the ransom raids on almost 23,000 databases threatens to leak the data and alert GDPR regulators
The post Thousands of MongoDB databases ransacked, held for ransom appeared first on WeLiveSecurity
For decades, we have prized efficiency in our economy. We strive for it. We reward it. In normal times, that's a good thing. Running just at the margins is efficient. A single just-in-time global supply chain is efficient. Consolidation is efficient. And that's all profitable. Inefficiency, on the other hand, is waste. Extra inventory is inefficient. Overcapacity is inefficient. Using many small suppliers is inefficient. Inefficiency is unprofitable.
But inefficiency is essential security, as the COVID-19 pandemic is teaching us. All of the overcapacity that has been squeezed out of our healthcare system; we now wish we had it. All of the redundancy in our food production that has been consolidated away; we want that, too. We need our old, local supply chains -- not the single global ones that are so fragile in this crisis. And we want our local restaurants and businesses to survive, not just the national chains.
We have lost much inefficiency to the market in the past few decades. Investors have become very good at noticing any fat in every system and swooping down to monetize those redundant assets. The winner-take-all mentality that has permeated so many industries squeezes any inefficiencies out of the system.
This drive for efficiency leads to brittle systems that function properly when everything is normal but break under stress. And when they break, everyone suffers. The less fortunate suffer and die. The more fortunate are merely hurt, and perhaps lose their freedoms or their future. But even the extremely fortunate suffer -- maybe not in the short term, but in the long term from the constriction of the rest of society.
Efficient systems have limited ability to deal with system-wide economic shocks. Those shocks are coming with increased frequency. They're caused by global pandemics, yes, but also by climate change, by financial crises, by political crises. If we want to be secure against these crises and more, we need to add inefficiency back into our systems.
I don't simply mean that we need to make our food production, or healthcare system, or supply chains sloppy and wasteful. We need a certain kind of inefficiency, and it depends on the system in question. Sometimes we need redundancy. Sometimes we need diversity. Sometimes we need overcapacity.
The market isn't going to supply any of these things, least of all in a strategic capacity that will result in resilience. What's necessary to make any of this work is regulation.
First, we need to enforce antitrust laws. Our meat supply chain is brittle because there are limited numbers of massive meatpacking plants -- now disease factories -- rather than lots of smaller slaughterhouses. Our retail supply chain is brittle because a few national companies and websites dominate. We need multiple companies offering alternatives to a single product or service. We need more competition, more niche players. We need more local companies, more domestic corporate players, and diversity in our international suppliers. Competition provides all of that, while monopolies suck that out of the system.
The second thing we need is specific regulations that require certain inefficiencies. This isn't anything new. Every safety system we have is, to some extent, an inefficiency. This is true for fire escapes on buildings, lifeboats on cruise ships, and multiple ways to deploy the landing gear on aircraft. Not having any of those things would make the underlying systems more efficient, but also less safe. It's also true for the internet itself, originally designed with extensive redundancy as a Cold War security measure.
With those two things in place, the market can work its magic to provide for these strategic inefficiencies as cheaply and as effectively as possible. As long as there are competitors who are vying with each other, and there aren't competitors who can reduce the inefficiencies and undercut the competition, these inefficiencies just become part of the price of whatever we're buying.
The government is the entity that steps in and enforces a level playing field instead of a race to the bottom. Smart regulation addresses the long-term need for security, and ensures it's not continuously sacrificed to short-term considerations.
We have largely been content to ignore the long term and let Wall Street run our economy as efficiently as it can. That's no longer sustainable. We need inefficiency -- the right kind in the right way -- to ensure our security. No, it's not free. But it's worth the cost.
This essay previously appeared in Quartz.
Are you locked out of your system because of ransomware? Or, you cannot access your important files or data.
Ransomware is a dreading nightmare that can make you lose access to your important files and photos. Be it an individual or a business; none is entirely immune to this malicious software. This malware can lock you out of your system and demand ransom to give access back. With cyber thieves becoming more and more sophisticated, it has become quite challenging to decrypt your files.
If you also have been a victim of this malicious software, we have got you covered. Here are a few steps on ‘how to remove ransomware.’
If you see phrases like ‘pay ransom’ or ‘access denied’ on your system, you have been under a ransomware attack. If this is the case, detach all the infected wireless and wired devices and desktops.
Disconnecting your devices will stop this malware from spreading and infecting more of your devices.
Make sure you disconnect the following devices:
Further, you need to check if any of these devices were connected with the infected device. If yes, you need to check them as well for ransom messages.
The next action would be to categorize the kind of ransomware that attacked your system.
There are three common types of ransomware:
Once you have recognized the type of malware, the next step would be to eliminate the malicious software. You can remove the malware using the following steps:
Automatic Delete: Sometimes, the ransomware gets deleted automatically after encrypting your important data. Cyber thieves don’t want their ransomware to leave any clues behind that could help create decryption tools. In this case, the ransomware can be detected using security software.
Remove the ransomware with antivirus: If malware software is still on your computer, you can delete it using security software or antivirus. The same software will keep you protected from cyberattacks in the future.
Next, you would like to recover the encrypted files. This can be done in two ways.
It is one of the main preventive measures which marginalize the loss of data removal by ransomware.
If you’ve followed basic preventive measures, then you should have data backups to cloud storage or to an external device, so now is the time to recover these clean, ransomware-free files on your computer.
Automatic backup makes it easy to revert to files and software without malware.
But if you haven’t created a backup for your files, then, unfortunately, removing the malware and recovering it will be difficult.
The main objective of getting rid of a ransomware attack is to access your locked files without paying for the ransom.
If cyber attackers encrypt your crucial files, find a ransomware decryption tool to decrypt or unlock your files and regain access.
Do not keep high hopes, but in rarity, you can decrypt your files without the attackers paying the ransom.
Ransomware attacks are quite common these days. But, with advanced technology, it has become really difficult to outgrow the skills of hackers and cybercriminals.
So, if the above methods don’t work for decrypting your important data, you can always seek professional help in the development of a custom decrypter key. If not, make sure to avoid being a victim of ransomware attacks.
Who’s been dressing Robox players up in red baseball caps? Which ransomware victim’s negotations got spied on by the media? And should Jason Bieber think twice before touching his hat? Oh, and we need to talk about squirrels…
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast.
Gamers beware. A report by Chinese cybersecurity researchers recently discovered a malicious botnet campaign that infected hundreds of thousands of systems. This botnet campaign was spread through malware via pirate gaming portals. The attack has been traced back to a China-based cybercrime group called DoubleGun which has amassed thousands of…
Security researchers spotted Trickbot malware checking the screen resolution as a means of evading analysis on a virtual machine (VM). Digital security firm MalwareLab came across a sample of the trojan that checked to see whether a computer’s screen resolution was either 800×600 or 1024×768. It then terminated if it found that the screen resolution […]… Read More
The post Trickbot Malware Using Screen Resolution Checks as Anti-VM Tactic appeared first on The State of Security.
Security researchers are warning of new Mac ransomware spread via pirated software on torrent and similar sites.
Malwarebytes director of Mac and mobile, Thomas Reed, explained that the EvilQuest malware is now dubbed “OSX.ThiefQuest” to avoid confusion with a 2012 gaming title.
He was first alerted to the ransomware hidden in a legitimate-looking edition of macOS firewall Little Snitch and uploaded to a Russian torrent site. However, it has subsequently been found in an installer for DJ software Mixed In Key 8 and will “undoubtedly” be hidden in other pirated software, Reed claimed.
“The malware wasn’t particularly smart about what files it encrypted, however,” he continued. “It appeared to encrypt a number of settings files and other data files, such as the keychain files. This resulted in an error message when logging in post-encryption.”
Other researchers have indicated that the ransomware also contains a keylogger, due to the presence of calls to system routing CGEventTapCreate, and even steals any cryptocurrency wallet-related files it finds. The malware also opens a reverse shell to communicate with a command and control (C&C) server, Reed explained.
Once complete, the pop-up message demands $50 from the victim to recover their files. As of yet there is no decryption key available, although Reed said that researchers are working on trying to understand what kind of encryption the malware uses and whether it can be cracked, like the FindZip Mac variant.
In the meantime, he recommended best practice backups and effective AV as the main way to mitigate the threat.
“The best way of avoiding the consequences of ransomware is to maintain a good set of backups. Keep at least two backup copies of all-important data, and at least one should not be kept attached to your Mac at all times (ransomware may try to encrypt or damage backups on connected drives),” Reed concluded.
“I personally have multiple hard drives for backups. I use Time Machine to maintain a couple, and Carbon Copy Cloner to maintain a couple more. One of the backups is always in the safe deposit box at the bank, and I swap them periodically, so that worst case scenario, I always have reasonably recent data stored in a safe location.”
Nominations for the fifth annual Security Serious Unsung Heroes Awards are open.
Intended to recognize the people who significantly contribute to the information security industry, whether in the classroom, in law enforcement or within corporate organizations, nominations are now open and will remain open until August 31 2020. The Unsung Heroes Awards will take place on Tuesday October 13 via a virtual cocktail event.
A total of 14 awards are open for nomination, including a new award added this year to recognize those helping to keep UK businesses safe during the COVID-19 pandemic. The categories are:
The Unsung Heroes Awards, created by Eskenzi PR and Smile on Fridays, have been sponsored by KnowBe4, Protiviti and Qualys. Yvonne Eskenzi, director of Eskenzi PR and founder of the Security Serious Unsung Heroes Awards, said: “It's true that 2020 might feel like a year worth forgetting, but cyber-criminals certainly haven't given up. There must be some incredible superstars out there in cybersecurity keeping businesses and their remote workers safe – and we want to thank those people.
“We need everyone’s help to nominate those security professionals they think are worthy of acknowledgement and bring a little joy back into this year!"
Previous award winner Quentyn Taylor, director of information security EMEA for Canon Europe, said that it is really important to support these kinds of efforts. “The Unsung Heroes Awards recognize the real people in information security, not just the ones you see in the magazines every single time,” he said. “Not just the ones who get put on the news whenever there’s an incident, but the ones who maybe don’t have time to do that but are soldiering away in the background to make the world a safer place, and that’s why these awards have credibility.”
A scam cryptocurrency trading platform has been wound up by the courts after stealing £1.5m in clients’ funds.
Gpay Limited was incorporated on 30 August 2017, and later traded as Cryptopoint and XtraderFX, according to a statement from government agency The Insolvency Service.
It was finally closed down in the public interest last week by the High Court, after scamming countless novice traders who were drawn to the platform via online advertising.
These ads, often on social media, claimed that the platform was supported by experienced traders and innovative technology that could help even investors with no prior experience to make money.
They also falsely claimed that Gpay was endorsed by Martin Lewis, founder of MoneySavingExpert, and entrepreneurs from the hit TV show Dragons’ Den.
“Screw you! Piss off! And good riddance Gpay ltd,” Lewis said in a Facebook post linking to the government announcement.
Government investigators had found that at least 108 clients had lost almost £1.5m, in many cases despite having paid for insurance designed to protect them against any losses.
Those that tried to remove funds from their trading accounts were told that this wasn’t possible unless they sent across copies of photo ID, utility bill and debit/credit card. Such requests were apparently not necessary when the victims initially sent over their deposits.
Withdrawals would also be blocked if customers hadn’t traded with their deposited funds, according to the government.
“GPay persuaded customers to part with substantial sums of money to invest in cryptocurrency trading. This was nothing but a scam as GPay tricked their clients to use their online platform under false pretenses and no customer has benefited as their investments have been lost,” said Insolvency Service chief investigator, David Hill.
“We welcome the court’s decision to wind-up GPay as it will protect anyone else becoming a victim. This scam should also serve as a warning to anyone who conducts trading online that they should carry-out appropriate checks before they invest any money that the company is registered and regulated by the appropriate authorities.”
After surveying more than 10,000 people in 50 states about their cybersecurity habits, we wound up with some pretty surprising results. Like the fact that tech experts demonstrate riskier behaviors than average Americans. But the most significant result of all was the fact that most Americans are more confident than they should be when it comes practicing good cyber hygiene. So, we thought this would be a good opportunity to highlight a few of the riskiest behaviors from the report and suggest ways to correct them and minimize your chances of falling for a cyberattack.
Facebook has discovered another back-end privacy issue which meant that thousands of apps continued to receive users’ personal information even after access should have automatically expired.
The social network’s vice-president of platform partnerships, Konstantinos Papamiltiadis, explained in a blog post that rules to limit developer access to Facebook user data were brought in several years ago.
“In 2014, we introduced more granular controls for people to decide which non-public information — such as their email address or their birth date — to share when they used Facebook to sign into apps,” he said.
“Later, in 2018, we announced that we would automatically expire an app’s ability to receive any updates to this information if our systems didn’t recognize a person as having used the app within the last 90 days.”
However, the firm recently discovered that some apps continued to receive previously authorized user data, even though they hadn’t used the app in 90+ days.
“From the last several months of data we have available, we currently estimate this issue enabled approximately 5000 developers to continue receiving information — for example, language or gender — beyond 90 days of inactivity as recognized by our systems,” Papamiltiadis continued.
“We haven’t seen evidence that this issue resulted in sharing information that was inconsistent with the permissions people gave when they logged in using Facebook.”
The issue was fixed within a day and he said that Facebook is introducing new Platform Terms and Developer Policies to improve transparency further with the developer community and ensure they “clearly understand their responsibility to safeguard data and respect people’s privacy.”
The social network has been tightening its restrictions on third-party developers since the Cambridge Analytica scandal in 2018. In September last year it announced the removal of tens of thousands of apps from hundreds of developers that were suspected of having the potential to abuse policies on user privacy and security.
Microsoft has released fixes for two remote code execution (RCE) vulnerabilities in the Microsoft Windows Codecs Library on Windows 10 machines. The vulnerabilities Both flaws – CVE-2020-1425 and CVE-2020-1457 – arose because of the way the Microsoft Windows Codecs Library handled objects in memory. CVE-2020-1425 could allow attackers to obtain information to further compromise the user’s system, and CVE-2020-1457 would allow them to execute arbitrary code, all by tricking users into opening an image file. … More
The post Microsoft fixes two RCE flaws affecting Windows 10 machines appeared first on Help Net Security.
I started writing this blog post alone in a hotel room in Budapest last September. It was at the absolute zenith of stress; a time when I had never been under as much pressure as I was right at that moment. Project Svalbard (the sale of HIBP which ultimately turned out to be a no-sale) was a huge part of that and it was all happening whilst still being solely responsible for running the project. That much was very broadly known publicly, but what I haven't spoken about until now is that earlier that year, my wife and I had decided to separate and later divorce. As part of attempting to rebuild my life, I was also in the midst of buying another house, a stressful process at the best of time let alone under these circumstances whilst on the other side of the world. It was extreme stress the likes I'd never dealt with before at a time when the demands on me were at an all-time high, so I started writing this blog post, adding to it at the worst of times. Here's how I sustained my performance whilst under extreme stress:
I realised something very profound last year; I've very rarely discussed my emotional state with friends. Maybe that's "just what blokes do" (or don't do), but it certainly wasn't a conscious decision on my behalf. It wasn't until the stress really started mounting early last year that I actually made a conscious effort to do this. Putting it in words now seems almost stupidly obvious, but there's a lot of evidence around the benefits of friendship on mental health:
It can be hard to talk to family members about mental health. That’s why it’s important to have healthy friendships to turn to in times of need. Our friends can be that ear to talk to, shoulder to lean on and nonjudgmental perspective that we need. They can also help increase our sense of belonging, improve our self-confidence and help reduce stress and anxiety.
Last year and early this year, it meant spending a bunch of time with friends in person during my travels. Since Feb this year as travel has become a thing of the past, it's meant talking to friends in different parts of the world every couple of days. Often those discussions have directly focused on the stresses in life but equally often, they've been an opportunity to bond around less contentious common interests; cars, tech, family. The quote above about helping to increase a sense of belonging really nails it.
The thing that perhaps surprised me most about those discussions with friends was how much their own stories resonated with mine. I mean that across all the fronts I was feeling the stress on too; whilst in San Francisco in particular, I spent a bunch of time with people I knew well who'd been through similar business processes and as for the things stressing me in my personal life, it felt like every second person I confided in had a similar story. Finding common ground with friends was always a huge relief; I wasn't alone in what I was going through.
Emotions have been high during this period, both professionally and personally. More than anything, it was the unpredictability of emotions that got me; I could be cruising along thinking everything was on track then wammo! An email, a text message or a phone call would suddenly throw everything back into turmoil. I'd be upset. Angry. Vengeful. But none of these feelings would help me make rational decisions.
Frequently, I'd simply sit on an email for a day. I'd sit on my own emails for a day, granting time to reflect on whether my words represented the best path forward or merely reflected my emotional state at the time. A perfect example is that the house purchase fell through due to the vendor not being agreeable to the terms I set forth. I received their reply and was initially upset. I sat on the email, went and did a conference talk, drank some beer, had a sleep and responded the next day, cancelling the deal. It hurt to do that because I really wanted the house, but I also knew that "want" wasn't enough, it had to actually make sense and without agreeing to my terms, it simply didn't.
I haven't always gotten this right and there hasn't always been the luxury of time between emotion and response, but as a strategy to keep peace and maintain sanity, it's proven invaluable time and time again. I can't think of a time where I slept on a response and didn't tone it down a bit.
I was always looking a year or more ahead and I had a very clear picture in my mind of how I wanted my life to look like in the future. Stress has a way of clouding judgement and causing you to make irrational decisions, many of which might feel right at the time, but don't ultimately further your life goals. I had a vision of what my future would look like (and obviously given the HIBP no-sale, reality hasn't always aligned with the vision), and everything that was happening as I wrote this blog post had to support that objective. But there were also massive changes in my life that had to be dealt with here and now, and there was only one way to do it:
When eating an elephant, take one bite at a time
I like the way Psychology Today explains this adage, by breaking those steps down into goals that must be:
Consider what was required to achieve the big picture goals I had; everything from literally hundreds of meetings, thousands of emails, endless proposals, terms sheets, negotiations - and that was just on the HIBP front. Throw in the stress, emotion and frankly, some pretty dark moments on the relationship side of things and consider how totally overwhelming it can all feel.
I tackled it by focusing on the very next thing I needed to do to; the single, attainable thing I could do to move me towards a goal. Complete some financial documents. Schedule a meeting. Agree on some key deliverables. So long as the activity was an enabler of that big picture it didn't matter that it was a little thing, it was progress.
It's so easy to get bogged down in detail and derailed from focusing on what's actually important, that there's literally a book on it:
I can think of many occasions across all the various things that put me under stress this last year and a half where I literally concluded "fuck it - it just doesn't matter enough". They were things that by any reasonable measure I had every right to be upset about, but equally they were things that had I gotten upset about them, they'd derail me from focusing on that bigger picture.
Legal jargon in contracts is a prime example. I recall one occasion where lawyers on my side of the HIBP deal were arguing with lawyers on the other side about whether or not I was a "sophisticated investor". I needed to be in order to receive the proposed equity component and unless we agreed that I was, the exact words I heard were "the deal's off". It was an obnoxious comment about a ridiculous premise, but ultimately, we concluded that the real world impact of the clause was likely negligible and further arguing about it really didn't serve my own purposes.
There were so many outcomes along the way that frankly, felt devastating. Incidents and events that left me fuming, emotional and sometimes, pretty inconsolable. It was so easy for these things to eat me up and consume me, taking my focus away from that big picture and keeping me from moving forward towards that bigger goal.
I found I kept going through the same cycle after a setback and it tracked pretty closely to the whole Kübler-Ross model of 5 stages of grief. I'd very quickly move through denial and anger, blast through bargaining and depression and get to acceptance. I tried hard to bring myself to that last stage and I remember thinking so many times on the way there "this feels much worse now than it will tomorrow or the next day".
In thinking of an example to illustrate this, the following tweet and exert from the "no sale" blog post came immediately to mind:
Project Svalbard was the initiative to find a new home for @haveibeenpwned. After 11 months, the project has now run its course; HIBP will remain independent. Here's the full story: https://t.co/euM50h21Ge— Troy Hunt (@troyhunt) March 2, 2020
According to the lock screen, I took the photo below at 04:49 on the 24th of July last year. I was in yet another bland, nondescript hotel room, drinking bad coffee in an attempt to stave off the jet lag. I'd arrived in San Francisco a few days earlier after barely making my connection in Helsinki, literally running through the airport. My bag hadn't made it. I was tired, alone, emotional and if I'm honest, at an all-time low.
I felt like shit at that moment, but it was temporary and I had just enough sanity left to know that the feeling would pass. Just. But it always did pass and there'd be something else of a much more positive nature happen the very next day.
Let me begin by saying this: I didn't always get this right (far from it) and on multiple occasions I got blindsided by things I never saw coming (the circumstances under which HIBP ultimately didn't sell is a perfect example). But the basic premise is that before expressing my position on something, I'd consider the range of possible responses I'd receive. Let's say there were 3 of them; for each of those 3 possible responses I'd not only consider how I'd respond to each, but how each of my responses would then be received. Same again for how I'd respond to each of those and in my mind, I was drawing out a mental image of 3^3 different possible outcomes - which one did I want? It was an exercise that enabled me to look much further down the road and consider whether it aligned to an earlier point in this blog post - my big picture.
This requires time, practice and patience and as I said in the opening, I didn't always get this right. You can't always be aware of all the factors influencing third parties nor can you be aware of all the cards they hold, but without doubt, this way of approaching any negotiation is enormously valuable. It also forced me to empathise; how will other parties feel? What's the most natural reaction they'll then have?
In my mind, this is akin to a "choose your own adventure" book; at each crossroad there are different ways you can go. Each of those then has their own crossroad as do those ones too. Before making a decision at that first intersection, I want to know what the next 3 will look like.
Treat this less as a suggestion to consume alcohol and more as a representation of taking time out for yourself. For me, having a beer is something I associate with switching off from the everyday stresses. I very rarely drink alcohol when working (now coffee, that's another story!) and treat beer as an opportunity to "down tools" and relax.
I drank beer on my own in a pub:
Cheers! pic.twitter.com/vDZ1tKrXly— Troy Hunt (@troyhunt) September 24, 2019
I drank beer with friends:
I found new ways to request beer:
Merry X’mas! 🎄 pic.twitter.com/VsaslGOnAt— Troy Hunt (@troyhunt) December 24, 2019
The point is that I made a conscious effort most days to tune out and give my brain a rest. A good mate of mine is convinced meditation is an equal of beer in terms of helping him disengage from daily life and maybe he's right, I just don't have the patience for it (yet). Find your beer, whether it be actual beer or an activity which allows you to do what the process of going and having a cold one does for me.
From beer to physical wellbeing: I was trying to find a tweet to illustrate the point, and this one nails it:
At this time, I was now well into Project Svalbard, I'd separated from my wife and per the caption, I was preparing to deliver a keynote at Australia's premier security conference. When I first started to really feel the stress, I absolutely threw myself into exercise:
Gav is both my son Ari's and my own tennis coach. I literally said "Gav, book me in every day at the hottest possible time" and when the weekend came, I'd play with Ari as well. The standing commitment each day forced me to get out on the court and focus on something other than life's stresses.
Per the earlier image, I was also getting right into Poké Bowls which meant a lot of raw fish, brown rice and greens like edamame and seaweed. I'd order it on Uber Eats, it'd arrive at my door and IMHO, it's genuinely delicious. Physical health has a profound effect on your ability to perform mentally, particularly when you're under extreme stress. Exercise in particular has very well-documented benefits when it comes to depression, anxiety and stress.
Despite the emotional turmoil of recent times, I'm in great shape physically with a typical week including running, bike riding, tennis and wake boarding. I'm about to pass 3 months of closing all rings on the Apple watch every single day (amazing how much not travelling helps you do that!) and I can really see those benefits showing in the kids too when they share the activities with me.
In a tumultuous period like this, it's easy for routine to go out the window. Most people have some form of routine which establishes consistency in their life, for example going to work each day. A regular social commitment. A Sunday roast dinner. I spent 243 days travelling last year so consistency was near non-existent.
A saving grace has been my weekly update videos. Every single week, without fail, I've done the video. Sometimes they've been at the worst of times, needing to record and put my face in front of the world after feeling emotional / jet-lagged / broken (and a big shout out to those who commented to that effect!) But what those videos did was give me a small sliver of consistent predictability in life. During each week I'd take notes on content, pull myself together then sit down and record.
Same again for my blogging and drafting this one in particular was a big part of that. For the last 11 years, I've written about most of the things in my life that have been important. Writing transparently about what's going on in my life has become a part of my routine and indeed, a part of my identity. It feel "off brand", for want of a better term, when I don't.
As things have stabilised this year, I've been able to broaden those routines with regular tennis, time with my family and simply walking down to the beach most mornings:
A picture alone can’t show just how epicly beautiful it is here today ☀️ ☕️ 🐋 pic.twitter.com/Sp4QdRP8KK— Troy Hunt (@troyhunt) June 21, 2020
I snapped that pic last week after watching a humpback whale and her calf cruising by, probably just 50m offshore. It was a moment of reflection following a period of great turmoil; it's been both the highest of highs and lowest of lows. But now, being at home and finally having stability it's crystal clear: this is a routine that's going to stick around for the long term.
This was a heartfelt blog post about some momentous events in my life. By all means, please comment, share your experiences and ask questions but avoid topics related to my relationship. As much as I'm open about the emotions I went through and how I dealt with them, details of a personal nature are something that will remain that way. Thank you.
Netgear is releasing security patches to address ten vulnerabilities affecting nearly 80 of its products. Some of the vulnerabilities were discovered during the Pwn2Own Tokyo 2019 hacking contest and reported through the Zero Day Initiative (ZDI). The researchers earned a total of $25,000 for reporting them.
Netgear published the list of impacted products, it includes routers, mobile routers, modems, gateways and extenders. Some of the products have reached end of life (EOL), this means that the vendor will not release security updates the fix for these flaws.
Four of flaws have been rated high severity, they can be exploited by an unauthenticated attacker with network access to the vulnerable Netgear device to execute arbitrary code with admin or root privileges, and to bypass authentication.
ZDI reported the flaws to the vendor in November 2019, January and February 2020. Netgear asked ZDI to extend the public disclosure deadline for two times to have more time to address the flaws. Unfortunately the second time, ZDI did not accept the proposal to postpone the public disclosure of the issues and published a series of advisories.
“Multiple Netgear router models contain vulnerabilities that a remote attacker can exploit to take control of an affected device.” reads the CISA alert.
“The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to update to the most recent firmware version and to replace end-of-life devices that are no longer supported with security patches.”
The CERT/CC also published a security advisory related to one of the above vulnerabilities that can be exploited by an unauthenticated attacker to gain remote code execution with root privileges.
“Multiple Netgear devices contain a stack buffer overflow in the httpd web server’s handling of upgrade_check.cgi, which may allow for unauthenticated remote code execution with root privileges.” states the CERT/CC.
“This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability.” reads the advisory published by ZDI.
“The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.”
Netgear already released security updates for 28 devices.
(SecurityAffairs – hacking, Netgear)
The post Netgear is releasing fixes for ten issues affecting 79 products appeared first on Security Affairs.
What key challenges will the cybersecurity industry be dealing with in the next five years? Pete Herzog, Managing Director at ISECOM, is so sure that artificial intelligence could be the biggest security problem to solve and the biggest answer to the privacy problem that he cofounded a company, Urvin.ai, with an eclectic group of coders and scientists to explore this. AI (and machine learning with it) is like a naive child that trusts what you … More
The post Key cybersecurity industry challenges in the next five years appeared first on Help Net Security.
Organizations are embracing the power of Function-as-a-Service (FaaS). FaaS can be viewed as a very positive and beneficial result coming from years of data successfully migrating and operating in public clouds. AWS Lambda, Azure Functions and Google Cloud are today’s market leading platforms for enterprises to realize the power and benefits of FaaS. FaaS likely won’t replace all an enterprise’s IT functions in public clouds but leveraging FaaS for most of the stateless business operations … More
The post Using confidential computing to protect Function-as-a-Service data appeared first on Help Net Security.
While organizations have slowly improved in their ability to plan for, detect and respond to cyberattacks over the past five years, their ability to contain an attack has declined by 13% during this same period, IBM reveals. The global survey conducted by Ponemon Institute found that respondents’ security response efforts were hindered by the use of too many security tools, as well as a lack of specific playbooks for common attack types. Lack of security … More
The post Adopting more tools doesn’t necessarily improve security response efforts appeared first on Help Net Security.
In the first quarter of 2020, DDoS attacks rose more than 278% compared to Q1 2019 and more than 542% compared to the last quarter, according to Nexusguard. Working from home as the new norm Researchers attribute the sharp rise in incidents to malicious efforts during the COVID-19 pandemic, causing DDoS attacks to interrupt service for large companies and individuals alike. ISPs face increasing challenges to curb undetectable and abnormal traffic before they turn into … More
Organizations cannot afford to neglect their PCI compliance obligations. According to its website, PCI could punish offending organizations with a monetary penalty ranging in value from $5,000 to $100,000 per month. These fines could spell the end for a small business. Acknowledging those consequences, organizations need to make sure they’re PCI compliant. More than that, […]… Read More
The post A Checklist for Preparing for Your Organization’s Next PCI Audit appeared first on The State of Security.
TLS certificates act as machine identities, safeguarding the flow of sensitive data to trusted machines. With the acceleration of digital transformation, the number of machine identities is skyrocketing. At the same time, cybercriminals are targeting machine identities, including TLS keys and certificates, and their capabilities, such as the encrypted traffic they enable, to use in attacks, according to Venafi. The study evaluated the opinions of 550 CIOs from the United States, United Kingdom, France, Germany … More
The post CIOs are apprehensive about interruptions due to expired machine identities appeared first on Help Net Security.
There are growing concerns around the number of businesses vulnerable to cyberattacks due to hackers’ ability to bypass their Web Application Firewall (WAF), Neustar reveals. Cyberattacks bypass the WAF 49% of security professionals reported more than a quarter of attempts to sidestep their WAF protocols had been successful in the last 12 months. In addition, as many as four in ten respondents disclosed that 50% or more of attacks had managed to get around their … More
The post 40% of security pros say half of cyberattacks bypass their WAF appeared first on Help Net Security.
What are the brakes on a car designed to do? I have asked this question many times when speaking to customers or organizations who were dipping their toes into the audit space. Invariably, their answer was, “To stop the car.” At this point, I would then ask, “Then how do you get where you want […]… Read More
The post Understanding the Purpose of Security Controls and the Need for Compliance appeared first on The State of Security.
As the world grapples with the COVID-19 pandemic and ensuing economic crisis, businesses around the world are still planning to reopen their workplaces. To that end, workplace platform provider Envoy is announcing the open beta of its new product Envoy Protect, a mobile app and suite of tools that offers companies the ability to assess employee health, contact tracing, capacity management and eligibility to enter the workplace, access control within the workplace, and more. Designed … More
The post Envoy unveils open beta of Envoy Protect designed to safely bring employees back to the workplace appeared first on Help Net Security.
2020 has certainly been the year of the ‘new normal’. Our new life in which we stay home and socially distance has affected the way we work and learn but just as importantly, the way we celebrate!
Without a doubt, the video call saved the day while we all stayed home and socially distanced. Work meetings continued and learning at home still happened thanks to this wonderful technology. And while some people used video calls to remain in touch with family and friends, this remarkable technology also helped many people worldwide continue to celebrate life’s important milestones such as school and university graduations; weddings and, even the celebration of life at funerals.
One of my oldest friends has two daughters who have just virtually graduated from their high school and university. Before each occasion, the girls were sent their cap and gown and their graduation certificates via the post. On the day of each event, the girls donned their specially purchased dresses – which were purchased long before ‘lockdown’ (along with their cap and gown) – and participated in the ceremony via video call. Dressed to the 9’s, their immediate family also watched the ceremony and witnessed their daughter (and sister) officially graduate.
While there wasn’t perhaps the same sense of camaraderie as if their cohort had graduated together in person, the video call was definitely the next best thing. It allowed them to see their friends, receive the public accolades they both so deserved and, most importantly, it provided a sense of completion and closure that allowed them to start thinking about their next phase in life.
Within weeks of lockdown, the virtual wedding industry was well established. Companies such as Simply Eloped were offering virtual wedding packages that provided planning assistance, a virtual ceremony emcee, advice on acquiring a license and tech support. Specialised tech companies were also offering to coordinate weddings on video calling apps and manage guests on multiple devices.
And if you are getting married, of course you need photography so virtual photographers became a thing as did customised wedding backdrops providers and virtual live musicians to entertain your guests. If there was ever an example of an industry that mastered the art of pivoting, it was definitely the wedding industry!
Probably one of the hardest milestones to miss in person during lockdown was the celebration of life – the funeral. Around the world, many countries limited attendees at funerals to as low as 10 to ensure social distancing which meant live streaming the service became the next best option.
Specialised funeral live streaming companies such as OneRoom sprung up allowing family and friends the opportunity for a private farewell even if they couldn’t attend in person. While a funeral service is an important way to remember and celebrate the life of the recently deceased, it is also an important part of the grieving process. I have several friends who lost treasured family members during the lockdown period who were very comforted by having the option to have a copy of the live-streamed service which they could watch several times.
If there’s ever a time to be grateful for the power of technology (and video calls) it’s now! I just can’t imagine how we have all survived the isolation without being able to stay in touch and see the faces of family and friends! But just like every aspect of online life, video calling apps are fantastic when used sensibly but they do also carry some risks. Here are my top tips to ensure that you can safely celebrate life’s milestones online:
Whether it’s a wedding ceremony, baby shower, meeting with a virtual photographer or a funeral service, sharing links to video calls means you are essentially extending the invitation to anyone who gets their hands on the link. Not only does this compromise the privacy of everyone involved but video call ‘bombers’ have been known use threatening and intimidating language which could be very unsettling.
Some video calling apps allocate each user a PMI or personal meeting ID. Your PMI is basically one continuous meeting so anyone that has access to it can enter any of your future meetings or gatherings. Always generate a random meeting ID for any events where you don’t truly know your invitees.
Don’t forget that video calls can be recorded. Even though a video call may feel like real life – it is not! So, if you are celebrating hard at your friend’s wedding, be mindful that your ‘high-energy’ behaviour may be recorded on camera!!
While ‘lockdown life’ may almost be over for some of us, many experts believe ‘social distancing’ will be a way of life for some time. So, if you have an important celebration on your radar, don’t despair – a well-planned virtual celebration can definitely be worthwhile and will be a great story to pass down to future generations!
Happy Virtual Celebrating!
The post How to Keep Your Celebrations Happening – Virtually & Safely! appeared first on McAfee Blogs.
BehavioSec is positioned for strong growth as post-pandemic mobile shifts and evolving cyber threats highlight greater demand for deep authentication and anti-fraud capabilities delivering increased trust without breaking the user experience. With contactless, mobile-optimized shopping, financial services and business productivity on the rise, organizations are rethinking how to verify online identities with greater accuracy and lower friction, as chronic abuse of stolen passwords and other credentials persists. BehavioSec’s intuitive behavioral biometrics technology meets enhanced authentication … More
The post BehavioSec meets enhanced authentication demands by delivering zero trust safeguards appeared first on Help Net Security.
Segra, one of the largest fiber infrastructure network companies in the Eastern U.S., announced the launch of a new enterprise-grade remote office service – Segra’s Remote Office LAN. Rapidly changing workforce dynamics have led to increased reliance on remote workers and third-party networks by both employers and employees, leaving corporate infrastructure connectivity in the hands of the public internet. According to a recent report from Gartner, 74% of CFOs intend to shift a portion of … More
The post Segra’s Remote Office LAN enables in-office, enterprise-grade experience for remote workers appeared first on Help Net Security.
NETGEAR is introducing the next WiFi 6 member of the Orbi Mesh WiFi family, NETGEAR Orbi WiFi 6 AX4200 Tri-band Mesh Systems (RBK752/753). Joining the flagship Orbi WiFi 6 AX6000 Tri-band Mesh System (RBK852), this new Orbi Mesh System, with its attractive price point, is designed to make robust whole home WiFi 6 mesh accessible to more households around the globe. While accelerating the transition to the latest in WiFi technology, the new Orbi Tri-band … More
The post NETGEAR’s new Orbi Mesh System is designed to deliver whole home WiFi 6 mesh to more households appeared first on Help Net Security.
Attivo Networks announced new capabilities to its Endpoint Detection Net (EDN) solution that improve file protection against human-operated ransomware by concealing and denying access to production mapped shares, cloud storage, and selected files or folders. By hiding this information, the EDN solution limits the malware’s choice to engage only with the decoy environment and dramatically reduces the risk of a successful data compromise. Many organizations continue to struggle with the cost and impact of widespread … More
The post Attivo Networks’ enhanced EDN solution prevents attackers from seeing or exploiting production data appeared first on Help Net Security.
Aviatrix, the cloud network platform, announced the sixth major release of its software designed for enterprises transforming their IT infrastructure to public cloud. These new advancements in transit networking, security and operations enable cloud networking teams to leverage centralized intelligence for optimizing network availability, enforce common security policies across multiple clouds, and reduce operational overhead using modern infrastructure automation. “In our journey to the cloud we have three pillars we always consider when evaluating infrastructure … More
The post Aviatrix 6.0: Helping enterprises transform their IT infrastructure to public cloud appeared first on Help Net Security.
As organizations navigate through complex digital transformation (DX) initiatives, the ability to deliver a positive customer experience is vital to success. The underlying digital applications, and the ability to monitor their usage, play a central role in managing the performance of mission-critical operations and securing the network. In a significant milestone in the support of DX, Gigamon announces that the GigaVUE Cloud Suite for VMware has obtained VMware Ready certification. This milestone demonstrates delivery of … More
The post Gigamon solution achieves VMWare Ready certification appeared first on Help Net Security.
CI Security announced a set of unique partnership integrations with leading Internet of Things (IoT) and Internet of Medical Things (IoMT) security vendors Ordr, Medigate, and Cylera, combining device security and visibility with 24×7 Critical Insight MDR. Connected medical devices (IoT/IoMT) create a unique challenge for healthcare organizations. In hospitals, security risks can translate into patient risks, and while IT security teams are increasingly focused on addressing these risks, they often lack visibility into the … More
eSentire announces its ninth consecutive quarter of year-over-year growth, sustained by its industry-defining, cloud-native Atlas platform. Atlas delivered 100-percent service availability while elastically scaling in real-time to handle 10x data ingestion volume spikes across cloud and on-premises ecosystems. Company maintains customer satisfaction scores and retention rates eSentire continues to take market share with nearly 100-percent growth, outpacing industry trends by more than four times. During a time of global crisis and rapid shift to highly … More
The post eSentire announces quarter of year-over-year growth sustained by its cloud-native Atlas platform appeared first on Help Net Security.
As our world continues to evolve, we have been forced to adapt accordingly. Navigating change can be difficult for many, so here are useful tips McAfee team members have been using to improve productivity, stay healthy and help customers stay digitally secure during the pandemic.
Applying simple hacks to your routine and environment can help you stay productive. Create a workspace separate from your living space if you can. One tip is to get ready and get dressed as if you were going to the office. You’ll be prepared for that video conference when you feel put together. Recreating the “comforts of office” at home with accessories like a good mouse/keyboard set, external monitor, chair and even an office plant can go a long way. When you’re done for the day, close your laptop to reinforce the separation between work and your personal life.
While some can seamlessly continue normal workday hours, many need to juggle between being a home school principal and master chef de cuisine before being able to look at emails. Try to find a balanced routine that works for your needs—and don’t be afraid to change it.
Many athletic and health companies have brought their classes and routines online for free so people can stay active. The exercises range in intensity and function so you can easily find something that works for you. Whether you prefer a heart-racing, 20-minute HIIT cardio workout, or a decompressing 40-minute yoga session (or both, depending on what the day brings!), there are plenty of options for staying active indoors. These exercises can also be a family bonding activity to stay active together. Additionally, meditation apps have started offering free services to help improve mental wellbeing.
Experimenting in the kitchen may also inspire some creative, healthy cooking. With many restaurants expanding to pickup and delivery models, now is a great time to support local businesses and to try that place you’ve previously set your sights on.
Be sure to stay in touch with your community, friends and family. Check up on others via text, call, or video to see how they’re doing and spend virtual time together. This applies equally to teammates. Encouraging remote lunches and social hours helps everyone stay connected and motivated.
As you’re spending more time online, and possibly seeing more devices connected to your network, it’s a good idea to re-evaluate your home’s digital privacy and security. For starters, consider strengthening your network and internet passwords. Talk to your kids about cybercrime to make sure they remember to practice digital hygiene as they connect online for classes and socialize with friends.
As our external environment changes, so too does the digital threat landscape. When in doubt, connect to a VPN to help keep your personal data and financial transactions safe from prying eyes. Consider using a safe browser extension to help identify illegitimate websites, especially when shopping for supplies or staying up to date on the news. Pairing security tools with best practices can help keep you and your family safer online.
There is no shortage of indoor entertainment options, including video games, online board games and TV shows. Even some museums and zoos have made tours available online. Picking up a new hobby, book or new language could be a great way to keep your mind active. Above all, we encourage you to take care of yourself and your family.
Building hobbies and leisurely activities into your daily routine can help bring structure to your routine. Here is how our team member, Lily, is finding balance while working to keep you safe online:
“Transitioning to working from home full-time has taught me the need to establish a routine and stick to it—to ensure I’m exercising, setting work hours and taking breaks. Trying to establish a routine during the first couple of weeks was a challenge at first, but now I feel more balanced. Another good tip is to always keep healthy snacks and water at your work station!”
Want to work for a company that values employee wellbeing and helps you reach greater heights? Check out McAfee’s latest opportunities.
The post Best Practices for Adapting to a Remote Work Lifestyle appeared first on McAfee Blogs.
IOTAS, a provider of smart property solutions, including Prospect Tour, a self-guided touring feature that makes it easier and safer to show and fill vacant units, and its Board of Directors announced that Laura Lang, the former CEO of Time and Digitas, will be joining the IOTAS Board. Lang is the Founder and Managing Director of Narragansett Ventures and an Advisor to LCatterton. Upon her election, Lang shared the following: “IOTAS has an exciting product … More