Daily Archives: September 11, 2019

Smashing Security #145: Apple and Google willy wave while home assistants spy – DoH!

Apple’s furious with Google over iPhone hacking attacks against Uyghur Muslims in China, DNS-over-HTTPS is good for privacy but makes ISPs angry, and concern over digital assistants listening to our private moments continues to rise.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist John Leyden.

More than 50 U.S. Businesses Call For Federal Privacy Law

Fifty-one CEOs representing U.S.-based businesses sent an open letter to Congress requesting a comprehensive federal consumer privacy law.

Signed by the CEOs AT&T, Comcast, General Motors, Mastercard, and Wal-Mart, among others, the letter requested “a comprehensive consumer data privacy law that strengthens protections for consumers and establishes a national privacy framework to enable continued innovation and growth in the digital economy.”

The cosignatories of the letter are members of the Business Roundtable, an association of executives focuses on “working to promote a thriving U.S. economy… through sound public policy.”  

Attached to the letter was a proposal for a consumer policy framework that encompasses the need for federal legislation to override state privacy laws, a definition of personal data, the creation of a federal standard for data breach notifications, and the assignment of primary enforcement responsibilities to the FTC. The framework also calls for “no private right of action,” meaning that consumers would be unable to bring lawsuits for violations of the law. 

While the Business Roundtable requests a more uniform law to “ensure that consumers are not faced with confusion about their rights and protections based on a patchwork of inconsistent state laws,” many critics suggest that the ulterior motive is to pass a weaker set of privacy protections to supercede more stringent state laws currently in place in Maine and California. 

The post More than 50 U.S. Businesses Call For Federal Privacy Law appeared first on Adam Levin.

Countdown to MPOWER 2019: Survival Guide

This year, we’re excited to host the 12th annual MPOWER Cybersecurity Summit at the ARIA in Las Vegas, where fellow security experts will strategize, network, and learn about the newest and most innovative ways to ward off advanced cyberattacks. With the show nearly upon us, I’m sharing a “survival guide” for first-time attendees and anyone who might want a refresher of what’s to come. Here are a few tips and tricks to help make your MPOWER experience even more successful and enjoyable.

Travel, Transportation and Accommodations

MPOWER is the best place to leverage your existing McAfee investment, engage with our ecosystem of security experts, connect with other McAfee customers and much more.

If you haven’t yet booked your travel arrangements, be sure you do so as soon as possible to take advantage of the special rates offered by the ARIA Resort & Casino. When you arrive at the Las Vegas McCarran International Airport, it will be a quick 20 minute Uber or Lyft ride to the ARIA. For more information on ground transportation from the airport to the hotel, click here.

TIP: Need some help convincing your company or manager? Click here for our email template (and modify as appropriate) to help justify your attendance at MPOWER 2019.

Innovative Keynote Speakers

We have a great lineup of keynote speakers this year. You’ll hear from Secretary of State Madeleine K. Albright, General Colin L. Powell, and tech venture capitalist Roger McNamee. We’ll also have McAfee leadership on the keynote stage, including CEO Chris Young, EVP & Chief Product Officer Ashutosh Kulkarni, SVP of Cloud Rajiv Gupta, SVP & Chief Technology Officer Steve Grobman, and CMO Allison Cerra.

TIP: Be sure to get to the keynote stage early, as spots fill up fast.

Breakout Sessions

The sessions offered at MPOWER 19 will give you a better understanding of how to maintain the highest standards of security while reducing company costs, streamline processes, and drive efficiencies in the daily administration of your systems. You’ll also have an exclusive opportunity to hear actual McAfee customers discuss how they solved real-world business challenges.

TIP: Once you’ve registered, enter your registration information at the MPOWER 19 My Event site to create a personalized agenda of the sessions and events you most want to attend. Then use your convenient schedule to make sure you don’t miss a thing!

MVISION Training Classes

New at MPOWER this year, MVISION training classes will be available free to customers and can be added to your schedule during registration. Classes will run October 1-3, and each attendee will receive a Certificate of Completion that can be submitted as a Continuing Education Unit (CEU/CPE) to ISC2, CompTIA, and other certification vendors. Seating is limited and available on a first-come, first-served basis—so add a course to your registration today!

TIP: Be sure to get your badge scanned at the door for each session to get credit.

Customer Spotlight

Stop by the Customer Spotlight, located on Level 1 to have fun. This is a place where you can kick back and relax, challenge your peers to a game (Jenga, Connect 4, Cornhole, and many more) or just take a few minutes to catch up on email or recharge your phone. The Customer Spotlight will be open Tuesday through Thursday, 8:00 AM – 5:00 PM.

TIP: The list of the activities is lengthy—there’s something for everyone! For your participation, we offer an incentive program that will earn you points—redeem anytime for McAfee gear and much more.

Expo Hall & Innovation Fair

The Sponsor Expo will feature an impressive lineup of McAfee partners, including some of the world’s most successful businesses. This is your chance to meet with the key players of the security industry—all in one location. Also, stop by the Innovation Fair booth and see what product innovations McAfee has planned in the areas of threat defense, data protection, intelligent security operations, and cloud defense. During the Innovation Fair hours, you will be able to join in on short innovation talks with technical leaders from McAfee.

TIP: Navigating the conference and expo hall will involve a lot of walking. Bring comfortable shoes—your feet will thank you later.

Stay Connected with Twitter

Twitter is one of the best ways to “stay connected” whether you are at the event or attending virtually. You can learn a lot about what’s going on at MPOWER by following the #MPOWER19 hashtag—McAfee will be live tweeting keynotes, favorite session updates, valuable insights, freebies, party details and more. Be sure to tweet your own findings, happenings, etc. using the hashtag.  

TIP: Follow @McAfee, @McAfee_Business for conference updates, company announcements and more!

The MPOWER Mobile App

 The MPOWER 19 Mobile App puts a full guide to the conference in the palm of your hand. Just download and enter your MPOWER registration info to access the daily schedule of events, session details, speaker info, and more! Available for iPhone/iPad and Android, the MPOWER 19 Mobile App will help you maximize the value of the conference and keep you updated on everything that’s happening.

TIP: When onsite at MPOWER 19, visit the Mobile App Help Desk near registration to get all your questions answered. 

MPOWER Special Evening Event

On October 3rd, we’ll be hosting Fall Out Boy for a special performance. Get ready to dance the night away starting at 8 p.m. PT.

See You Soon!

We are committed to bringing together the best of the security industry to unite for a cause that’s bigger than all of us—the digital safety of our customers, organizations, and future generations. We invite you to join us in Las Vegas.

The post Countdown to MPOWER 2019: Survival Guide appeared first on McAfee Blogs.

How to Identify and Prevent Insider Threats in Your Organization


Insider threats are on the rise. Whether they come from accidental insiders who are prone to phishing attempts or malicious insiders who are seeking to expose sensitive data, insider attacks have significantly increased in recent years. According to the 2019 Insider Threat Report from Cybersecurity Insiders, sponsored by HelpSystems, 70 percent of cybersecurity professionals surveyed believe that the frequency of insider attacks has increased in the last year alone. And an incredible 62 percent of organizations have experienced at least one insider attack in the past 12 months. So why are insider threats increasing, who is responsible for them, and what can your organization do to prevent them?

What Explains the Rise of Insider Threats?

Companies today are highly vulnerable to insider threats—and for good reason. The Insider Threat Report found that 68 percent of security teams surveyed feel extremely to moderately vulnerable to insider attacks. External threat actors have become considerably more sophisticated in their malicious activities that target insiders—from deploying social engineering attacks like phishing emails to scanning through LinkedIn and other data stores on the Internet to gather details on corporate environments.

Internally, IT systems are becoming increasingly complex and overloaded. Security teams are having to do more with less and may not receive or provide adequate levels of training. Combined together, all of these different elements can serve as infection vectors into your environment, providing pathways for people to do things accidentally or intentionally malicious within your systems.

In fact, the same survey from Cybersecurity Insiders found that inadvertent insider threats—caused through accidental breaches from malicious activities like phishing emails—were of concern to more than 70 percent of security teams. Negligent insiders who willfully ignore security policies are a major concern to more than 66 percent of cybersecurity professionals. This includes developers, for example, who have access to production machines, and ignore company security policies, like working from home on an unsecured network, to cut corners or do something faster or cheaper. And finally, malicious insiders who are actively seeking to do harm or cause damage are a concern to 62 percent of security teams. These types of insiders can include disaffected employees or someone outside your organization trying to steal credentials to get in. Overall, more than half of all incidents today are due to inadvertent or accidental insider attacks, while the remaining half is split between malicious insiders and actual hacking, like credential theft, appearing as an insider coming from your system.

With inadvertent insiders representing the largest area of concern to cybersecurity professionals, understanding what contributes to these types of insider threats is essential. Again, according to the Insider Threat Report, the most feared inadvertent insider threat originates from phishing emails. This is followed by poor passwords, spear phishing, and orphaned accounts. Many security teams may not view orphaned accounts as a security risk, but they are great places for bad actors to gain access into your organization since no one is actively looking into them. Orphaned accounts occur typically in larger organizations with fairly high turnover. As people exit the company, there may not be a specific process for cleanup happening for either internal or external system access.

How Much Do Insider Attacks Cost Your Organization?

One of the most alarming findings from the Cybersecurity Insiders study is that many security teams may not recognize the financial impact insider attacks can have on an organization. More than half of those surveyed believe it would cost less than $100,000 to deal with or mediate an insider attack. But studies show these types of attacks are significantly higher in cost. In fact, some recent reports estimate that the average cost of a cyber incident today ranges from $270,000 to upwards of more than $20 million at large organizations.

In addition to monetary loss, there are forensic issues you have to deal with to discover how the incident happened. This requires significant time from your own internal security teams to remediate the incident—taking time away from more strategic activities. You must conduct additional training, potentially hire outside consultants, and even replace new equipment to close any loopholes. Combined together, all of these add up to an unexpected expense incurred by your organization.

What Roles Pose the Biggest Risk for Your Organization?

It’s no surprise that those who are privileged IT users or administrators pose the biggest security risks. According to the Cybersecurity Insiders report, 59 percent of security teams indicated these roles were the largest concern for the company since the accounts were highly privileged, and would have dangerous consequences if they ended up in the wrong hands. That’s why it’s best practice to implement a privileged access management (PAM) program, using solutions like Powertech Identity and Access Manager (BoKS),  the leading solution from HelpSystems, to secure your privileged systems and applications. Additionally, a strong Identity Governance and Administration (IGA) solution from Core Security, can ensure that privileged access is assigned properly, appropriate approvals are established, and the proper checks and balances are in place.

Second to IT users, contractors, service providers, and temporary workers pose the greatest risk to organizations, with 52 percent of cybersecurity professionals responding. This category of user is often a target for bad actors because turnover is high for these roles and orphaned accounts can stack up if there is an undefined process for cleaning up those accounts. That’s why it’s essential not to overlook these types of workers or make them a lower priority for your organization. Even though they may not be highly privileged, if their access falls into the wrong hands, a bad actor could do real damage within your environment. 

How Can You More Effectively Manage User Privileges?

Many organizations have poor or very manual processes when it comes to management of user privileges. With a large number of systems and applications, lack of centralized management, highly manual processes, and no clear understanding of required access for various roles, it’s no wonder that more than 77 percent of cybersecurity professionals consider management of user privileges ineffective. One way to address this is to automate provisioning around the various stages of the user lifecycle. In fact, at least half of all survey respondents in the Insider Threat Report believe an integrated Identity and Access Management (IAM) solution is a key part of a solid IGA policy.

Another best practice is the implementation of role-based access controls (RBAC). This means having solid, well-defined roles in place and knowing specifically which access privileges each role needs. As organizations grow and evolve, the right IGA solution can allow for more efficient changes and decrease risk by focusing on role definitions and role assignments, rather than on individual accounts. 

Three Areas of Focus for Insider Threat Prevention

While considerable time and effort is spent concentrating on external threats and trying to address persistent, malicious threats from bad actors, too often, security teams may not be focused enough on what is happening inside their environment. However, with the right layered security model, you can ensure you have the right defenses and depth in your overall security strategy and approach. The Insider Threat Report indicated that 56 percent of cybersecurity professionals consider their monitoring, detecting, and response to insider threats only somewhat effective or worse. And more than half of respondents said that they either did not have the appropriate controls in place or were unsure of whether they had any controls to prevent an insider attack. So in response to this, below are three strategic areas of focus that can guide insider threat prevention in your organization: 

1) Deterrence: 62 percent of respondents from the Cybersecurity Insiders report said deterrence was an important strategy to help prevent insider attacks. Deterrence means ensuring you have good access controls, strong encryption on your data, and appropriate policies in place that deter and discourage insider threats.

2) Detection: Similar to deterrence, nearly two-thirds of respondents indicated that detecting what is happening in their environment was essential in preventing insider attacks. Detection means actively monitoring what users are doing and ensuring visibility into network threat-related activities with network detection solutions.

3) Analysis and Post Breach Forensics: Nearly half of all cybersecurity professionals responded that being able to do post breach forensics analysis was also an important part of responding to and preventing future insider attacks. If a breach does occur, you must be able to deal with it quickly and effectively. This means examining what has happened in the environment, and having a way to easily see and analyze what is occurring real-time.

Having a comprehensive Security Information and Event Management (SIEM) solution that provides real-time threat detection and prioritization is critical. Remember, it’s not always just users with a Windows PC that can cause damage to your systems. Sometimes it’s through an IoT device, a Wi-Fi access control, security camera, or maybe even a card system to get into your parking lot. All of these are interconnected elements now—and represent potential areas for breach where someone can misuse their access or maliciously try and take control of your environment.

Make Insider Threat Prevention a Priority in Your Organization

Whether they originate from a malicious source or from an accidental breach, insider attacks will likely continue to rise in the organizational environment. But your company can take an active role in trying to prevent them. By monitoring for threats, training and empowering users, and providing security teams with innovative cybersecurity solutions and tools, like those offered by HelpSystems and Core Security, you can leverage a layered security model that positions your organization for success. Remember, you can only change what you acknowledge. So start by adopting a strategy that emphasizes defense and depth, and empowers you to mitigate the growing risk of insider threats in your organization. 

Whether you’re looking to advance Identity Governance and Administration in your organization, enhance Privileged Access Management, improve your Penetration Testing, or more actively monitor Security Information and Event Management, we have the industry-leading solutions you need to reduce the risk of insider threats.


Identity and Access Management
Big text: 
Resource type: 
Are you ready to reduce the risk of insider threats in your organization?

Get a live demo of our cybersecurity solutions from one of our solution experts today.

Foundations of Flow—secure and compliant automation, part 2

In part 1 of this series, we introduced you to Microsoft Flow, a powerful automation service already being used by many organizations across the world. Flow is designed to empower citizen developers while featuring capabilities sought for by professional developers. Flow is also a foundational element of the Microsoft Power Platform announced earlier this year.

More organizations are seeking automation solutions and there will be many options. As security professionals, you’ll have to recommend the service offering all the benefits of automation, while ensuring the organization remains secure and compliant. Flow is natively integrated with best-in-class authentication services, offers powerful data loss prevention and an enhanced IT experience ranging from broad visibility and control to automating IT functions, and is built on rigorous privacy and compliance standards. We’re confident that Flow will be the right choice for your organization, so let’s get started on showing you why.

Prioritized security for your users and data

Flow is seamlessly integrated with Azure Active Directory (Azure AD), one of the world’s most sophisticated, comprehensive, and secure identity and access management services. Azure AD helps secure the citizen developer by protecting against identity compromise, gives the IT admin/pro visibility and control, and offers additional security capabilities for the pro developer. Azure AD helps support the least privilege strategy, which we recommend for Flow users. Azure AD also follows a federated model, so organizations not directly using the service are still secure. Since authentication to Flow is via Azure AD, admins using its premium features can create conditional access policies which restrict user access to only the apps and data relevant for their role. Flow’s integration with Azure AD also enhances security for more experienced developers who can register applications with the service and leverage multiple authentication protocols, including the OAuth2 authorization framework to enable their code to access platform APIs (Figure 1). This access protection can also be extended to external users.

Screenshot of an authentication type being selected for a connector in Microsoft Flow.

Figure 1. Choosing authentication framework for custom Flow connector.

To experience the full benefits of automation and unlock the potential of an organization’s data, Flow offers 270+ connectors to services, including third-party services. Some connectors are even built for social media sites, such as Twitter (Figure 2). With so many integrations, there’s always the threat of data leakage or compromise. Imagine the scenario where a user mistakenly tweets sensitive data. To prevent these types of scenarios, Flow is supported by the Microsoft Data Loss Prevention (DLP) service.

Screenshot of the Microsoft Flow dashboard. A search has been conducted for "twitter."

Figure 2. Pre-built Flow templates offering automation between Twitter and several other applications.

Microsoft DLP protects data from being exposed and DLP polices can be easily created by administrators. DLP policies can be customized at the user, environment, or tenant level to ensure security is maintained without impact to productivity. These policies enforce rules of what connectors can be used together by classifying connectors as either “Business Data Only” or “No Business Data Allowed” (Figure 3). A connector can only be used with other connectors within its group. For example, a connector in the Business Data Only group can only be used with other connectors from that group. The default setting for all connectors is No Business Data Allowed.

Importantly, all data used by Flow is also encrypted during transit using HTTPS. As a security leader, you can feel reassured that Flow is designed to ensure your data is secured both at rest and in transit with strict enforcement. To learn more about strategies to create DLP polices for Flow connectors, check out our white paper.

Screenshot of data groups in the Microsoft Flow admin center.

Figure 3. Flow Admin center where you can create DLP policies to protect your sensitive while benefiting from the powerful automation capabilities offered with Flow.

Enhancing management of the IT environment

Flow includes the Flow management connector, which enables admins to automate several IT tasks. The management connecter offers 19 possible actions that can be automated—from creating and deleting Flows to more complex actions, such as modifying the owner of a Flow. The Flow management connector is versatile and can be combined with other connectors to automate several admin tasks, enhancing the efficiency of IT teams. For example, security admins can create a Flow combining the management connector with Azure AD, Microsoft Cloud App Security, Outlook, and Teams to quickly send automatic notifications via email or Teams anytime Cloud App Security generates an alert on suspicious activity (Figure 4). Other use cases could include a notification when a new app is created, automatically updating user permissions based on role changes, or tracking when custom connectors are created in your environment.

Screenshot of the Flow template using the management connecter, Azure AD, Cloud App Security, Outlook, and Teams.

Figure 4. Flow template using the management connecter, Azure AD, Cloud App Security, Outlook, and Teams.

Visibility of activity logs

Many of Flow’s current users are also Office 365 users. As such, Flow event logs are available in the Office 365 Security & Compliance Center. By surfacing activity logs in the Security & Compliance Center, admins gain visibility into which users are creating Flows, if Flows are being shared, as well as which connectors are being used (Figure 5). The activity data is retained for 90 days and can be easily exported in CSV format for further analysis. The event logs surface in the Security & Compliance Center within 90 minutes of the event taking place. Admins also gain insight on which users are using paid versus trial licenses in the Security & Compliance Center.

Screenshot of Microsoft Flow activities accessed through the Office 365 Security & Compliance Center.

Figure 5. Microsoft Flow activities accessed through the Office 365 Security & Compliance Center.

Strict on data privacy and regulatory requirements

Flow adheres to Microsoft’s strict standards of privacy and protection of customer data. These policies prohibit customer data from being mined for marketing or advertising. Microsoft personnel and subcontractors are also restricted from accessing customer data and we carefully define requirements for responding to government requests for customer data. Microsoft also complies with international data protection laws regarding transfers of customer data across borders.

Microsoft Flow is also certified for many global, government, industrial, and regional compliance regulations. You can see the full list of Microsoft certifications, while Table 1 summarizes the certifications specifically covered by Flow.

Global Government Industry Regional
CSA-STAR-Attestation UK G-Cloud HIPAA/HITECH EU-Model-Clauses
CSA-Star-Certification HITRUST
ISO 27018
ISO 9001

Table 1. Flow’s existing certifications.

Let Flow enhance your digital transformation

Let your organization start benefiting from one of the most powerful and secure automation services available on the market. Watch the video and follow the instructions to get started with Flow. Be sure to join the growing Flow community and participate in discussions, provide insights, and even influence product roadmap. Also follow the Flow blog to get news on the latest Flow updates and read our white paper on best practices for deploying Flow in your organization. Be sure to check out part 1, where we provide a quick intro into Flow and dive into its best-in-class, secure infrastructure.

Additional resources

The post Foundations of Flow—secure and compliant automation, part 2 appeared first on Microsoft Security.

NY Payroll Company Vanishes With $35 Million

MyPayrollHR, a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company’s CEO, resulted in countless people having money drained from their bank accounts and has left nearly $35 million worth of payroll and tax payments in legal limbo.

Unlike many stories here about cloud service providers being extorted by hackers for ransomware payouts, this snafu appears to have been something of an inside job. Nevertheless, it is a story worth telling, in part because much of the media coverage of this incident so far has been somewhat disjointed, but also because it should serve as a warning to other payroll providers about how quickly and massively things can go wrong when a trusted partner unexpectedly turns rogue.

Clifton Park, NY-based MyPayrollHR — a subsidiary of ValueWise Corp. — disclosed last week in a rather unceremonious message to some 4,000 clients that it would be shutting its virtual doors and that companies which relied upon it to process payroll payments should kindly look elsewhere for such services going forward.

This communique came after employees at companies that depend on MyPayrollHR to receive direct deposits of their bi-weekly payroll payments discovered their bank accounts were instead debited for the amounts they would normally expect to accrue in a given pay period.

To make matters worse, many of those employees found their accounts had been dinged for two payroll periods — a month’s worth of wages — leaving their bank accounts dangerously in the red.

The remainder of this post is a deep-dive into what we know so far about what transpired, and how such an occurrence might be prevented in the future for other payroll processing firms.


To understand what’s at stake here requires a basic primer on how most of us get paid, which is a surprisingly convoluted process. In a typical scenario, our employer works with at least one third party company to make sure that on every other Friday what we’re owed gets deposited into our bank account.

The company that handled that process for MyPayrollHR is a California firm called Cachet Financial Services. Every other week for more than 12 years, MyPayrollHR has submitted a file to Cachet that told it which employee accounts at which banks should be credited and by how much.

According to interviews with Cachet, the way the process worked ran something like this: MyPayrollHR would send a digital file documenting deposits made by each of these client companies which laid out the amounts owed to each clients’ employees. In turn, those funds from MyPayrollHR client firms then would be deposited into a settlement or holding account maintained by Cachet.

From there, Cachet would take those sums and disburse them into the bank accounts of people whose employers used MyPayrollHR to manage their bi-weekly payroll payments.

But according to Cachet, something odd happened with the instructions file MyPayrollHR submitted on the afternoon of Wednesday, Sept. 4 that had never before transpired: MyPayrollHR requested that all of its clients’ payroll dollars be sent not to Cachet’s holding account but instead to an account at Pioneer Savings Bank that was operated and controlled by MyPayrollHR.

The total amount of this mass payroll deposit was approximately $26 million. Wendy Slavkin, general counsel for Cachet, told KrebsOnSecurity that her client then inquired with Pioneer Savings about the wayward deposit and was told MyPayrollHR’s bank account had been frozen.

Nevertheless, the payroll file submitted by MyPayrollHR instructed financial institutions for its various clients to pull $26 million from Cachet’s holding account — even though the usual deposits from MyPayrollHR’s client banks had not been made.


In response, Cachet submitted a request to reverse that transaction. But according to Slavkin, that initial reversal request was improperly formatted, and so Cachet soon after submitted a correctly coded reversal request.

Financial institutions are supposed to ignore or reject payment instructions that don’t comport with precise formatting required by the National Automated Clearinghouse Association (NACHA), the not-for-profit organization that provides the backbone for the electronic movement of money in the United States. But Slavkin said a number of financial institutions ended up processing both reversal requests, meaning a fair number of employees at companies that use MyPayrollHR suddenly saw a month’s worth of payroll payments withdrawn from their bank accounts.

Dan L’Abbe, CEO of the San Francisco-based consultancy Granite Solutions Groupe, said the mix-up has been massively disruptive for his 250 employees.

“This caused a lot of chaos for employers, but employees were the ones really affected,” L’Abbe said. “This is all very unusual because we don’t even have the ability to take money out of our employee accounts.”

Slavkin said Cachet managed to reach the CEO of MyPayrollHR — Michael T. Mann — via phone on the evening of Sept. 4, and that Mann said he would would call back in a few minutes. According to Slavkin, Mann never returned the call. Not long after that, MyPayrollHR told clients that it was going out of business and that they should find someone else to handle their payroll.

In short order, many people hit by one or both payroll reversals took to Twitter and Facebook to vent their anger and bewilderment at Cachet and at MyPayrollHR. But Slavkin said Cachet ultimately decided to cancel the previous payment reversals, leaving Cachet on the hook for $26 million.

“What we have since done is reached out to 100+ receiving banks to have them reject both reversals,” Slavkin said. “So most — if not all — employees affected by this will in the next day or two have all their money back.”


Cachet has since been in touch with the FBI and with federal prosecutors in New York, and Slavkin said both are now investigating MyPayrollHR and its CEO. On Monday, New York Governor Andrew Cuomo called on the state’s Department of Financial Services to investigate the company’s “sudden and disturbing shutdown.”

A tweet sent Sept. 11 by the FBI’s Albany field office.

The $26 million hit against Cachet wasn’t the only fraud apparently perpetrated by MyPayrollHR and/or its parent firm: According to Slavkin, the now defunct New York company also stiffed National Payment Corporation (NatPay) — the Florida-based firm which handles tax withholdings for MyPayrollHR clients — to the tune of more than $9 million.

In a statement provided to KrebsOnSecurity, NatPay said it was alerted late last week that the bank accounts of MyPayrollHR and one of its affiliated companies were frozen, and that the notification came after payment files were processed.

“NatPay was provided information that MyPayrollHR and Cloud Payroll may have been the victims of fraud committed by their holding company ValueWise, whose CEO and owner is Michael Mann,” NatPay said. “NatPay immediately put in place steps to manage the orderly process of recovering funds [and] has more than sufficient insurance to cover actions of attempted or real fraud.”

Requests for comment from different executives at both MyPayrollHR and its parent firm ValueWise Corp. went unanswered, and the latter’s Web site is now offline. Several erstwhile MyPayrollHR employees reached via LinkedIn said none of them had seen or heard from Mr. Mann in days.

Meanwhile, Granite Solutions Groupe CEO L’Abbe said some of his employees have seen their bank accounts credited back the money that was taken, while others are still waiting for those reversals to come through.

“It varies widely,” L’Abbe said. “Every bank processes differently, and everyone’s relationship with the bank is different. Others have absolutely no money right now and are having a helluva time with their bank believing this is all the result of fraud. Things are starting to settle down now, but a lot of employees are still in limbo with their bank.”

For its part, Cachet Financial says it will be looking at solutions to better detect when and if instructions from clients for funding its settlement accounts suddenly change.

“Our system is excellent at protecting against outside hackers,” Slavkin said. “But when it comes to something like this it takes everyone by complete surprise.”

Lemonade is changing the way we insure our homes

Your home can be broken into or destroyed by a natural disaster when you least expect it. When that happens, how will you get back on your feet? Ideally, you would’ve been paying homeowner’s or renter’s insurance to cover your losses. Unfortunately, it can take weeks or even months to receive your money after filing a claim. 

Lemonade is here to save the day in less than a day. With rates starting as low as $5/mo for renter’s insurance and $25/mo for homeowner’s insurance, you can rest assured that your property claims can be approved and reimbursed within seconds. 

To read this article in full, please click here

The Endpoint security market is booming

The Endpoint security solution is the fastest-growing category in cybersecurity, no doubt as a response to growing threats.

From all the categories in the cybersecurity world, one stands out in terms of sales volume and growth.

The Endpoint security products (also known as EPP- Endpoint security platforms) are designed to secure laptops, desktops, servers from malware. The rapid growth in this particular product category has several reasons. The first is the rise in attacks against endpoints, which is driven by financial motives. Ransomware attacks (which are targeting endpoints) have doubled in the last 12 months. When an organization is under attack, the most vulnerable assets are usually the endpoints, which host all the data and provide the attackers with access to other endpoints and servers, which they then use to identify data and encrypt it.

Ransomware and Cryptominers are the biggest threats

In addition to Ransomware, other forms of malware that target endpoints are on the raise- mainly crypto-miners, that use computing resources to produce cryptocurrencies (mainly Monero). Crypto-mining campaigns climbed 29 percent from Q4 2018 to Q1 2019. One infamous example of this trend is the discovery and takedown of a huge botnet consisting of 850,000. The computers were infected with the polymorphic miner “RETADUP”, and used the computers’ resources to mine Monero. Similarly, the

the Smominru campaign hijacked half a million PCs to mine cryptocurrency. The botnet has been active for at least two years and generally spreads through the EternalBlue exploit.

Organizations are aware of this growing, freightening trend, and respond by deploying endpoint solutions to secure themselves. Endpoint security solutions market is growing at an annual rate of 8% , from a total size of 6.5 billion USD in 2018 to an estimated 13 billion by 2022.

Endpoint security products integrate with the organizations’ security apparatus, that begins with the perimeter (Firewall, WAF), moving to the network (NTA) and terminates at the endpoints. Gartner defines EPP as “solutions deployed on endpoint devices to harden endpoints, to prevent malware and malicious attacks, and to provide…investigation and remediation capabilities.” EPP systems gradually replace legacy Anti-Virus systems, because even though both products provide the same functionality, the AV is signature-based (meaning it is only useful for detecting known malware) and EPP can identify and block new variants of malware and Zero-days.

The endpoint security market isn’t simply growing in overall market size, it is also very profitable and enjoys sizeable deal (given that enterprises have thousands of endpoint to secure). Last year, Blackberry acquired Cylance, one of main vendors, for 1.4 Billion USD. CarbonBlack IPOd and then sold to VMware for 2.1 billion, and Crowdstrike that has IPOd in June 2019, has since the saw a 150% rise in its stock price, propelling it to no.3 cybersecurity company in the world, ahead of established companies such as Checkpoint, Symantec and others.


Israeli Endpoint Security solution vendors

As far as the Israeli cyber market, the trend is similar. Several startups have identified this opportunity and developed endpoint security solutions: Nyotron, ensile, Minerva Labs. All these companies raise dozens of millions of USD and are trying to battle the huge companies oversees. The leading Israeli company is SentinelOne that was founded in 2013 and raised 230 Million USD since. The company has an Israeli R&D center, HQ in the Silicon Valley and a large sales office in Oregon. The company has 2500 global clients and its revenue is close to 100 million USD annually. Gartner has included SentinelOne in its prestigious “Magic Quadrant” research pertaining to endpoint security solutions, hailing it as “Visionary” -positioned furthest for completeness of vision (and the only Israeli endpoint security company to be included in the report. SentinelOne platform does not require any prior knowledge about the attack in order to identify the malware. This is due to intelligent machine-learning algorithm, continuously improved engines. SentinelOne uses several engines to ensure proper monitoring, identification, blocking and mitigation. SentinelOne enables defenders to quickly remediate, report and investigate the incident. Sentintelone automatic roll-back is extremely useful in terms of a ransomware attack. The company now expends the “Endpoint” security concept to new devices such as IoT device and for cloud security.





The post The Endpoint security market is booming appeared first on CyberDB.

Unlock the power of threat intelligence with this practical guide. Get your free copy now

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support! At Recorded Future, we believe every security team can benefit from threat intelligence. That’s why we’ve published “The Threat Intelligence Handbook.” It’s aimed at helping security professionals realize the advantages of threat […]

BEC Scams Cost Victims $26B over a Three-Year Period, Finds FBI

The Federal Bureau of Investigation (FBI) found that business email compromise (BEC) scams cost victims a combined total of $26 billion in losses over a three-year period. On 10 September, the FBI’s Internet Crime Complaint Center (IC3) published a public service announcement in which it revealed that BEC scams had caused $26,201,775,589 in global losses. […]… Read More

The post BEC Scams Cost Victims $26B over a Three-Year Period, Finds FBI appeared first on The State of Security.

More on Law Enforcement Backdoor Demands

The Carnegie Endowment for International Peace and Princeton University's Center for Information Technology Policy convened an Encryption Working Group to attempt progress on the "going dark" debate. They have released their report: "Moving the Encryption Policy Conversation Forward.

The main contribution seems to be that attempts to backdoor devices like smartphones shouldn't also backdoor communications systems:

Conclusion: There will be no single approach for requests for lawful access that can be applied to every technology or means of communication. More work is necessary, such as that initiated in this paper, to separate the debate into its component parts, examine risks and benefits in greater granularity, and seek better data to inform the debate. Based on our attempt to do this for one particular area, the working group believes that some forms of access to encrypted information, such as access to data at rest on mobile phones, should be further discussed. If we cannot have a constructive dialogue in that easiest of cases, then there is likely none to be had with respect to any of the other areas. Other forms of access to encrypted information, including encrypted data-in-motion, may not offer an achievable balance of risk vs. benefit, and as such are not worth pursuing and should not be the subject of policy changes, at least for now. We believe that to be productive, any approach must separate the issue into its component parts.

I don't believe that backdoor access to encryption data at rest offers "an achievable balance of risk vs. benefit" either, but I agree that the two aspects should be treated independently.

EDITED TO ADD (9/12): This report does an important job moving the debate forward. It advises that policymakers break the issues into component parts. Instead of talking about restricting all encryption, it separates encrypted data at rest (storage) from encrypted data in motion (communication). It advises that policymakers pick the problems they have some chance of solving, and not demand systems that put everyone in danger. For example: no key escrow, and no use of software updates to break into devices).

Data in motion poses challenges that are not present for data at rest. For example, modern cryptographic protocols for data in motion use a separate "session key" for each message, unrelated to the private/public key pairs used to initiate communication, to preserve the message's secrecy independent of other messages (consistent with a concept known as "forward secrecy"). While there are potential techniques for recording, escrowing, or otherwise allowing access to these session keys, by their nature, each would break forward secrecy and related concepts and would create a massive target for criminal and foreign intelligence adversaries. Any technical steps to simplify the collection or tracking of session keys, such as linking keys to other keys or storing keys after they are used, would represent a fundamental weakening of all the communications.

These are all big steps forward given who signed on to the report. Not just the usual suspects, but also Jim Baker -- former general counsel of the FBI -- and Chris Inglis: former deputy director of the NSA.


The Internet has made our lives easier in so many ways. However, you need to know how you can protect your privacy and avoid fraud. With all of the personally identifiable information we share on social sites – Hackers have only become more adept at locating that information and using it to gain access to our accounts.

What’s worse, if you’re on social media while at work and connected to the corporate network and your account gets hacked, you’ve now made your entire company vulnerable.

Social media represents the largest modern threat vector – it has more connectivity (billions of people), it’s more trusted (everyone is your friend) and its less visibility (simply by its nature) than any other communication or business platform.

Security teams need to join their sales, marketing and customer success groups in the digital era, follow social media security best practices and implement risk monitoring and remediation technology around social media to secure their organization’s future.

In the case of social media accounts, you should make absolutely sure the email they are linked to has as much protection as possible. It’s a single point of failure. since everyone gets their password reset emails there. That’s the major way people get in.

Tips for Securing your Social Media Accounts
Create a unique email for social media. If you are compromised, hackers won’t have access to any other valuable information.

Limit Biographical Information. Many social media websites require biographical information to open an account –You can limit the information made available to other social media users.

Enable two-factor authentication. This is one of the best methods for protecting your accounts from unauthorized access.

Close unused accounts. With security, you can’t take the approach of ‘out of sight, out of mind,’ so it’s best to terminate your account altogether if it’s no longer in use.

Update mobile apps regularly. These updates can protect you from threats that have already been identified.

Practice good password hygiene. Pick a “strong” password, keep it secure, change it frequently, and Use different passwords for different accounts.

Monitor your accounts regularly. The sooner you notice suspicious activity, the sooner you can recover your account.

Secure your mobile devices. If your mobile devices are linked to your social media accounts, make sure that these devices are password protected in case they are lost or stolen.

Adjust the default privacy settings. Lock down your account from the start. Select who can see what posts, when and what information is shown on your profile, to who.

Be mindful accessing accounts on public wireless.If you have to connect, log completely out of your account after your session.

Accept friend requests selectively. There is no obligation to accept a “friend” request of anyone you do not know or do not know well. Fake accounts are often used in social engineering.

Use caution with public computers or wireless connections. Try to avoid accessing your social media accounts on public or other shared computers. But if you must do so, remember to log out completely by clicking the “log out” button on the social media website to terminate the online session.

Limit 3rd party app usage. Only authorize legitimate applications, and be sure to read the details of what you are authorizing the particular app to have access to.

What do I do If I’ve Been Hacked?
First things, don’t panic. If possible, log into your account and change your password.
Review the recent activity on the account and delete anything that was not posted by you.

If you find spam, be sure to report it.

Check your bank account and other accounts to ensure that they were not also compromised.

At this point, enable two-factor authentication.

In addition, you should know that Social media provide support to recover your account.

What is the COBIT and why you need to know about it

Business processes today are largely dictated by the technology around them. Cloud computing, big data, and social media are just a few technologies that shape and affect a business as they generate huge amounts of data. This can be used to get ahead of the competition, but it also creates challenges in terms of governance and management. This is where the COBIT comes into play.

Defining Control Objectives for Information and Related Technologies

The Control Objectives for Information and Related Technologies, or more commonly known as the COBIT, was designed to help organizations and businesses implement, monitor, develop, and improve their information management and IT governance.

The COBIT was established by the Information Systems Audit and Control Association, or ISACA. They published this framework together with the IT Governance Institute, or ITGI.

The Evolution of the COBIT

The COBIT was initially published in the mid-1990s. The focus was mainly on doing audits, specifically on helping financial auditors navigate IT frameworks. Today, it has evolved to doing more than just audits. The third version of the COBIT released by ISACA introduced management guidelines.

The fourth version added guidelines on ICT governance. The latest version used today, released in 2014, focused more on information governance, along with risk management.

Core Principles of the COBIT 5

The COBIT 5, the latest in this series, is centered around five core principles:

  1. Meeting the needs of stakeholders.
  2. Having a comprehensive coverage of the organization.
  3. Creating a single unified framework.
  4. Creating a more holistic approach for business.
  5. Making a distinction between management and governance.

The COBIT Framework Goals

The latest release of the COBIT framework puts together the guidelines from the fourth version, along with Val IT 2.0, and the Risk IT Framework. According to ISACA, these updates are meant to:

  • Streamline information sharing within the organization.
  • Use strategy and IT to achieve business goals.
  • Minimize security risks on information and provide more controls.
  • Provide efficient costing for technology and IT.
  • Integrate recent findings into the COBIT framework.

Companies making use of several frameworks like CMI and ITL will find it easier to govern their IT.

Benefits of the COBIT 5

There are several benefits associated with the COBIT 5. First, it allows you to supervise and manage information security in a more efficient manner. It helps ensure compliance and manage vulnerabilities.

When it comes to risk management, the COBIT 5 allows you to improve on the enterprise risk and keep one step ahead of evolving regulatory compliances.

Framework of the COBIT 5

There are several components that make up the COBIT 5, including:

Main Framework

This creates the basic guidelines, foundation, and best practices related to IT governance. They are then integrated with the needs and requirements of the organization. The main goal of the main framework is to allow the organization to align its goals with its IT.

Process Descriptions

This allows the business to have a reference process model, along with a common language used by each member of the organization. The descriptions cover planning, creating, implementing, and monitoring the processes involved in IT. This helps everyone in the organization understand the processes and terminologies.

Control Objectives

This is where the complete list of requirements can be found for effective control of the processes involved in IT. This can actually help improve all IT processes.

Management Guidelines

These guidelines of the COBIT detail people’s responsibilities and what tasks are expected of them. They also show how to measure the organization’s performance with implementing the COBIT 5.

Maturity Models

These models assess the company’s maturity in terms of coping up with growth. This helps plug the gaps, if found.

The COBIT Certifications

The COBIT 5 certification is available from ISACA, which teaches you all about this framework, along with:

  • How to apply the COBIT 5 in essentially any situation.
  • How to use this with other frameworks.
  • How to understand what challenges this framework addresses.

There are two paths to certification:

  1. Implementation path, which focuses more on the application of the COBIT 5 in business models and challenges.
  2. ASSESSOR path, which focuses more on how to review processes that require change.

The COBIT certification is useful for many companies and roles such as IT directors, managers, audit committee members, and more.

Also Read,

NIST Cybersecurity Framework For Organizations To Follow

Importance of Employee Awareness and Training For Cyber Security

The post What is the COBIT and why you need to know about it appeared first on .