Daily Archives: May 15, 2019

CISOs: What would you do over?

Just after the new year I was catching up with a CISO over lunch in Pike Place Market in Seattle. We were reminiscing about how tough it is to get a security program up and running in the beginning. Pausing to dip his taco in the excellent house salsa, he commented, “Y’know, if I had to do it all over again…” and he proceeded to tell me a story. My brain twitched with possibilities—here was … More

The post CISOs: What would you do over? appeared first on Help Net Security.

Fundamental Need For A Productive ITSM (IT Service Management)

It is true that many business departments have introduced various cloud services that realize advanced IT and those do not require the power of the information system department. But the information systems department itself has to change too. It is necessary to move away from the concept of managing IT systems as before and shift its mission to a business partner who provides useful IT services as customers to all users in the company. IT service management holds the key. It standardizes, visualizes and automates each business process that has been made based on personal judgment or occasional judgment from time to time, improves the quality of IT services, eliminates unnecessary work, and eliminates the unnecessary work. Streamline your work.

So how can we introduce and practice proper IT service management? If you do not have experience or knowledge in your company, you do not know where to start, what to do, and what to do. A useful tool in such a situation is to learn and reference best practices in the world’s leading companies. As a guideline, a framework called the Information Technology Infrastructure Library (ITIL) is well known. From a different point of view, applying the concept of IT service management based on ITIL to all business divisions will enable information systems division to regain its leadership again. This is a great opportunity.

In recent years, all companies are accelerating transformation, such as the manufacturing industry, which has been focused on making a limit on manufacturing, accelerating its conversion to a service model. In order to be competitive in the wave of this digital transformation, it is possible to quickly launch strategic IT services even if the future cannot be seen and to improve operation and correct the trajectory according to environmental changes. In some cases, it will be necessary to take flexible measures like never before, such as linking with other companies’ services and promoting co-creation without hesitation. As a support role for business departments and managers, the information systems department has had unprecedented expectations. The first step of ITIL introduction is from the service desk.

In the previous version of V2 , ITIL centered on two major guidelines:

  • Service support that describes daily operation methods
  • Service delivery that describes medium- and long-term service management methods.

In the latest V3 , while following these two ideas, the classification is a concept based on five core principles:

  1. Service strategy
  2. Service design
  3. Service transition
  4. Service operation
  5. Continuous service improvement.

Each indicates the ideal state of each process of IT service, but among these:

  • Service Desk
  • Incident Management
  • Problem Management
  • Change Management Release Management
  • Configuration Management
  • Service Level Management
  • IT Service Financial Management
  • Capacity Management
  • IT Service Continuity Management
  • Availability Management

The above-mentioned parts of ITSM are important concepts for a well-oiled IT organization for any size business. The starting point of these processes is the service desk. Among the Fortune 500 companies, ITIL began to spread in the early 2000s, but more than half of them started the service desk. The reason is that it is the fastest and most visible effect on improving the quality of IT services.

In fact, looking at the current state of the service desk, it’s not uncommon to find workflows that use email or phone interaction. Users can not even see what their request status is now. On the other hand, the manager or head of each department cannot grasp what is stumped by the person in charge at the business site, and the fact is that even if you prioritize the issues, the information to judge them is not gathered. Establishing a workflow for IT service management that is optimal for the entire company by introducing measures to improve the operational workflows of inefficient service desks first, while looking ahead of the system operation management corresponding to the latest technology, user satisfaction.

All providers of ITSM services boast their SLA levels and competitive price points for their potential customers. Companies need to do their homework of researching about the track records of firms that are competing, check reviews from current clients to determine the capability of the service provider. There are lots of things beyond the scope of this article, but there is one thing in common for all ITSM service providers, those are also “for-profit” businesses. These organizations are profit-seeking endeavors as well, which seeks to earn as much profit and do its best to reduce cost as much as possible. A clear understanding of the pros and cons of available competing service providers need to be done by a competent IT team within the organization.

Source: https://www.itproportal.com/features/eight-steps-to-ensure-it-service-management-success/

Related Resources:

The 10 Best Managed Security Service Providers in 2019

Managed Service Providers in the Era of Ransomware


The post Fundamental Need For A Productive ITSM (IT Service Management) appeared first on .

When all else fails, organizations realize they must share threat intel

A large majority of security IT decision makers are ready and willing to share valuable threat intelligence data to help the collective industry make better, more informed decisions when it comes to cyber attacks, an IronNet Cybersecurity report reveals. To compile the “Collective Offense Calls for a Collective Defense: A Reality Check for Cybersecurity Decision Makers” report, IronNet commissioned survey firm Vanson Bourne to interview 200 U.S. security IT decision makers across many industries including … More

The post When all else fails, organizations realize they must share threat intel appeared first on Help Net Security.

Personalized Scams

Cyber criminals now have a wealth of information on almost all of us. With so many hacked organizations now a days, cyber criminals simply purchase databases with personal information on millions of people, then use that information to customize their attacks, making them far more realistic. Just because an urgent email has your home address, phone number or birth date in it does not mean it is legitimate.

CEOs and business leaders trust AI, but employees are more cautious

Most senior executives (85%) classify themselves as artificial intelligence (AI) optimists, citing increased investment and trust in the technology. Eighty-seven percent say their company will invest in AI initiatives this year, the EY study reveals. The data was collected via an online study conducted by Engine on behalf of EY among a sample of 500 US CEOs and business leaders ages 21 and older who work for a company with US$25m–US$50m in revenue or US$50m … More

The post CEOs and business leaders trust AI, but employees are more cautious appeared first on Help Net Security.

The six biggest cybersecurity risks facing the utilities industry

The utilities industry is rapidly modernizing its infrastructure, adding more digitized equipment and connectivity across devices, plants, and systems. This evolution to “smart infrastructure” represents a positive, paradigm shift for the industry. Unfortunately, the security policies of many utilities have not evolved along with it, leaving them incredibly vulnerable. Utilities are investing heavily to modernize infrastructure. In fact, ABI Research projects that the industry will spend US$14 billion a year between 2018 and 2023 — … More

The post The six biggest cybersecurity risks facing the utilities industry appeared first on Help Net Security.

Trend Micro unveils cloud-native security customized to the demand of DevOps

Trend Micro, a global leader in cybersecurity solutions, announced the availability of the industry’s most complete security from a single solution protecting across cloud and container workloads. This leadership has been achieved through newly launched container security capabilities added to Trend Micro Deep Security to elevate protection across the entire DevOps lifecycle and runtime stack. From virtual servers and data centers to public and private cloud workloads, containers are increasingly used and demand protection. Leading … More

The post Trend Micro unveils cloud-native security customized to the demand of DevOps appeared first on Help Net Security.

LogRhythm launches a cloud-based version of its NextGen SIEM Platform

LogRhythm, the company powering the world’s most modern enterprise security operations centers (SOCs), announced that it has released a cloud-based version of its NextGen SIEM Platform: LogRhythm Cloud. LogRhythm’s NextGen SIEM Platform is already used by some of the world’s largest and best-known enterprises. Collecting and analyzing trillions of security events and threat indicators each week, LogRhythm enables precise detection and accelerated neutralization of sophisticated cyberthreats for SOCs across the globe. These benefits are driven … More

The post LogRhythm launches a cloud-based version of its NextGen SIEM Platform appeared first on Help Net Security.

Verint’s Luminar to boost security resilience through a proactive customer-centric defense approach

Verint Systems, a global provider of data mining software for cyber security and intelligence, announced that it has launched Luminar, a new Cyber Threat Intelligence software solution that boosts security resilience through a proactive customer-centric defense approach. Luminar was introduced at Verint’s Cyber Intelligence’s Annual User Forum that took place in Italy and is another addition to Verint’s Cyber Intelligence wide portfolio. Luminar aggregates data from surface, deep and dark web sites, social networks and … More

The post Verint’s Luminar to boost security resilience through a proactive customer-centric defense approach appeared first on Help Net Security.

Karamba’s autonomous security solution protects connected devices and systems against attacks

Karamba Security, a world-leading provider of embedded cybersecurity for the automotive industry, announced that its autonomous security solution is being used to protect connected devices and systems across a broad spectrum of vertical markets facing similar large-scale cybersecurity threats. Following successful deployments of Karamba’s embedded, self-protecting and auto-recovery software technology in the automotive industry — including more than 32 engagements with car manufacturers and tier-1 automotive suppliers — manufacturers in other vertical markets have sought … More

The post Karamba’s autonomous security solution protects connected devices and systems against attacks appeared first on Help Net Security.

The Latest Techniques Hackers are Using to Compromise Office 365

It was only a few years back that cloud technology was in its infancy and used only by tech-savvy, forward-thinking organisations. Today, it is commonplace. More businesses than ever are making use of cloud services in one form another. And recent statistics suggest that cloud adoption has reached 88 percent. It seems that businesses now […]… Read More

The post The Latest Techniques Hackers are Using to Compromise Office 365 appeared first on The State of Security.

A Simple Data Breach Guide (Interpreting GDPR)

Perhaps it’s too melodramatic to claim that the debate over how to define a data breach “rages on” because we haven’t seen bodies flying out of windows yet, but it is a serious question with genuine financial ramifications now that the General Data Protection Regulation (GDPR) and its accompanying fines for mishandling data have arrived […]… Read More

The post A Simple Data Breach Guide (Interpreting GDPR) appeared first on The State of Security.

Keysight Technologies unveils new integrated network analyzers

Keysight Technologies, a leading technology company that helps enterprises, service providers and governments accelerate innovation to connect and secure the world, launched the next generation of network analyzers which deliver reliability and repeatability with best-in-class dynamic range, trace noise and temperature stability, as well as a wide range of software applications, enabling engineers to consistently achieve comprehensive device characterization. High-speed digital, wireless, aerospace and defense, and automotive companies need integrated active and passive components for … More

The post Keysight Technologies unveils new integrated network analyzers appeared first on Help Net Security.

Arm debuts eMRAM-enabled test chip and board on Samsung Foundry process technology

At the Samsung Foundry Forum, Arm, in collaboration with Samsung Foundry, Cadence, and Sondrel, demonstrated the first 28nm fully-depleted silicon-on-insulator (FD-SOI) embedded MagnetoResistive Random Access Memory (eMRAM) IoT test chip and development board. The Musca-S1 is designed to offer more choice to IoT designers in their system-on-chip (SoC) development journey. Designers can now easily implement more secure, holistic IoT solutions, enabling them to focus more on core product differentiation and accelerating time-to-market. “The promise of … More

The post Arm debuts eMRAM-enabled test chip and board on Samsung Foundry process technology appeared first on Help Net Security.

MarkLogic adds new features to its Data Hub 5.0 and MarkLogic 10

MarkLogic Corporation, the next generation data platform provider for simplifying data integration, announced Embedded Machine Learning and other features in the latest versions of the enterprise-grade MarkLogic Data Hub 5.0 and the MarkLogic 10 multi-model database. The enhancements make MarkLogic’s full stack offering an unparalleled enterprise solution for integrating, curating, securing, analyzing and acting on business-critical data as MarkLogic pushes the limits of modern data integration. The MarkLogic Data Hub, running in the cloud or … More

The post MarkLogic adds new features to its Data Hub 5.0 and MarkLogic 10 appeared first on Help Net Security.

3 Tips for Protecting Against the New WhatsApp Bug

Messaging apps are a common form of digital communication these days, with Facebook’s WhatsApp being one of the most popular options out there. The communication platform boasts over 1.5 billion users – who now need to immediately update the app due to a new security threat. In fact, WhatsApp just announced a recently discovered security vulnerability that exposes both iOS and Android devices to malicious spyware.

So, how does this cyberthreat work, exactly? Leveraging the new WhatsApp bug, cybercriminals first begin the scheme by calling an innocent user via the app. Regardless of whether the user picks up or not, the attacker can use that phone call to infect the device with malicious spyware. From there, crooks can snoop around the user’s device, likely without the victim’s knowledge.

Fortunately, WhatsApp has already issued a patch that solves for the problem – which means users will fix the bug if they update their app immediately. But that doesn’t mean users shouldn’t still keep security top of mind now and in the future when it comes to messaging apps and the crucial data they contain. With that said, here are a few security steps to follow:

  • Flip on automatic updates. No matter the type of application or platform, it’s always crucial to keep your software up-to-date, as fixes for vulnerabilities are usually included in each new version. Turning on automatic updates will ensure that you are always equipped with the latest security patches.
  • Be selective about what information you share. When chatting with fellow users on WhatsApp and other messaging platforms, it’s important you’re always careful of sharing personal data. Never exchange financial information or crucial personal details over the app, as they can possibly be stolen in the chance your device does become compromised with spyware or other malware.
  • Protect your mobile phones from spyware. To help prevent your device from becoming compromised by malicious software, such as this WhatsApp spyware, be sure to add an extra layer of security to it by leveraging a mobile security solution. With McAfee Mobile Security being available for both iOS and Android, devices of all types will remain protected from cyberthreats.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post 3 Tips for Protecting Against the New WhatsApp Bug appeared first on McAfee Blogs.

Sigma Systems expands its cloud-first strategy with Microsoft Azure

Sigma Systems, the global leader in catalog-driven software, is pleased to announce the expansion of its cloud-first strategy with deployment of its award-winning Create-Sell-Deliver portfolio on Microsoft Azure. With Sigma’s already strong base of cloud customers and a deepening commitment and enhanced integration to Microsoft Dynamics 365, the commitment to Azure further strengthens Sigma’s cloud-first strategy and unlocks new opportunities across multiple industries in collaboration with Microsoft. Tim Spencer, President and CEO, Sigma Systems, commented: … More

The post Sigma Systems expands its cloud-first strategy with Microsoft Azure appeared first on Help Net Security.

The Limitless Possibilities of IoT and Its Shortcomings

Imagine living in a world where smart refrigerators, autonomous driving vehicles, or self-regulated temperature homes are no longer pipe dreams. This type of futuristic society is coming to a life near you through the advent of the Internet of Things (IoT).

This is a technology revolution that has already begun as the IoT market is growing at an explosive rate. To be precise, by the year 2020, the IoT market is expected to become a $457B market with annual growth rates of close to 30%. The assimilation of IoT appliances and devices is a matter of when, not if.

However, what exactly are the benefits of having IoT so closely integrated in our lives, but more importantly, what are the drawbacks? This is what we hope to uncover below.

Refresh My Memory—What is IoT?

IoT describes any device that has the ability to connect to the internet, which opens the doors for unique ways to interact with their devices.

For instance, have you ever wished your car would be able to tell you exactly when to get an oil change or when to replace your tires? How about if your refrigerator could tell you what food items are low in stock and could self-order more for online delivery? These are just simple examples of how IoT could shape and influence our lives moving forward.

We’ve become so accustomed to thinking computers, phones, or TVs are the only products capable of retrieving data from the internet. This just simply isn’t the case anymore.

As more mobile networks continue to grow and provide proper coverage to all users, it’s only inevitable that we begin seeing a diverse range of appliances that can begin connecting to the internet. The next wave of appliances, such as connected/autonomous vehicles, will drive innovation in the future.

How Can IoT Improve Our Lives?

The possibilities are essentially endless when it comes to how IoT can shape our lives. Take, for example, how IoT could improve the efficiency of a simple lightbulb.

In the past, lightbulbs were neither energy efficient and provided no sense of reliability in terms of when they would ultimately burn out. Through IoT advancements, smart light bulbs will now be able to connect to our mobile devices to display its current energy consumption, costs, time to expiration, and remote control capabilities.

IoT could also get as complicated as planning entire smart city infrastructure, such as driverless public transportation systems, efficient means of urban water usage, safer pedestrian traffic monitoring, or incredibly energy efficient buildings.

Singapore is actually one of the leaders in the smart city adoption market and hopes to become one of the world’s first complete smart nations. One of their top priorities is to make transportation fast, safe, and more efficient to cater to its needs as a major global business hub.

Singapore plans to feature fully autonomous vehicles and buses by 2022. This coupled with IoT powered traffic sensors, radars, and state of the art cameras will make Singapore one of the safest public infrastructures in the world for its everyday citizens.

Although the potential for IoT is limitless, so too are its possible drawbacks. Here is a quick examination of some of the major hurdles that the IoT industry must overcome in order to fully maximize its effectiveness.

With Great Power Comes Great Responsibility

Although IoT technologies can help our lives in many ways, there could be some roadblocks, such as privacy and security concerns, that need to be sorted out in order to achieve proper mass adoption.

5g networks mobile device


As with any sort of device connected to the internet, speed will always be a constant worry on the back of users’ minds.

Latency could play a major role in the slow initial rollout of city wide IoT initiatives due to the need to be constantly connected to the internet with enormous needs for always-on data. At this current rate, we’d be hard pressed to have autonomous public buses drive through inclement weather through 4G technology. The need for faster and more stable connections will be a must.

A lot of these concerns could be alleviated with the launch of 5G networks, but 5G rollout will be quite slow, especially with the concern that its wave range will be much shorter than 4G/LTE range capabilities.


A few years back, one of the hottest concepts coming out of the IoT field was the potential for connected cars of the future. By having internet ready vehicles, drivers would be able to automatically detect when to get their oil changed, whether their airbags are fully engaged and properly working, remotely control their vehicles through a mobile phone, etc.

However, one huge oversight with this concept was the fact that leaving an automobile exposed over the internet was begging hackers to take control of users’ vehicles. This instantly made automobiles one of the most sought after hacking targets of cyber criminals around the world.

Hackers could, in effect, perform a hostile remote takeover of your vehicle to cut your brakes whenever they pleased, blast the heat during hot summer days, lock you out of your car, etc.

Since then, it has become apparent that connected cars must be properly secured, but this certainly was not an area of expertise of car manufacturers. Security for connected cars is still a visible problem today since most of the data is exchanged via different communications protocols as a basic website or mobile network.

The challenge will be finding solutions that can effectively protect the communications protocols for a wide array of IoT appliances, such as automobiles, traffic lights, refrigerators, etc., which is why Cloudbric is one solution that is looking to integrate cybersecurity across a wide array of protocols to help bring forth a more safer and connected future.

privacy internet of things


Another major hurdle of IoT will simply be the idea of having so many connected devices in our everyday lives. Living in a society where every electronic device or appliance is constantly monitoring your usage and data can be quite unsettling for some people who place a high importance on personal privacy. This can lead to issues such as corporate surveillance and having companies too closely integrated into our lives.

In order for IoT applications and technology to fully take off, manufacturers and governmental institutions need to prove to the public the actual merits of IoT and how this will better the lives of everyone involved. Rolling out innovative technology that is not fully vetted for security or could lead to potential data leaks would be a disaster that would take takes to recover from.

Furthermore, the concept of running a smart city or nation would be asking users to give up a portion of their personal privacy without their knowledge or consent. This is simply recording the actions and habits of a city’s co-inhabitants without their permission. Major IoT players need to come up with strategies that help ease this concern in order for IoT to become a mainstay.

The upcoming IoT wave is inevitable, which can present the world with many benefits that we could have only dreamed were possible in the past. The key hurdle here is that companies need to fully prepare for the obvious issues that reside (security, speed, and privacy) and also simultaneously gear up for potentially unknown issues that may arise (failure of critical IoT systems leading to potential accidents). By having proper protocols in place for now and for the future, it is safe to assume that IoT technology will certainly be the way of the future.

Make sure to follow us on our social media platforms (LinkedInTwitter, and Facebook) and our recently opened Telegram Announcement Channel for the latest updates!

The post The Limitless Possibilities of IoT and Its Shortcomings appeared first on Cloudbric.

Alcide launches continuous security and hygiene scanner for Kubernetes and Istio

Alcide, the cloud-native network security leader empowering DevSecOps with code-to-production continuous security for workloads running on Kubernetes, announced the release of Alcide Advisor. Alcide Advisor is a continuous security & hygiene scanner for Kubernetes & Istio, which automatically scans for the widest range of compliance, security and governance risks and vulnerabilities. Already deployed in numerous customer environments, and fully integrated with the CI/CD pipeline, it empowers engineering teams to maintain engineering motion and quickly identify … More

The post Alcide launches continuous security and hygiene scanner for Kubernetes and Istio appeared first on Help Net Security.

Syncsort and Snowflake to support growing demand for advanced cloud analytics

Syncsort, the global leader in Big Iron to Big Data software, announced seamless data integration with Snowflake, provider of the only data warehouse built for the cloud. The new integration will enable mutual customers to access, transform and deliver critical customer and financial data from the mainframe to Snowflake for advanced analytics. As the system of record for many large organizations, mainframe data provides key insights that support top business use cases such as new … More

The post Syncsort and Snowflake to support growing demand for advanced cloud analytics appeared first on Help Net Security.

TELUS completes successful testing of Neustar’s STIR/SHAKEN solution

Neustar, a trusted, neutral provider of real-time information services, and TELUS, one of Canada’s largest telecommunications companies, announced a successfully completed test of Neustar’s Certified Caller software suite deployed in TELUS’s NFV lab environment to authenticate and verify calls using the STIR/SHAKEN protocol. This significant milestone supports the Canadian Radio-Television and Telecommunications Commission (CRTC) request of telecommunications service providers to deploy caller ID authentication and verification for voice over internet (VoIP) calls to reduce illegal … More

The post TELUS completes successful testing of Neustar’s STIR/SHAKEN solution appeared first on Help Net Security.

The Sad State of New Zealand’s Cyber Attack Readiness

The New Zealand Financial Innovation & Technology Association (FinTechNZ), a financial-technology organization has exposed the alarming situation of companies based on New Zealand, only around 6% have a reasonable level of cybersecurity defense infrastructure and readiness in place. Such level is very low considering the number of multinational companies having a local branch office in New Zealand and the eagerness of the government to comply with its internal IT security arrangements for both itself and businesses operating within the country’s territory.

“We need to increase protection against attacks, especially bearing in mind that more than 90 percent of New Zealand companies are small businesses. New Zealand is not exempt from major cyber-attacks which could impinge on the economy and livelihood as a nation. We need to understand the multi-dimensional nature of cyber threats and key issues that government and private sector face,” explained James Brown, FintechNZ’s General Manager.

New Zealand’s NCSC has observed at least 347 cases of cybersecurity breaches and cyber attacks from their latest record dated July 2017 to June 2018, with a majority of which were not perpetrated by professional private hacking groups, but rather hacking groups allegedly funded by rogue states.

“Cyber risks are a borderless challenge and we can always improve on national preparedness in our cyber-attack strategy. We want to ensure the cybersecurity of our national infrastructures, our businesses and people. Cyber-crime is rising and is increasingly being identified as a top threat to New Zealand, as criminals, rogue nations and others in the darknet seek to strike and disrupt at any moment. The tech sector epitomises Kiwi ingenuity and entrepreneurial flair. With exports amounting to nearly $7 billion and total revenue predicted exceeding $10 billion in 2017, the industry is an integral part of the New Zealand economy,” concluded Brown.

Unlike the nuclear arms race during the early cold war to the late ’90s, cyberwarfare is raging for quite a while now between states without the knowledge of an ordinary person. Also known as cyber espionage and digital hijacking, various countries involved with cyber warfare have their own goals in mind, hence very difficult to read why they are doing it against other nations.

Also, Read:

Cyber Attacks Stopped By An Israeli Bomb

How to Protect Yourself from Online Cyber Attacks at Work

Yet Again! Cyber Attack on Toyota Car Maker

Australia’s Election Proposal To Combat Cyber Attack

1 Million Swiss Devices Victim Of Cyber Attack



The post The Sad State of New Zealand’s Cyber Attack Readiness appeared first on .

Mastercard’s new API based digital platform integrates fintech solutions and Mastercard capabilities

Mastercard introduced the Mastercard Innovation Engine, an API based digital platform that enables issuers and merchants a simplified path to rapidly deploying digital capabilities and experiences to their customers. The plug-and-play platform seamlessly brings together Mastercard assets and financial-technology services to deliver unique and digitally integrated solutions and consumer experiences through a single connection. The platform facilitates collaboration and drive continuous innovation across the ecosystem. “Consumer expectations are changing rapidly and as a result we … More

The post Mastercard’s new API based digital platform integrates fintech solutions and Mastercard capabilities appeared first on Help Net Security.

A Tough Week for IP Address Scammers

In the early days of the Internet, there was a period when Internet Protocol version 4 (IPv4) addresses (e.g. were given out like cotton candy to anyone who asked. But these days companies are queuing up to obtain new IP space from the various regional registries that periodically dole out the prized digits. With the value of a single IP hovering between $15-$25, those registries are now fighting a wave of shady brokers who specialize in securing new IP address blocks under false pretenses and then reselling to spammers. Here’s the story of one broker who fought back in the courts, and lost spectacularly.

On May 14, South Carolina U.S. Attorney Sherri Lydon filed criminal wire fraud charges against Amir Golestan, alleging he and his Charleston, S.C. based company Micfo LLC orchestrated an elaborate network of phony companies and aliases to secure more than 735,000 IPs from the American Registry for Internet Numbers (ARIN), a nonprofit which oversees IP addresses assigned to entities in the U.S., Canada, and parts of the Caribbean.

Interestingly, Micfo itself set this process in motion late last year when it sued ARIN. In December 2018, Micfo’s attorneys asked a federal court in Virginia to issue a temporary restraining order against ARIN, which had already told the company about its discovery of the phony front companies and was threatening to revoke some 735,000 IP addresses. That is, unless Micfo agreed to provide more information about its operations and customers.

At the time, many of the IP address blocks assigned to Micfo had been freshly resold to spammers. Micfo ultimately declined to provide ARIN the requested information, and as a result the court denied Micfo’s request (the transcript of that hearing is instructive and amusing).

But by virtue of the contract Micfo signed with ARIN, any further dispute had to be settled via arbitration. On May 13, that arbitration panel ordered Micfo to pay $350,000 for ARIN’s legal fees and to cough up any of those 735,000 IPs the company hadn’t already sold.

According to the criminal indictment in South Carolina, in 2017 and 2018 Golestan sold IP addresses using a third party broker:

“Golestan sold 65,536 IPv4 addresses for $13 each, for a total of $851,896,” the indictment alleges. “Golestan also organized a second transaction for another 65,536 IP addresses, for another approximately $1 million. During this same time period, Golestan had a contract to sell 327,680 IP addresses at $19 per address, for a total of $6.22 million” [this last transaction would be blocked.]

The various front companies alleged to have been run by Micfo and Amir Golestan.

Mr. Golestan could not be immediately reached for comment. Golestan’s attorney in Micfo’s lawsuit against ARIN declined to comment on either the criminal charges or the arbitration outcome. Calls to nearly a dozen of the front companies named in the dispute mostly just rang and rang with no answer, or went to voicemail boxes that were full.

Stephen Ryan is a Washington, D.C.-based attorney who represented ARIN in the dispute filed by Micfo. Ryan said this was the first time ARIN’s decision to revoke IP address space resulted in a court battle — let alone arbitration.

“We have revoked addresses for fraud before, but that hasn’t previously resulted in litigation,” Ryan said. “The interesting thing here is that they litigated this for five months.”

According to a press release by ARIN, “Micfo obtained and utilized 11 shelf companies across the United States, and intentionally created false aliases purporting to be officers of those companies, to induce ARIN into issuing the fraudulently sought IPv4 resources and approving related transfers and reassignments of these addresses. The defrauding party was monetizing the assets obtained in the transfer market, and obtained resources under ARIN’s waiting list process.”

“This was an elaborate operation,” said Ryan, a former federal prosecutor. “All eleven of these front companies for Micfo are still up on the Web, where you see all these wonderful people who allegedly work there. And meanwhile we were receiving notarized affidavits in the names of people that were false. It made it much more interesting to do this case because it created 11 states where they’d violated the law.”

The criminal complaint against Golestan and Micfo (PDF) includes 20 counts of wire fraud associated with the phony companies allegedly set up by Micfo.

John Levine, author of The Internet for Dummies and a member of the security and stability advisory committee at ICANN, said ARIN does not exactly have a strong reputation for going after the myriad IP address scammers allegedly operating in a similar fashion as Micfo.

“It is definitely the case that for a long time ARIN has not been very aggressive about checking the validity of IP address applications and transfers, and now it seems they are somewhat better than they used to be,” Levine said. “A lot of people have been frustrated that ARIN doesn’t act more like a regulator in this space. Given how increasingly valuable IPv4 space is, ARIN has to be more vigilant because the incentive for crooks to do this kind of thing is very high.”

Asked if ARIN would have the stomach and budget to continue the fight if other IP address scammers fight back in a similar way, Ryan said ARIN would not back down from the challenge.

“If we find a scheme or artifice to defraud and it’s a substantial number of addresses and its egregious fraud, then yes, we have a reserve set aside for litigation and we can and will use it for cases like this,” Ryan said, adding that he’d welcome anyone with evidence of similar schemes to come forward. “But a better strategy is not to issue it and never have to go back and revoke it, and we’re good at that now.”

SAP Security Patch Day for May 2019 fixes many missing authorization checks

SAP released SAP Security Patch Day for May 2019 that includes 8 Security Notes, 5 of which are updates to previously released Notes.

Five Security Notes included in SAP Security Patch Day for May 2019 addressed missing authorization checks in SAP products, including Treasury and Risk Management, Solution Manager and ABAP managed systems, dbpool administration, and Enterprise Financial Services. 

“Today, being the second Tuesday of the month, SAP released May’s Security Notes. This month, there are no critical or Hot News notes published, but there are three High Priority Notes, as well as two other SAP Security Notes affecting SAP Solution Manager (reported by the Onapsis Research Labs).” reads a blog post published by SAP security firm Onapsis. “This month, 50% of the patches are Missing Authorization Checks, which is higher than the average 15%. Even though this is one of the most common vulnerabilities in SAP software.”

SAP Security Patch Day May 2019

SAP also released five Security Notes to address information disclosure vulnerabilities in several products, including BusinessObjects and Solution Manager. 

The Security Note is related to a privilege escalation issue (CVE-2019-0301) in SAP Identity Management REST Interface Version, this is the only Note rated as High priority, while the remaining 12 are rated Medium.

“Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing.” reads the security advisory for the CVE-2019-0301.

This is the most severe flaw, it received a CVSS score of 8.4.

Two flaws received a CVSS score of 6.3, they are an information disclosure in BusinessObjects business intelligence platform (CVE-2019-0287), and a missing authorization check in Treasury and Risk Management (CVE-2019-0280).

SAP published updates for Security Notes released in October 2009, September 2010, December 2010, and March 2013.

“A total of 11 Security Notes were published in May and an additional three in late April after last month’s Patch Tuesday, represented in these types: Missing Authorization Checks (the most common type of vulnerability in SAP software), Information Disclosure, Cross-Site Scripting (XSS) and Privilege Escalation.” adds Onapsis.

Pierluigi Paganini

(SecurityAffairs – SAP Security Patch Day for May 2019)

The post SAP Security Patch Day for May 2019 fixes many missing authorization checks appeared first on Security Affairs.

Privacy Intelligence News & Insights: CCPA Amendments Overview

State Legislators continue to consider amendments to the California Consumer Privacy Act amidst uncertainty over how companies will meet the requirements, which go into effect January 1, 2020. Late last month six bills were advanced in the California Assembly that would greatly impact the force and effect of the CCPA as it was enacted almost a year ago. On April 23, 2019, the Privacy and Consumer Protection Committee passed these industry-backed amendments: AB 25, Chau: Expressly excludes contractors, agents, and job applicants from the definition of employees, to the extent their personal information is used for purposes compatible with that … Continue reading Privacy Intelligence News & Insights: CCPA Amendments Overview

The post Privacy Intelligence News & Insights: CCPA Amendments Overview appeared first on TrustArc Blog.

WhatsApp Vulnerability Fixed

WhatsApp fixed a devastating vulnerability that allowed someone to remotely hack a phone by initiating a WhatsApp voice call. The recipient didn't even have to answer the call.

The Israeli cyber-arms manufacturer NSO Group is believed to be behind the exploit, but of course there is no definitive proof.

If you use WhatsApp, update your app immediately.

Feds Break Up Major SIM-Hijacking Ring

The U.S. Department of Justice announced that it has arrested and charged members of a major cybercriminal ring in connection with $2.4 million worth of wire fraud and identity theft.

The hacking group, called “The Community” primarily used social engineering (trickery) and SIM card hijacking to steal funds and cryptocurrency from their victims.

SIM swapping or hijacking is an attack that often deploys personal information gleaned from other sources (such as social engineering) to authenticate a fraudster to a mobile phone company. Once authenticated, the mobile phone number of the target victim is moved to the criminal’s phone. Possession of the target’s phone number allows the criminal to access calls and texts intended for the target, therefore making it possible to bypass his or her 2-Factor authentication and thus gain access to the victim’s financial accounts.

Members of The Community face charges of wire fraud and aggravated identity theft. Three former mobile provider employees are also charged with accepting bribes to facilitate SIM-card hijacks for the group.

Read more about the story here.




The post Feds Break Up Major SIM-Hijacking Ring appeared first on Adam Levin.

TrustArc at IAPP Global Privacy Summit 2019: Event Recap

TrustArc had the pleasure of sponsoring, speaking and exhibiting at IAPP Global Privacy Summit 2019 this month in Washington D.C. With over 4,000 attendees, 300 sessions and 60 exhibitors, the Summit was buzzing with hundreds of privacy professionals, many of whom traveled to the D.C. Summit from all corners of the globe. This year’s Summit was the perfect setting for privacy-related education, guidance, inspiration and connections that spotlighted the big picture of data protection. TrustArc SVP Product Management, Michael Lin, took over the Little Big Stage on Thursday morning to discuss how businesses use the TrustArc Platform to automate and … Continue reading TrustArc at IAPP Global Privacy Summit 2019: Event Recap

The post TrustArc at IAPP Global Privacy Summit 2019: Event Recap appeared first on TrustArc Blog.

Companies’ Stock Value Dropped 7.5% after Data Breaches

Companies' Stock Value Dropped 7.5% after Data Breaches

After analyzing the top three breaches from the past three years, Bitglass found that in the aftermath of a data breach, a decrease in stock price was a notable repercussion identifiable for publicly traded companies.

The report, Kings of the Monster Breaches, identified the extensive damage done by improper security by looking specifically at the Marriott breach of 2018, the Equifax breach of 2017 and the Yahoo! breach of 2016. These top three breaches had a widespread impact on individuals, with a reported mean number of 257 million individuals directly affected by each breach.  

Research also showed that these breaches have cost an average of $347 million in legal fees, penalties and remediation costs. “Marriott uncovered the breach while seeking GDPR compliance; the company is now being fined $912 million under the regulation,” the report said.

The top breaches resulted from outside attackers employing phishing campaigns, using malware or exploiting technical vulnerabilities, which was the case for Equifax. “Through this vulnerability, hackers were able to access sensitive data such as Social Security numbers, credit card numbers, full names, dates of birth, and home addresses. It took roughly two months for the breach to be discovered. The company’s CSO, Susan Mauldin, and CIO, David Webb, retired immediately after the security lapse had been announced,” according to the report.

Publicly traded companies suffered an average drop of 7.5% in their stock values and a mean market cap loss of $5.4 billion per company, and it reportedly took 46 days, on average, for those stock prices to return to their pre-breach levels. To date, the stock price of Equifax has not yet recovered.

"The largest breaches over the past three years have caused massive and irreparable damage to large enterprises and their stakeholders around the globe," said Rich Campagna, chief marketing officer of Bitglass.

"This should serve as a stark warning to organizations everywhere. If massive companies with seemingly endless resources are falling victim to external attacks, then companies of all sizes must remain vigilant in their cybersecurity efforts. It is only by taking a proactive approach to security that breaches can be prevented and data can truly be kept safe.”

IT Decision-Makers Willing to Share Threat Intel

IT Decision-Makers Willing to Share Threat Intel

The sharing mentality is starting to take hold across the cybersecurity industry, with the vast majority of security decision-makers confessing that they would be willing to share threat intelligence, according to a new publication by IronNet.

The report, Collective Offense Calls for Collective Defense: A Reality Check for Cybersecurity Decision Makers, surveyed 200 U.S. security IT decision-makers. Of those, 94% stated that their organization would be willing to increase the level of threat sharing with their industry peers if it demonstrably improved their ability to detect threats.

Additionally, 92% of respondents said they would even increase threat sharing with the government if it meant the government could use political, economic, cyber, or other national-level capabilities to deter cyber-attacks, the report said.

As nation-state attacks become more prevalent, threat actors are collaborating on techniques to make their attacks more profitable, leaving individual security teams to defend themselves against a collective offense.

The report also found that organizations are suffering an average of one cybersecurity incident every three months, with 80% saying the incident was so severe that it required C-level and/or board meetings afterward.

“Despite most IT decision makers’ reported confidence that their cybersecurity capabilities are advanced and in better shape than others in their industry (55%), they nonetheless experienced an average of four attacks on their organization over a 12 month period, with 20% of respondents being hit six or more times,” the report said.

“Organizations are increasingly grasping the need for better threat information sharing. Half of decision makers surveyed noted that their threat sharing tool could be improved upon, and 46% identified a need for enhanced sharing of cyber attacker tools, tactics, and procedures (TTP) and faster sharing of raw intelligence at network speed. The lack of such protections magnified the damage from recent attacks like Hydro Norsk, NotPetya, and others that quickly spread from company to company and could have been mitigated by better collective defense.”

Boost Mobile Alerts Customers of Security Incident

Boost Mobile Alerts Customers of Security Incident

Customers of Boost Mobile are being urged to change their passwords and PINs after the company announced that it detected unauthorized activity from a third party.

“On March 14, 2019, Boost.com experienced unauthorized online account activity in which an unauthorized person accessed your account through your Boost phone number and Boost.com PIN code,” the notice of a security incident said.

“The Boost Mobile fraud team discovered the incident and was able to implement a permanent solution to prevent similar unauthorized account activity.”

Attackers using compromised credentials accounted for 29% of data breaches, according to Verizon’s 2019 Data Breach Investigation Report. The unauthorized access at Boost Mobile is what Byron Rashed, VP of marketing, Centripetal, called a classic example of a series of events that enables threat actors to infiltrate networks and exfiltrate customer data and/or personally identifiable information.

Usually, a compromised credential from a third-party breach starts the process. The threat actor can use various unsophisticated/sophisticated techniques to either obtain a password or crack a hashed password. Once an account is compromised, the threat actor can find a way into the network and access various databases,” Rashed said.

“The credentials can be a typical customer/user and/or an admin that has network access. Threat actors can leverage various tools and social media to find out information on users/admins and obtain a password (such as the names of spouses, children, pets, etc.) and try different combinations using automated tools.”

In addition to urging customers to follow the security strategies set forth by the Federal Trade Commission, Boost Mobile sent temporary PIN code via text message, reminding customers to avoid combinations such as "1234" or "0000."

“The best defense against attackers using stolen credentials is to use a password that is unique with various characters and one that does not contain anything that is specific to the individual as noted,” Rashed added.

“On the network defense side, shielding against known IPs, domains, and other sources is critical. Most breaches come from known sources. To shield these sources from the onset greatly increases the organization’s security posture.”

How do you retaliate against a WhatsApp attack? | James O’Malley

Cyberwarfare is on the march, but there is nothing in the Geneva conventions to cover it

We don’t yet know for sure who used Israeli company NSO’s software to hack WhatsApp users – the messaging service’s parent company Facebook has said only that the culprit is an “advanced cyber actor” – but all signs point to it being a government. According to one analysis, NSO has 45 governments as clients including, amazingly, Saudi Arabia and the United Arab Emirates, even though officially these states don’t recognise Israel.

Whoever the culprit, the WhatsApp attack will surely be added to a long list of state-backed attacks that includes Russia’s 2015 takedown of Ukraine’s power grid, China’s persistent intellectual property thefts and North Korea’s attack on Sony Pictures over the film The Interview. And yes, the west does it too – the United States used a cyber-weapon to take down Iran’s nuclear programme in 2010 – the so-called Stuxnet attack.

Related: WhatsApp spyware attack was attempt to hack human rights data, says lawyer

Related: The Guardian view on hacking: a dangerous arms trade | Editorial

Continue reading...

Advisory: Security Issue with Bluetooth Low Energy (BLE) Titan Security Keys

We’ve become aware of an issue that affects the Bluetooth Low Energy (BLE) version of the Titan Security Key available in the U.S. and are providing users with the immediate steps they need to take to protect themselves and to receive a free replacement key. This bug affects Bluetooth pairing only, so non-Bluetooth security keys are not affected. Current users of Bluetooth Titan Security Keys should continue to use their existing keys while waiting for a replacement, since security keys provide the strongest protection against phishing.

What is the security issue?

Due to a misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols, it is possible for an attacker who is physically close to you at the moment you use your security key -- within approximately 30 feet -- to (a) communicate with your security key, or (b) communicate with the device to which your key is paired. In order for the misconfiguration to be exploited, an attacker would have to align a series of events in close coordination:

  • When you’re trying to sign into an account on your device, you are normally asked to press the button on your BLE security key to activate it. An attacker in close physical proximity at that moment in time can potentially connect their own device to your affected security key before your own device connects. In this set of circumstances, the attacker could sign into your account using their own device if the attacker somehow already obtained your username and password and could time these events exactly.
  • Before you can use your security key, it must be paired to your device. Once paired, an attacker in close physical proximity to you could use their device to masquerade as your affected security key and connect to your device at the moment you are asked to press the button on your key. After that, they could attempt to change their device to appear as a Bluetooth keyboard or mouse and potentially take actions on your device.

This security issue does not affect the primary purpose of security keys, which is to protect you against phishing by a remote attacker. Security keys remain the strongest available protection against phishing; it is still safer to use a key that has this issue, rather than turning off security key-based two-step verification (2SV) on your Google Account or downgrading to less phishing-resistant methods (e.g. SMS codes or prompts sent to your device). This local proximity Bluetooth issue does not affect USB or NFC security keys.

Am I affected?

This issue affects the BLE version of Titan Security Keys. To determine if your key is affected, check the back of the key. If it has a “T1” or “T2” on the back of the key, your key is affected by the issue and is eligible for free replacement.

Steps to protect yourself

If you want to minimize the remaining risk until you receive your replacement keys, you can perform the following additional steps:

iOS devices:

On devices running iOS version 12.2 or earlier, we recommend using your affected security key in a private place where a potential attacker is not within close physical proximity (approximately 30 feet). After you’ve used your key to sign into your Google Account on your device, immediately unpair it. You can use your key in this manner again while waiting for your replacement, until you update to iOS 12.3.

Once you update to iOS 12.3, your affected security key will no longer work. You will not be able to use your affected key to sign into your Google Account, or any other account protected by the key, and you will need to order a replacement key. If you are already signed into your Google Account on your iOS device, do not sign out because you won’t be able to sign in again until you get a new key. If you are locked out of your Google Account on your iOS device before your replacement key arrives, see these instructions for getting back into your account. Note that you can continue to sign into your Google Account on non-iOS devices.

On Android and other devices:

We recommend using your affected security key in a private place where a potential attacker is not within close physical proximity (approximately 30 feet). After you’ve used your affected security key to sign into your Google Account, immediately unpair it. Android devices updated with the upcoming June 2019 Security Patch Level (SPL) and beyond will automatically unpair affected Bluetooth devices, so you won’t need to unpair manually. You can also continue to use your USB or NFC security keys, which are supported on Android and not affected by this issue.

How to get a replacement key

We recommend that everyone with an affected BLE Titan Security Key get a free replacement by visiting google.com/replacemykey.

Is it still safe to use my affected BLE Titan Security Key?

It is much safer to use the affected key instead of no key at all. Security keys are the strongest protection against phishing currently available.

Announcing the all new Attack Surface Analyzer 2.0

Few of us know what is really happening on our systems when we install new software from new or untrusted sources. This is important because most installation processes require elevated privileges, which can lead to undesired system configuration changes. Knowing what changes have been made is vital to maintaining the security of your system, data, and networks. Identifying those changes can be challenging and time consuming without a little help.

The classic Attack Surface Analyzer 1.0 was released in 2012 to help software developers and IT professionals identify changes made to Windows operating systems during application installations. This year, we decided to rewrite the tool to take advantage of modern, cross-platform technologies like .NET Core and Electron. Attack Surface Analyzer 2.0 now runs on Windows, Linux, and macOS and is available as an open source project on GitHub.

Attack Surface Analyzer 2.0 can help you identify potential security risks introduced by changes to an operating system’s security configuration by identifying changes in key areas, including:

  • File System
  • User Accounts
  • System Services
  • Network Ports (listeners)
  • System Certificate Stores
  • Windows Registry

This tool can play an important role in ensuring that the software you develop or deploy doesn’t adversely affect the operating system security configuration by allowing you to scan for specific types of changes.

Results from the comparison analysis feature highlight relevant changes, which can be easily viewed or exported.

The tool includes both Electron and command line interface options. Results for the command line use option are written to a local HTML or JSON file, making it easy to include as part of your automated toolchain.

Detecting these types of changes can be error prone and time consuming. Attack Surface Analyzer 2.0 helps make it easy.

We look forward to your comments, ideas, and contributions for improving this tool. To learn more about Attack Surface Analyzer 2.0, please visit our GitHub project page at github.com/Microsoft/AttackSurfaceAnalyzer.

The post Announcing the all new Attack Surface Analyzer 2.0 appeared first on Microsoft Security.

Apple’s Secure iOS Enclave, Too Secure To Secure

The very secrecy of Apple with the overall infrastructure of iOS devices, especially the iPhone is both its strength and weakness when it comes to security and privacy. Hackercombat.com reported yesterday that the WhatsApp Spyware is wreaking havoc for 1.5 billion WhatsApp users on both iOS and Android platforms. The openness of Android was blamed for the proliferation of malware for a decade now, but the same trait gives Google an easier time to make quick adjustments to its Google Play Protect, Android’s built-in antimalware system.

With the demise of Blackberry devices as the official government smartphone, vulnerable iOS devices took over. An installed old version of WhatsApp instance on an iPhone basically turns the device into a prolific cyber espionage device. Apple has boasted that their iOS devices, more particularly the iPhone uses a secure enclave, it is a locked-down device out-of-the-box. The problem there is it is too locked down to a point that there is no way for users to determine that their device is already spying on their activities of using the iPhone.

“To exacerbate the situation, payloads are often tested and perfected for weeks or more before deployment, thus ensuring a high chance of exploitation, and, inversely, a low chance of detection—especially in the case of ‘0 click’ attacks requiring no user interaction,” said Jonathan Levin, iOS independent researcher.

This is due to the lack of documentation of how the secure enclave actually work against the interest of users to scan the device for infections. In fact, Apple has banned any form of antivirus app in the App Store, and even if that becomes a possibility in the future, the architecture stops any apps from touching the secure enclave that Apple created. The WhatsApp spyware episode is an eye-opener for the industry, with Android being a much easier platform to have mitigation methods from the get-go, until Google issues a patch.

“The simple reality is there are so many 0-day exploits for iOS. And the only reason why just a few attacks have been caught in the wild is that iOS phones by design hinder defenders to inspect the phones,” explained Stefan Esser, a cybersecurity researcher.

All an iOS device user can do is to launch the App Store, hoping that the vulnerable app has an update from the developer. There is no mitigation method a user can do in order to prevent cyber espionage, as iOS devices prohibit low-level access to the device. Users cannot even download a specialized app to “monitor” the operations of the phone and issue a status report, as such app requires low-level access to the hardware that the iOS devices prohibit.

“These security controls have made mobile devices extremely difficult to inspect, especially remotely, and particularly for those of us working in human rights organizations lacking access to adequate forensics technology. Because of this, we are rarely able to confirm infections of those who we even already suspect being targeted. Quite frankly, we are on the losing side of a disheartening asymmetry of capabilities that favors attackers over us, defenders,” emphasized Claudio Guarnieri, Amnesty International’s Technologist.

Source: https://www.vice.com/en_us/article/pajkkz/its-almost-impossible-to-tell-if-iphone-has-been-hacked

Related Resources:

Apple’s iOS 12 is all about Security

Twitter Bug Carelessly Shared Location Data of Some iOS Users

Apple ID and Password may not be secure for iOS phishing

The post Apple’s Secure iOS Enclave, Too Secure To Secure appeared first on .

WhatsApp Compromised by Spyware

WhatsApp disclosed a major security vulnerability that allowed hackers to remotely install spyware on mobile devices.

The vulnerability, discovered earlier this month, allowed third parties to see and intercept encrypted communications. The spyware deployed has been traced back to NSO Group, an Israeli cyber company alleged to have enabled Middle East governments to surveil its citizens.

“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” WhatsApp announced in a statement.

NSO Group has denied involvement.

“Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies,” the company said in a press release.

WhatsApp, which is owned by Facebook, has released a patch to fix the vulnerability and urges all users to update as soon as possible.

“Given the limited information we collect, it is hard for us to say with certainty the impact to specific users,” WhatsApp said in a statement. “Out of an abundance of caution we are encouraging all users to update WhatsApp as well as keep their mobile OS up to date.”

The post WhatsApp Compromised by Spyware appeared first on Adam Levin.

Cloud 101: Navigating the Top 5 Cloud Management Challenges

Cloud management is a critical topic that organizations are looking at to simplify operations, increase IT efficiency, and reduce costs. Although cloud adoption has risen in the past few years, some organizations aren’t seeing the results they’d envisioned. That’s why we’re sharing a few of the top cloud management challenges enterprises need to be cautious of and how to overcome them.

Cloud Management Challenge #1: Security

Given the overall trend toward migrating resources to the cloud, a rise in security threats shouldn’t be surprising. Per our latest Cloud Risk and Adoption Report, the average enterprise organization experiences 31.3 cloud related security threats each month—a 27.7% increase over the same period last year. Broken down by category, these include insider threats (both accidental and malicious), privileged user threats, and threats arising from potentially compromised accounts.

To mitigate these types of cloud threats and risks, we have a few recommendations to better protect your business. Start with auditing your Amazon Web Services, Microsoft Azure, Google Cloud Platform, or other IaaS/PaaS configurations to get ahead of misconfigurations before they open a hole in the integrity of your security posture. Second, it’s important to understand which cloud services hold most of your sensitive data. Once that’s determined, extend data loss prevention (DLP) policies to those services, or build them in the cloud if you don’t already have a DLP practice. Right along with controlling the data itself goes controlling who the data can go to, so lock down sharing where your sensitive data lives.

Cloud Management Challenge #2: Governance

Many companies deploy cloud systems without an adequate governance plan, which increases the risk of security breaches and inefficiency. Lack of data governance may result in a serious financial loss, and failing to protect sensitive data could result in a data breach.

Cloud management and cloud governance are often interlinked. Keeping track of your cloud infrastructure is essential. Governance and infrastructure planning can help mitigate certain infrastructure risks, therefore, automated cloud discovery and governance tools will help your business safeguard operations.

Cloud Management Challenge #3: Proficiency

You may also be faced with the challenge of ensuring that IT employees have the proper expertise to manage their services in a cloud environment. You may need to decide to either hire a new team that is already familiar with cloud environments or train your existing staff.

In the end, training your existing staff is less expensive, scalable, and faster. Knowledge is key when transforming your business and shifting your operational model to the cloud. Accept the challenge and train your employees, give them hands-on time, and get them properly certified. For security professionals, the Cloud Security Alliance is a great place to start for training programs.

Cloud Management Challenge #4: Performance

Enterprises are continually looking for ways to improve their application performance, and internal/external SLAs. However, even in the cloud, they may not immediately achieve these benefits. Cloud performance is complex and if you’re having performance issues it’s important to look at a variety of issues that could be occurring in your environment.

How should you approach finding and fixing the root causes of cloud performance issues? Check your infrastructure and the applications themselves. Examine the applications you ported over from on-premises data centers, and evaluate whether newer, cloud technologies such as containers or serverless computing could replace some of your application components and improve performance. Also, evaluate multiple cloud providers for your application or infrastructure needs, as each have their own offerings and geographic distribution.

Cloud Management Challenge #5: Cost

Managing cloud costs can be a challenge, but in general, migrating to the cloud offers companies enormous savings. We see organizations investing more dollars in the cloud to bring greater flexibility to their enterprise, allowing them to quickly and efficiently react to the changing market conditions. Organizations are moving more of their services to the cloud, which is resulting in higher spend with cloud service providers.

Shifting IT cost from on-premises to the cloud on its own is not the challenge – it is the unmonitored sprawl of cloud resources that typically spikes cost for organizations. Managing your cloud costs can be simple if you effectively monitor use. With visibility into unsanctioned, “Shadow” cloud use, your organization can find the areas where there is unnecessary waste of resources. By auditing your cloud usage, you may even determine new ways to manage cost, such as re-architecting your workloads using a PaaS architecture, which may be more cost-effective.

Final Thoughts

Migrating to the cloud is a challenge but can bring a wide range of benefits to your organization with a reduction in costs, unlimited scalability, improved security, and overall a faster business model. These days, everyone is in the cloud but that doesn’t mean your business’s success should be hindered by the common challenges of cloud management.

For more on how to secure your cloud environment, check out McAfee MVISION Cloud, a cloud access security broker (CASB) that protects data where it lives with a solution that was built natively in the cloud, for the cloud.


The post Cloud 101: Navigating the Top 5 Cloud Management Challenges appeared first on McAfee Blogs.

Cloud Services in the Crosshairs of Cybercrime

Reading Time: ~3 min.

It’s a familiar story in tech: new technologies and shifting preferences raise new security challenges. One of the most pressing challenges today involves monitoring and securing all of the applications and data currently undergoing a mass migration to public and private cloud platforms.

Malicious actors are motivated to compromise and control cloud-hosted resources because they can gain access to significant computing power through this attack vector. These resources can then be exploited for a number of criminal money-making schemes, including cryptomining, DDoS extortion, ransomware and phishing campaigns, spam relay, and for issuing botnet command-and-control instructions. For these reasons—and because so much critical and sensitive data is migrating to cloud platforms—it’s essential that talented and well-resourced security teams focus their efforts on cloud security.

The cybersecurity risks associated with cloud infrastructure generally mirror the risks that have been facing businesses online for years: malware, phishing, etc. A common misconception is that compromised cloud services have a less severe impact than more traditional, on-premise compromises. That misunderstanding leads some administrators and operations teams to cut corners when it comes to the security of their cloud infrastructure. In other cases, there is a naïve belief that cloud hosting providers will provide the necessary security for their cloud-hosted services.

Although many of the leading cloud service providers are beginning to build more comprehensive and advanced security offerings into their platforms (often as extra-cost options), cloud-hosted services still require the same level of risk management, ongoing monitoring, upgrades, backups, and maintenance as traditional infrastructure. For example, in a cloud environment, egress filtering is often neglected. But, when egress filtering is invested in, it can foil a number of attacks on its own, particularly when combined with a proven web classification and reputation service. The same is true of management access controls, two-factor authentication, patch management, backups, and SOC monitoring. Web application firewalls, backed by commercial-grade IP reputation services, are another often overlooked layer of protection for cloud services.

Many midsize and large enterprises are starting to look to the cloud for new wide-area network (WAN) options. Again, here lies a great opportunity to enhance the security of your WAN, whilst also achieving the scalability, flexibility, and cost-saving outcomes that are often the primary goals of such projects.  When selecting these types of solutions, it’s important to look at the integrated security options offered by vendors.

Haste makes waste

Another danger of the cloud is the ease and speed of deployment. This can lead to rapidly prototyped solutions being brought into service without adequate oversight from security teams. It can also lead to complacency, as the knowledge that a compromised host can be replaced in seconds may lead some to invest less in upfront protection. But it’s critical that all infrastructure components are properly protected and maintained because attacks are now so highly automated that significant damage can be done in a very short period of time. This applies both to the target of the attack itself and in the form of collateral damage, as the compromised servers are used to stage further attacks.

Finally, the utilitarian value of the cloud is also what leads to its higher risk exposure, since users are focused on a particular outcome (e.g. storage) and processing of large volumes of data at high speeds. Their solutions-based focus may not accommodate a comprehensive end-to-end security strategy well. The dynamic pressures of business must be supported by newer and more dynamic approaches to security that ensure the speed of deployment for applications can be matched by automated SecOps deployments and engagements.

Time for action

If you haven’t recently had a review of how you are securing your resources in the cloud, perhaps now is a good time. Consider what’s allowed in and out of all your infrastructure and how you retake control. Ensure that the solutions you are considering have integrated, actionable threat intelligence for another layer of defense in this dynamic threat environment.

Have a question about the next steps for securing your cloud infrastructure? Drop a comment below or reach out to me on Twitter at @zerobiscuit.

The post Cloud Services in the Crosshairs of Cybercrime appeared first on Webroot Blog.

Twitter inadvertently collected and shared iOS location data

Twitter confirmed revealed that a bug in its iOS app it the root cause for an inadvertent collection of location data and sharing it with a third-party.

A new story of a violation of the user’s privacy made the lines, Twitter revealed that due to a bug is collected and shared iOS location data with a third-party advertising company,

Fortunately, only one partner of the micro-blogging firm was involved and the data collection and sharing occurred in certain circumstances.

“We have discovered that we were inadvertently collecting and sharing iOS location data with one of our trusted partners in certain circumstances.” reads the security advisory published by Twitter.

“Specifically, if you used more than one account on Twitter for iOS and opted into using the precise location feature in one account, we may have accidentally collected location data when you were using any other account(s) on that same device for which you had not turned on the precise location feature,”

Twitter admitted having failed into removing the location data from the information shared with the trusted advertising partner that was accessing it during real-time bidding process. 

The company pointed out that location data its shared could not be used to track individuals because it had implemented technical measures to “fuzz” the information. Twitter explained that shared was no more precise than zip code or city (5km squared).

Twitter did not share users’ handles or other unique account IDs, this means that it was impossible to link the identity of a specific user to a geographic location. 

“The partner did not receive data such as your Twitter handle or other unique account IDs that could have compromised your identity on Twitter.” continues the announcement.

“This means that for people using Twitter for iOS who we inadvertently collected location information from, we may also have shared that information with a trusted advertising partner,”

Another good news is that the partner did not retain the data that was deleted “as part of their normal process.” 


Twitter has already fixed the issue and notified the incident to all the impacted users, anyway it did not reveal the extent of the incident either for how long it shared the data with its partner.

“We invite you to check your privacy settings to make sure you’re only sharing the data you want to with us. We’re very sorry this happened. We recognize and appreciate the trust you place in us and are committed to earning that trust every day,” concludes Twitter.

Pierluigi Paganini

(SecurityAffairs – privacy, data leak)

The post Twitter inadvertently collected and shared iOS location data appeared first on Security Affairs.

Episode 493 – Git Repositories Held For Ransom, What Can We Learn From This

The latest ransom attacks are taking over Git repositories and holding source code hostage. This epsiode goes into the details on how this is happening and how you can preotect yourself from it.  Be aware, be safe. *** Support the podcast with a cup of coffee *** – Ko-Fi Security In Five Don’t forget to […]

The post Episode 493 – Git Repositories Held For Ransom, What Can We Learn From This appeared first on Security In Five.

Decentralized identity and the path to digital privacy

Security is the central challenge of the digital age. Our digital lives have moved into the cloud. People now use multiple devices to connect to multiple applications through many different networks. Just about everything is connected to the internet, where threats remain constant and evolving. In this distributed, heterogeneous environment, however, there’s still only one “you.” That’s why identity is the best path to security.

The identity technologies my team at Microsoft builds serve as the frontline of our enterprise-class security solutions. Whether it’s a customer using biometrics to log in with Windows Hello, or enterprises relying on us to deliver risk-based conditional access through Azure Active Directory, identity is the front door to our customers’ content and experiences.

Identity can also be a key enabler to something that’s as important to our customers as security—privacy. With identity as the control plane, we’ve made security solutions more sophisticated, which is a good thing for both organizations and individuals. But when it comes to privacy, the needs of individuals and organizations are still out of balance. This week, I’m in Munich, Germany, at the European Identity and Cloud Conference to talk about how mechanisms like decentralized identity can help us address this imbalance.

Joy Chik speaking at the European Identity and Cloud Conference in Munich, Germany

Anyone who reads the news knows that many individuals feel organizations have way too much control over their personal information. Organizations are rightfully being asked to take more responsibility for protecting the information of their customers. Even the best security isn’t enough, however, if we don’t give people greater control and privacy as well.

That control begins with identity, because in your digital life, everything starts with you. Your identity is who you are. It’s everything you say, do, and experience in your everyday life. Identity can provide the same control plane for privacy that it has for security.

At Microsoft, we envision a world where technology facilitates respect for privacy. In this world, organizations no longer need to issue new identities. Instead, they embrace the digital identities that individuals bring with them. Each person’s digital identity belongs to them. They control it.

In this world, organizations are more intentional about the type of data they collect, how much they collect, where it comes from, and where it is stored. They accept information from individuals that an independent authority has verified, like citizenship verified by a government agency or education level verified by a university. Using verifiable credentials or claims that are digital, individuals can prove who they are, and they can exchange digital information, or what they are, with each organization. In other words, individuals and organizations can establish a mutual trust relationship.

Verifiable information is stored with the individual. The organization doesn’t have to collect or protect this sensitive information—less liability for them, and more control for the individual. When people control their own identity, they can set constraints and control their digital data, sharing only the information necessary to conduct business with organizations, and no more.

Organizations, for their part, can decide to store information with individuals rather than storing it themselves. This allows them to collaborate with anyone, confident that the information exchanged can be trusted, while reducing their liability and improving compliance. The individual, in essence, becomes a data controller. This changes the relationship—and the balance of power—with organizations.

We’re already seeing industry support for this paradigm shift, spearheaded by the work the Decentralized Identity Foundation (DIF) is doing. Microsoft, along with other companies, is contributing open source code to DIF so developers can take advantage of decentralized identities. Soon, DIF will have everything necessary for individuals and organizations to start using them. We’re working with the community to build support for decentralized identity into the Microsoft platform so we can enable innovation, and so we can bring individuals and organizations together for stronger security and privacy.

As part of our goal to empower everyone with a self-owned identity, we’re contributing technologies to a system that can support all kinds of entities, including millions of organizations, billions of people, and trillions of devices. One example of this is our collaboration with members of DIF, notably ConsenSys and Transmute, to develop a blockchain-agnostic protocol for creating scalable DID networks, called Sidetree.

As part of that collaboration, earlier this week we announced an early preview of a Sidetree-based DID network that runs atop the Bitcoin blockchain, called ION (Identity Overlay Network). ION is designed to deliver the scale required for a world of DIDs, while inheriting and preserving the attributes of decentralization present in the Bitcoin blockchain. As with previously announced efforts, we’re sharing our work as early as possible, rough edges and all, to start a conversation with the community and encourage further collaboration.

These examples are only the beginning of our efforts to champion digital privacy through identity. The privacy conversation requires constant engagement and collaboration. In addition to industry partners, we’re calling on organizations everywhere to join us in this effort:

  • Instead of issuing new digital identities for external parties like partners and customers, accept existing ones that users bring.
  • Limit the data you’re collecting to only what’s necessary and accept independently verified information from individuals.
  • Based on your business model, decide where you will balance control over data between your organization and the individuals who do business with you.

Privacy is a human right. To protect that right, individuals must be empowered to control their own digital identities. Many members of the identity community, including Microsoft, are committed to making this real.

The post Decentralized identity and the path to digital privacy appeared first on Microsoft Security.

Microsoft Patch Tuesday addresses dangerous RDS flaw that opens to WannaCry-like attacks

Microsoft Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including an RDS flaw allowing WannaCry-Like attacks.

Microsoft Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including a Windows zero-day flaw and an RDS vulnerability that can be exploited to carry out WannaCry-like attack.

The zero-day vulnerability addressed by Microsoft Patch Tuesday updates for May 2019 is a privilege escalation flaw related to the way the Windows Error Reporting (WER) system handles files. The vulnerability tracked as CVE-2019-0863 could be exploited by an attacker with low-privileged access to the targeted system to deliver a malware.

“An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with administrator privileges.” reads the security advisory published by Microsoft.

“To exploit the vulnerability, an attacker must first gain unprivileged execution on a victim system.”

The vulnerability was reported by experts at Palo Alto Networks and an expert who online with the moniker “Polar Bear.”

RDP flaw Microsoft Patch Tuesday

Microsoft Patch Tuesday updates for May 2019 also addresses a remote code execution flaw in Remote Desktop Services (RDS). The flaw tracked as CVE-2019-0708 can be exploited by an unauthenticated attacker by connecting to the targeted system via the Remote Desktop Protocol (RDP) and sending specially crafted requests.

“A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests.” reads the security advisory published by Microsoft. “This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

“To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.”

It is important to highlight that the RDP itself is not vulnerable.

As explained by Microsoft, this vulnerability could be exploited by malware with wormable capabilities. It could be exploited by unautheticated attacker and without users interaction, making it possible for malware to spread in an uncontrolled way into the target networks.

The thought is for the WannaCry attack.

“This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.” reads a blog post published by Microsoft. “While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”

The vulnerability doesn’t affect Windows 8 and Windows 10, anyway previous versions are exposed to the risk of cyber attacks.

Microsoft Patch Tuesday updates for May 2019 also address vulnerabilities in Windows OS, Internet Explorer, Edge, Microsoft Office, and Microsoft Office Services and Web Apps, ChakraCore, .NET Framework, and ASP.NET, Skype for Android, Azure DevOps Server, and the NuGet Package Manager.

Microsoft released security updates for Windows 7, Windows Server 2008 R2, and Windows Server 2008, The tech giant has also separately released patches for out-of-support versions of Windows such as Windows 2003 and Windows XP.

18 vulnerabilities have been rated as critical and rest Important in severity. 

Microsoft also advised Windows Server users to block TCP port 3389 and enable Network Level Authentication to prevent any unauthenticated attacker from exploiting this vulnerability.

Pierluigi Paganini

(SecurityAffairs – Windows, RDP)

The post Microsoft Patch Tuesday addresses dangerous RDS flaw that opens to WannaCry-like attacks appeared first on Security Affairs.

Microsoft Warns WannaCry-like Windows Attack

Microsoft warns users of older versions of Windows of installing Windows Update immediately to protect against potential, widespread attacks. The software giant has fixed vulnerabilities in Remote Desktop Services running on Windows XP, Windows 7, and server versions such as Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008. Microsoft is taking this unusual approach of releasing patches for Windows XP and Windows Server 2003, although both operating systems do not support it. Windows XP users must manually download updates from the Microsoft Update Catalog.

“This vulnerability is pre-authentication and requires no user interaction,” explains Simon Pope, director of incident response at Microsoft’s Security Response Center. “In other words, the vulnerability is ‘virus’, meaning that any future malware that exploits this vulnerability could propagate from the vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.”

Microsoft said it had not observed the exploitation of this vulnerability. However, after the patch is released, it is only a matter of time before the attacker selects Microsoft patches and creates malware. Fortunately, Windows 8 and Windows 10 computers are not affected by this vulnerability. Although Windows 10 is now more popular than Windows 7, there are still millions of computers running Windows 7 that can make potential attacks very problematic.

Microsoft breaks the tradition of not patching, Windows operating systems that are not supported when thousands of computers in more than 100 countries are affected by the malware known as WannaCry. The malware uses a bug in the old version of Windows to encrypt the computer and asks for a $ 300 ransom before opening it. Microsoft is keen to avoid other WannaCry programs, even though it states that “the best way to resolve this vulnerability is to upgrade to the latest version of Windows.”

Source: https://www.theverge.com/2019/5/14/18623565/microsoft-windows-xp-remote-desktop-services-worm-security-patches

Related Resources:

Microsoft’s Windows 7, 8.1 To Have Defender Advanced Threat Protection

Windows-based Forensic Tools Available for Everyone

145 Windows-malware loaded Play Store Apps, deleted by Google

Latest Windows 10 Comes With Malware Protection



The post Microsoft Warns WannaCry-like Windows Attack appeared first on .

Magecart Used Same Skimmer against Two Web-Based Suppliers

Magecart threat actors used the same skimmer against two web-based suppliers to try to steal users’ payment card information. As discovered by security researcher Willem de Groot, the first attack occurred at 15:56:42 GMT on 10 May when bad actors injected the skimmer into the bottom of a script used by enterprise content management system […]… Read More

The post Magecart Used Same Skimmer against Two Web-Based Suppliers appeared first on The State of Security.

Hospitals Failing on Cybersecurity Hygiene

Hospitals Failing on Cybersecurity Hygiene

Healthcare organizations (HCOs) are increasingly at risk from legacy operating systems, device complexity and the use of commonly exploited protocols, according to a new study from Forescout.

The security vendor analyzed 75 global healthcare deployments running over 1.5 million devices across 10,000 virtual local area networks (VLANs).

It found that although less than 1% were running unsupported operating systems, 71% of Windows devices were on Windows 7, Windows 2008 or Windows Mobile, which will be end-of-lifed in January 2020 — less than a year away.

These HCOs are further exposing themselves to threats by using high-risk services like SMB, which was exploited in the infamous WannaCry attacks, as well as RDP, FTP and others. Some 85% of Windows devices had SMB turned on, while over a third (35%) were running RDP, which is commonly used in fileless attacks.

The sheer range of medical devices in use also presents greater cyber-risks, especially as many aren’t architected with security in mind, the report claimed.

A third (34%) of organizations’ medical VLANs were found to support more than 100 distinct device vendors. Even more are likely to exist on other networks.

Patching is often problematic due to the criticality of these devices and the fact that, in some cases, doing so invalidates the product’s warranty.

Even worse, in many cases, vendors are responsible for patching themselves, and sometimes devices are connected to the network without the oversight of IT, claimed the report.

Forescout argued that VLANs could help HCOs mitigate risk by segmenting their networks. However, in half (49%) of the deployments studied, medical devices were connected to 10 VLANs or fewer, suggesting insufficient investment in this strategy.

“Our findings reveal that healthcare organizations have some of the most diverse and complex IT environments, which are compounded due to compliance risks,” argued Elisa Costante, head of OT and industrial technology innovation at Forescout.

“Every time a patch is applied, there is concern around voiding a warranty or impacting patient safety. These organizations are dealing with life-saving devices and extremely sensitive environments.”

Although there has been an explosion in OT (8%) and IoT (39%) devices in recent years, the biggest potential attack surface on medical VLANs came from regular IT devices (53%), the report claimed.

UK government security decisions can be challenged in court, judges rule

Supreme court says GCHQ’s hacking powers should be subject to judicial review

Government security decisions will in future be open to challenge in the courts after judges ruled that a secretive intelligence tribunal could not be exempt from legal action.

By a 4-3 majority, supreme court justices declared that the extent of GCHQ’s powers to hack into internet services should be subject to judicial review.

Related: GCHQ discloses secret location of former London office

Continue reading...

Microsoft plugs wormable RDP flaw, new speculative execution side channel vulnerabilities

For May 2019 Patch Tuesday, Microsoft has released fixes for 79 vulnerabilities, 22 of which are deemed critical. Among the fixes is that for CVE-2019-0708, a “wormable” RDP flaw that is expected to be weaponised by attackers very soon. About CVE-2019-0708 It’s a remote code execution vulnerability in Remote Desktop Services (formerly known as Terminal Services) that allows unauthenticated attackers to connect to the target system using RDP and send specially crafted requests. The flaw … More

The post Microsoft plugs wormable RDP flaw, new speculative execution side channel vulnerabilities appeared first on Help Net Security.

“Wormable” Bug Could Enable Another WannaCry

“Wormable” Bug Could Enable Another WannaCry

Microsoft released fixes for 79 unique vulnerabilities yesterday, including 22 critical bugs — one of which could be used to spread malware around the globe.

Microsoft detailed the potential impact of CVE-2019-0708 in a separate blog post on Tuesday.

This is a flaw in Remote Desktop Services (RDS) which could allow an attacker to remotely execute arbitrary code on a target system after connecting using RDP.

Even worse, according to Microsoft, the bug is “wormable,” meaning that “any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.”

“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware,” Microsoft warned.

Although the bug affects older operating systems — Windows 7, Windows Server 2008 R2 and Windows Server 2008 — it should be patched ASAP. Microsoft is even making fixes available for out-of-support versions XP and Windows 2003, such is the potential threat.

“CVE-2019-0708 should be the highest priority patching because, in addition to the wormable capabilities in this exploit, many modern ransomware variants, such as Dharma, Robbinhood, and CrySIS, often use vulnerable RDP servers to gain access to victim networks,” argued Recorded Future senior solutions architect, Allan Liska. “This vulnerability will make that process even easier.”

Elsewhere, IT admins should also fix a zero-day flaw (CVE-2019-0863), which is being exploited in the wild and has also been publicly disclosed, meaning other hackers could use it in their own attacks. It’s an elevation-of-privilege vulnerability in the way Windows Error Reporting handles files, which allows an attacker to gain kernel mode access to a victim system.

In addition, a publicly disclosed vulnerability in Skype for Android (CVE-2019-0932) could enable an attacker to snoop on conversations without a victim’s knowledge.

ZombieLoad Bugs Expose Intel Machines to Data Theft

ZombieLoad Bugs Expose Intel Machines to Data Theft

Researchers have discovered a major new set of vulnerabilities in nearly all post-2011 Intel chips which could enable side-channel attacks targeting sensitive information.

ZombieLoad is reminiscent of Spectre and Meltdown bugs reported in January 2018 in that it affects not only desktop and laptop machines but also cloud servers. Like them, it exploits the speculative execution process to enable attackers to steal data from the processor.

Technically known as a “data sampling attack,” it’s far from trivial to launch, but should be addressed immediately by admins as it could theoretically allow attackers to monitor a victim’s browsing in real-time, or steal sensitive credentials and data.

“While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs,” the research paper claimed. “These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys.”

ZombieLoad (CVE-2018-12130) is the most dangerous vulnerability, although the researchers also found three others: CVE-2018-12126, CVE-2018-12127 and CVE-2019-11091. Intel calls these Microarchitectural Data Sampling (MDS) flaws.

“All of them have in common that they trigger a faulty read, and extract data used by transiently executed operations via a side-channel,” said the researchers in an accompanying blog post.

The good news is that Intel has already addressed MDS issues post-Spectre/Meltdown, so its newer chips (8th and 9th Generation Intel Core processors and 2nd Generation Intel Xeon Scalable processor family) aren’t affected.

It has also released microcode updates to address the vulnerabilities, although these could apparently have a 9% performance hit on cloud machines and around 3% on desktops and laptops. Apple, Google, and Microsoft have already released patches to fix ZombieLoad.

What does it take to be an infosec product strategist?

Choosing a security product that will best fit your organization’s needs is a challenge exacerbated by the “polluted, turbulent sea of ineffectual security products” that you’ll need to wade through in order to find the right and effective solution. “I tend to maintain an overwhelming sense that the majority of security products exist ‘just because’ – ‘just because’ the underlying technology seemed cool to build, ‘just because’ it is what has always been used despite … More

The post What does it take to be an infosec product strategist? appeared first on Help Net Security.

Adobe patches over 80 flaws in Flash, Acrobat Reader, and Media Encoder

Adobe Patch Tuesday updates for May 2019 address a critical flaw in Flash Player and more than 80 vulnerabilities in Acrobat products.

Adobe Patch Tuesday updates for May 2019 address a total of 84 vulnerabilities in Acrobat and Acrobat Reader products for Windows and macOS.

The tech company addressed many critical vulnerabilities in its products, including heap overflow, buffer error, double free, use-after-free, type confusion, and out-of-bounds write issues that can be exploited to execute arbitrary code on vulnerable systems.

The list of vulnerabilities addressed by Adobe also includes several out-of-bounds read issues that can lead to information disclosure.

The good news is that none of the vulnerabilities patched by Adobe Patch Tuesday updates for May 2019 has been exploited in attacks in the wild.
According to the priority ratings assigned by Adobe to the flaws, the risk of exploitation in the near future is low.

Adobe fixed a critical use-after-free vulnerability in Flash Player that can be exploited to execute arbitrary code in the context of the targeted user.

The issue tracked as CVE-2019-7837 affects Windows, macOS, Linux, and Chrome OS versions of the popular software. The vulnerability was reported to Adobe by an anonymous researcher via Trend Micro’s Zero Day Initiative (ZDI).

Adobe also fixed a critical file parsing vulnerability that can lead to remote code execution.

Adobe Patch Tuesday

Adobe also released Media Encoder version 13.1 that addresses two security vulnerabilities, a critical issue tracked as CVE-2019-7842 that can leads to remote code execution and an information disclosure flaw.

Pierluigi Paganini

(SecurityAffairs – Adobe, Adobe Patch Tuesday updates May 19)

The post Adobe patches over 80 flaws in Flash, Acrobat Reader, and Media Encoder appeared first on Security Affairs.