Daily Archives: August 16, 2019

Maths and tech specialists need Hippocratic oath, says academic

Exclusive: Hannah Fry says ethical pledge needed in tech fields that will shape future

Mathematicians, computer engineers and scientists in related fields should take a Hippocratic oath to protect the public from powerful new technologies under development in laboratories and tech firms, a leading researcher has said.

The ethical pledge would commit scientists to think deeply about the possible applications of their work and compel them to pursue only those that, at the least, do no harm to society.

Despite being invisible, maths has a dramatic impact on our lives

Related: Google whistleblower launches project to keep tech ethical

Related: To fix the problem of deepfakes we must treat the cause, not the symptoms | Matt Beard

Continue reading...

When is a False Positive Not a False Positive in Cybersecurity?

The phrase “false positive” has become so ubiquitous in Information Security that we often don’t stop to consider what it means or how it is used. Many use the term to describe every alert generated by a tool that does not lead to the discovery of a true infection when investigated. If every alert activated for trivial information is considered a false positive, this may overstate the intention and function of the tool and may even give the user a false sense that the tool has more features than it actually does. It is worth establishing a distinction, calling this type of notification a “trivial alert,” reserving the phrase “false positive” for correlated, contextualized, and evidence supported positive identifications of active infections which prove to be false. Taking the time to establish clear definitions may lead to a better understanding of what security tools can do and ultimately improve information security.

What do we call a false positive?

Users of security tools often expect those tools to provide the one alert that will lead them to a true infection in their network. However, these tools are often placed in a location which prevents them from being able to definitively confirm infections.  Instead, they alert on everything that might be a marker of infection to avoid missing the one indicator that does lead to an infection. This results in security analysts being flooded with hundreds of thousands or even millions of alerts per day, none of which provide enough information on their own.  

 What’s the harm in not having a clear definition of a false positive?

Users of such security tools often refer to these trivial alerts as false positives. In order to use the common vernacular, vendors of those security tools may also refer to those alerts as false positives. Unfortunately, implying a product has false positives suggests that the product can verify an infection, which is outside the scope of most of these solutions.  Providing a more accurate definition and understanding of what constitutes a false positive  will give users of security tools a clearer method for evaluating the suitability of those tools for their environment.

What is a false positive?

The phrase “false positive” suggests that there was a positive that was proven false. However, these individual pieces of evidence, without context or correlation, are never actionable on their own. As noted above, alerts for such items are perhaps better termed trivial alerts. A true positive alert must be so serious that it gets the analyst out of their chair. A false positive must have gotten them out of their chair to investigate, only to find that nothing is actually wrong, proving that alert false.  A security solution of this nature should not only get the analyst out of their chair, it must also have a false positive rate low enough to maintain the trust of the user.

How do we get to that true positive alert?

In order to get an alert that can definitively prove an infection, a security solution must gather and analyze individual pieces of evidence, contextualizing them and gathering the requisite supporting evidence. From there, it must build an evidence-based case for an infection and provide a complete case, including all the evidence, to the user.

Does a security solution like that exist?

Core Network Insight is installed inside the perimeter, inside inner ring policy enforcement so that it can see the whole picture. It gathers the individual pieces of evidence that other tools alert on, weighs and analyzes them, building a case against each infected endpoint. This case includes evidence from twelve detection engines correlated, contextualized, and positively attributed to a specific endpoint. Network Insight also provides the name of the last user to log in to the infected endpoint, a full list of users who have logged into the infected endpoint, and a list of other endpoints each user has logged into.

Network Insight also calculates a business risk for each infection on each infected endpoint based on the infection related network activity, the value and risk posed by the endpoint, and the intent of the threat actor and activity of the malware. In other words, Network Insight connects the dots of all the various security events, creating a clear picture of a breach. These contextualized, correlated, and evidence supported alerts combined with a low false positive rate ensure that analysts don’t just get out of their chairs, they leap out of them.

Until users and vendors begin differentiating between trivial alerts and false positives, it’s important to remember that not all false positives are created equal.

Undefined

cs-network-insight-false-positive-blog-700x350.jpg

False positive
Network Insight
Attribute this content to a different author: 
Hank Carr, Sales Engineer, Technical Solutions
Big text: 
Blog
Resource type: 
Blogs
Ready to eliminate false positives?

See how Network Insight automatically and accurately identifies hidden infections in real time on live traffic with a personalized demo.

Cyber News Rundown: Hookup App Exposes Users

Reading Time: ~ 2 min.

Hookup App Leaks User Locations

Geo-locating and other sensitive data has been leaked from the hookup app 3fun, exposing the information for more than 1.5 million users. While some dating apps using trilateration to find nearby users, 3fun showed location data capable of tracing a user to a specific building or floor. Though users had the option to disable coordinate tracking, that data was nevertheless stored and available through the app’s API. 3fun has since resolved the leak and has hopefully implemented stronger security measures considering the private nature of their client’s activities.

Ransomware Attacks on DSLR Cameras

Malware authors continue to find new victims, as a ransomware variant has been found to be remotely attacking Canon DSLR cameras and demanding a ransom to regain access to the device. Researchers have found multiple vulnerabilities that could allow attackers to perform any number of critical functions on the cameras, including displaying a ransom note and remotely taking pictures with the camera. Fortunately, Canon has already begun issuing patches for some of its affected devices, though it’s taking longer to fully secure others.

Take back your privacy. Learn more about the benefits of a VPN.

Google Drive Exploit Allows Phishing Campaign to Flourish

A new phishing campaign has been discovered that uses a legitimate Google Drive account to launch a phishing campaign that impersonates the CEO asking the victim to open the Google Docs file and navigate to the phishing site’s landing page. Luckily for victims, the campaign has a few tells. The phony CEO email address uses a non-conforming naming convention and the email itself appears to be a hastily compiled template.

British Airways Data Leak

British Airways has again come under scrutiny, this time after it was discovered that their e-ticketing system was leaking sensitive passenger data. The leak stems from flight check-in links that were sent out to customers containing both their surname and booking confirmation numbers completely unencrypted within the URL. Even more worrisome, this type of vulnerability has been well-known since last February when several other airlines were found to have the same issue by the same security firm.

Android Trojan Adds New Functionality

Following in the footsteps of Anubis, an Android banking Trojan for which source code was recently revealed, Cerberus has quickly filled the void without actually borrowing much of that code. One major change is that Cerberus implemented a new method of checking if the device is physically moving or not, in hopes of avoiding detection by both the victim and any researchers who may be analyzing it. Additionally, this variant uses phishing overlays from several popular sites to further collect any login credentials or payment card data.

The post Cyber News Rundown: Hookup App Exposes Users appeared first on Webroot Blog.

Weekly Update 152

Weekly Update 152

I made it out of Vegas! That was a rather intense 8 days and if I'm honest, returning to the relative tranquillity of Oslo has been lovely (not to mention the massive uptick in coffee quality). But just as the US to Europe jet lag passes, it's time to head back to Aus for a bit and go through the whole cycle again. And just on that, I've found that diet makes a hell of a difference in coping with this sort of thing:

This week it's almost all about commercial CAs and their increasingly bizarre behaviour. It's disappointing to see disinformation and privacy violations from any organisations, but when it's from the ones literally controlling trust on the web it's especially concerning. Maybe once they're no longer able to promote EV in the way they have been that will change, but I have a feeling we've got a bunch more crap to endure yet. See what you think about all that in this week's update:

Weekly Update 152
Weekly Update 152
Weekly Update 152

References

  1. Reminder: If you're using the HIBP API to search for email addresses, get yourself onto V3 ASAP! (you've got 2 days until the old versions die)
  2. Chegg had 40M accounts breach with unsalted MD5 password hashes! (it was April last year, now it's searchable in HIBP)
  3. Extended Validation Certificates are (Really, Really) Dead (I've been saying it for ages, but both Chrome and Firefox have really nailed it now)
  4. DigiCert is rejecting the proposal to reduce maximum certificate lifespans (uh, except for that post a few years ago when they thought it was a good idea...)
  5. Sectigo leaked the personal info of a do-gooder which resulted in him receiving a threatening letter (there's all kinds of things gone wrong here)
  6. Big thanks to strongDM for sponsoring my blog over the last week! (see why Splunk's CISO says "strongDM enables you to see what happens, replay & analyze incidents. You can't get that anywhere else")

Essential practices to strengthen your business’ cybersecurity

Estimated reading time: 4 minutes

With enterprises being the centre of attention of an ever-evolving threat landscape, foolproof security of business assets has become the need of the hour. To counter the menace of cyberattacks, today we have businesses that specialize in the development and deployment of advanced and futuristic solutions that have the capability to defend businesses from the most dangerous of malware.

However, this vigilance may falter if enterprise stakeholders are not cautious about the basics of cybersecurity. Every critical aspect such as email, user access, software updates et al. needs to be optimized so that even a worst-case scenario pertaining to cyberattacks turns in the business’ favour.

Seqrite intends to educate its esteemed customers about very simple but effective steps that organizations need to integrate into their status quo to bolster cybersecurity.

Regular data backups

Data backups are essential because ransomware is notorious for locking enterprise data and demanding monetary benefits in exchange for data release. There is other malware too that may make businesses lose 100 % of their critical data.

Hence –

  • Back up your important data regularly and keep a recent backup copy offline
  • Encrypt your backup
  • Always use a combination of online and offline backup
  • If your computer gets infected with ransomware, your files can be restored from the offline backup, once the malware has been removed
  • Do not keep offline backups connected to your system as this data could be encrypted when ransomware strikes

Grants

Administrators should practice extreme caution while granting rights to the business workforce. Pin-point accuracy is a must while assigning access rights to employees. Admins should have absolute clarity about what parts of the business should be accessible to which users.

Hence –

  • Regularly audit local/domain Users and remove/disable unwanted users
  • Set strong passwords for every business account
  • A strong password includes a combination of –
  • Letters in upper case
  • Letters in lower case
  • Numbers & special characters
  • Password should consist of a minimum 8-10 characters
  • Mandating a password change on a periodic basis
  • A bad example would be common passwords like P@ssw0rd, Admin@123#, etc.
  • Set password expiration & account lockout policies (in case the wrong password is entered)
  • Don’t assign Administrator privileges to users
  • If possible enable Multi-Factor authentication to ensure all logins are legitimate
  • Don’t stay logged in as an administrator, unless it is strictly necessary.
  • Avoid browsing, opening documents or other regular work activities while logged in as an administrator

Software updates

Software updates drop the latest fixes to bugs and patches to every software entity present in your business.

Hence –

  • Keep your Operating System and other software updated. Software updates frequently include patches for newly discovered security vulnerabilities which could be exploited by attackers. Apply patches and updates for software like Microsoft Office, Java, Adobe Reader, Flash, and Internet Browsers like Internet Explorer, Chrome, Firefox, Opera, etc., including Browser Plugins
  • Always keep your security software (antivirus, firewall, etc.) up-to-date to protect your computer from new variants of malware
  • Do not download cracked/pirated software, as they risk backdoor entry for malware into your computer
  • Avoid downloading software from untrusted P2P or torrent sites. In most cases, they harbour malicious software

Securing network and shared folders

Typically, network and shared folders are home to the most confidential business data. Hackers are always on a prowl to break-in to these folders and gain access to highly-sensitive information.

Hence –

  • Keep strong and unique passwords for login accounts and network shares
  • Disable unnecessary, admin share. i.e. admin$. Give access permission to shared data as per requirement
  • Audit RDP access & disable it if not required or, set appropriate rules to allow only specific & intended systems
  • Change RDP port to a non-standard port
  • Configure firewall in the following way –
    • o Deny access to all to important ports (in this case RDP port 3389)
    • o Allow access to only IP’s which are under your control
  • Use a VPN to access the network, instead of exposing RDP to the Internet
  • Possibly implement Two Factor Authentication (2FA)
  • Set lockout policy which hinders guessing of credentials
  • Create a separate network folder for each user when managing access to shared network folders
  • Don’t keep shared software in executable form

Email

No business can function without email. History is proof that email is one of the most go-to channels for hackers to propel cyber attacks.

Hence –

  • Enable Multi-Factor authentication to ensure all logins are legitimate
  • Set password expiration & account lockout policies (in case the wrong password is entered)
  • Don’t open attachments and links in an email sent by an unknown, unexpected or unwanted source. Delete suspicious-looking emails you receive from unknown sources, especially if they contain links or attachments
  • Cybercriminals use ‘Social Engineering’ techniques to trick users into opening attachments or clicking on links that lead to infected websites
  • Always turn on email protection of your antivirus software

Disable macros for Microsoft Office

Fairly self-explanatory, macros should be disabled because a lot of malware penetrates due to the enablement of macros.

Hence –

  • Do not enable ‘macros’ or ‘editing mode’ by default upon execution of the document, especially for attachments received via emails. A lot of malware infections rely on your action to turn on macros
  • Consider installing Microsoft Office Viewers. These viewer applications let you see what documents look like without even opening them in Word or Excel. More importantly, the viewer software doesn’t support macros at all, so this reduces the risk of enabling macros unintentionally

Secure browsing

Web browsers are the most sought out channels for malware attacks – everybody knows it.

Hence –

  • Always update your browser
  • Try to avoid downloading pirated/cracked media or software from sites like torrents
  • Block the ad pop-ups in the browser.
  • Always verify whether you are accessing the genuine site by checking the address bar of the browser. Phishing sites may show contents like a genuine one
  • Bookmark important sites to avoid being a victim of phishing
  • Do not share your personal details like name, contact number, email id, social networking site credentials for any unknown website
  • Do not install extensions in browsers which you are not fully aware of. Lookout for impersonating web-pages and do not allow any prompt on an unknown web page that you are visiting. Avoid visiting crack software download websites
  • Policies should be clearly communicated for employees opting for BYOD (Bring Your Own Devices) facilities
  • Policies for using official applications on platforms other than office infrastructure should be established

 

Lastly, for pen drives, disable the autorun feature if not needed and regularly educate employees for best cybersecurity practices.

Seqrite is Quick Heal Technologies’ flagship enterprise product – the company is a stalwart and an industry major that has spearheaded the movement about the importance of cybersecurity. Hope, this educational document helps.

Please get in touch with us for any specific questions.

The post Essential practices to strengthen your business’ cybersecurity appeared first on Seqrite Blog.