Daily Archives: September 12, 2019

New infosec products of the week: September 13, 2019

Awake Security enhances its platform with the ability to identify attackers based on their intent Awake Security introduced Adversarial Modeling, an industry-first capability that gives security teams an unparalleled ability to identify attackers based on their intent. By understanding mal-intent, versus looking for only specific indicators of an attack, Awake greatly improves the ability for organizations to see and stop attackers, especially those that are living-off-the-land. RocketBroadband’s SD-WAN solution allows businesses to keep critical apps … More

The post New infosec products of the week: September 13, 2019 appeared first on Help Net Security.

The rise of modern applications, DevSecOps and the intelligence economy

There has been a significant year-over-year growth in enterprise usage trends around multi-cloud adoption, open source technologies such as Kubernetes, and AWS cloud-native services adoption, Sumo Logic report reveals. The research also shows the increasing need for cloud-based security solutions such as cloud SIEM to help enterprises address today’s increasingly complex security landscape. The intelligence economy The report also provides a summary of three major trends shaping digital business today: the rise of modern applications, … More

The post The rise of modern applications, DevSecOps and the intelligence economy appeared first on Help Net Security.

Security leaders lack confidence in the supply chain, fear third-party attacks

An overwhelming number of cybersecurity professionals (89%) have expressed concerns about the third-party managed service providers (MSPs) they partner with being hacked, according to new research from the Neustar International Security Council. Survey participants in July 2019 comprise 314 professionals from across six EMEA and US markets. While most organizations reported working with an average of two to three MSPs, less than a quarter (24%) admitted to feeling very confident in the safety barriers they … More

The post Security leaders lack confidence in the supply chain, fear third-party attacks appeared first on Help Net Security.

Interacting with governments in the digital age: What do citizens think?

Most U.S. citizens acknowledge and accept that state and local government agencies share their personal data, even when it comes to personal information such as criminal records and income data, according to a new survey conducted by YouGov and sponsored by Unisys. However, the survey found they remain concerned about the security of the data. The survey of nearly 2,000 (1,986) U.S. citizens living in eight states found that more than three-quarters (77%) accept that … More

The post Interacting with governments in the digital age: What do citizens think? appeared first on Help Net Security.

Cyber risk assessment of U.S. election commissions finds critical areas for improvement

Many election commissions are focused on quickly adapting and updating their cybersecurity; however, commissions still need to dedicate resources to updating outdated operating systems and protecting their email domains from being spoofed, according to NormShield. The report, which examined more than 100 items, focused on the broader picture — the internet facing infrastructure that supports state election processes. NormShield conducted two risk assessments (July and August) of 56 election commissions and Secretaries of State (SoS) … More

The post Cyber risk assessment of U.S. election commissions finds critical areas for improvement appeared first on Help Net Security.

C2A Security collaborates with NXP to develop a comprehensive automotive security solution

C2A Security, a global leader in automotive cybersecurity, announced a comprehensive automotive security solution, developed in collaboration with NXP, utilizing NXP Semiconductors’ secure CAN (Controller Area Network) transceivers. Designed to provide comprehensive protection to help automotive OEMs get the upper hand on some of the most sophisticated cyberattacks, the solution combines C2A´s cybersecurity software and NXP´s secure CAN transceivers. Working in collaboration with NXP Semiconductors, the teams identified possible CAN bus-related attack vectors for perimeter … More

The post C2A Security collaborates with NXP to develop a comprehensive automotive security solution appeared first on Help Net Security.

Sectigo integrates with five DevOps configuration management and container orchestration platforms

Sectigo, the world’s largest commercial Certificate Authority (CA) and a provider of purpose-built and automated PKI management solutions, released integrations with five of the most popular DevOps configuration management and container orchestration platforms. The additions of Docker, Kubernetes, Ansible, Terraform, and soon HashiCorp Vault, deliver the industry’s most comprehensive PKI solution for DevOps. This unique combination of solutions will immediately help IT teams ensure their DevOps environments follow accepted security practices, meet compliance and auditability … More

The post Sectigo integrates with five DevOps configuration management and container orchestration platforms appeared first on Help Net Security.

More than 4M customer systems worldwide now automated by Red Hat Ansible Automation

Red Hat, the world’s leading provider of open source solutions, announced that more than four million customer systems worldwide are now automated by Red Hat Ansible Automation. Customers, including Energy Market Company, Microsoft, Reserve Bank of New Zealand and Surescripts all use Red Hat Ansible Automation to automate and orchestrate their IT operations, helping to expand automation across IT stacks. According to a blog post by Chris Gardner with Forrester Research, who was the author … More

The post More than 4M customer systems worldwide now automated by Red Hat Ansible Automation appeared first on Help Net Security.

Millions of Car Buyer Records Exposed: How to Bring This Breach to a Halt

Buying a car can be quite a process and requires a lot of time, energy, and research. What most potential car buyers don’t expect is to have their data exposed for all to see. But according to Threatpost, this story rings true for many prospective buyers. Over 198 million records containing personal, loan, and financial information on prospective car buyers were recently leaked due to a database that was left without password protection.

The database belonged to Dealer Leads, a company that gathers information on prospective buyers through a network of targeted websites. These targeted websites provide car-buying research information and classified ads for visitors, allowing Dealer Leads to collect this information and send it to franchise and independent car dealerships to be used as sales leads. The information collected included records with names, email addresses, phone numbers, physical addresses, IP addresses, and other sensitive or personally identifiable information – 413GB worth of this data, to be exact. What’s more, the exposed database contained ports, pathways, and storage info that cybercriminals could exploit to access Dealer Lead’s deeper digital network.

Although the database has been closed off to the public, it is unclear how long it was left exposed. And while it’s crucial for organizations to hold data privacy to the utmost importance, there are plenty of things users can do to help safeguard their data. Check out the following tips to help you stay secure:

  • Be vigilant about checking your accounts. If you suspect that your data has been compromised, frequently check your accounts for unusual activity. This will help you stop fraudulent activity in its tracks.
  • Place a fraud alert. If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
  • Consider using identity theft protection. A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Millions of Car Buyer Records Exposed: How to Bring This Breach to a Halt appeared first on McAfee Blogs.

Ireland Hit by Pedophile Sextortion Email Scam

Ireland Hit by Pedophile Sextortion Email Scam

Residents of Ireland are being targeted by an aggressive email sextortion scam that accuses recipients of being pedophiles before threatening to expose them as such unless a ransom is paid. 

The scam was highlighted yesterday by the Irish arm of IT security company ESET, which posted a warning on its website. ESET Ireland registered several complaints related to the illegal extortion scam.

Victims were sent emails with the subject lines "I know you are a pedophile . . ." and "What the **** are you doing, pedophile?" from someone claiming to be an internet security specialist affiliated with the Anonymous group. 

The sender of the email claimed to have installed spyware on the victim's computer that they purported to have used to record the victim watching illegal pornographic videos featuring young teens.

Victims were told that four video files in which they were captured masturbating to illegal porn were in the possession of the hacker, who threatened to send them out to everyone in the victim's address book unless a Bitcoin ransom of 5,000 GBP was paid.

In a bid to blackmail their victims into paying up, the scammers wrote: "I was observing you for quite some time, and what I have collected here is overwhelming. I know about your sexual preferences and your interest in young bodies. I have secured 4 video files clearly showing how you masturbate (captured from your camera) to young teenagers (captured from your internet browser). Glued together is a pretty overwhelming evidence that you are a pedophile."

Predicting that people who receive the sextortion emails may contact the police, the scammers wrote: "Don’t even think about going to police. If you try, I will immediately know it and I will send them your masturbation videos, pedo."

While sextortion scams that weaponize shame are nothing new, American software company Symantec says cyber-attacks of this type are plentiful and on the rise. From January through May of 2019, Symantec blocked almost 289 million of these emails from landing in the inboxes of potential victims. Of these, about 30% were sent during a 17-day period around Valentine's Day. 

ESET Ireland recommends that anyone who has received these emails does not reply and marks them as spam. If the emails contain any identifiable personal info, recipients are advised to report them to the police.

New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS

Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS. Dubbed "SimJacker," the vulnerability resides in a particular piece of software, called the S@T Browser (a dynamic SIM toolkit), embedded on most SIM cards

Why Are Schools Increasingly Targeted by Cyberattackers?

Schools, including universities, are increasingly becoming cyberattack targets. Just this month, the Monroe-Woodbury school district in Orange County, NY had to delay the start of school due to cyberattacks. And this incident was only one of a handful of cyberattacks on New York state school districts this summer. One school system, Rockville Centre in Nassau County, paid a cyberattacker $88,000 after a ransomware attack shut down the district’s mainframe.

And New York is not alone. This summer, school districts in Oklahoma, New York, and Virginia have been victims of ransomware. The Louisiana governor declared a state of emergency after multiple ransomware attacks crippled several school districts, and schools in Flagstaff, AZ closed for two days this month last due to a ransomware attack.

The attacks don’t stop after grade 12 either. Two universities, Regis University in Denver, CO and Stevens Institute of Technology in Hoboken, NJ, were also targeted right before the start of this school year:

Anthony Carfora of the Lupinskie Center for Curriculum, Instruction and Technology said in an interview with CBS New York, “Ransomware is prolific right now and there’s more of it going on in government and education institutions than in private industry. We seem to be targets now.”

Why are schools being targeted?

Schools’ appeal to cyberattackers stems, in part, from the fact that most don’t have robust cybersecurity systems or personnel and struggle to prevent and respond to attacks. They have the added challenge of needing to give their students and teachers the academic freedom to learn and explore and do research. This often requires a more lax security posture than the locked down environment of an enterprise. They also house a lot of sensitive data, and are heavily reliant on software.

Another wrinkle: the users of that software might find it worthwhile to take a look under the hood. Veracode co-founder Chris Wysopal notes that, “schools use a lot of applications, which put them at the mercy of their vendors to build secure software, and requires that they have a good coordinated disclosure process to respond to security researchers, who in their case are often going to be students.”

Just last month at DEF CON, a teenager presented on all the vulnerabilities he found over the past three years in his school’s educational software. Wired reported that the teen “found a series of common web bugs in [the software], including so-called SQL-injection and cross-site-scripting vulnerabilities … those bugs ultimately allowed access to a database that contained 24 categories of data, everything from phone numbers to discipline records, bus routes, and attendance records.”

After he reported the flaws to the two software companies, he got little to no response. That is, until he used one of the vulnerabilities to trigger a push notification saying “hello” to all users. The software companies responded, and one has stated that it’s working to improve its vulnerability disclosure program.

Steps schools can take

Beyond working with vendors to ensure the security of software they are purchasing, and developing robust vulnerability disclosure programs, Wysopal recommends that schools consider “separating the administration network, which has the sensitive data the school needs to operate, from the teaching or lab network, where this data isn’t needed.” In this way, the school can maintain the academic freedoms while compartmentalizing data to reduce risk.

Want more security news and best practices? Subscribe to our content.

A Third of Security Pros Have Skipped Cyber-Safety Checks to Launch Products Faster

A Third of Security Pros Have Skipped Cyber-Safety Checks to Launch Products Faster

survey of 300 security professionals has found that 34% admit to bypassing security checks to bring products to market faster.  

The research was carried out by cyber assessment company Outpost24, which questioned attendees at the Infosecurity Europe Conference held in London in June of this year. 

Worryingly, 64% of the security professionals surveyed were of the opinion that their customers could be affected by data breaches as a direct result of unpatched vulnerabilities in their organizations' products and applications. 

Asked if the products their company is happy to sell to the public would stand up well under penetration testing, 29% of respondents said either that they weren't sure or that they didn't believe their organization’s products and applications would fare well if tested. 

According to the survey results, an alarming number of organizations have the same attitude toward security testing as many people have toward flossing their teeth—they know they should do it, but rarely bother. 

Despite 92% of security professionals agreeing that it is important to carry out security testing on new products and applications, 39% of them said that their organizations didn't introduce security testing from the beginning of the product or application lifecycle. 

Bob Egner, VP at Outpost24, said: "Our study shows that even despite continuous warnings, organizations today are still leaving their customers at risk because of a failure to address security vulnerabilities in products before they are introduced to market. If organizations are not addressing these security vulnerabilities, they are taking a huge gamble and abusing customer trust."

Egner foresees a bleak future for companies whose greed blocks them from adequately checking for vulnerabilities in their products and resolving identified weaknesses before products are launched. 

He said: “Negligence towards security will eventually lead to disastrous outcomes for technology and application vendors and their customers. There should be no excuses today, especially when security is such a big issue and so many breaches, which have happened up and down the technology stack, are well publicized.”

Egner advised organizations to save their reputations and be more considerate of their customers by unearthing software vulnerabilities in products and applications before they go on sale, using a combination of penetration testing and automated application scanning.

Are students prepared for real-world cyber curveballs?

With a projected “skills gap” numbering in the millions for open cyber headcount, educating a diverse workforce is critical to corporate and national cyber defense moving forward. However, are today’s students getting the preparation they need to do the cybersecurity work of tomorrow?

To help educators prepare meaningful curricula, the National Institute of Standards and Technology (NIST) has developed the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. The U.S. Department of Energy (DOE) is also doing its part to help educate our future cybersecurity workforce through initiatives like the CyberForce Competition,™ designed to support hands-on cyber education for college students and professionals. The CyberForce Competition™ emulates real-world, critical infrastructure scenarios, including “cyber-physical infrastructure and lifelike anomalies and constraints.”

As anyone who’s worked in cybersecurity knows, a big part of operational reality are the unexpected curveballs ranging from an attacker’s pivot while escalating privileges through a corporate domain to a request from the CEO to provide talking points for an upcoming news interview regarding a recent breach. In many “capture the flag” and “cyber-range exercises,” these unexpected anomalies are referred to as “injects,” the curveballs of the training world.

For the CyberForce Competition™ anomalies are mapped across the seven NICE Framework Workforce Categories illustrated below:

Image showing seven categories of cybersecurity: Operate and Maintain, Oversee and Govern, Collect and Operate, Securely Provision, Analayze, Protect and Defend, and Investigate.

NICE Framework Workforce categories, NIST SP 800-181.

Students were assessed based on how many and what types of anomalies they responded to and how effective/successful their responses were.

Tasks where students excelled

  • Threat tactic identification—Students excelled in identifying threat tactics and corresponding methodologies. This was shown through an anomaly that required students to parse through and analyze a log file to identify aspects of various identifiers of insider threat; for example, too many sign-ins at one time, odd sign-in times, or sign-ins from non-standard locations.
  • Log file analysis and review—One task requires students to identify non-standard browsing behavior of agents behind a firewall. To accomplish this task, students had to write code to parse and analyze the log files of a fictitious company’s intranet web servers. Statistical evidence from the event indicates that students are comfortable writing code to parse log file data and performing data analysis.
  • Insider threat investigations—Students seemed to gravitate towards the anomalies and tasks connected to insider threat identification that maps to the Security Provision pillar. Using log analysis techniques described above, students were able to determine at a high rate of success individuals with higher than average sign-in failure rates and those with anomalous successful logins, such as from many different devices or locations.
  • Network forensics—The data indicated that overall the students had success with the network packet capture (PCAP) forensics via analysis of network traffic full packet capture streams. They also had a firm grasp on related tasks, including file system forensic analysis and data carving techniques.
  • Trivia—Students were not only comfortable with writing code and parsing data, but also showed they have solid comprehension and intelligence related to cybersecurity history and trivia. Success in this category ranked in the higher percentile of the overall competition.

Pillar areas for improvement

  • Collect and Operate—This pillar “provides specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.” Statistical analysis gathered during the competition indicated that students had hesitancies towards the activities in this pillar, including for some tasks that they were successful with in other exercises. For example, some fairly simple tasks, such as analyzing logs for specific numbers of entries and records on a certain date, had a zero percent completion rate. Reasons for non-completion could be technical inability on the part of the students but could also have been due to a poorly written anomaly/task or even an issue with sign-ins to certain lab equipment.
  • Investigate—Based on the data, the Investigate pillar posed some challenges for the students. Students had a zero percent success rate on image analysis and an almost zero percent success rate on malware analysis. In addition, students had a zero percent success rate in this pillar for finding and identifying a bad file in the system.

Key takeaways

Frameworks like NIST NICE and competitions like the DOE CyberForce Competition™ are helping to train up the next generation of cybersecurity defenders. Analysis from the most recent CyberForce Competition™ indicates that students are comfortable with tasks in the “Protect and Defend” pillar and are proficient in many critical tasks, including network forensics and log analysis. The data points to areas for improvement especially in the “Collect and Operate” and “Investigate” pillars, and for additional focus on forensic skills and policy knowledge.

Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The CyberForce work was partially supported by the U.S. Department of Energy Office of Science under contract DE-AC02-06CH11357.

The post Are students prepared for real-world cyber curveballs? appeared first on Microsoft Security.

UNICEF Leaks Personal Data of 8000 Online Learners

UNICEF Leaks Personal Data of 8000 Online Learners

The United Nations (UN) children’s agency UNICEF has apologized after inadvertently leaking the personal data of users of its online learning platform, Agora.

The leak occurred on August 26, when 20,000 Agora users were accidentally emailed a spreadsheet containing the personal information of 8,253 people enrolled in a course about childhood immunization.

Among the information accidentally leaked were names, email addresses, duty stations, gender, organization, name of supervisor, and contract type. 

A staff member unwittingly triggered the leak after running a report. The incident was detected by UNICEF the day after the email was sent out, and their response was swift and effective. 

In an email about the leak sent to Devex, UNICEF’s media chief Najwa Mekki wrote: “Our technical teams promptly disabled the Agora functionality which allows such reports to be sent and blocked the Agora server’s ability to send out email attachments. These measures will prevent such an incident from reoccurring.”

After discovering the leak, UNICEF sent an apologetic email to Agora users. The message included an appeal for recipients to permanently delete the email containing the leaked data, erase any data downloaded, and then empty the recycle bin. 

Plans are said to be in motion for UNICEF to carry out an internal assessment and review of the incident. 

Learning portal Agora is free to access and open to UNICEF staff, partners, and the general public. Part of the mandatory staff training program on Agora is an information security awareness course that teaches "concepts and solutions for data protection, use of UNICEF’s information assets and best practices for cyber security at work and at home." 

Commenting on the incident, senior director of security research at Tripwire Lamar Bailey said: "You can have the all the industry-leading security controls in place, but nothing stops human error.  

“Training employees is often overlooked, or the investment is not as high as it needs to be. Employee security training is always a tough area. The training programs can be too simplistic, and this causes people to ignore them or blow them off.”  

What Is Safe Mode on My Phone?

Ever experienced buggy features on your phone? Well, there’s a way to solve them and it does not involve sending your phone packing to the nearest repair shop – it’s called the safe mode and, yes, it works just like Microsoft Windows’ repair and debugging environment. So, what is safe mode on my phone? Long story short, it could be your only shot at making that phone off your works again.

Screen freezes, unresponsive features, cascading restarts – all could be symptoms of a conflictive application. Unfortunately, uninstalling the application in question may not resolve the issue. Anyway, here’s how to switch on the safe mode on your phone.

What happens when your phone reboots in safe mode?

Basically, the safe mode is an environment where you debug faulty applications, turn off the feature that is otherwise hidden in normal mode. A Windows user knows best that in order to completely uninstall an app, you would need to go into safe mode. Well, that’s, more or less, what happens when you use this smartphone feature.

The environment is not at all different from your regular UI – all the apps are there, menus, connectivity options. However, while running in safe mode, you won’t be able to use widgets and some third-party applications; you won’t need them anyway since your goal here is to determine what went wrong with your phone. Well, that’s about it in safe mode. Yes, I know that it’s not a lot, but then again, you can’t get more straightforward than this.

Oh, by the way – most of the smartphone mishaps are generated by latent malware. On that note, I would wholeheartedly recommend using Thor Mobile Security, our latest malware-busting tool. Take it for a spin – first month’s on the house. If you don’t like it, you can always cancel your subscription and rely on your tool of choice.

Free Trial

How do you turn on the safe mode on your phone?

The quickest answer would be that it depends on what operating system your phone runs. Interestingly enough, the procedure’s the same across all iPhone devices, regardless of the OS. I’ll start with this one.

Turning on safe mode on your iPhone

Here’s a rundown on how to switch on the safe mode feature on your iPhone.

Step 1. Power down your phone by holding the power button.

Step 2. Wait until the phone’s completely powered off.

Step 3. Press and hold the power button again.

Step 4. When the screen lights up, hold down the Volume down button. Keep the two buttons pressed until the Apple logo appears on the screen.

Step 5. Your phone will now boot up in safe mode. Now you can safely remove any malfunctioning applications.

That was suspiciously easy, wasn’t it? Told you that the procedure’s the same when it comes to iPhones. Now that the fun part is over, let’s see how to switch on the safe mode on your Android device.

Turning on safe mode on Android

Let me start by showing you how to switch on this feature on most Samsung Galaxy phones.

Step 1. Drag down the notification bar.

Step 2. Tap on the “Safe mode enabled” button.

Step 3. Confirm and wait until your phone restarts. Congrats! Your phone is now operating in a safe mode.

Pitch-perfect! But that’s hardly the only way to switch on the celebrated safe mode. As I might have mentioned, the procedure depends on the type of phone you have. The list below will show you to unlock the feature on your Android phone.

Safe mode on HTC phones

If you have an HTC device, here’s how to switch on the safe mode.

Step 1. Press and hold the Power key. It should be located on the right side of your phone.

Step 2. Hold the Power key for about three seconds.

Step 3. From the power down menu that appears on the screen, tap and holds the Power off icon. After a couple of seconds, a new power down option will appear on your screen – “Reboot to safe mode”.

Step 4. Hit the Restart button. Your phone will now boot up in safe mode.

Safe mode on LG phones

To switch on the safe mode on your LG phone, start by holding the Power key and select the Restart option. Once the LG logo appears on the screen, hold down the Volume Down key. To see if safe mode is enabled, take a closer look at the bottom left corner of the screen. If you followed the above-mentioned steps, a Safe mode icon should appear.

Safe mode on Moto G phones

If you have a Motorola smartphone, please follow these steps in order to enable safe mode.

Step 1. Press and hold the Power key.

Step 2. Please release the power key when the Shut Down menu appears.

Step 3. Long-press the power off button.

Step 4. When the Reboot to Safe Mode option appears on your screen, tap on OK to initiate safe mode.

Safe mode on Huawei smartphones

It’s trickier to switch on the safe mode on Huawei phone since it involves removing the battery. Just follow the steps below.

Step 1. With the phone turned on, remove the back cover.

Step 2. Remove the battery.

Step 3. Put the battery back in the slot.

Step 4. Hold down the Menu.

Step 5. Long-press the Power Key. Don’t let go of that Menu key.

Step 6. If done correctly, the message “Safe Mode” should appear in the lower part of the screen.

Safe Mode on Blackberry PRIVs

Here’s a quick guide ton how to turn off the feature on your Blackberry PRIV phone.

Step 1. Long-press the Power button.

Step 2. When the Power Off menu appears on the screen, long-tap the Power Off button.

Step 3. After a couple of seconds, a safe mode prompt will appear on your screen.

Step 4. Tap OK to confirm.

Safe mode on Xiaomi smartphones

There are two ways to enable this feature on your Mi smartphone. Check out the guide below.

First method

Step 1. With the device powered on, long-press the power key.

Step 2. When the power menu appears, let go of the power key.

Step 3. Long-press the Power Off button.

Step 4. After a couple of seconds, the Android Safe Mode message will appear on your screen.

Step 5. Hit the Reboot button to restart the device into safe mode.

Second method

Step 1. Restart your device. You can do that by selecting the Restart option from the Power Off menu.

Step 2. When the Xiaomi logo appears on your screen, tap the Menu key.

Step 3. Continue tapping the menu key until you see the lock screen.

Step 4. The Android Safe Mode message should now be on your screen.

Safe mode on your Oppo smartphone

Oppo phones are the latest addition to the market. Can’t say I’ve had too much contact with them, but from what I’ve gathered, they’re cheap and surprisingly high-performing. So, here’s how to switch on the safe mode on your Oppo phone.

Step 1. Press and hold the Power key.

Step 2. In the Power Off menu, tap and hold the power off. Keep it pressed for a couple of seconds.

Step 3. A second power off menu till appear.

Step 4. Tap on OK to confirm booting into safe mode.


Well, that’s about everything you need to know about the issue at hand (what is safe mode on my phone). As I’ve mentioned, sometimes it may be the only way to get rid of buggy applications and unresponsive features. And, if all else fails, there’s always the restore to factory settings feature. Hope you’ve enjoyed the read and, as always, for comments, rants, beer donations, shoot me a comment.

The post What Is Safe Mode on My Phone? appeared first on Heimdal Security Blog.

Employee Spotlight: Chat with Alia AlaaEldin Adly

Reading Time: ~ 3 min.

According to a report from hired.com, the demand for security engineers is up 132%. Additionally, the need for engineers who specialize in data analytics and machine learning has increased by 38% and 27%, respectively. Given recent trends in cybersecurity, it’s no wonder, and demand at Webroot is no exception. To be successful, our software engineers have to stay ahead of AI and machine learning trends so they can explore, work, grow, and effectively evolve tech in the cybersecurity industry.  

We talked to Alia AlaaElDin Adly, a software engineer based in Linz, Austria. In her role, Alia is constantly looking for new technology, testing platforms, and developing the new solutions to stay ahead of modern threats.  

What is your favorite part of working as a software engineer?

I enjoy exploring new technology and frameworks, specially figuring out problems by hand. Software engineers don’t always receive all the requirements up front, so we need to develop strategies and work on tasks without having all the pieces necessary to execute. For example, take the testing framework SpecFlow. We had to do a lot of research, have numerous brainstorming sessions, and rework the project outline to create a viable structure that would fit the needs of our APIs. It’s a fun challenge.

What does a week as a software engineer look like?

It really depends on the task at hand. Some tasks take a day or two, and others can take quite a bit longer. In planning, most tasks are designed to be completed in a maximum of two days, but, when you meet an unexpected obstacle and need to find a workaround, the task needs more time. Also, you have to factor in how much research or prototyping a task may require. One thing I can say about working at Webroot is that I am learning a lot. It’s like a rollercoaster ride: ups and downs, lefts and rights, spirals, and just when you think you’re done, even more spirals!

What have you learned / what skills have you built in this role?

When I started, I had pretty bad documentation habits. You hear a lot about the importance of documentation in school, but some lessons don’t really sink in until you have to face them in a real-world setting. I would say I still need to work on it, but my documentation has really improved! I am also getting better at having a proper project structure, and I’m really enjoying all the new tools and technologies I get to learn, like the Specflow framework and Xamarin forms.

What is your greatest accomplishment in your career at Webroot so far?

I work on the Unity API team based in Linz, Austria. The Webroot® Unity API is a platform that enables admins to dig deeper into the services and information Webroot offers. It’s a really useful tool for a lot of our customers, and I helped build out a automation testing framework to create smoke and regression tests for the API. Also, I managed and organized the end-of-year spotlight video that showcased what our team had accomplished.

What brought you to Webroot after your last job?

I was already in Austria completing my masters when I applied for the job. During the interview process, I liked how Webroot felt like a family. Everyone was so friendly and welcoming the day I started. Instead of making me feel like a nervous newcomer, they brought me in and helped me feel involved and important right away. And it has stayed that way.

Best career advice you’ve received?

To always be flexible and not limit yourself. You have to be curious not only about the world around you, but what you can do in it. If you keep your options open, you’re more likely to discover new strengths, and new (and exciting!) challenges to overcome.

What is your favorite thing to do in Linz?

I enjoy walking around in the city center and along the Danube River. I also like to go cycling, climbing, and running. During spring and summer, I usually bike to work and I like going to the lake to play beach racket. Of course, I love traveling and visiting new cities and countries! I feel very lucky that Webroot’s Linz office is in such a good location, which makes quick day trips and weekend travel really easy.

The post Employee Spotlight: Chat with Alia AlaaEldin Adly appeared first on Webroot Blog.

COBALT DICKENS Launched New Phishing Operation against Universities

The COBALT DICKENS threat group stayed busy over the summer by launching a new global phishing operation targeting universities. In July and August 2019, Secureworks’ Counter Threat Unit (CTU) researchers observed COBALT DICKENS using compromised university resources to send out library-themed phishing emails. These emails differed from those used in the Iranian threat group’s previous […]… Read More

The post COBALT DICKENS Launched New Phishing Operation against Universities appeared first on The State of Security.

Fabricated Voice Used in Financial Fraud

This seems to be an identity theft first:

Criminals used artificial intelligence-based software to impersonate a chief executive's voice and demand a fraudulent transfer of €220,000 ($243,000) in March in what cybercrime experts described as an unusual case of artificial intelligence being used in hacking.

Another news article.

Google Searches Reveal the 15-Year Decline of AV

Google Searches Reveal the 15-Year Decline of AV

The past 15 years has seen huge changes in the cybersecurity-related search terms internet users are deploying to find out more about the industry, with anti-virus supplanted by emerging next-gen solutions, according to new data from Redscan.

Taking its cue from Google’s Year in Search report, the security vendor decided to analyze the past decade-and-a-half of search data to understand how trends have evolved over time.

Internet searches for “anti-virus” and “network security” have declined significantly over that time, as has interest in the main AV brands. At the same time, there’s been a surge of interest in terms such as “SIEM,” “Cloud Computing,” “Mobile Device Management” and “BYOD.”

Interestingly, searches for “passwords” have declined rapidly since 2004, although terms such as “two-factor authentication” and “multi-factor authentication” have not risen significantly over the same time period.

“It’s a bit concerning that searches for passwords are in such a steep decline. Good password hygiene is essential, and people are often really bad at setting unique passwords,” the report noted.

As for the threat landscape itself, searches for “keyloggers” declined sharply from around 2004 onwards, while “phishing,” “ransomware” and “DDoS” have remained pretty consistent. Spikes in searches for DDoS coincided with the major Mirai botnet attack on Dyn in 2016 and for ransomware with the WannaCry attack of 2017.

In 2004, “Spyware” and “adware” were far more popular search terms than “malware,” although the trend has now been reversed. “Cryptojacking” also spiked sharply from around 2017 while searches for “GDPR” understandably rocketed shortly before its introduction in early 2018.

As for the future, Google search term analysis indicates the rising popularity of “threat hunting,” “IoT security,” “AI and security” and “zero trust security.”

"Cybersecurity has changed remarkably over the past 15 years and Google’s search data is a great measure of this,” said Andy Kays, technical director at Redscan.

“As businesses embrace digital transformation, their security strategy must evolve accordingly. Our data shows that interest in traditional preventative tools is declining in favor of next-generation technologies that offer enhanced threat detection and response capabilities.”

What is incident response management and why do you need it?

The threat of cyber attacks and other security incidents looms over all organisations. There are simply too many things that can go wrong – whether it’s a cyber attack, a technical malfunction or another delay – to assume that operations will always be functional.

But that doesn’t mean you need to accept that delays are inevitable. You should be constantly assessing what might go wrong and how you would deal with it, because the way you respond to an incident may well be the difference between a minor disruption and a major disaster.

Every second counts

The longer it takes an organisation to detect a vulnerability, the more likely it is that it will lead to a serious security incident. For example, perhaps you have an unpatched system that’s waiting to be exploited by a cyber criminal, or your anti-malware software isn’t up to scratch and is letting infected attachments pass into employees’ inboxes.

Criminals sometimes exploit vulnerabilities as soon as they discover them, causing problems that organisations must react to immediately.

However, they’re just as likely to exploit them surreptitiously, with the organisation only discovering the breach weeks or months later – often after being made aware by a third party.

It takes 175 days on average to identify a breach, giving criminals plenty of time to access sensitive information and launch further attacks.

As Ponemon Institute’s 2019 Cost of a Data Breach Study found, the damages associated with undetected security incidents can quickly add up, with the average cost of recovery being £3.17 million.

If your organisation is to reduce financial losses and stay in control of the situation, you must have an incident response plan. This allows you to mitigate the damage and reduce the delays and costs that come with disruptions.

But incident management isn’t only good business sense, as we discuss next.

The GDPR and the NIS Regulations

Incident response management is a key requirement of the GDPR (General Data Protection Regulation) and the NIS Regulations (Network and Information Systems Regulations).

Failure to implement adequate response protocols could therefore not only endanger your organisation’s long-term productivity but also lead to substantial penalties. Breaches of the NIS Regulations can attract fines of up to £17 million, and the stakes are even higher when it comes to the GDPR, with penalties reaching €20 million (about £17.8 million) or 4% of the organisation’s global annual turnover – whichever is greater.

So, what do you need to do to stay compliant? Article 32 of the GDPR states that organisations must take necessary technical and organisational measures to ensure a high level of information security.

This includes implementing an incident response plan to contain any damage in the event of a data breach and to prevent future incidents from occurring.

Doing so also helps you comply with Article 33 of the Regulation, which requires organisations to contact their supervisory authority if they suffer a breach that poses a risk to the rights and freedoms of individuals.

The notification must be made within 72 hours of becoming aware of the breach, and should include as much detail about the breach as possible.

It should also describe the measures taken, or proposed to be taken, to address the breach, including steps to mitigate possible adverse effects.

Meanwhile, the NIS Regulations require organisations to produce:

  • Detection processes and procedures, which should be regularly monitored to ensure that they are up to date and effective;
  • Processes and policies for reporting vulnerabilities and security incidents;
  • Procedures for documenting the response to cyber security incidents; and
  • Incident analyses to assess an incident’s severity and collect information for the organisation’s continual improvement process.

The incident response lifecycle

We recommend that your incident response plan draws on ISO 27001, the international standard for information security, and ISO 27035, which contains principles and guidelines for incident management.

You might also be interested in our approach to incident response, which combines those elements with processes to help you prepare for incidents and aspects of business continuity.

You can adopt this approach by following these eight steps:

1. Identify risks, vulnerabilities and threat exposure

You can’t plan for disaster if you don’t know what might be coming, so the first step is to identify risks by conducting a risk assessment.

This process will also give you an idea of how much of a threat each risk poses and whether it’s worth addressing. For example, if you decide that a risk is highly unlikely to occur or will only cause minimal damage, planning for it might be more trouble than it’s worth.

2. Review cyber security controls

Your organisation more than likely already has certain controls in place; these could be as basic as antivirus software or firewalls.

Such measures could also stretch to existing policies or procedures, e.g. maintaining a schedule for regularly updating devices and software, or even physical security, such as CCTV.

These controls and measures should be reviewed to make sure they are still up to date, and ultimately capable of saving you any unnecessary work – if an existing measure suffices, ensure it is documented and cross it off the to-do list.

3. Conduct a business impact analysis

A BIA (business impact analysis) is a process that uses critical activities to determine priorities for recovery following an incident.

A BIA will also help you work out how quickly each activity needs to be resumed following an incident. Importantly, the analysis will give you an RTO (recovery time objective) for each activity, which is the ‘acceptable’ length of time it takes to get your systems up and running again.

4. Form the incident response team

A dedicated incident response team analyses information about incidents, discusses observations, coordinates activities, and shares important findings internally.

The team could include a director or senior manager, information security manager, facilities manager and IT manager.

Whatever the exact roles are, the team needs to have enough authority to act quickly in response to incidents, and sufficient access to information and expertise to make sure decisions are made on the basis of the best information available.

5. Develop incident response plans

Your plan should focus on the identified critical assets – including the risks to those assets, asset owners and asset locations – as well as the summarised results of the BIA.

You also need to put a reporting process or communication plan in place to ensure that both the incident response team and relevant stakeholders will be informed of any incidents.

For that process to work, you need to include contact details – both of team members and relevant authorities – and call trees, as well as checklists or steps to be taken in the case of specific scenarios.

6. Test incident scenarios

To be sure that the checklists or steps for specific scenarios actually work, you must test them.

Testing these steps at least biannually ensures that they are and remain effective, but also enables the documented plan to be as detailed as possible. And no matter how familiar staff are with the plan, theory is no substitute for practical experience.

Testing does not simply confirm that the plan works, but also trains staff to respond as efficiently as possible. All lessons learned should be documented, and resulting improvements incorporated into the scenarios as necessary.

7. Conduct incident response training

Human error and process failures are the underlying reasons for the majority of security incidents.

To reduce this risk, you must teach your staff about the importance of effective security and how they can avoid making mistakes.

Employees with incident response duties should receive additional training in relation to their role, whether this concerns incident notification, reporting or classification, or scenario testing.

Those with business continuity duties should also receive appropriate training.

8. Establish a continual improvement framework

Like any framework, incident response processes must be regularly reviewed to take into account emerging threats and areas where the current framework isn’t working as intended.

As such, the steps outlined here should be repeated annually or whenever there are major changes to your organisation.

Experiencing a cyber security incident?

If you’re facing a disaster or worried about what will happen when an incident occurs, you should turn to IT Governance.

Our experts help you take immediate action no matter what the situation. We can mitigate the damage if you’re in a crisis or optimise your existing resources and provide support where needed.

Following the incident, we aim to get you back to business, armed with the knowledge to manage your risks and improve your security posture.

A version of this blog was originally published on 14 May 2018.

The post What is incident response management and why do you need it? appeared first on IT Governance Blog.

Heimdal™ Security Launches MailSentry™, the Solution against Business Email Compromise (BEC)

When cybersecurity advances made hacking a more expensive illegal pursuit, would-be digital thieves switched to social engineering more and more. As long as they could get insiders to trust them, they could make off with company assets in an easier way than fighting the built-in cyber-defenses. That’s why Business Email Compromise (BEC) attacks have risen so much over the past few years.

Almost every month brings yet more news of successful BEC scams. It’s usually public institutions, like city administrations or hospitals, who get targeted by these scams the most. But businesses also make ripe targets for scammers. On average, a successful BEC scam can cost companies around $59,000 per incident, and from July 2016 to July 2019, the total losses caused by BEC scams surpassed $26 billion, according to FBI’s data.

To answer the need for extra defenses against BEC attacks, Heimdal™ Security launches MailSentry™. MailSentry™ is a cybersecurity module designed to identify and prevent email fraud. Beyond the simple protection, you can get from a spam filter, this new product will allow businesses everywhere to elude the paralysis of multiple person approvals and double-checks.

Morten Kjaersgaard, CEO Heimdal Security details:

“MailSentry™ will, at last, be able to secure the final frontier of cyberattacks: fraud which relies on human trust. Businesses can now no longer be preyed on by ruthless imposters or waste valuable time in double-checking and questioning every seemingly legitimate request. With our new MailSentry™ product, we expect to lead the market for all mail fraud technologies. From now on, you can prevent CEO fraud and business email compromise in a single blow dealt to hackers.”

How Will MailSentry™ Work?

MailSentry™ is a specialized add-on to any spam filter already in place. It will pair over 125 vectors to detect fraud attempts and properly flag them. Combining email signature scans to word scans in order to detect changed IBAN codes and so on, no suspicious detail will pass unnoticed.

The new MailSentry™ product will be available as part of a personalized Enterprise suite, or as a stand-alone module. With its complex network of vectors, the BEC protection cybersecurity product will automatically detect:

  • Business Email Compromise (BEC)
  • Email-deployed Malware
  • Phishing and Spear Phishing
  • Imposter Threats (Modified Invoices)
  • CEO Fraud and Criminal Impersonation
  • Man-in-the-email and Spoofing Attacks
  • Malicious content in historical emails


With MailSentry™ your business will also receive live monitoring 24/7 by a team specialized in BEC fraud defense. This way, you can detect malicious intent in due time and prevent any costly mistakes.

Raising employee awareness about scams and Business Email Compromise (BEC) is always a good idea, but businesses shouldn’t rely on it. MailSentry™ and its automatic scan vectors will help where human vigilance fails so that scammers won’t stand a chance.

At the same time, its intelligence will be aided by the expertise of the 24/7 specialist team on-call for analyzing suspicious emails. With MailSentry™, you can stand out from your competition by harnessing the capability of innovative technology, coupled with human ingeniousness.

You can read more about MailSentry™ and schedule a free demo HERE.

Note: MailSentry™ will be live and ready to deploy on 31st October 2019.

About Heimdal Security: Heimdal Security is an emerging cybersecurity company, founded in 2014 in Copenhagen by winners of the world ethical hacking competition Defcon CTF. Since then, the company has grown spectacularly, earning awards for both its proactive security suite (Anti-Malware Solution of the Year in 2018) and for its blog, providing intelligence to security outlets worldwide (Most Educational Security Blog in 2016).

The post Heimdal™ Security Launches MailSentry™, the Solution against Business Email Compromise (BEC) appeared first on Heimdal Security Blog.

How to Foil the 6 Stages of a Network Intrusion

The cost of a breach is on the rise. A recent report from IBM revealed that the average cost of a data breach had risen 12 percent over the past five years to $3.92 million per incident on average. Additionally, this publication uncovered that data breaches originating from malicious digital attacks were both the most […]… Read More

The post How to Foil the 6 Stages of a Network Intrusion appeared first on The State of Security.

The Five Incident Response Steps

It is important to remember that implementing incident response steps is a process and not an isolated event. For a truly successful incident response, the team should have a coordinated approach. There are five key steps in responding to incidents to ensure efficiency.

<iframe width=”560″ height=”315″ src=”https://www.youtube.com/embed/Euhl7hNquTQ” frameborder=”0″ allow=”accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture” allowfullscreen></iframe>

The five important incident response steps are the following.


The key to an effective incident response is preparation. Sometimes even with the best team, they cannot effectively address a situation without the proper guidelines or plan. This should be in place in order to support the team and is one of the most important incident response steps.

Features that should be included in the plan are:

  • Develop and document policies and procedures for proper incident response management.
  • Create a communication standard so teams can coordinate properly during an incident.
  • Incorporate threat intelligence feeds, and perform ongoing analysis and synchronization of feeds.
  • Do cyber hunting exercises for a more proactive approach to incident response.
  • Assess the current threat detection capability of the organization, and update if needed.

Detection and Reporting

The second in the series of incident response steps is detecting and reporting potential security threats.


Firewalls, IP systems, and data loss prevention solutions can all help you monitor security events in the environment.


Security threats can be detected by correlating the alerts in a SIEM solution.


An incident ticket should then be created and the initial findings documented. An incident classification would then be assigned.


All report processes should include ways to accommodate regulatory reporting escalations.


Most of the understanding of a security threat happens during the analysis part of the incident response steps. Evidence is collected from the data coming in from tools and systems for proper analysis and identification of the incident.

Analysts should focus on three main areas:

Endpoint Analysis

  • Find any tracks that could have been left behind by the threat actor.
  • Collect all the artifacts required to recreate the timeline of events.
  • Analyze the systems from a forensic perspective.

Binary Analysis

Analyze any malicious binaries or tools used by the attacker, and document these programs along with their functionalities. This can be done either through behavioral analysis or static analysis.

Enterprise Hunting

  • Check systems and the event log to determine what was compromised.
  • Document all the accounts, machines, tools, programs, etc. that were compromised for proper containment.


The fourth in the incident response steps is one of the most critical: containing and neutralizing the threat based from all indicators gathered through the analysis. Normal operations can resume after system restoration.

Coordinated Shutdown

Once all the affected systems are identified, a coordinated shutdown should be done for these devices.

Wiping and Rebuild

All infected devices need to be wiped, then the operating systems are rebuilt from the ground up. Passwords need to be changed for accounts compromised by the threat event.

Threat Mitigation Requests

If domains or IP addresses are identified and known to be used by threat actors, you should issue a threat mitigation request in order to block all future communication with these domains.


There is more work to be done even after containment is successful with the final of the incident response steps.

  • Create a complete incident report.
  • Closely monitor the activities of affected devices and programs.
  • Update your threat intelligence to avoid similar attacks.
  • Last but not least of the incident response steps, implement new preventive measures.

Also Read,

Building Your Incident Response Team

Many Organizations Lack Plan to Respond to Incidents: Study Report

The post The Five Incident Response Steps appeared first on .

Cybersecurity of Electric Vehicle Chargers

NIST will host a host a one-day meeting focusing on the current state of federal research around the cybersecurity of Electric Vehicle Supply Equipment (EVSE) on Thursday, September 12, 2019 from 8:30a.m.