Monthly Archives: April 2019

Behind the Screens: An Interview with Trystan Orr

Trystan OrrCybersecurity is best approached holistically—by combining human, physical, and technical efforts together to mitigate threats. But how exactly does the human element play a role?  To grasp just how humans and psychology are central to the cybersecurity industry, we spoke to our very own Security Operations Center Analyst, Trystan Orr.

Q:  How did you first become interested in cybersecurity?

A:  I’ve been interested in technology since I was very young—I was introduced to computers and video games early.  But there was no particular turning point that got me into cybersecurity; it was more of a slow realization.  I took a couple of coding courses in high school and really liked them.  Then, in college, I took a security class and received my Security+ certification.  I really enjoyed just how pervasive security is: in anything you do, you have to consider security.

“At the same time, I started to notice a strong correlation between psychology and security. It’s about the way humans interact with the technology, and that’s why cybersecurity hit a note with me.  Humans can be your greatest risk- and your greatest strength.”

Q:  How do you apply your understanding of psychology to your job as a security analyst?

A:  One of the key parts of my job as an analyst is thinking of the business need that accompanies security initiatives.  For example, when a security alert is triggered, you have to think about the people behind the screens that triggered the alert.  This is where psychology comes in.  Once you have an understanding of who they are and what they’re doing in their day-to-day, you can respond to the alert.  You don’t want to suggest something that slows down the business, or stops the user from doing what they need to do.

Understanding the user, the human, allows us to offer these custom solutions.

Q:  Looking ahead a few years, what do you predict will be the next big change in the industry?

A:  Awareness.  I think people are becoming more aware of security, which is exciting to see.  For instance, users are becoming more aware of phishing and the importance of reporting potential phishing emails.

“I think part of this increased awareness is a shift from thinking of cybersecurity as a purely technological problem, to a human problem as well.  Users are starting to see the role they play in cybersecurity.” 

Q:  What do you see as the value of encouraging women to enter the industry?

A:  I think including more women in the industry brings different viewpoints that are valuable in discussion and problem-solving. It’s becoming much more apparent that you have to have different people and different personalities to be effective. If you have a different viewpoint, you also have different experiences backing up that viewpoint.

This is especially important in security; you have to be able to have open discussions about how certain security measures affect the user’s risk and productivity.  The goal is to understand what’s best for the user in order to offer the best solution.  This is best achieved when a variety of different viewpoints are brought to the table.

Q:  What advice do you have for anyone interested in entering the cybersecurity industry?

A:  When I first started in the industry as an intern, I didn’t have a security background.  I understood what was going on, but there was a lot I didn’t know. I realized that you must be completely unafraid to ask questions—before you start a new job or internship, and then throughout the entire time you’re there.

There’s a lot you can learn on your own too.  If you are even a little interested, you don’t have to pay loads of money to learn more about the industry.  Always be motivated and open to new ways you can learn.

To hear from more inspiring women in cybersecurity, check out our series.

The post Behind the Screens: An Interview with Trystan Orr appeared first on GRA Quantum.

How Business can address the Security Concerns of Online Shoppers

It’s no secret that cybersecurity is an epidemic problem that affects online businesses on a global scale. E-commerce businesses are especially affected by data breaches because it weakens the consumer’s trust in online businesses to protect their personal data. In response to the growing number of breaches, governments and enterprises alike are stepping up to the plate to provide sustainable solutions to the problem.

The UK is aiming to become a world leader in cybersecurity by investing a substantial amount of money (to the tune of £70 million) in the Industrial Strategy Challenge Fund. The fund represents the government’s commitment to increase funding in research and development by £4.7 billion over a four year period. One of the primary goals of the investment will be to supply the industry with the money necessary to design and develop state-of-the-art hardware that’s more secure and resilient to common cyber threats.

The logic stems from the fact that cybercriminals are constantly finding new ways to exploit current technology, so the best way to combat future attacks is to design chips and hardware with stronger security features built into them to outpace cyber threats. However, this means businesses will have to invest in new IT systems as it rolls out to keep their security measures up to par.

For the time being, online business owners need to do everything in their power to address the privacy concerns of their users. In some cases, this might mean investing in more secure and modern e-commerce platforms that offer security features, such as TLS (still commonly known as SSL) protection and security software to protect against malware attacks, or simply generating new, strong admin passwords on a regular basis.

The fact is, there is no way to provide customers with a 100% guarantee their personal data is safe, but there are actions webmasters and companies can do to make their websites a lot safer to use by their customers. To help you learn more about how you can secure your site from cyber threats, Wikibuy has laid out 15 steps in the infographic below.


How Business Owners Can Address Online Shopping Concerns

Top Cybersecurity Concerns with Huawei 5G Dominance

The Internet of Things (IoT) is creating a need to progress cellular capabilities to provide necessary support to currently 14 billion IoT devices connected globally and growing to between 20 and 50 billion devices by 2020 (Gartner and Cisco). This includes current mobile devices, computers, smart speakers and televisions, and will include more items like digital locks, security cameras, vehicles, and household appliances. Currently, the IPv4 address space is sparse and the Internet Engineering Task Force (IETF) ratified IPv6 as an Internet Standard in July 2017. The growth of connected devices requires a larger IP scheme and network infrastructure that supports the connectivity of billions of devices at high speeds.

The next iteration for robust infrastructure is 5G, providing bandwidth up to 20 gigabits per second.  This will be implemented this year, but a complete transition will take many years, which Huawei, a Chinese Corporation, is currently leading in technology. Huawei is the second largest provider of cellular phones worldwide and the largest manufacturer of network equipment.

The U.S. Government has taken a decided stance to block the use of Huawei in the United States, filing a complaint that bans all government agencies from engaging in purchasing from Huawei and bars third parties who use the company’s equipment (BBC). Huawei is currently suing the United States because of the ban. The U.S. is not the only country taking a cautious stance with Huawei, however. They’re joined by Germany, Great Britain, Australia, Canada, and Japan, all of which are citing major security concerns with the company (MIT Technology Review).

Security Concerns with Huawei dominating the 5G space:

1.  Security Vulnerabilities in Reconfiguring Networks

The first concern is that newer 5G network equipment is almost entirely software and constantly reconfigures, challenging security agencies, who examine equipment and software for vulnerabilities and security flaws or backdoors (FreshAir). When an organization is unable to identify weaknesses in devices with constantly changing software, it becomes impossible to implement security controls to limit vulnerabilities to an acceptable level, making an organization’s or state’s data accessible.

2.  Espionage & Interference

The second concern is the possibility of China using Huawei to conduct espionage or disrupt communications. A seven-month investigation into China’s Intellectual Property (IP) theft, led by the United States Trade Representative, estimates Chinese theft of American IP has cost the U.S. between $225 billion to $600 billion annually (CNN).

China has also used the Internet to enable rampant government oppression within their borders and is now focusing on other countries and foreign businesses. China is blocking and changing data, both coming into the country and going out of the country, using what Weaver, a network security expert at the International Computer Science Institute, has coined the Great Cannon (MIT Technology Review).

It is also concerning that China will likely continue to use the Internet to control narratives, as they did when Marriott listed Tibet and Hong Kong as separate countries from China, forcing an apology from the hotel chain. Chinese officials are also going after other companies that “misidentify” Taiwan (MIT Technology Review).

3.  Foreign Nation-State Controlled Networks

The third concern, and biggest security concern for the United States, is the vastness of a network controlled by a foreign company and potentially adversarial government. As Sanger (2019) reports, “classified intelligence reports from the U.S. have warned that China would one day use Huawei to penetrate American networks for cyber-espionage or cyberattacks.” Chinese private industry and the State are tightly tied with companies being answerable to the government. Current Chinese laws state that any Chinese telecom companies would have to participate in Chinese intelligence operations (BBC).

If Huawei controls the 5G network infrastructure, the company and the Chinese government have a tremendous advantage to collect, disseminate, and control data and critical infrastructure. With IoT expanding the attack surface it is important for countries and companies to advance their security.

Because of the persistent threat environment, companies require an adaptive security program.  Hiring a Managed Security Service Provider (MSSP) to implement a security solution would help U.S. companies prepare for current and future threats by monitoring, analyzing, encrypting, and assisting in security strategies against adversarial entities.

The post Top Cybersecurity Concerns with Huawei 5G Dominance appeared first on GRA Quantum.

Third Party Security Risks to Consider and Manage

Guest article by Josh Lefkowitz, CEO of Flashpoint
 
Acceptable business risks must be managed, and none more so than those associated with external vendors who often have intimate access to infrastructure or business data. As we’ve seen with numerous breaches where attackers were able to leverage a weaknesses a contractor or service provider, third-party risk must be assessed and mitigated during the early stages of such a partnership, as well as throughout the relationship.
 
The following tips can help security decision makers more effectively address the risks posed by relationships with technology vendors.
 
Do Your Homework
Conducting thorough due diligence on a prospective vendor is essential. Organisations could evaluate technical and regulatory risk through due diligence questionnaires, for example, or even on-site visits if necessary. The point is to evaluate not only a third party’s information security risk, but compliance with regulations such as GDPR for privacy and PCI DSS for payment card security, for example. An organisation may also want to evaluate a third party’s adherence to industry standards such as NIST or ISO in certain security- and privacy-related areas.
 
Next, consider what this compliance information doesn’t tell you. What do you still need to learn about the vendor’s security posture before deciding whether you’re comfortable with it? Think about what questions you still have and, if possible, seek answers from the vendor’s appropriate security contact. Here are some questions to pose: 
When was your last penetration test? Is your remediation on schedule?
  • Have you documented security incidents? How did you remediate those incidents?
  • Do you have the result of your last business continuity test? If yes, can you share it?
  • What security controls exist for your users? Do they use multifactor authentication, etc.?
  • How are you maturing your security program?
  • Are you ISO, SOC 1/SOC 2, and NIST Compliant, and is there documentation to support this? 
Additional Security: It’s All in the Controls
If you’re unsatisfied with the answers from a potential partner regarding their security, it’s OK to walk away, especially if you make the determination that working with the vendor may not be critical to your business.  

That’s not always the case, however. If you must partner with a particular third party and if no other reputable vendors offer anything comparable, you will likely need to implement additional technical and/or policy controls to mitigate the security risks associated with your business’s use of the offering, such as:
 
Technical
These are typically restrictions on the access and/or technical integrations of vendor offerings. For example, if a product is web-based but unencrypted, consider blocking users on your network from accessing its website; provided the proper authentication is in place, use its API instead. In most cases, there are two options, remediation or compensating controls:
  • Remediation: Can you work with the vendor to remediate the technical risk?
  • Compensating controls: If you cannot remediate the risks entirely, can you establish technical compensating controls to minimise or deflect the risk?
Policy
These are policies that users of the offering should follow, such as limits on the types and amounts of data that can be input securely. Some typical policy scenarios include:
  • Regulatory compliance: For example, a vendor’s non-compliance could mandate you walk away from a third-party relationship.
  • Contractual obligations: Are there contractual obligations in place with your existing clients that prevent you from working vendors who don’t meet certain security and privacy standards?
  • Security best practices: Ensure your policies around risk are enforced and determine whether they may conflict with your vendors’ policies.
Asset Inventory is a Must
There are several reasons why it’s imperative to know which of your business’s assets the vendor will be able to store and/or access. For one, this knowledge can help identify and shape any additional security controls. Second, having this knowledge on hand is crucial should the vendor suffer a breach. Knowing exactly what assets were impacted, as well as who is doing what with your inventory, can expedite your response and identify and mitigate any exposure efficiently and effectively.
 
Response Plans Must Include Partners
Before finalising a vendor relationship, it’s crucial to use all the information gathered during your due diligence process to construct a response plan in preparation for any future incidents the vendor might experience. Tracking the assets to which your vendor has access is one component of an effective response plan. Others include courses of action to mitigate exposure, disclosure and notification procedures, external communications strategies, and plans to re-evaluate the vendor’s security and remediation following an incident.
 
The most effective way to manage vendor risk is not to work with any external vendors in the first place, which isn’t a feasible strategy. The most secure and successful vendor relationships are rooted in preparation and transparency. Thoroughly understanding all facets of a vendor’s security program, implementing additional controls as needed to appropriately safeguard your business’s assets, and being prepared to respond to future incidents can go a long way toward reducing business risks associated with any vendor relationship.
Josh Lefkowitz, CEO of Flashpoint

You Can Now Get This Award-Winning VPN For Just $1/month

If you use the internet (which you clearly do), you likely know how important it is to protect your data in an increasingly dangerous cyber environment. But like other essential tasks that tend to be tedious (like filing taxes early and brushing your teeth for the full two minutes), most installing and running a VPN can sound unappealing to many: sure, they encrypt your internet traffic and hide your location — but they can also run frustratingly slowly, delaying the way you’d usually use the internet for entertainment and work.

That’s where Ivacy VPN is different: not only will the speedy service let you browse and stream lag-free, it also offers real-time threat detection technology, removing malware and viruses at the server level. It ensures that all your downloads and devices stay totally secure, so you can stay safe online without being inconvenienced.

To read this article in full, please click here

Cyber Security: Three Parts Art, One Part Science

As I reflect upon my almost 40 years as a cyber security professional, I think of the many instances where the basic tenets of cyber security—those we think have common understanding—require a lot of additional explanation. For example, what is a vulnerability assessment? If five cyber professionals are sitting around a table discussing this question, you will end up with seven or eight answers. One will say that a vulnerability assessment is vulnerability scanning only. Another will say an assessment is much bigger than scanning, and addresses ethical hacking and internal security testing. Another will say that it is a passive review of policies and controls. All are correct in some form, but the answer really depends on the requirements or criteria you are trying to achieve. And it also depends on the skills and experience of the risk owner, auditor, or assessor. Is your head spinning yet? I know mine is! Hence the “three parts art.”

There is quite a bit of subjectivity in the cyber security business. One auditor will look at evidence and agree you are in compliance; another will say you are not. If you are going to protect sensitive information, do you encrypt it, obfuscate it, or segment it off and place it behind very tight identification and access controls before allowing users to access the data? Yes. As we advise our client base, it is essential that we have all the context necessary to make good risk-based decisions and recommendations.

Let’s talk about Connection’s artistic methodology. We start with a canvas that has the core components of cyber security: protection, detection, and reaction. By addressing each of these three pillars in a comprehensive way, we ensure that the full conversation around how people, process, and technology all work together to provide a comprehensive risk strategy is achieved.

Protection:

People
Users understand threat and risk, and know what role they play in the protection strategy. For example, if you see something, say something. Don’t let someone surf in behind you through a badge check entry. And don’t think about trying to shut off your end-point anti-virus or firewall.

Process
Policy are established, documented, and socialized. For example, personal laptops should never be connected to the corporate network. Also, don’t send sensitive information to your personal email account so you can work from home.

Technology
Some examples of the barriers used to deter attackers and breaches are edge security with firewalls, intrusion detection and prevention, sandboxing, and advanced threat detection.

Detection:

The average mean time to identify an active incident in a network is 197 days. The mean time to contain an incident is 69 days.

People
Incident response teams need to be identified and trained, and all employees need to be trained on the concept of “if you see something, say something.” Detection is a proactive process.

Process
What happens when an alert occurs? Who sees it? What is the documented process for taking action?

Technology
What is in place to ensure you are detecting malicious activity? Is it configured to ignore noise and only alert you of a real event? Will it help you bring that 197-day mean time to detection way down?

Reaction:

People
What happens when an event occurs? Who responds? How do you recover? Does everyone understand their role? Do you War Game to ensure you are prepared WHEN an incident occurs?

Process
What is the documented process to reduce the Kill Chain—the mean time to detect and contain—from 69 days to 69 minutes? Do you have a Business Continuity and Disaster Recovery Plan to ensure the ability to react to a natural disaster, significant cyber breach such as ransomware, DDoS, or—dare I say it—a pandemic?

Technology
What cyber security consoles have been deployed that allow quick access to patch a system, change a firewall rule, switch ACL, or policy setting at an end point, or track a security incident through the triage process?

All of these things are important to create a comprehensive InfoSec Program. The science is the technology that will help you build a layered, in-depth defense approach. The art is how to assess the threat, define and document the risk, and create a strategy that allows you to manage your cyber risk as it applies to your environment, users, systems, applications, data, customers, supply chain, third party support partners, and business process.

More Art: Are You a Risk Avoider or Risk Transference Expert?

A better way to state that is, “Do you avoid all risk responsibility or do you give your risk responsibility to someone else?” Hint: I don’t believe in risk avoidance or risk transference.

Yes, there is an art to risk management. There is also science if you use, for example, The Carnegie Mellon risk tools. But a good risk owner and manager documents risk, prioritizes it by risk criticality, turns it into a risk register or roadmap plan, remediates what is necessary, and accepts what is reasonable from a business and cyber security perspective. Oh, by the way, those same five cyber security professional we talked about earlier? They have 17 definitions of risk.

As we wrap up this conversation, let’s talk about the importance of selecting a risk framework. It’s kind of like going to a baseball game and recognizing the program helps you know the players and the stats. What framework will you pick? Do you paint in watercolors or oils? Are you a National Institute of Standards (NIST) artist, an Internal Standards Organization artist, or have you developed your own framework like the Nardone puzzle chart? I developed this several years ago when I was the CTO/CSO of the Commonwealth of Massachusetts. It has been artistically enhanced over the years to incorporate more security components, but it is loosely coupled on the NIST 800-53 and ISO 27001 standards.

When it comes to selecting a security framework as a CISO, I lean towards the NIST Cyber Security Framework (CSF) pictured below. This framework is comprehensive, and provides a scoring model that allows risk owners to measure and target what risk level they believe they need to achieve based on their business model, threat profile, and risk tolerance. It has five functional focus areas. The ISO 27001 framework is also a very solid and frequently used model. Both of these frameworks can result in a Certificate of Attestation demonstrating adherence to the standard. Many commercial corporations do an annual ISO 27001 assessment for that very reason. More and more are leaning towards the NIST CSF, especially commercial corporations doing work with the government.

The art in cyber security is in the interpretation of the rules, standards, and requirements that are primarily based on a foundation in science in some form. The more experience one has in the cyber security industry, the more effective the art becomes. As a last thought, keep in mind that Connection’s Technology Solutions Group Security Practice has over 150 years of cyber security expertise on tap to apply to that art.

The post Cyber Security: Three Parts Art, One Part Science appeared first on Connected.

Troubleshooting NSM Virtualization Problems with Linux and VirtualBox

I spent a chunk of the day troubleshooting a network security monitoring (NSM) problem. I thought I would share the problem and my investigation in the hopes that it might help others. The specifics are probably less important than the general approach.

It began with ja3. You may know ja3 as a set of Zeek scripts developed by the Salesforce engineering team to profile client and server TLS parameters.

I was reviewing Zeek logs captured by my Corelight appliance and by one of my lab sensors running Security Onion. I had coverage of the same endpoint in both sensors.

I noticed that the SO Zeek logs did not have ja3 hashes in the ssl.log entries. Both sensors did have ja3s hashes. My first thought was that SO was misconfigured somehow to not record ja3 hashes. I quickly dismissed that, because it made no sense. Besides, verifying that intution required me to start troubleshooting near the top of the software stack.

I decided to start at the bottom, or close to the bottom. I had a sinking suspicion that, for some reason, Zeek was only seeing traffic sent from remote systems, and not traffic originating from my network. That would account for the creation of ja3s hashes, for traffic sent by remote systems, but not ja3 hashes, as Zeek was not seeing traffic sent by local clients.

I was running SO in VirtualBox 6.0.4 on Ubuntu 18.04. I started sniffing TCP network traffic on the SO monitoring interface using Tcpdump. As I feared, it didn't look right. I ran a new capture with filters for ICMP and a remote IP address. On another system I tried pinging the remote IP address. Sure enough, I only saw ICMP echo replies, and no ICMP echoes. Oddly, I also saw doubles and triples of some of the ICMP echo replies. That worried me, because unpredictable behavior like that could indicate some sort of software problem.

My next step was to "get under" the VM guest and determine if the VM host could see traffic properly. I ran Tcpdump on the Ubuntu 18.04 host on the monitoring interface and repeated my ICMP tests. It saw everything properly. That meant I did not need to bother checking the switch span port that was feeding traffic to the VirtualBox system.

It seemed I had a problem somewhere between the VM host and guest. On the same VM host I was also running an instance of RockNSM. I ran my ICMP tests on the RockNSM VM and, sadly, I got the same one-sided traffic as seen on SO.

Now I was worried. If the problem had only been present in SO, then I could fix SO. If the problem is present in both SO and RockNSM, then the problem had to be with VirtualBox -- and I might not be able to fix it.

I reviewed my configurations in VirtualBox, ensuring that the "Promiscuous Mode" under the Advanced options was set to "Allow All". At this point I worried that there was a bug in VirtualBox. I did some Google searches and reviewed some forum posts, but I did not see anyone reporting issues with sniffing traffic inside VMs. Still, my use case might have been weird enough to not have been reported.

I decided to try a different approach. I wondered if running VirtualBox with elevated privileges might make a difference. I did not want to take ownership of my user VMs, so I decided to install a new VM and run it with elevated privileges.

Let me stop here to note that I am breaking one of the rules of troubleshooting. I'm introducing two new variables, when I should have introduced only one. I should have built a new VM but run it with the same user privileges with which I was running the existing VMs.

I decided to install a minimal edition of Ubuntu 9, with VirtualBox running via sudo. When I started the VM and sniffed traffic on the monitoring port, lo and behold, my ICMP tests revealed both sides of the traffic as I had hoped. Unfortunately, from this I erroneously concluded that running VirtualBox with elevated privileges was the answer to my problems.

I took ownership of the SO VM in my elevated VirtualBox session, started it, and performed my ICMP tests. Womp womp. Still broken.

I realized I needed to separate the two variables that I had entangled, so I stopped VirtualBox, and changed ownership of the Debian 9 VM to my user account. I then ran VirtualBox with user privileges, started the Debian 9 VM, and ran my ICMP tests. Success again! Apparently elevated privileges had nothing to do with my problem.

By now I was glad I had not posted anything to any user forums describing my problem and asking for help. There was something about the monitoring interface configurations in both SO and RockNSM that resulted in the inability to see both sides of traffic (and avoid weird doubles and triples).

I started my SO VM again and looked at the script that configured the interfaces. I commented out all the entries below the management interface as shown below.

$ cat /etc/network/interfaces

# This configuration was created by the Security Onion setup script.
#
# The original network interface configuration file was backed up to:
# /etc/network/interfaces.bak.
#
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# loopback network interface
auto lo
iface lo inet loopback

# Management network interface
auto enp0s3
iface enp0s3 inet static
  address 192.168.40.76
  gateway 192.168.40.1
  netmask 255.255.255.0
  dns-nameservers 192.168.40.1
  dns-domain localdomain

#auto enp0s8
#iface enp0s8 inet manual
#  up ip link set $IFACE promisc on arp off up
#  down ip link set $IFACE promisc off down
#  post-up ethtool -G $IFACE rx 4096; for i in rx tx sg tso ufo gso gro lro; do ethtool -K $IFACE $i off; done
#  post-up echo 1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6

#auto enp0s9
#iface enp0s9 inet manual
#  up ip link set $IFACE promisc on arp off up
#  down ip link set $IFACE promisc off down
#  post-up ethtool -G $IFACE rx 4096; for i in rx tx sg tso ufo gso gro lro; do ethtool -K $IFACE $i off; done
#  post-up echo 1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6

I rebooted the system and brought the enp0s8 interface up manually using this command:

$ sudo ip link set enp0s8 promisc on arp off up

Fingers crossed, I ran my ICMP sniffing tests, and voila, I saw what I needed -- traffic in both directions, without doubles or triples no less.

So, there appears to be some sort of problem with the way SO and RockNSM set parameters for their monitoring interfaces, at least as far as they interact with VirtualBox 6.0.4 on Ubuntu 18.04. You can see in the network script that SO disables a bunch of NIC options. I imagine one or more of them is the culprit, but I didn't have time to work through them individually.

I tried taking a look at the network script in RockNSM, but it runs CentOS, and I'll be darned if I can't figure out where to look. I'm sure it's there somewhere, but I didn't have the time to figure out where.

The moral of the story is that I should have immediately checked after installation that both SO and RockNSM were seeing both sides of the traffic I expected them to see. I had taken that for granted for many previous deployments, but something broke recently and I don't know exactly what. My workaround will hopefully hold for now, but I need to take a closer look at the NIC options because I may have introduced another fault.

A second moral is to be careful of changing two or more variables when troubleshooting. When you do that you might fix a problem, but not know what change fixed the issue.

12 ways IT can create business value in 2019

With technology today’s fuel for business transformation, IT leaders are increasingly seen as key players in companies’ quests to bolster their bottom lines. But with so many new technologies and management approaches emerging, where should IT leaders put their focus?

We asked a range of tech leads what they’re planning this year and how those initiatives can best be approached to add value to their organizations, based on business priorities. Some involve embracing emerging technologies for improved workflows and products; others involve new approaches to how work gets done.   

Here’s what tech leaders think should be top of mind for creating value in 2019.

To read this article in full, please click here

Cyber Security Roundup for March 2019

The potential threat posed by Huawei to the UK national infrastructure continues to be played out. GCHQ called for a ban on Huawei technology within UK critical networks, such as 5G networks, while Three said a Huawei ban would delay the UK 5G rollout, and the EU ignored the US calls to ban Huawei in 5G rollouts, while promoting the EU Cybersecurity certification scheme to counter the Chinese IT threat, which is all rather confusing.  Meanwhile, Microsoft Researchers found an NSA-style Backdoor in Huawei Laptops, which was reported to Huawei by Microsoft, leading to the flaw being patched in January 2019.
A serious security flaw placed Royal Bank of Scotland (RBS) customers at risk. The vulnerability was discovered by PenTest Partners in the bank provided 'Heimdal Thor', security software, which was meant to protect NatWest customers from cyber-attacks but actually permitted remote injection commands at the customer's endpoint. PenTest Partners said "We were able to gain access to a victim's computer very easily. Attackers could have had complete control of that person's emails, internet history and bank details. To do this we had to intercept the user's internet traffic but that is quite simple to do when you consider the unsecured public wi-fi out there, and it's often all too easy to compromise home wi-fi setups.
 
Facebook made negative security headlines yet against after they disclosed that 20,000 of their employees had access to hundreds of millions of their user account passwords for years.

One of the world’s biggest aluminium producers, 
Norsk Hydrosuffered production outages after a ransomware outbreak impacted its European and US operations.  Damages from ransomware attack on Norsk Hydro reach as high as $40M.

Citrix disclosed a security breach of its internal network may have compromised 6Tb of sensitive data. The FBI had told Citrix that international cyber criminals had likely gained access to its internal network. Citrix said in a statement it had taken action to contain the breach, “We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI”.  According to security firm Resecurity, the attacks were perpetrated by Iranian-linked group known as IRIDIUM.

Credit monitoring Equifax admitted in a report it didn't follow its own patching schedule, neglecting to patch Apache Struts which led to a major 2017 breach which impacted 145 million people.  The report also said Equifax delayed alerting their customers for 6 weeks after detecting the breach.

ASUS computers had backdoors added through its software update system, in an attack coined “ShadowHammer”. Kaspersky researchers estimated malware was distributed to nearly a million people, although the cybercriminals appeared to have only targeted 600 specific devices. Asus patched the vulnerability but questions still remain.


The top 10 biggest breaches of 2018 according to 4iQ were:
  1. Anti-Public Combo Collections – (Hacked) Sanixer Collection #1-6, 1.8 billion unique email addresses.
  2. Aadhaar, India – (Open third party device) 1.1 billion people affected
  3. Marriott Starwood Hotels – (Hacked) 500 million guests PII
  4. Exactis – (Open device) 340 million people and businesses.
  5. HuaZhu Group – (Accidental Exposure) 240 million records
  6. Apollo – (Open device) 150 million app users.
  7. Quora – (Hacked) 100 million users.
  8. Google+ – (API Glitch) 52.2 million users.
  9. Chegg – (Hacked) 40 million accounts 
  10. Cathay Pacific Airways (Targeted attack) 9.4 million passengers.
Barracuda Networks reported the top 12 phishing email subject lines, after they analysed 360,000 phishing emails over a three-month period.
BLOG
NEWS

Scan WordPress websites for vulnerabilities WPScan Kali Linux

Scan WordPress websites for vulnerabilities WPScan Kali Linux   WPScan is a black box vulnerability scanner for WordPress websites. WPScan comes pre-installed in Kali Linux. Kali Linux is a popular Linux distribution built on Debian Kali Linux that comes with many of the best ethical hacking tools pre-installed. If you’re not using Kali Linux and ... Read moreScan WordPress websites for vulnerabilities WPScan Kali Linux

The post Scan WordPress websites for vulnerabilities WPScan Kali Linux appeared first on HackingVision.