Daily Archives: July 2, 2019

End Users as the Strongest Link

“It’s okay that you don’t understand.” This comment came after I was frustrated with myself for not being born a genius at math. Usually, when you don’t know a subject or you don’t understand it enough, subject matter experts (i.e. your teachers/professors/mentors/etc) put you down for it. But this time was different because I had […]… Read More

The post End Users as the Strongest Link appeared first on The State of Security.

Prison Time for Former Equifax Executive

The former CIO of Equifax has been sentenced to prison for selling his stock in the company before news of its 2017 data breach was publicly announced.

Jun Ying, the former Chief Information Office of Equifax U.S. Information Solutions, sold his shares in the company for over $950,000 ten days before the company admitted that its data had been accessed by hackers. He was sentenced to four months in prison and ordered to pay roughly $170,000 in fines and restitution.  

“Ying thought of his own financial gain before the millions of people exposed in this data breach even knew they were victims,” said U.S. Attorney Byung J. Pak.

The Equifax data breach compromised the names, Social Security numbers, birthdates, and addresses of over 145 million Americans. Ying is the second employee of the company to be found guilty of insider trading related to the incident. 

According to reports, Ying decided to sell his shares after researching the impact of the 2015 data breach of rival company Experian on its stock prices.

Read the U.S. Department of Justice’s statement on the case here.

The post Prison Time for Former Equifax Executive appeared first on Adam Levin.

Can Video Game “Mods” Expose Players to Malware?

“Hackable?” host Geoff Siskind’s son is a huge fan of the world-building computer game Minecraft — and downloads “mods” for it often. These mods are third-party updates that allow players to alter their favorite game. Whether you want to improve the graphics or add your favorite movie character to a game, there’s a mod for it. But are they safe to download? Do mods allow hackers to conceal malware that threatens your devices and data?

On the latest episode of “Hackable?” the team investigates if the mods Geoff’s son is downloading are putting his computer at risk. We invited white-hat hacker Tim Martin back on the show to create a Minecraft mod for Geoff. Listen and learn if Tim is able to hide dangerous code in a seemingly innocuous game update.

Listen now to the award-winning podcast “Hackable?”.

The post Can Video Game “Mods” Expose Players to Malware? appeared first on McAfee Blogs.

Vulnerability Spotlight: Remote code execution vulnerabilities in Simple DirectMedia Layer

Simple DirectMedia Layer contains two vulnerabilities that could an attacker to remotely execute code on the victim’s machine. Both bugs are present in the SDL2_image library, which is used for loading images in different formats. There are vulnerabilities in the function responsible for loading PCX files. A specially crafted PCX file can lead to a heap buffer overflow and remote code execution in both cases.

In accordance with our coordinated disclosure policy, Cisco Talos worked with SDL to ensure that these issues are resolved and that an update is available for affected customers. Check out the Talos blog for all the details and coverage.

Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time

I’m excited to announce that Microsoft’s Threat & Vulnerability Management solution is generally available as of June 30! We have been working closely with customers for more than a year to incorporate their real needs and feedback to better address vulnerability management. Our goal is to empower defenders with the tools they need to better protect against evolving threats, and we believe this solution will help provide that additional visibility and agility they need.

Threat & Vulnerability Management (TVM) is a built-in capability in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) that uses a risk-based approach to discover, prioritize, and remediate endpoint vulnerabilities and misconfigurations. With Microsoft Defender ATP’s Threat & Vulnerability Management, customers benefit from:

  • Continuous discovery of vulnerabilities and misconfigurations
  • Prioritization based on business context and dynamic threat landscape
  • Correlation of vulnerabilities with endpoint detection and response (EDR) alerts to expose breach insights
  • Machine-level vulnerability context during incident investigations
  • Built-in remediation processes through unique integration with Microsoft Intune and Microsoft System Center Configuration Manager

Traditional vulnerability scanning only happens periodically, leaving organizations with security blind spots between scans. The one-size-fits-all approach that these traditional solutions use ignores critical business-specific context, as well as the dynamic threat landscape. This is coupled with the fact that mitigation of vulnerabilities is a manual process, often across teams, that can take days, weeks, or months to complete. This leaves a window of opportunity for attackers and puts our defenders in a tough spot.

To address these challenges Microsoft partnered with a dozen enterprise customers on the design and creation of this new Threat & Vulnerability Management solution. One of them is Telit, a global leader in IoT enablement offering end-to-end IoT solutions, including enterprise-grade hardware, connectivity, platform, and consulting services. Telit already had a well-defined vulnerability management program in place, but said they were missing several critical capabilities, including visibility, prioritization, and remediation.

Our design partners play a key role throughout the entire process, from planning and building to operationalizing and maturing the product so we can deliver the best experience. Many of our customers have existing vulnerability management programs, so we knew that to have them switch to Microsoft we would need a disruptive approach to vulnerability management. From private preview to general availability and beyond, our key goals were to bridge the gap between Security and IT roles in threat protection, to reduce time to threat resolution while enabling real-time prioritization and risk reduction based on the evolving threat landscape and business context. The team continues to incorporate feedback from customers and partners, adding these new capabilities on a monthly basis.

“Telit’s previous threat and vulnerability solutions were limited to on-premises connected endpoints. Moving to Microsoft’s TVM cloud-based solution provides us much better visibility into roaming endpoints with a continuous assessment, especially when our endpoints are connected to untrusted networks.”
— Itzik Menashe, VP of IT & Information Security, Telit

Working together with Telit, we quickly understood that the current prioritization norm is not enough to properly reduce risk in an organization. We consulted with our partners on a new risk-based approach, which is focused on continuous discovery of vulnerabilities and misconfigurations and correlated those insights with context specific to their business and the dynamic threat landscape.

Microsoft’s built-in, end-to-end remediation process helps Telit bridge the gap between their security and operations teams. The unique integration with Microsoft Intune allows their security team to create remediation requests with a click of a button, and the operations team receives the requests automatically with all relevant information and can start the remediation process right away. The security team can then watch their exposure score drop in real time as remediation progresses.

“Microsoft’s TVM provides Telit with an easy-to-use solution that incorporates strong discovery capabilities, a risk-based approach to prioritization, and an effective remediation process. With this solution we are able to cover a large number of endpoints using a very small team of security engineers.”
— Mor Asher, Global IT and Information Security Manager, Telit

The product experience and ease of implementation was a big driver for Telit and thousands of other active customers to start using Microsoft Defender ATP Threat & Vulnerability Management. Telit had Microsoft Defender ATP’s TVM up and running within seconds.

To learn more about threat and vulnerability management watch our video that walks you through the experience.

If you already have Microsoft Defender ATP, the TVM solution is now available within your ATP portal. If you would like to sign up for a trial of Microsoft Defender ATP including TVM, sign up here.

We’re excited for our customers to evaluate this new solution and are looking forward to continued feedback.

The post Microsoft’s Threat & Vulnerability Management now helps thousands of customers to discover, prioritize, and remediate vulnerabilities in real time appeared first on Microsoft Security.

How Chinese spy app allows officials to harvest personal data

Intrusive software collects emails and texts and could be used to track movement

The tourists travelling into China were never supposed to know their phones had been compromised.

The surveillance app being installed on their devices should have been removed by the border officers tasked with the job. But their apparent carelessness has provided a rare insight into the techniques used by China to snoop on visitors and the kind of information being harvested from their phones.

Continue reading...

Episode 527 – Minnesota Cop Awarded Half Million After Colleagues Looked Up Her Data

Here’s another story about abuse of access. This epsiode talks about this case and what the State of Minnesota is doing to enable the citizens to protect their data stored on state systems.  Be aware, be safe. Become A Patron! Patreon Page *** Support the podcast with a cup of coffee *** – Ko-Fi Security […]

The post Episode 527 – Minnesota Cop Awarded Half Million After Colleagues Looked Up Her Data appeared first on Security In Five.

Florida City Fires IT Director after Meeting Ransomware Actors’ Demands

A municipality in Florida fired its IT director shortly after paying off bad actors who infected its computer systems with ransomware. Joe Helfenberg, the city manager of Lake City, confirmed to WCJB that the municipality fired Brian Hawkins, who was its director of information technology. This decision came shortly after Lake City suffered a ransomware […]… Read More

The post Florida City Fires IT Director after Meeting Ransomware Actors’ Demands appeared first on The State of Security.

Why someone needs VPN?

Estimated reading time: 3 minutes

What is VPN?

A VPN, or virtual private network, is a secure tunnel between your device and the internet. It is an encrypted connection which is used to protect your online traffic from snooping, interference, and censorship. It allows you to open secure communication channel from one network to another network over the internet. It extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.

Why someone needs VPN.

  • You have a remote workforce: You have a workforce or freelancer that works for you from remote location and wants to access your network regularly.

 

  • You encourage BYOD policy: BYOD (Bring your own device) policy reduces your infrastructure cost but it will increase the security risks.

 

  • Your employee travel to customer location: Your employee may travel to client location to close the deal or for business essentials. They need to access your private network from the client location and they may also have to work while traveling. Using public WiFi at such times on Airport or Hotels increases security risk.

 

  • You want to secure communication and browsing: Your employees may use unsecure web pages while browsing, potentially exposing sensitive data such as passwords and business details.

 

  • You have multiple branches: You may have multiple branches which you want to connect with each other without compromising on security. Also, you may want to share/access your private network resources over public network.

Benefits of VPN for your Business.

  • Enhanced data security for remote users: VPN provides a secure communication tunnel for your remote workforce. Your employees use this secure tunnel to access your private network resources as well as public network without compromising the security. It also secures your BYOD policies.

 

  • Encourage productivity: If your employees are aware about internet vulnerability, then they may be cautious about accessing the confidential private data from public network. VPN provides a secure means to access your private network while ensuring peace of mind for your employees.

 

  • Make your clients feel more secure: If you are collecting your customer’s data as business offering, then VPN helps to mitigate their worries by providing one more layer of security to build their confidence.

 

  • Geo Independence: Some countries restrict what you can access. And if you and your employees travel a lot, to complete your work your employees need to stay connected with your office and that time you need VPN.

Challenges with Remote Access

Even though VPN provides secure communication channel to your remote employees, they can misuse your organizational resources. They may use your internet bandwidth for their personal benefits. You need to restrict this kind of unwanted usage.

Seqrite UTM offering

 

Seqrite UTM has a provision to create Virtual Private Network in two scenarios.

  • Site to Site: A site-to-site VPN allows offices in multiple fixed locations to establish secure connections with each other over a public network such as the internet.
  • Remote access: Allows you to securely access your organization’s network over the Internet.

Seqrite UTM provides the following three types of VPN:

  • IPSec VPN: This VPN uses layer 3 IP security standard to create secure tunnels between the client and the server.
  • PPTP VPN: Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a VPN across TCP/IP-based data networks. This VPN uses MPPE authentication for connection between client and server.
  • SSL VPN: This VPN uses SSL certificates and Public Key Infrastructure (PKI) for authentication and encryption of the tunnel between client and server.

Seqrite UTM also offers to enforce multiple policies over your remote VPN users, so that you can control their access. i.e.

  • Web policies
    • URL Categorization
    • Keyword control
    • File size policy
    • Black/White list URLs
  • Mail policies
    • Attachment control
    • Keyword blocking

Seqrite UTM also offers multiple security features over VPN traffic to secure your private network.

  • Antivirus
  • Antispam
  • Internet Quota Management

Seqrite UTM offers unrestricted VPN access to the customers….

 

The post Why someone needs VPN? appeared first on Seqrite Blog.

CLB Bitsdaq Exchange Listing Information

Hello Cloudbric community!

We’re pleased to provide you with more information regarding CLB’s listing with Bitsdaq Exchange.

Check it out below.

Bitsdaq exchange listing CLB

1) Token: CLB (ERC20)

2) Listing schedule

Open for Deposit: Thursday, July 4, 2019 1PM KST

Open for Trade: Friday, July 5, 2019 5PM KST

Open for Withdraw: Monday, July 8, 2019 5PM KST

3) Currency transaction

– CLB/BTC trading pair

– Other pairs such as CLB/ETH will available in the future

4) Transaction fee: 0.25%

5) Other fees:

Deposit fee: None

Withdrawal fee: Fee will be updated on Bitsdaq (here) on July 8

===

Bitsdaq is a Hong Kong based cryptocurrency exchange based on the unique technology of its official partner, Bittrex exchange. Learn more about Bitsdaq here.

Stay tuned for future listings announcements!


Make sure to follow us on our social media platforms (LinkedInTwitter, and Facebook) and our recently opened Telegram Announcement Channel for the latest updates!

The post CLB Bitsdaq Exchange Listing Information appeared first on Cloudbric.

From the BH Consulting archives: fake invoicing scams are a constant security risk

Trawling through archives can quickly turn bittersweet when it hits home how little has changed between past and present. Looking back through the posts on BHconsulting.ie, invoice redirect scams have featured regularly since 2015. Fast forward to 2019: An Garda Siochana warned that this fraud cost Irish businesses almost €4.5 million this year. The global costs are even more sobering – but more of that later.

Back in 2015, we reported the Irish Central Bank was fleeced to the tune of €32,000. This fraud was a growing trend even then. Our blog quoted Brian Honan’s Twitter account: “Looks like a fake invoice scam we’ve seen with other clients”. The same post also referred to Ryanair, which was duped around the same time and reportedly lost around €4.5 million.

The impersonation game

Scams like this have many names, like CEO fraud, invoice redirection fraud, or business email compromise. Preventing them from being successful is about knowing how they work and spotting potential red flags. Brian blogged about this in December 2015, detailing scammers’ steps when executing CEO fraud and fake invoicing tricks.

“The premise of the attack is the criminals impersonate the CEO, or other senior manager, in an organisation (note some attacks impersonate a supplier to the targeted company). The criminals may do this by either hijacking the email account of the CEO or setting up fake email accounts to impersonate the CEO.”

Next, criminals send an email seeming to come from the CEO to a staff member with access to the company’s financial systems. The email will request that payment be made to a new supplier into a bank account under the criminals’ control. Alternatively, the email may claim the banking details for an existing supplier have changed and will request payments into a new bank account under the criminals’ control.

Video to beat the scam

In February 2017, we blogged about an educational video that Barclays Bank developed to raise awareness of fake invoicing and similar online scams.

 

Later that same year, we covered the issue again, twice in quick succession. The first of these posts, in August 2017, noted how legitimate email senders do themselves no favours by composing messages that “practically begged to be treated” as fakes. A genuine email from a large insurer was so poorly composed that it would have raised suspicion with anyone who’d been paying attention during security awareness training.

The process problem

Now we’re getting to the heart of the problem. Call it what you want, but this scam is a people and process failure. That was our conclusion from another post in August 2017, after news emerged of yet another victim in Ireland. “The effectiveness of an email scam like CEO fraud relies on one person in the target organisation having the means and the opportunity to make payments. It’s not a security problem that technology alone can fix.”

In the same blog, we noted how the FBI has been tracking this scam since 2013. The agency put collective losses between then and August 2017 at an eye-watering $5 billion. As we blogged then, ways to fix this issue don’t necessarily need to involve technical controls. For example, companies could make it compulsory to have a second signatory whenever they need to make payments over the value of a certain amount.

The risk of these frauds goes beyond just commercial businesses. As we noted in a blog from October 2017, local public sector authorities are also potential victims. The post referred to Meath County Council, which had €4.3 million stolen from it in a dummy invoicefraud.

Staying ahead of the fraudsters

Our August blog included FBI special agent Martin Licciardo’s very practical advice: “The best way to avoid being exploited is to verify the authenticity of requests to send money by walking into the CEO’s office or speaking to him or her directly on the phone. Don’t rely on e-mail alone.”

This brings us neatly back to 2015, where we provided similar advice to avoid falling victim to fake invoice scams. The steps include:

  • Ensure staff use secure and unique passwords for accessing their email
  • Ensure staff regularly change their passwords for their email accounts
  • Where possible, implement two factor authentication to access email accounts, particularly when accessing web-based email accounts
  • Have agreed procedures on how requests for payments can be made and how those requests are authorised. Consider using alternative means of communication, such as a phone call to trusted numbers, to confirm any requests received via email
  • Be suspicious of any emails requesting payments urgently or requiring secrecy
  • Implement technical controls to detect and block email phishing, spam, or spoofed emails
  • Update computers, smartphones, and tablets with the latest software and install up-to-date and effective anti-virus software. Criminals will look to compromise devices with malicious software in order to steal the login credentials for accounts such as email accounts
  • Provide effective security awareness training for staff.

The post From the BH Consulting archives: fake invoicing scams are a constant security risk appeared first on BH Consulting.