Daily Archives: April 18, 2019

Cloudbric’s Threat DB To Open For Security Contributions And CLB Rewards

Cloudbric Labs renewal security

We’re super excited to announce the release of Threat DB on April 29, a community driven threat intelligence database for both end users and organizations to view a variety of threat information.

Threat DB is part of the renewed Cloudbric Labs in which you’ll notice that the same free security tools we previously introduced have been rebranded. 

Until now, threat intelligence has been highly privatized meaning security vendors are continuously collecting vast amounts of emerging cyber threat information but are not making it accessible for public use.

Instead, vendors typically use it for their own personal gain as we discuss in dept in our whitepaper

With the launch of Threat DB, users have access to our threat information (hacker wallet addresses, phishing URL, blacklisted IPs) without restrictions.

We aim to develop Threat DB into one of the largest decentralized global databases of cyber threat information and will be made transparent for public use.

However, it’s not just for end users to benefit.

Developers or companies interested in using the data from Threat DB can do so through our API, which is set to be available at a later release date.

Now here’s where the fun part begins!

Threat DB earn crypto

Users have the opportunity to get compensated in the form of cryptocurrency simply by adding valuable threat information to the database (to be verified by Cloudbric’s team of security experts).

In the future, existing Cloudbric users will also have the opportunity to be rewarded simply by submitting their logs following a hacking episode.

With the CLB Reward System, anyone can earn by signing up and contributing to Threat DB.

Although Threat DB only offers a collection of hacker fraud addresses, phishing URLs and blacklisted IPs for viewing and contributing at its beta stage, we strive to continuously expand our service and add more threat data in the future.

Head over now to Cloudbric Labs on April 29 to begin exploring our database which holds over 10,000+ threat data or begin contributing.

More details about the contribution and rewards process will be available on the Cloudbric Labs event page.  


Make sure to follow us on our social media platforms (LinkedInTwitter, and Facebook) and our recently opened Telegram Announcement Channel for the latest updates!

The post Cloudbric’s Threat DB To Open For Security Contributions And CLB Rewards appeared first on Cloudbric.

Participate in Cloudbric’s Massive Scale Bounty Program + Event For More Rewards

Threat DB event bounty program

To celebrate the renewal of Cloudbric Labs including the launch of Threat DB, we’re also conducting a large scale bounty program in order to drive product improvement and improve our services on a secure platform.

To show our commitment, we’ve allocated 10 million CLB (10,000,000 CLB), which is approximately equivalent to $106,000 USD, just for the bounty program!

The bounty program and event will run for approximately 3 months (Monday, April 29 – Monday, July 22).

There will be two bounty events:

  • Bug bounty
  • Contribution bounty

So how do you participate?

Once Threat DB goes live on April 29, sign up to become a Cloudbric Labs member if you haven’t already. Once you’re logged in, go the contribute page and begin submitting your threat data.

Follow the instructions for that bounty and submit your threat data. That’s it!

You can check your status through the ranking charts for that specific bounty.  

*****Please note that those participants who are caught spamming or cheating the system will be immediately banned.

*****Please read and follow the event participation and bug bounty guidelines as found on the Event page of Cloudbric Labs: labs.cloudbric.com/event

Important information about the specific bounties can be found below!

Bug Bounty Program

  • Duration: April 29th Monday ~ May 24th Friday
  • Target Scope: Cloudbric Labs Homepage, Cloudbric Labs Threat DB
  • Target URL: labs.cloudbric.com, labs.cloudbric.com/threatdb, and all other sub URLs under Threat DB
  • Bounty rewards differ per vulnerability level
    • Very High: When the web server has been turned over to third parties, or when the services are disrupted and become unavailable
    • 1,000,000 CLB
    • Medium: When the server has sustained limited damage, or when server information has been falsified
    • 300,000 CLB
    • Low: From the possibility of attacks, such as when data vulnerabilities are gathered, to minor bugs like typos
    • 10,000 CLB
  • Participation type: Blind
  • How to Participate: Sign up with Cloudbric, then submit Bug Bounty Form
  • Rewards Distribution: Every Wednesday beginning May

Contribution Bounty

  • Duration: April 29th Monday ~ July 22nd Monday
  • CLB will be rewarded for users who contribute the highest number of threat data (only validated threat data with threat levels) every month
    • 1st: 1,000,000 CLB
    • 2nd: 600,000 CLB
    • 3rd: 400,000 CLB
    • 4th: 150,000 CLB
    • 5th: 100,000 CLB
    • Users with identical ranks will be re-ranked according to higher threat level, and submission date
  • Participation type: Blind: Open, Ranking Chart updated real time
  • How to Participate: sign up with Cloudbric Labs, and submit threat data to Threat DB
  • Rewards Distribution: End of every month beginning May

If you have any questions please email us at support@cloudbric.com!


Make sure to follow us on our social media platforms (LinkedInTwitter, and Facebook) and our recently opened Telegram Announcement Channel for the latest updates!

The post Participate in Cloudbric’s Massive Scale Bounty Program + Event For More Rewards appeared first on Cloudbric.

IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target?

Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we will explore a vulnerability submitted by McAfee Advanced Threat Research (ATR) and investigate a piece of malware that recently incorporated similar vulnerabilities. The takeaway from this blog is the increasing movement towards IoT-specific malware and the likelihood of this unique vulnerability being incorporated into future malware.

We are rapidly approaching the one-year mark for the date McAfee ATR disclosed to Belkin (a consumer electronics company) a critical, remote code execution vulnerability in the Belkin WeMo Insight smart plug.  The date was May 21st, 2018, and the disclosure included extensive details on the vulnerability (a buffer overflow), proof-of-concept, exploit code and even a video demo showing the impact, dropping into a root shell opened on the target device. We further blogged about how this device, once compromised, can be used to pivot to other devices inside the network, including smart TVs, surveillance cameras, and even fully patched non-IoT devices such as PCs. Initially, the vendor assured us they had a patch ready to go and would be rolling it out prior to our planned public disclosure. In January of 2019, Belkin patched a vulnerability in the Mr. Coffee Coffee Maker w/ WeMo, which McAfee ATR reported to Belkin on November 16th, 2018, and released publicly at Mobile World Congress in late February. We commend Belkin for an effective patch within the disclosure window, though we were somewhat surprised that this was the prioritized patch given the Mr. Coffee product with WeMo no longer appears to be produced or sold.

The Insight smart plug firmware update never materialized and, after attempts to try to communicate further, three months later, in accordance with our vulnerability disclosure policy, McAfee ATR disclosed the issue publicly on August 21st. Our hope is that vulnerability disclosures will encourage vendors to patch vulnerabilities, educate the security community on a vulnerable product to drive development of defenses and, ultimately, encourage developers to recognize the impact that insecure code development can have.

Fast forward nearly a year and, to the best of our knowledge this vulnerability, classified as CVE-2018-6692, is still a zero-day vulnerability.  As of April 10th, 2019, we have heard of plans for a patch towards the end of the month and are standing by to confirm. We intentionally did not release exploit code to the public, as we believe it tips the balance in favor of cyber criminals, but exploitation of this vulnerability, while challenging in some regards, is certainly straightforward for a determined attacker.

IoT-Specific Malware

Let’s focus now on why this vulnerability is enticing for malicious actors.  Recently, Trend Micro released a blog observing occasional in-the-wild detections for a malware known as Bashlite. This specific malware was recently updated to include IoT devices in its arsenal, specifically using a Metasploit module for a known vulnerability in the WeMo UPnP protocol. The vulnerability appears to be tied to a 2015 bug which was patched by Belkin and was used to fingerprint and exploit WeMo devices using the “SetSmartDevInfo” action and corresponding “SmartDevURL” argument.

We can say for certain that this Metasploit module is not targeting the same vulnerability submitted by McAfee ATR, which resides in the <EnergyPerUnitCostVersion> XML field, within the libUPnPHndlr.so library.

Analysis of Bashlite and IOT Device Targets

After briefly analyzing a few samples of the malware (file hashes from the aforementioned blog), the device appears to check for default credentials and known vulnerabilities in multiple IoT devices. For example, I came across a tweet after finding reference to a password in the binary of “oelinux123”.

This IoT device is an Alcatel Mobile Wifi, which has a number of known/default passwords. Notice the top username/password combination of “root:oelinux123.” When we analyze the actual malware, we can observe the steps used to enumerate and scan for vulnerable devices.

Here is a reference from the popular binary disassembly tool IDA Pro showing the password “OELINUX123” used to access a mobile WiFi device.

The next image is a large “jump table” used to scan through and identify a range of devices or targets using known passwords or vulnerabilities.

Next is some output from the “Echobot” scanner employed by the malware used to report possible vulnerabilities in target devices from the above jump table.

The final screenshot shows a list of some of the hardcoded credentials used by the malware.

The “huigu309” password appears to be associated with Zhone and Alcatel Lucent routers. Both routers have had several known vulnerabilities, backdoors and hardcoded passwords built into the firmware.

There is no need to continue the analysis further as the point of this is not to analyze the Bashlite malware in depth, but I did think it was worth expanding on some of the capabilities briefly, to show this malware is programmed to target multiple IoT devices.

Now to the point! The simple fact that generic WeMo Metasploit modules were added to this indicates that Belkin WeMo makes an interesting enough target that an unpatched vulnerability would be compelling to add to the malware’s capabilities. Hence, we believe it is possible, perhaps even likely, that malware authors already have or are currently working on incorporating the unpatched WeMo Insight vulnerability into IoT malware. We will be closely following threats related to this zero-day and will update or add to this blog if malware embedding this vulnerability surfaces. If the vendor does produce an effective patch, it will be a step in the right direction to reduce the overall threat and likelihood of weaponizing the vulnerability in malware.

How to Protect Your Devices

As this vulnerability requires network access to exploit the device, we highly recommend users of IoT devices such as the WeMo Insight implement strong WIFI passwords, and further isolate IoT devices from critical devices using VLANs or network segmentation. McAfee Secure Home Platform users can enable whitelisting or blacklisting features for protection from malicious botnets attempting to exploit this vulnerability.

Call to Action for Vendors, Consumers and Enterprise

It should be plain to see there is some low-hanging fruit in the industry of securing IoT devices. While some of the obvious simple issues such as hardcoded credentials are unexplainable, we understand that true software vulnerabilities cannot always be avoided. However, we issue a call-to action for IoT vendors; these issues must be fixed, and quickly too. Threat actors are constantly tracking flaws which they can weaponize, and we see a prime example of this in the Bashlite malware, updated for IoT devices including Belkin WeMo. By listening to consumer’s asks for security, partnering with researchers closely to identify flaws, and having a fast and flexible response model, vendors have a unique opportunity to close the holes in the products the world is increasingly relying on. Consumers can take away the importance of basic security hygiene; applying security updates when available, practicing complex password policy for home networks and devices, and isolating critical devices or networks from IoT.  Enterprise readers should be aware that just because this is an IoT consumer device typically, does not mean corporate assets cannot be compromised.  Once a home network has been infiltrated, all devices on that same network should be considered at risk, including corporate laptops.  This is a common method for cyber criminals to cross the boundary between home and enterprise.

The post IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? appeared first on McAfee Blogs.

Better protection against Man in the Middle phishing attacks



We’re constantly working to improve our phishing protections to keep your information secure. Last year, we announced that we would require JavaScript to be enabled in your browser when you sign in so that we can run a risk assessment whenever credentials are entered on a sign-in page and block the sign-in if we suspect an attack. This is yet another layer of protection on top of existing safeguards like Safe Browsing warnings, Gmail spam filters, and account sign-in challenges.

However, one form of phishing, known as “man in the middle” (MITM), is hard to detect when an embedded browser framework (e.g., Chromium Embedded Framework - CEF) or another automation platform is being used for authentication. MITM intercepts the communications between a user and Google in real-time to gather the user’s credentials (including the second factor in some cases) and sign in. Because we can’t differentiate between a legitimate sign in and a MITM attack on these platforms, we will be blocking sign-ins from embedded browser frameworks starting in June. This is similar to the restriction on webview sign-ins announced in April 2016.

What developers need to know

The solution for developers currently using CEF for authentication is the same: browser-based OAuth authentication. Aside from being secure, it also enables users to see the full URL of the page where they are entering their credentials, reinforcing good anti-phishing practices. If you are a developer with an app that requires access to Google Account data, switch to using browser-based OAuth authentication today.

Wipro Intruders Targeted Other Major IT Firms

The crooks responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro, India’s third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant, new evidence suggests. The clues so far suggest the work of a fairly experienced crime group that is focused on perpetrating gift card fraud.

On Monday, KrebsOnSecurity broke the news that multiple sources were reporting a cybersecurity breach at Wipro, a major trusted vendor of IT outsourcing for U.S. companies. The story cited reports from multiple anonymous sources who said Wipro’s trusted networks and systems were being used to launch cyberattacks against the company’s customers.

A screen shot of the Wipro phishing site securemail.wipro.com.internal-message[.]app. Image: urlscan.io

In a follow-up story Wednesday on the tone-deaf nature of Wipro’s public response to this incident, KrebsOnSecurity published a list of “indicators of compromise” or IOCs, telltale clues about tactics, tools and procedures used by the bad guys that might signify an attempted or successful intrusion.

If one examines the subdomains tied to just one of the malicious domains mentioned in the IoCs list (internal-message[.]app), one very interesting Internet address is connected to all of them — 185.159.83[.]24. This address is owned by King Servers, a well-known bulletproof hosting company based in Russia.

According to records maintained by Farsight Security, that address is home to a number of other likely phishing domains:

securemail.pcm.com.internal-message[.]app
secure.wipro.com.internal-message[.]app
securemail.wipro.com.internal-message[.]app
secure.elavon.com.internal-message[.]app
securemail.slalom.com.internal-message[.]app
securemail.avanade.com.internal-message[.]app
securemail.infosys.com.internal-message[.]app
securemail.searshc.com.internal-message[.]app
securemail.capgemini.com.internal-message[.]app
securemail.cognizant.com.internal-message[.]app
secure.rackspace.com.internal-message[.]app
securemail.virginpulse.com.internal-message[.]app
secure.expediagroup.com.internal-message[.]app
securemail.greendotcorp.com.internal-message[.]app
secure.bridge2solutions.com.internal-message[.]app
ns1.internal-message[.]app
ns2.internal-message[.]app
mail.internal-message[.]app
ns3.microsoftonline-secure-login[.]com
ns4.microsoftonline-secure-login[.]com
tashabsolutions[.]xyz
www.tashabsolutions[.]xyz

The subdomains listed above suggest the attackers may also have targeted American retailer Sears; Green Dot, the world’s largest prepaid card vendor; payment processing firm Elavon; hosting firm Rackspace; business consulting firm Avanade; IT provider PCM; and French consulting firm Capgemini, among others. KrebsOnSecurity has reached out to all of these companies for comment, and will update this story in the event any of them respond with relevant information.

WHAT ARE THEY AFTER?

It appears the attackers in this case are targeting companies that in one form or another have access to either a ton of third-party company resources, and/or companies that can be abused to conduct gift card fraud.

Wednesday’s follow-up on the Wipro breach quoted an anonymous source close to the investigation saying the criminals responsible for breaching Wipro appear to be after anything they can turn into cash fairly quickly. That source, who works for a large U.S. retailer, said the crooks who broke into Wipro used their access to perpetrate gift card fraud at the retailer’s stores.

Another source said the investigation into the Wipro breach by a third party company has determined so far the intruders compromised more than 100 Wipro systems  and installed on each of them ScreenConnect, a legitimate remote access tool. Investigators believe the intruders were using the ScreenConnect software on the hacked Wipro systems to connect remotely to Wipro client systems, which were then used to leverage further access into Wipro customer networks.

This is remarkably similar to activity that was directed against a U.S. based company in 2016 and 2017. In May 2018, Maritz Holdings Inc., a Missouri-based firm that handles customer loyalty and gift card programs for third-parties, sued Cognizant (PDF), saying a forensic investigation determined that hackers used Cognizant’s resources in an attack on Maritz’s loyalty program that netted the attackers more than $11 million in fraudulent eGift cards.

That investigation determined the attackers also used ScreenConnect to access computers belonging to Maritz employees. “This was the same tool that was used to effectuate the cyber-attack in Spring 2016. Intersec [the forensic investigator] also determined that the attackers had run searches on the Maritz system for certain words and phrases connected to the Spring 2016 attack.”

According to the lawsuit by Maritz Holdings, investigators also determined that the “attackers were accessing the Maritz system using accounts registered to Cognizant. For example, in April 2017, someone using a Cognizant account utilized the “fiddler” hacking program to circumvent cyber protections that Maritz had installed several weeks earlier.”

Maritz said its forensic investigator found the attackers had run searches on the Maritz system for certain words and phrases connected to the Spring 2016 eGift card cashout. Likewise, my retailer source in the Wipro attack told KrebsOnSecurity that the attackers who defrauded them also searched their systems for specific phrases related to gift cards, and for clues about security systems the retailer was using.

It’s unclear if the work of these criminal hackers is tied to a specific, known threat group. But it seems likely that the crooks who hit Wipro have been targeting similar companies for some time now, and with a fair degree of success in translating their access to cash given the statements by my sources in the Wipro breach and this lawsuit against Cognizant.

What’s remarkable is how many antivirus companies still aren’t flagging as malicious many of the Internet addresses and domains listed in the IoCs, as evidenced by a search at virustotal.com.

Update, April 19, 11:25 a.m. ET: I heard back from some of the other targets. Avanade shared the following statement:

“Avanade was a target of the multi-company security incident, involving 34 of our people in February. Through our cyber incident response efforts and technologies, we swiftly contained and remediated the situation. As a result, there was no impact to our client portfolio or sensitive company data. Our review has concluded this was isolated incident. Our security defenses have continued to protect against any potential threat related to this matter. And, we continue take our responsibility to safeguard our clients’ data with the utmost seriousness.”

Cognizant replied:

“We are aware of reports that our company was among many other service providers and businesses whose email systems were targeted in an apparent criminal hacking scheme related to gift card fraud. Since the criminal activity first surfaced earlier this week and following reports that another service provider’s email system was allegedly compromised, Cognizant’s security experts took immediate and appropriate actions including initiating a review.”

“While our review remains ongoing, we have seen no indication to date that any client data was compromised. It is not unusual for a large company like Cognizant to be the target of spear phishing attempts such as this. The integrity of our systems and our clients’ systems is of paramount importance to Cognizant. We continuously monitor, update and strengthen our systems against unauthorized access and have put additional protocols in place related to this specific industry-wide incident.”

Infosys said it has not observed any breach of its network based on its monitoring and threat intelligence. “This has been ascertained through a thorough analysis of the indicators of compromise that we received from our threat intelligence partners,” the company said in a statement.

Rackspace said it has no evidence to indicate that there has been impact to the Rackspace environment: “Rackspace Security Operations continuously monitors our environment for threats and takes appropriate action should an issue be identified.”

Capgemini said its internal Security Operation Center (SOC) detected and monitored suspicious activity that showed similar patterns to the attack faced by WIPRO. “This occurred between March 4 and March 19. The activity concentrated on a very limited number of laptops and servers. Immediate remedial action took place. There has been no impact on us, nor on our clients to date.”

Slalom, another company listed above, said it can “confirm that phishing attack activity was detected and prevented between March 4 and March 19, which correlates to the information that you have published on the Wipro event.  A combination of 24×7 Security Operations Center advanced security monitoring, security awareness training and threat intelligence automation enabled us to detect, alert, and prevent an event, sourcing from the phishing attacks.  We have verified this through internal forensics and with the support of our threat intelligence partners.”

The Android Platform Security Model



Each Android release comes with great new security and privacy features. When it comes to implementing these new features we always look at ways to measure the impact with data that demonstrates the effectiveness of these improvements. But how do these features map to an overall strategy?
Last week, we released a whitepaper describing The Android Platform Security Model. Specifically we discuss:
  • The security model which has implicitly informed the Android platform’s security design from the beginning, but has not been formally published or described outside of Google.
  • The context in which this security model must operate, including the scale of the Android ecosystem and its many form factors and use cases.
  • The complex threat model Android must address.
  • How Android’s reference implementation in the Android Open Source Project (AOSP) enacts the security model.
  • How Android’s security systems have evolved over time to address the threat model.
Android is fundamentally based on a multi-party consent1 model: an action should only happen if the involved parties consent to it. Most importantly, apps are not considered to be fully authorized agents for the user. There are some intentional deviations from the security model and we discuss why these exist and the value that they provide to users. Finally, openness is a fundamental value in Android: from how we develop and publish in open source, to the open access users and developers have in finding or publishing apps, and the open communication mechanisms we provide for inter-app interactions which facilitate innovation within the app ecosystem.
We hope this paper provides useful information and background to all the academic and security researchers dedicated to further strengthening the security of the Android ecosystem. Happy reading!
Acknowledgements: This post leveraged contributions from René Mayrhofer, Chad Brubaker, and Nick Kralevich

Notes


  1. The term ‘consent’ here and in the paper is used to refer to various technical methods of declaring or enforcing a party’s intent, rather than the legal requirement or standard found in many privacy legal regimes around the world. 

Why McAfee is Supporting the University of Guelph’s New Cyber Security and Threat Intelligence Degree Program

McAfee has a rich history in helping to shape the industry’s response to the ever-changing threat landscape.  We started as a pioneer in cybersecurity over three decades ago. Today, we are the device to cloud cybersecurity market leader, supporting consumers to small and large enterprises to governments.

But we don’t do this on our own. And in order for us to be successful in our mission to make the digital world more secure, we need to have the right people in place.

One of the largest challenges facing the cybersecurity industry today is the lack of skilled personnel and the global talent shortage. Current research indicates that our industry will face more than 1.5 million unfilled cybersecurity positions by 2025.

This talent shortage, coupled with the increasing volume of threats and the changing cybercriminal landscape, presents a problem which is only getting worse. And not just for us, but the whole industry. Therefore, we must, as a group, collectively improve upon this talent shortage.

So how will we do this?

One step that McAfee is investing heavily in is education. We are already doing a lot of work to support students and inspire them to take on careers in cybersecurity, for example our work in the UK with high school programs run at the home of the World War II code breakers Bletchley Park.

Now we’re delighted to be expanding this work even further as a founding partner of the new Master of Cybersecurity and Threat Intelligence at the University of Guelph which will launch in September this year. This graduate degree will train the next generation on how to stop cyberattacks before they happen, and give students expertise in threat intelligence, threat hunting, digital forensics, intrusion prevention, privacy, crypt analysis and more.

During the course, students will work with state-of-the-art cybersecurity tools where they can run real-world attacks within an isolated lab, engaging directly with active adversaries and learn their tactics, techniques and procedures to build state of art cyber defense and detection systems. They will learn the intricacies of how attacks are conducted and methods for preventing further intrusions. McAfee has already been involved with the development of the Lab, ensuring it replicates our real-world labs to give students the right experience from the very beginning.

But we’re not just supporting the lab. Alongside partners including Cisco and BlackBerry, we’re also going to be showing up throughout the course and inviting students to work closely with us inside McAfee to build the skills they need for a future career in cybersecurity.

As a Canadian, I am particularly proud that a Canadian institution is showing this level of innovation which will enhance not only our local talent pool but will also help solve the global talent shortage.

To learn more, and apply to be one of the founding class, visit the University of Guelph here.

The post Why McAfee is Supporting the University of Guelph’s New Cyber Security and Threat Intelligence Degree Program appeared first on McAfee Blogs.

Top Cybersecurity Concerns with Huawei 5G Dominance

The Internet of Things (IoT) is creating a need to progress cellular capabilities to provide necessary support to currently 14 billion IoT devices connected globally and growing to between 20 and 50 billion devices by 2020 (Gartner and Cisco). This includes current mobile devices, computers, smart speakers and televisions, and will include more items like digital locks, security cameras, vehicles, and household appliances. Currently, the IPv4 address space is sparse and the Internet Engineering Task Force (IETF) ratified IPv6 as an Internet Standard in July 2017. The growth of connected devices requires a larger IP scheme and network infrastructure that supports the connectivity of billions of devices at high speeds.

The next iteration for robust infrastructure is 5G, providing bandwidth up to 20 gigabits per second.  This will be implemented this year, but a complete transition will take many years, which Huawei, a Chinese Corporation, is currently leading in technology. Huawei is the second largest provider of cellular phones worldwide and the largest manufacturer of network equipment.

The U.S. Government has taken a decided stance to block the use of Huawei in the United States, filing a complaint that bans all government agencies from engaging in purchasing from Huawei and bars third parties who use the company’s equipment (BBC). Huawei is currently suing the United States because of the ban. The U.S. is not the only country taking a cautious stance with Huawei, however. They’re joined by Germany, Great Britain, Australia, Canada, and Japan, all of which are citing major security concerns with the company (MIT Technology Review).

Security Concerns with Huawei dominating the 5G space:

1.  Security Vulnerabilities in Reconfiguring Networks

The first concern is that newer 5G network equipment is almost entirely software and constantly reconfigures, challenging security agencies, who examine equipment and software for vulnerabilities and security flaws or backdoors (FreshAir). When an organization is unable to identify weaknesses in devices with constantly changing software, it becomes impossible to implement security controls to limit vulnerabilities to an acceptable level, making an organization’s or state’s data accessible.

2.  Espionage & Interference

The second concern is the possibility of China using Huawei to conduct espionage or disrupt communications. A seven-month investigation into China’s Intellectual Property (IP) theft, led by the United States Trade Representative, estimates Chinese theft of American IP has cost the U.S. between $225 billion to $600 billion annually (CNN).

China has also used the Internet to enable rampant government oppression within their borders and is now focusing on other countries and foreign businesses. China is blocking and changing data, both coming into the country and going out of the country, using what Weaver, a network security expert at the International Computer Science Institute, has coined the Great Cannon (MIT Technology Review).

It is also concerning that China will likely continue to use the Internet to control narratives, as they did when Marriott listed Tibet and Hong Kong as separate countries from China, forcing an apology from the hotel chain. Chinese officials are also going after other companies that “misidentify” Taiwan (MIT Technology Review).

3.  Foreign Nation-State Controlled Networks

The third concern, and biggest security concern for the United States, is the vastness of a network controlled by a foreign company and potentially adversarial government. As Sanger (2019) reports, “classified intelligence reports from the U.S. have warned that China would one day use Huawei to penetrate American networks for cyber-espionage or cyberattacks.” Chinese private industry and the State are tightly tied with companies being answerable to the government. Current Chinese laws state that any Chinese telecom companies would have to participate in Chinese intelligence operations (BBC).

If Huawei controls the 5G network infrastructure, the company and the Chinese government have a tremendous advantage to collect, disseminate, and control data and critical infrastructure. With IoT expanding the attack surface it is important for countries and companies to advance their security.

Because of the persistent threat environment, companies require an adaptive security program.  Hiring a Managed Security Service Provider (MSSP) to implement a security solution would help U.S. companies prepare for current and future threats by monitoring, analyzing, encrypting, and assisting in security strategies against adversarial entities.

The post Top Cybersecurity Concerns with Huawei 5G Dominance appeared first on GRA Quantum.

Managing Privacy Compliance in the Cloud

The number and complexity of regulations addressing data privacy continues to increase significantly. Companies offering cloud-based services must comply with these regulations or risk losing business due to customer trust issues and/or potential fines and other legal action. Compliance with regulations like the GDPR and CCPA requires companies to address a wide range of items, including privacy assessments, cookie consent, and data subject access requests. The digitization of data has inevitably led to a myriad of data privacy laws that span the globe. These regulations all need to be considered when doing business in the respective countries/regions to which the … Continue reading Managing Privacy Compliance in the Cloud

The post Managing Privacy Compliance in the Cloud appeared first on TrustArc Blog.

Employees Share Stories Working in Award–Winning Cork Office

“The culture at McAfee is easy going, fun, dynamic and everyone is friendly.”—Deirdre, Project Manager

The McAfee office in Cork was once again named among companies recognized in Ireland’s Great Place to Work awards. Our Cork location has much to offer—from a supportive working environment to career growth opportunities, the opportunities are abundant.

Hear from three McAfee employees, Deirdre, Ranjit and Oliver, as they share their personal stories of working in the Cork, Ireland office.

Want to join in on the fun? We’re hiring in Cork! Apply now.

For more stories like this, follow @LifeAtMcAfee on Instagram and on Twitter @McAfee to see what working at McAfee is all about.

The post Employees Share Stories Working in Award–Winning Cork Office appeared first on McAfee Blogs.

This Week in Security News: Medical Malware and Monitor Hacks

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how baby monitors may be susceptible to hacking. Also, learn about a medical flaw that enables hackers to hide malware.

Read on:

Is Your Baby Monitor Susceptible to Hacking?

In a number of high-profile cases, home surveillance cameras have been easily compromised and disturbing reports of hacked baby monitors are in the news. 

 

Global Governments Demonstrate Rising Commitment to Cybersecurity

According to the International Telecommunications Union’s (ITU) 2018 Global Cybersecurity Index, only half of countries around the globe had a government cybersecurity strategy in 2017, which rose to 58 percent in 2018.

What Did We Learn from the Global GPS Collapse?

The problem highlights the pervasive disconnect between the worlds of IT and OT.

Malware Creates Cryptominer Botnet Using EternalBlue and Mimikatz

A malware campaign is actively attacking Asian targets using the EternalBlue exploit and taking advantage of Living off the Land (LotL) obfuscated PowerShell-based scripts to drop Trojans and a Monero coinminer on compromised machines.

Medical Format Flaw Can Let Attackers Hide Malware in Medical Images

Research into DICOM has revealed that the medical file format in medical images has a flaw that can give threat actors a new way to spread malicious code through these images.

Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support

A hacker or group of hackers broke into a customer support account for Microsoft, and then used that to gain access to information related to customers’ email accounts such as the subject lines of their emails and who they’ve communicated with.

New Business Email Compromise Scheme Reroutes Paycheck by Direct Deposit

A new business email compromise (BEC) scheme, where the attacker tricks the recipients into rerouting paychecks by direct deposit, has emerged.

Leadership Turnover at DHS and Secret Service Could Hurt US Cybersecurity Plans

Departures of top officials at the Secret Service and Department of Homeland Security (DHS) will add to an already difficult public-private disconnect on cybersecurity, especially since Kirstjen Nielsen has a rare set of cybersecurity skills that helped the DHS protect companies in critical industries.

Microsoft Disclosed Security Breach From Compromised Support Agent’s Credentials

Microsoft has notified affected Outlook users of a security breach that allowed hackers access to email accounts from January 1 to March 28, 2019.

Do you think the leadership turnover at DHS and the Secret Service will hurt US cybersecurity plans? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Medical Malware and Monitor Hacks appeared first on .

Why Seqrite mSuite is the perfect solution for the research industry

Estimated reading time: 2 minutes

While market research organizations may not always attract the headlines in a manner similar to financial services and educational organizations, it would not be a misnomer to state that they remain at high risk of cyber attacks. The rationale behind that is very simple – market research organizations deal with huge amounts of data every single day. In fact, their primary mode of operation is analyzing and parsing through vast amounts of data to find correlations, trends, and corollaries.

Such a huge treasure of data makes these organizations attractive targets for cybercriminals and hackers. There is also the threat of compliance with governments increasingly becoming more aware and passing rules and regulations which control the amount of data organizations can store. Market research organizations are directly at risk of non-compliance of this. The consequences can be quite costly – in 2016, a New York-based medical research institute incurred a $3.9 million penalty due to a security breach involving an unencrypted laptop.

The need for mobile security

Hence, market research organizations must ensure that they deploy strong cybersecurity solutions, especially on the mobile front as well. The proliferation of mobile phones in today’s day and age is a reality that has to be addressed by organizations in every industry. And they offer a huge number of vectors to breach an enterprise’s defenses.

Keeping the above in mind, Seqrite’s mSuite solution offers an option research organizations can explore. It is a comprehensive and powerful tool to manage all mobile devices running on Android and iOS operating systems. The solution allows network managers to get total control over all applications installed on official devices, monitor internet usage patterns, track device location and apply company policies as per the location and time, and provide support through remote device control as well as file transfer. Organizations can remain in total control of what’s happening with their data even beyond their own network.

In terms of the specific requirements which research organizations require, mSuite is well equipped with the following features:

Virtual Fencing – Enforce digital boundaries and apply restrictions on devices with Wi-Fi, Geo and Time Fence. Multiple fence groups can be created and policy restrictions can be applied.

Network Data Monitoring – Data usage can be monitored over mobile and Wi-Fi networks. Details of data, consumer, calls, SMS, and MMS sent and received can be easily accessed.

Device Security Policies – Enhanced security is offered with multiple default policies which can be customized for compliance. Policies are framed around password, app security, etc.

Customized Reporting – Standard and custom interactive reports are generated providing graphical summaries about infection status and application non-compliance.

Apart from these, research organizations can rest easy knowing their valuable data is secure thanks to a range of comprehensive mobile security and anti-theft features including:

Anti-malware – A best-in-class, built-in antivirus is provided to keep devices safe from viruses, Trojans, ransomware and cybercrime attacks.

Anti-theft – Devices can be remotely located and locked with data wiped on lost or stolen devices. On SIM change, the devices can be completely blocked or locked.

Scan Scheduler – Admins can remote schedule a Quick Scan/Full Scan at any time and monitor the status of enrolled devices for security risks and infections.

Web Security – Seqrite’s powerful browsing, phishing and web protection is in-built within the solution with the ability to blacklist/whitelist URLs or use category/keyword-based blocking.

The above features make Seqrite mSuite a great solution for research organizations when it comes to securing their mobile cybersecurity front.

The post Why Seqrite mSuite is the perfect solution for the research industry appeared first on Seqrite Blog.

5 ways to instantly detect a phishing email and save yourself from phishing attack

Phishing is a fraudulent activity to trick you into revealing your personal and confidential information. This information usually includes bank account details, net banking details, credit/debit card numbers, login ID and passwords. Every day, countless people become unsuspecting victims of phishing attacks. With cyber criminals adopting sophisticated modes of phishing…

How do I stop old USB drives from infecting my new Windows PC?

Jason wants to protect his new high-end laptop from viruses but needs data on old SD cards

I’ve just bought a high-end Windows laptop for video editing while travelling around Europe. What steps can I take to prevent any possible infections from being passed on from previous machines on SD cards and external hard drives? Some of the external hard drives go back to machines from 2004 but I have never plugged any of them into any computers other than my own previous Macs and PCs. I work professionally with video, photography and coding, so all of this data is vital.

I have a five-machine Bitdefender licence but I’d be prepared to use another protection system, and I’ve looked at Sophos Intercept X. Jason

There are at least three things to think about. First, there’s the threat level: how at risk are you? Second, there’s provenance: how much do you know about your devices? Third, how can you mitigate any risks revealed by the answers to the first two questions?

Continue reading...