Daily Archives: May 19, 2019

Microsoft’s Attack Surface Analyzer now works on Macs and Linux, too

Microsoft has rewritten and open-sourced Attack Surface Analyzer (ASA), a security tool that points out potentially risky system changes introduced by the installation of new software or configuration changes. About Attack Surface Analyzer The initial version of the tool (v1.0, aka “classic”) was released in 2012 and worked only on Windows. It can be still downloaded, but is not supported any longer. This newest version (v.2.0) is built using .NET Core 2.1 and Electron, and … More

The post Microsoft’s Attack Surface Analyzer now works on Macs and Linux, too appeared first on Help Net Security.

Ransomware and malware attacks decline, attackers adopting covert tactics

There has been a major decline in ransomware and malware attacks, with Ireland having some of the lowest rates globally, according to the latest report released by Microsoft. This is a significant change from 2017, following a prolific series of attacks that targeted supply chains globally. Initial predictions were that these would increase, however, improvements in cybersecurity measures and detection have impacted on the success rates of these attacks. In fact, there has been a … More

The post Ransomware and malware attacks decline, attackers adopting covert tactics appeared first on Help Net Security.

Over half of all reported vulnerabilities in Q1 2019 have a remote attack vector

There were 5,501 vulnerabilities aggregated by Risk Based Security’s VulnDB that were disclosed during the first three months of 2019. This represents a 1% increase over the same period in 2018, making this Q1 an all-time high. The results were released in the Q1 2019 Vulnerability QuickView Report. CVSSv2 scores of 9.0+, deemed critical issues, accounted for 14.0% of all published Q1 2019 vulnerabilities. Risk Based Security’s VulnDB published 2,539 (85%) more vulnerabilities than CVE/NVD … More

The post Over half of all reported vulnerabilities in Q1 2019 have a remote attack vector appeared first on Help Net Security.

Keeping Passwords Simple

We know at times this whole password thing sounds really complicated. Wouldn't be great if there was a brain dead way you could keep passwords simple and secure at the same time? Well, it's not nearly as hard as you think. Here are three tips to keeping passwords super simple while keeping your accounts super secure.

Phishing targeting SaaS and webmail services increased to 36% of all phishing attacks

Users of Software-as-a-Service (SaaS) and webmail services are being targeted with increasing frequency, according to the APWG Q1 2019 Phishing Activity Trends Report. The category became the biggest target in Q1, accounting for 36 percent of all phishing attacks, for the first time eclipsing the payment-services category which suffered 27 percent of attacks recorded in the quarter. Online SaaS applications have become fundamental business tools, since they are convenient to use and cost-effective. SaaS services … More

The post Phishing targeting SaaS and webmail services increased to 36% of all phishing attacks appeared first on Help Net Security.

Do You Know When The First Cyber Attack Took Place? Read On

WannaCry, a malicious computer virus that encrypts data and demands ransom, hit thousands of computers across the world, causing several organization to close down. Not a day goes by without a large company admits that its data has been breached. Cyber attacks are more known to be a thing of modern life, but their story goes farther than expected.

Do you know when the first cyber attack occurred? Many attribute this to Robert Morris, a 20-year-old Cornell undergraduate student, in 1988. He was also the first person to be charged under the Fraud and Cyber Abuse Act. Nevertheless, this was not the first cyber attack. The first cyber attack happened when optical telegraphy known as semaphore was used, long before our Internet and computers came into existence. This happened in the year 1834.

The semaphore system included a chain of towers with each tower having a mobile wooden arm in its upper part. Different configurations of these arms have been used to denote different symbols, letters, and numbers. The operators of each tower would use a telescope to verify the configuration of the adjacent tower and then reproduce them in their own tower. This made it possible to deliver messages much faster. The semaphore network was reserved exclusively for government use; however, in 1834, two brothers, François and Joseph Blanc came up with means of hacking into the system for their personal benefit.

François and Joseph Blanc were dealing with government bonds on the Bordeaux stock exchange that kept a close watch on the Paris stock exchange. The Paris stock exchange was the primary market, and the secondary markets always lagged due to the time it took for the information to travel through the post. So if traders could get to know the information in advance, they could make a lot of money by anticipating the market move.

The Blanc brothers’ bribed a telegraph operator who provided information on the stock market, and he had an accomplice in Paris who will help him get the details. The operator would then send the news of Tours to Bordeaux using the semaphore system. However, he breached the message by adding errors such as; codes to government messages that were later deciphered by another operator who was Blanc’s person stationed close to the Bordeaux line.

This lasted for approximately two years until one day the Tours operator became ill. So he shared this misdoing with one of his friends with a hope that he will continue the practice. The friend took a back seat and reported the operator to the authorities. The Blanc brothers were arrested for their cyber attack but were released due to the lack of an adequate law.

“The Blanc brothers’ story is also a reminder that with any new invention, people will always find a way to use it maliciously.” This is a timeless aspect of human nature, and it’s not something technology can or should be designed to solve, “said Tom Standage of The Economist writes. This is still so relevant.

Related Resources:

How to Protect Yourself from Online Cyber Attacks at Work

How A Website Security Scanner Helps Lessen Future Cyber Attacks

The 3 Sectors Most Prone to Cyber Attacks

Businesses Should Be Aware of Growing Cyber Attacks

Artificial Intelligence as the Next Host of Cyber Attacks

The post Do You Know When The First Cyber Attack Took Place? Read On appeared first on .

Companies investing in advanced forensic capabilities to identify attackers in greater detail

One in five companies are already using forensic investigations and other sophisticated methods to identify their attackers, like setting up honey pots and repositories of fake data to give attackers the idea they’ve hit real data while acting as a diversion tactic, according to Neustar. Companies’ growing investment in advanced forensic capabilities that can help identify attackers in greater detail is increasingly eclipsing what most law-enforcement agencies are willing to devote. 72 percent of respondents … More

The post Companies investing in advanced forensic capabilities to identify attackers in greater detail appeared first on Help Net Security.

Things You Need to Know About Open Source – The FAQ Edition

Open Source projects can be a great asset, or they can be a curse. It is all in how you manage it. To be successful in using open source, there are several things to keep in mind, from licensing to updates. And if you ignore any of them, it can cause problems. Here are some […]… Read More

The post Things You Need to Know About Open Source – The FAQ Edition appeared first on The State of Security.

JASK launches a new Heads Up Display for security operations centers

JASK, the provider of the industry’s first cloud-native SIEM platform, unveiled a first-of-its-kind Heads Up Display (HUD) for security operations centers (SOCs) based on cutting-edge scientific design principles and visualization concepts never before used in the cybersecurity industry. Drawing inspiration from leading designers in science fiction and gaming as well as the latest user interface design concepts, the enhanced JASK ASOC platform offers maximal functionality on a single screen. This update enables security teams to … More

The post JASK launches a new Heads Up Display for security operations centers appeared first on Help Net Security.

QuintessenceLabs to extend support for RSA Data Protection Manager software customers

QuintessenceLabs has announced a partnership to allow customers of RSA Data Protection Manager software (DPM) to receive extended support beyond the RSA DPM End-Of-Life date of September 30, 2019. As part of this agreement, QuintessenceLabs will provide the same level of enterprise-class support, Service Level Objectives and product quality as RSA provided. RSA DPM customers can renew their DPM maintenance contract directly with QuintessenceLabs to benefit from long-term DPM support. QuintessenceLabs is also providing a … More

The post QuintessenceLabs to extend support for RSA Data Protection Manager software customers appeared first on Help Net Security.

Checkmarx deploys CxSAST on Project Hosts’ FPC FedRAMP-authorized PaaS

Checkmarx, the Software Exposure Platform for the enterprise, has deployed CxSAST on Project Hosts’ Federal Private Cloud (FPC) FedRAMP-authorized Platform-as-a-Service (PaaS). This deployment facilitates Federal agencies to grant a FedRAMP Moderate or DOD Impact Level 5 (IL5) Authority to Operate (ATO) for a cloud deployment of the Checkmarx CxSAST solution. By being deployed on Project Hosts’ Federal Private Cloud (FPC) FedRAMP-authorized Platform-as-a-Service (PaaS), Checkmarx inherits a vast majority of the controls required for FedRAMP and … More

The post Checkmarx deploys CxSAST on Project Hosts’ FPC FedRAMP-authorized PaaS appeared first on Help Net Security.

ExtraHop for IBM QRadar part of collaborative development to stay ahead of evolving threats

ExtraHop, provider of enterprise cyber analytics from the inside out, launched the ExtraHop for IBM QRadar app, which integrates with IBM Security Intelligence technology to stream accurate, contextual network behavioral detections into the QRadar SIEM. With Reveal(x) detections in QRadar, organizations have a complete picture of suspicious or anomalous behavior on their network, as well as the ability to perform rapid, guided investigations. This bi-directional integration lets analysts move back to ExtraHop to explore forensic … More

The post ExtraHop for IBM QRadar part of collaborative development to stay ahead of evolving threats appeared first on Help Net Security.

HSB Farm Cyber Insurance solution to protect farmers from hackers and malware

Hartford Steam Boiler (HSB), part of Munich Re, announced a new HSB Farm Cyber Insurance solution that helps protect farmers and farm technology from hackers, malware and other cyber attacks. “Innovative technologies are being deployed across the farming industry and data and information systems are helping farmers better understand how to maximize efficiency and production,” said James Hajjar, who leads the cyber practice for HSB’s reinsurance clients. “With this new reliance on digital information and … More

The post HSB Farm Cyber Insurance solution to protect farmers from hackers and malware appeared first on Help Net Security.

Venafi and GlobalSign partnership and integration to address DevOps certificate challenges

Venafi, the leading provider of machine identity protection, and GMO GlobalSign, a global Certificate Authority and leading provider of identity and security solutions for the Internet of Things (IoT), announced an expanded technology partnership and integration that seamlessly addresses DevOps certificate challenges. Additionally, Venafi Cloud is now fully integrated with GlobalSign’s high-performance PKI solutions for enterprises. The integration of Venafi Cloud and GlobalSign PKI for DevOps provides DevOps teams with quick, high-speed access to trusted … More

The post Venafi and GlobalSign partnership and integration to address DevOps certificate challenges appeared first on Help Net Security.

FlexiCapture Cloud now enhanced with REST API and Real-Time Capture

ABBYY, a global leader in Content IQ technologies and solutions, announced a series of innovations to ABBYY FlexiCapture, an AI-enabled enterprise platform to automate document processing workflows and convert unstructured content into structured data for better business outcomes. The updates include the launch of the ABBYY FlexiCapture Cloud REST API (Representational State Transfer Application Programming Interface) and the introduction of the new Real-Time Capture technology for real-time document processing in the cloud. As companies strive … More

The post FlexiCapture Cloud now enhanced with REST API and Real-Time Capture appeared first on Help Net Security.

At-Bay launches excess cyber insurance policy for clients up to $5Bn revenue

At-Bay launched an excess cyber insurance policy for clients across all industry classes. At-Bay developed this product to fulfill broker demand for access to the At-Bay Security Team for organizations with insurance towers. The At-Bay Security Team provides insureds with ongoing vulnerability scanning, threat monitoring, and 24/7 support to help prevent loss. With the new product launch, At-Bay has made these security services available to Excess clients. “We wanted to create an excess program for … More

The post At-Bay launches excess cyber insurance policy for clients up to $5Bn revenue appeared first on Help Net Security.

HITRUST supports Texas legislation to create a Privacy Protection Advisory Council

HITRUST, a leading data protection standards development and certification organization, supports legislation that would create a council to study privacy laws and how privacy practices for Texas businesses could be strengthened through potential legislation. Representative Giovanni Capriglione’s (Southlake) House Bill 4390, passed by the Texas House unanimously on May 7, 2019 and would create the Texas Privacy Protection Advisory Council. The Council would study and evaluate Texas laws and other privacy laws in order to … More

The post HITRUST supports Texas legislation to create a Privacy Protection Advisory Council appeared first on Help Net Security.

Weekly Update 139

Weekly Update 139

Per the beginning of the video, it's out late, I'm jet lagged, all my clothes are dirty and I've had to raid the conference swag cupboard to even find a clean t-shirt. But be that as it may, I'm yet to miss one of these weekly vids in the 2 and a half years I've been doing them and I'm not going to start now! So with that very short intro done, here's this week's and I'll try and be a little more on the ball for the next one.

Weekly Update 139
Weekly Update 139
Weekly Update 139

References

  1. Google is having some issues with the U2F keys the recommend for their Advanced Protection Program (but seriously, this is a pretty minor issue)
  2. I'm definitely still recommending this approach for locking down Google accounts (that's my piece from November on how to get it all set up)
  3. Forbes had some Magecart script running on their site (interesting breakdown by @bad_packets)
  4. Let's Encrypt's CT log is now up and running (with support from Sectigo too so kudos to them for that, it's a very different approach to the old Comodo)
  5. I'm up for some European Blogger Awards again! (I'd love your votes folks 😎)
  6. Twilio is sponsoring my blog again this week (check how to implement 2FA in your app with Authy)

Ireland And Its Evolving Cybersecurity Issues

Ireland in 2018 experienced a huge decline of malware infection, most especially the lesser cases of ransomware compared to 2017. The European country of almost 5 million people is mirroring the global trend of cybersecurity issues, as cybercriminals are heavily transitioning from the disruptive and destructive ransomware to a silent yet very profitable phishing and cryptojacking. Ireland recorded in 2018 just 1.26% of monthly infection rate, which is one of the lowest in the European region and one of the lowest globally.

This is a sharp contrast to 2017 when millions of computers worldwide were heavily infected by ransomware, more particularly the likes of WannaCry and NoPetya. Cryptojacking is easy to deploy and very difficult to detect, as it is basically a program that consumes CPU/GPU resources like the rest of the programs in a computing device. But the consumed CPU/GPU resources does not produce a tangible output like a typical benign program but rather designed to compute for crypto-hashes in the attempt to mine cryptocurrency.

“While we have seen a welcome drop in ransomware and malware attacks, it would be a mistake to assume the level of the cyber threat to Irish organizations has also decreased. We are seeing major behavioral change amongst criminal hackers, who want access to a victim’s computer and an organization’s network to access data, but also use their computing power to mine for cryptocurrency. This is about playing the long game and exploiting people’s lack of training and understanding when it comes to cybercrime. Microsoft’s analysts predict phishing will continue to be an issue for the foreseeable future for that reason,” explained Des Ryan, Microsoft Ireland’s Solutions Director.

To add insult to injury, Microsoft underscored that many private and public entities in the country lack adequate staff training when it comes to cybersecurity. The vulnerable companies also practice lax IT security protocols, a trait that opens an opportunity for something that goes wrong to grow exponentially.

Also, Read:

5 Fundamental Cybersecurity Issues With Email

Will AI Solve the Gaming Industry’s Cybersecurity Issues?

How Healthcare Organizations Can Solve Cybersecurity Issues

Importance of Changes in Corporate Mindset in Preventing CyberSecurity Issues

Orange’s Acquisition of SecureLink, Set To Expand Cybersecurity Market

The post Ireland And Its Evolving Cybersecurity Issues appeared first on .

Unpatched Ethereum Clients expose the ecosystem to 51% Attack risk

Security researchers from SRLabs have published a report that analyzed the risks for Ethereum network caused by unpatched Ethereum clients.

Researchers at SRLabs published a report based on ethernodes.org data, that revealed that a large number of nodes using the popular clients Parity and Geth is still unpatched. The expert discovered that the Ethereum clients and its users remained exposed for “extended periods of time” after security patches have been released.

“SRLabs research suggests that security vulnerabilities remain unpatched for many Ethereum blockchain participants for extended periods of time, putting the blockchain ecosystem at risk.” reads the report.

Experts pointed out that a hacker who controls more than 51% of the computational power in the Ethereum network can double spend coin and undermining the trust in the ecosystem. An attacker that can crash a large number of nodes, could be able to control 51% of the network in an easier way.

For that reason, denial of service issue are classified as high severity in cryptocurrency networks, the attackers can leverage these issue to reduce the amount of computational power needed to perform a 51% attack.

In February, SRLabs reported a vulnerability in the Parity client that could be exploited to remotely crash Parity Ethereum node running versions prior 2.2.10.

“According to our collected data, only two thirds of nodes have been patched so far. Shortly after we reported this vulnerability, Parity released a security alert, urging participants to update their nodes.” continues the report.

A month after the flaw was patched, experts have found that around 40% of all scanned Parity Ethereum nodes remained unpatched. Another patch released on Mar 2, 2019 was installed by around 70% of Parity Ethereum nodes, leaving the remaining 30% exposed.

The situation is worse is we consider that 7 percent of Parity nodes still run a version vulnerable to a critical consensus vulnerability patched in July 2018.

The following graph shows the percentage of unpatched Ethereum nodes in 2019 that decreases slowly over time.

Ethereum nodes.PNG

Researchers explained that the Parity Ethereum has an automated update process, but it suffers from high complexity and some updates are left out. 

The report confirms that the patch management for Geth client is even worse that does not include an auto-update feature. Geth clients remained unpatched for longer periods of time.

“According to their announced headers, around 44% of the Geth nodes visible at ethernodes.org were below version v.1.8.20, a security-critical update, released two-month before our measurement.,” continues the SRLabs team.

Experts conclude that the lack of basic patch hygiene undermines the security of the entire Ethereum ecosystem.


If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

Thank you

Pierluigi Paganini

(SecurityAffairs – patch management, hacking)

The post Unpatched Ethereum Clients expose the ecosystem to 51% Attack risk appeared first on Security Affairs.

Week in review: New Intel CPU vulnerabilities, SharePoint servers under attack

Here’s an overview of some of last week’s most interesting news and articles: High-risk vulnerability in Cisco’s secure boot process impacts millions of devices Red Balloon Security has discovered a high-risk vulnerability in Cisco’s secure boot process which impacts a wide range of Cisco products in use among enterprise and government networks, including routers, switches and firewalls. Tips to spring clean your company’s social media and stay protected Spring is a great time for organizations … More

The post Week in review: New Intel CPU vulnerabilities, SharePoint servers under attack appeared first on Help Net Security.

Law Enforcement Operation Dismantles GozNym Banking Malware

An international law enforcement operation has led to the dismantling of the global cybercrime networkcybercrime network that used the GozNym banking malware to steal money from bank accounts across the world.

TechCrunch reports, “Europol and the U.S. Justice Department, with help from six other countries, have disrupted and dismantled the GozNym malware, which they say stole more than $100 million from bank accounts since it first emerged.”

Prosecutors have stated, in a press conference held in The Hague, that ten defendants in five countries have been charged with using the GozNym malware to steal money from over 41,000 victims, including business and financial institutions. Of these ten people, five have been arrested in Moldova, Ukraine, Bulgaria, and Russia while the remaining five, all Russians, are on the run. The leader of the cybercrime network and his technical assistant are being prosecuted in Georgia.

TechCrunch security editor Zack Whittaker writes, “All were charged with conspiracy to commit computer fraud, conspiracy to commit wire and bank fraud and conspiracy to commit money laundering. An eleventh member of the conspiracy, Krasimir Nikolov, was previously charged and extradited to the U.S. in 2016 and pleaded guilty in April in his role in the GozNym malware network.”

He adds, “The takedown was described as an “unprecedented international effort” by Scott Brady, U.S. attorney for Western Philadelphia — where a grand jury indicted the defendants — at the press conference announcing the charges.”

The victims of the GozNym attacks have not been named, but it’s reported that in the U.S at least 11 businesses, including two law firms and a casino, plus a church, have been impacted.

The banking malware GozNym was developed from two existing malware families- Gozi and Nymaim- and spread across the U.S, Germany, Poland and Canada. It first emerged in 2016 and has hit dozens of banks and credit unions since then. The leader of the cybercrime network working behind GozNym had built it from the code of the two malware families, both of which had their source code leaked years earlier. He then recruited accomplices and advertised GozNym on Russian speaking forums.

The TechCrunch report explains how GozNym, which is described as malware “as a service”, works- “The malware used encryption and other obfuscation techniques to avoid detection by antivirus tools. Then, spammers are said to have sent hundreds of thousands of phishing emails to infect staff at businesses and banks. After the malware infected its victim computers, the malware would steal the passwords control of bank accounts, which the criminals would later log in and cash out.”

The report further says that according to prosecutors, the GozNym network was “hosted and operated through a bulletproof service, a domain and web hosting known for lax attitudes toward cybercrime and favored by criminals.”

An administrator of the “Avalanche” network, an infrastructure platform which provided services to over 200 cybercriminals and which was dismantled in 2016 during a German-led operation, had also provided bulletproof hosting services to the GozNym network. This administrator would also face prosecution in Ukraine (where his apartment is located) for his role in providing bulletproof hosting services to the GozNym network.

Also, Read:

Security Researchers Uncover Dark Tequila Banking Malware

Ramnit Banking Trojan, August 2018’s Top Malware

Multimedia Editing Software Hacked to Spread Banking Trojan

Malware Attack Using Google Cloud Computing Platform

Redaman Banking Trojan of 2015 Resurrects, Targets Russian Email Users

The post Law Enforcement Operation Dismantles GozNym Banking Malware appeared first on .

Security Affairs newsletter Round 214 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

Kindle Edition

Paper Copy

If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

https://www.surveymonkey.com/r/EUBloggerAwards2018

Hacking the ‘Unhackable eyeDisk USB stick
Security breach suffered by credit bureau Equifax has cost $1.4 Billion
Turkish Personal Data Protection Authority fined Facebook for Photo API bug
CVE-2019-11815 Remote Code Execution affects Linux Kernel prior to 5.0.8
Expert discovered how to brick all Samsung mobile phones
Facebook sues data analytics firm Rankwave over alleged data misuse
Over 10k+ GPS trackers could be abused to spy on individuals in the UK
Pacha Group declares war to rival crypto mining hacking groups
Reading the Yoroi Cyber Security Annual Report 2018
Malware Training Sets: FollowUP
Millions of computers powered by Intel chips are affected by MDS flaws
North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal
Thrangrycat flaw could allow compromising millions of Cisco devices
Unprotected DB exposed PII belonging to nearly 90% of Panama citizens
WhatsApp zero-day exploited in targeted attacks to deliver NSO spyware
Adobe patches over 80 flaws in Flash, Acrobat Reader, and Media Encoder
Microsoft Patch Tuesday addresses dangerous RDS flaw that opens to WannaCry-like attacks
SAP Security Patch Day for May 2019 fixes many missing authorization checks
Twitter inadvertently collected and shared iOS location data
A flaw in Google Titan Security Keys expose users to Bluetooth Attacks
A joint operation by international police dismantled GozNym gang
BlackTech espionage group exploited ASUS update process to deliver Plead Backdoor
Google ‘0Day In the Wild project tracks zero-days exploited in the Wild
Magecart hackers inject card Skimmer in Forbes Subscription Site
Microsoft renewed its Attack Surface Analyzer, version 2.0 is online
Past, present, and future of the Dark Web
The stealthy email stealer in the TA505 hacker groups arsenal
A flaw in Slack could allow hackers to steal, manipulate downloaded files
Chinese state-sponsored hackers breached TeamViewer in 2016
Cisco addressed a critical flaw in networks management tool Prime Infrastructure
Stack Overflow Q&A platform announced a data breach
XSS flaw in WordPress Live Chat Plugin lets attackers compromise WP sites
Dozens of Linksys router models leak data useful for hackers
Facebook banned Archimedes Group, misinformation made in Israel
Number of hacktivist attacks declined by 95 percent since 2015
Unistellar attackers already wiped over 12,000 MongoDB databases

Pierluigi Paganini

(SecurityAffairs – newsletter)

The post Security Affairs newsletter Round 214 – News of the week appeared first on Security Affairs.

Salesforce faced one of its biggest service disruption of ever

Salesforce is facing a huge outage, it shut down a good portion of its infrastructure due to change to the production environment.

A change in the production environment is the root cause of the broad outage suffered by Salesforce.

The service disruption affected its Pardot B2B marketing automation system, the cloud CRM company’s change broke access privileges settings across organizations and gave customers access to all of their respective company’s files.

“One of our projects had all its profiles modified to enable modify all, allowing all users access to all data.” reported a user on Reddit.

In response to the incident, Salesforce has denied all access to a hundred of cloud instances that host Pardot users, the blocked the access for any other user to the same systems, even if they were not using Pardot.

Salesforce customers have been unable to access the service since 09:56 PDT (16:56 UTC) on Friday.

“The deployment of a database script resulted in granting users broader data access than intended,” reads a note published by the company. “To protect our customers, we have blocked access to all instances that contain affected customers until we can complete the removal of the inadvertent permissions in the affected customer orgs.”

salesforce outage

Below the message published by Patrick Harris, Salesforce CTO and co-founder:

A few hours ago, Salesforce informed its users that it was able to restore access to most of its services, this means that the users experienced at least 15 hours of service disruption. Unfortunately, some organizations may still face problems, according to the latest notice issued by the CRM firm administrators will have to manually repair user account permissions.

“We have restored administrators’ access to all orgs affected by the recent permissions issue and have prepared a set of instructions for admins that may need guidance on how to manually restore user permissions. We have updated the instructions to include guidance for Field Service Lightning administrators.” states the company. “Those instructions can be found in this Known Issue article: http://sfdc.co/PermSetKI. In parallel, we are working on an automated provisioning fix to allow us to restore user permissions to where they were before the incident occurred.”

The company warns that a limited number of admins may still be experiencing issues such as logging in to their organizations or modifying permissions.

If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

Thank you

Pierluigi Paganini

(SecurityAffairs – Salesforce, outage)

The post Salesforce faced one of its biggest service disruption of ever appeared first on Security Affairs.

Fraudulently Acquired IPv4 Addresses Revoked by ARIN

The US Registry for Internet Numbers, Ltd. (ARIN) won a legal case, against multi-year program designed to deceive the Internet community by approximately 735,000 IPv4 addresses. John Curran, President, and CEO of ARIN announced that the fraud had been discovered through an internal due diligence process.

ARIN is a non-profit organization responsible for distributing Internet numbers in the United States, Canada and parts of the Caribbean. The emerging market of IPv4 address transmission and growing demand has led to new attempts to fraudulently recover IPv4 addresses.

This is the first arbitration under the ARIN Registration Service Contract and the related process in the US District Court for the Eastern District of Virginia. ARIN has been able to prove the existence of a complicated scheme to fraudulently acquire resources, including many legalized official attestations sent to ARIN. “A company in South Carolina obtained and utilized 11 shelf companies across the United States, and intentionally created false aliases purporting to be officers of those companies, to induce ARIN into issuing the fraudulently sought IPv4 resources and approving related transfers and reassignments of these addresses. The defrauding party was monetizing the assets obtained in the transfer market, and obtained resources under ARIN’s waiting list process.” (ARIN Press Release).

The fraudulent entity adopts an aggressive position after ARIN requests to produce certain documents and explain its behavior. The suspects filed a motion for provisional detention orders and initial orders for ARIN in the US District Court and requested a hearing the following morning just before Christmas. “The aggressive posture was taken after ARIN indicated its intent to revoke addresses, while permitting defrauding entity to renumber to allow existing bona fide customers not to have service interrupted,” ARIN’s General Counsel told CircleID. “The litigation was filed against ARIN to seek an injunction to stop ARIN from revoking and enter arbitration. Some addresses were transferred for money prior to that demand, others were pending transfer and were never transferred due to ARIN investigation.”

Some fraudulently obtained addresses were transferred to third parties; however ARIN made no effort to pursue the parties that received the completed transfer, ARIN’s General Counsel told CircleID. The reason being: “(a) addressed were in another RIR service region (e.g. RIPE NCC and APNIC) and (b) ARIN did not see any evidence they knew of or participated in the fraud. In other words, they appeared to be bona fide 3rd parties.”

On May 1, 2019, ARIN obtained an arbitration award, which included revoking all fraudulent resources and $ 350,000 to ARIN for its legal fees.

UPDATE May 15, 2019: “Charleston Man and Business Indicted in Federal Court in Over $9M Fraud” – United States Department of Justice issues a statement announcing Amir Golestan, 36, of Charleston, and Micfo, LLC, were charged in federal court in a twenty-count indictment. The indictment charges twenty counts of wire fraud, with each count punishable by up to 20 years imprisonment.

Related Resources:

Wireless Network Security Assessment Guide | 5 Step Assessment

Ten Best Network Scanning Tools for Network Security

The post Fraudulently Acquired IPv4 Addresses Revoked by ARIN appeared first on .

Dutch intelligence investigate alleged Huawei ‘backdoor’

Dutch intelligence services are probing Huawei for possibly spying for the Chinese government by using a “back door” in equipment of major telecoms firms.

Dutch intelligence probes Huawei for possibly spying for the Chinese government by using a “back door” in the equipment used by major telecoms firms.

Dutch intelligence shares the concerns raised by other western governments about the risks of involving the Chinese telco giant in the creation of the new 5G mobile phone infrastructure.

Since 2018, US Government has invitedd its allies to exclude Huawei equipment from critical infrastructure and 5G architectures.

According to Dutch newspaper De Volkskrant, the probe into Huawei is being led by the Dutch intelligence agency, AIVD.

The newspaper, citing intelligence sources, revealed that Huawei had alleged access to the data of customers of major telecoms firms in the country, including Vodafone, KPN and T-Mobile. In April, KPN announced a partnership with Huawei to update its 4G networks.

“The report comes at a crucial time in the Netherlands, with Dutch Prime Minister Mark Rutte expected to make an imminent decision on the extent of Huawei’s involvement in the country’s 5G infrastructure.” reported the Telegraph.

AIVD did not comment the report, its spokesman Hilbert Bredemeijer explained that the spy agency “does not comment on possible individual cases.”

Huawei Dutch intelligence

Huawei continues to refuse the accusation of cyber espionage, it also remarked that it is a private company not working for the Chinese intelligence apparatus.

“We do not respond to stories based on anonymous sources or speculation. We have been aware of a Task Force led by the NCTV (Ministry of Justice & Security) for some time to investigate the risks involved in the construction and use of 5G. That was previously announced in a letter from Minister Grapperhaus.” a Huawei spokesperson said.

“It is also known that the three major telecom parties are participating in the risk analysis of the vulnerability of 5G telecommunication networks. This involves looking at what measures are needed to minimize risks. We are in favor of taking general measures that can increase the resilience of telecommunications networks and that apply equally to all relevant parties. We look forward to the results of this report with confidence.”

The Dutch probe is part of a dispute between China and the United States over global trade and cyber espionage.

If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

https://www.surveymonkey.com/r/EUBloggerAwards2018

Thank you

Pierluigi Paganini

(SecurityAffairs – 5G, Dutch intelligence services)

The post Dutch intelligence investigate alleged Huawei ‘backdoor’ appeared first on Security Affairs.

Nothing but the truth: the legacy of George Orwell’s Nineteen Eighty-Four

Every generation turns to it in times of political turmoil, and this extract from a new book about the novel examines its relevance in the age of fake news and Trump

Read other extracts from the book:
• David Bowie’s Orwell: how Nineteen Eighty-Four shaped Diamond Dogs
• ‘He typed in bed in his dressing gown’: how Orwell wrote Nineteen Eighty-Four

December 1948. A man sits at a typewriter, in bed, on a remote island, fighting to complete the book that means more to him than any other. He is terribly ill. The book will be finished and, a year or so later, so will the man.

January 2017. Another man stands before a crowd, which is not as large as he would like, in Washington DC, taking the oath of office as the 45th president of the United States of America. His press secretary says that it was the “largest audience to ever witness an inauguration – period – both in person and around the globe”. Asked to justify such a preposterous lie, the president’s adviser describes the statement as “alternative facts”. Over the next four days, US sales of the dead man’s book will rocket by almost 10,000%, making it a No 1 bestseller.

Continue reading...