Keeping a business safe from cyber threats while allowing it to thrive is every CISO’s goal. The task is not easy: a CISO has to keep many balls in the air while being buffeted by an increasingly complex and always shifting threat landscape. Consequently, the importance of a good CISO should not be underestimated. Mistakes to avoid, practices to implement Francesco Cipollone, CISO and director at UK-based cybersecurity consultancy NSC42, says that he has seen … More
Cyberthreats are escalating faster than many organizations can identify, block and mitigate them. Visibility into the expanding threat landscape is imperative, but according to a new threat report released by CenturyLink, it is even more essential to act. “As companies focus on digital innovation, they are entering a world of unprecedented threat and risk,” said Mike Benjamin, head of CenturyLink’s threat research and operations division, Black Lotus Labs. “Threats continue to evolve, as do bad … More
The post Threat visibility is imperative, but it’s even more essential to act appeared first on Help Net Security.
The Tor Project has raised $86,000 for a Bug Smash fund that it will use to pay developers that will address critical flaws in the popular
The Tor Project has raised $86,000 for a Bug Smash fund that was created to pay developers that will address critical security and privacy issues in the popular
In earlier of August, the Tor Project announced the creation of the Bug Smash Fund with the intent to pay professionals that will support the organization in maintaining the work and smashing the bugs.
“The goal of the Bug Smash Fund is to increase the Tor Project’s reserve of funds that allow us to complete maintenance work and smash the bugs necessary to keep Tor Browser, the Tor network, and the many tools that rely on Tor strong, safe, and running smoothly.” reads the announcement published by the Tor Project.
“When we say maintenance and bugs, we are talking about work that is critical—and that we must pay for. This work includes responding quickly to security bugs, improving test coverage, and keeping up with Mozilla’s ESRs. An entire ecosystem relies on us doing so.”
The organization has added donations it received in August 2019 to the Bug Smash Fund.
Any vulnerability that could be used to
“Want to keep up with the work we’re doing with this fund? There are three ways: (1) Follow the “BugSmashFund” trac ticket tag, (2) watch this blog for updates about the progress of these tickets, and (3) make a donation and opt in for our newsletter to get updates directly to your inbox.” concludes the announcement.
The post Tor Project’s Bug Smash Fund raises $86K in August appeared first on Security Affairs.
Cofense experts uncovered a new variant of the Astaroth Trojan that uses Facebook and YouTube in the infection process.
The attach chain appears to be very complex and starts with phishing messages that come with an .htm file attached. At each step of the infection process, threat actors leverage trusted sources and the interaction of the end-user. At every turn in the infection chain, the malware uses legitimate services to evade detection.
The Astaroth Trojan was first spotted by security firm Cofense in late 2018 when it was involved in a campaign targeting Europe and Brazil. The malware
In the recent campaign, the experts observed three differed kind of emails written in Portuguese used in this phishing campaign, one using an invoice theme, another with show ticket theme and a third one using civil lawsuit theme.
Among the files downloaded in the infection process there are two .DLL files that are joined together into a legitimate program named ‘C:\Program Files\Internet Explorer\ExtExport.exe.’
The use of a legitimate program to run the malicious code resulting from the union of the two DLLs downloaded from a trusted source allows bypassing security measures.
The experts noticed that the Astaroth Trojan involved in this campaign uses YouTube and Facebook profiles to host and maintain the C2 configuration data.
The C2 data are encoded in base64 format as well as custom encrypted, attackers inserted them within posts on Facebook or the profile information about user accounts on YouTube. This trick allows the attackers to bypass content filtering and other network security measures.
“The threat actors are also able to dynamically change the content within these trusted sources so they can deter the possibility of their infrastructure being taken down.” continues the researchers.
The Astaroth storage is able to steal sensitive information, including financial information, stored passwords in the browser, email client credentials, SSH credentials. The information gathered by the malware is encrypted with two layers of encryption and sent via HTTPS POST to a site from the C2 list, experts noticed that most of the sites are hosted on Appspot.
This phishing campaign exclusively targets Brazilians, the experts noticed that the initial .ZIP archive geo-fenced to Brazil.
However, experts warn that attackers could expand their activities to other countries using similar tactics.
The post Astaroth Trojan leverages Facebook and YouTube to avoid detection appeared first on Security Affairs.
While data loss protection is critical to Zero Trust (ZT), fewer than one in five organizations report their data loss prevention solutions provide transformational benefits and more than 80 percent say they need a better way to secure data without slowing down innovation, according to Code42. ZT architectures are based on the principle of “trust no one, verify everything,” abolishing the idea of a trusted network within a data security perimeter and requiring companies to … More
The post Four in five businesses need ways to better secure data without slowing innovation appeared first on Help Net Security.
Cybercriminals upped the intensity of IoT and SMB-related attacks in the first half of 2019, according to a new F-Secure report. The report underscores the threats IoT devices face if not properly secured when online, as well as the continued popularity of Eternal Blue and related exploits two years after WannaCry. F-Secure’s honeypots – decoy servers that are set up to lure in attackers for the purpose of collecting information – measured a twelvefold increase … More
The post Exploitation of IoT devices and Windows SMB attacks continue to escalate appeared first on Help Net Security.
Guardicore, a leader in internal data center and cloud security, unveiled new capabilities for its Infection Monkey that make it the industry’s first Zero Trust assessment tool. Added features extend the functionality of the already successful Infection Monkey, a free, open source breach and attack simulation tool used by thousands to demonstrate and analyze their environments against lateral movement and attacks. The latest version of Infection Monkey enables both enterprise security leaders and network engineers … More
The post Open source breach and attack simulation tool Infection Monkey gets new features appeared first on Help Net Security.
Most banks plan to integrate their fraud and financial crime compliance systems and activities in response to new criminal threats and punishing fines, with the U.K. leading the pack, according to a survey by Ovum, on behalf of FICO. Responses show that U.S. systems are less integrated than Canada’s – only 25 percent of U.S. banks have a common reporting line for both fraud and compliance, versus 60 percent for Canada. The survey also found … More
The post Only one quarter of retail banks have adopted an integrated approach to financial crime systems appeared first on Help Net Security.
Held annually in Asia, Europe and the Middle East, Hack In The Box conferences bring together the world’s top cyber security experts to share and discuss their latest knowledge, ideas and techniques with security professionals and students. The next HITB event is HITB+ CyberWeek, which takes place October 12th – 17th at Emirates Palace, Abu Dhabi. As usual, it will offer security trainings, talks, and live challenges. Cyber Battle of the Emirates Among the live … More
The post Cyber Battle of the Emirates: Training the next generation of cyber security pros appeared first on Help Net Security.
GDPR is a landmark in privacy jurisdiction. Through its 99 articles, it sets a framework for both businesses and individuals on their rights and responsibilities when it comes to protecting privacy. The most important element in my opinion is that privacy functions a fundamental human right and needs to be protected. The Authorities View Although […]… Read More
The post GDPR One Year Anniversary: The Civil Society Organizations’ View appeared first on The State of Security.
Consumer demand for IoT devices is growing rapidly as they look to make the most of connectivity and the smart home. However, the increase in IoT devices also increases the number of security vulnerabilities and creates challenges for communication service providers (CSPs) and consumers alike around control of the smart home. To address these challenges, Irdeto has launched Trusted Home which enables CSPs to secure the entire smart home beyond the router, increase ARPU by … More
The post Irdeto launches Trusted Home enabling CSPs to secure the entire smart home beyond the router appeared first on Help Net Security.
TSYS announced a new authentication product that provides unprecedented real-time verification of customer identities. The new offering, the TSYS Authentication Platform, relies on customer experience data collected from direct cardholder touchpoints and integrates into TSYS clients’ existing authentication systems. TSYS Authentication Platform is available in Europe and will be launched in North America in 2020. The new product is designed to verify that a person is who he or she claims to be, reducing application, … More
The post TSYS Authentication Platform helps companies fight synthetic and account takeover fraud appeared first on Help Net Security.
HITRUST, a leading data protection standards development and certification organization, released updated guidance for placing reliance on the results of previously performed audits, assessments, and inspections. These policy and methodology updates create opportunities for greater assessment efficiency and customer cost savings. HITRUST has historically afforded two opportunities for External Assessors (formerly referred to as HITRUST CSF Assessors) to rely on the results of previously performed control testing, one being Inheritance of the results of other … More
The post HITRUST issues guidance for relying on work of internal audit departments in CSF assessments appeared first on Help Net Security.
Razberi Technologies has extended its Razberi Monitor solution with new video health monitoring features. Razberi leverages its patent-pending deep packet inspection technology to assure security professionals that their cameras are providing secure and reliable audio and video streams. Razberi’s latest software automatically reboots cameras and sends alerts when problems are detected. Razberi Monitor provides complete system health and cyber monitoring solutions for video surveillance systems. Razberi Monitor integrates video health with award-winning Razberi CameraDefense for … More
The post New Razberi features use deep packet inspection to monitor video quality and camera security appeared first on Help Net Security.
Fujitsu Computer Products of America, the established leader in document imaging, announced a new integration with the FUJITSU fi-7300NX document scanner and Egnyte. Easy NX Connect for Egnyte is a convenient software license that enables organizations to scan directly to Egnyte via a quick tap and scan into a secure, sharable workflow. Easy NX Connect for Egnyte includes NFC authentication and direct integration into Egnyte’s Enterprise File Sharing and Content Governance platform. In conjunction with … More
The post Easy NX Connect for Egnyte enables fast and secure file sharing appeared first on Help Net Security.
NICE Actimize, a NICE business and the leader in autonomous financial crime management, has been chosen by PT Bank Mayapada Internasional, Tbk, Jakarta, Indonesia, to launch full-scale improvements within its financial crime operations with anti-money laundering compliance and investigation management solutions that employ artificial intelligence and machine learning technology. To more effectively meet the needs of its regulators, Bank Mayapada will implement an array of components from NICE Actimize’s Autonomous Anti-Money laundering portfolio, including Suspicious … More
The post Bank Mayapada chooses NICE Actimize to update its AML compliance programs appeared first on Help Net Security.
Global management consulting firm Oliver Wyman and Next Peak, an operational cyber defense consulting company, announced a new collaboration to offer a broader and enhanced range of advisory and operational services to clients focused on defending and improving resilience against global cyber threats. “At a time when cyber threats are becoming increasingly common, more dangerous, and more sophisticated, leaders across all industries are looking for ways to protect their companies,” said Michael Zeltkevic, Partner and … More
The post Oliver Wyman and Next Peak offer a broader and enhanced range of advisory and operational services appeared first on Help Net Security.
Snowflake, the data warehouse built for the cloud, announced that it has a public sector distribution relationship with FedResults, a government-focused IT provider. This partnership will enable Snowflake and FedResults to provide secure, powerful, flexible cloud data warehouse and analytics solutions to federal agencies. Bloomberg Government analysts project that the U.S. Federal Government will invest more than $93B in information technology programs in fiscal year 2020. The 2019 Federal Cloud Computing Strategy, Cloud Smart is … More
The post Snowflake and FedResults partnership provides cloud-based solutions for government appeared first on Help Net Security.
Digital River announced it has launched an integration to bring its payments, tax and compliance capabilities to Salesforce AppExchange, empowering customers to connect with their customers and partners in entirely new ways. The integration of Salesforce Commerce Cloud and Digital River lets brands create efficient online buying experiences with a solution designed to grow revenue, expand internationally and help protect brands from risks associated with selling online. The on-demand shopping experience is now ingrained in … More
The post Digital River brings its payments, tax and compliance capabilities to Salesforce AppExchange appeared first on Help Net Security.
HID Global, a worldwide leader in trusted identity solutions, announced that it has acquired HydrantID, a provider of management and automation services to secure enterprise organizations’ data, IT systems, networks, and the Internet of Things (IoT). Specializing in public key infrastructure (PKI) as a service, HydrantID has issued over three million PKI credentials and secured over 125,000 domains – a perfect complement to HID’s IdenTrust business, which is the world’s leading digital certification authority. HydrantID … More
The post HID Global acquires HydrantID to secure enterprise data, IT systems, networks, and the IoT appeared first on Help Net Security.
Odaseva, the unified cloud data protection, compliance and operations platform for enterprises running Salesforce as a business-critical application, announced that it has seen triple year over year growth, and after only seven years of operation, supports a staggering one trillion Salesforce records, with over 10 million enterprise-level internal Salesforce customers. Odaseva’s explosive growth is in part due to the influx of new data privacy and governance laws such as GDPR or CCPA, demanding that businesses … More
The post Odaseva records growth and supports over a trillion documents in Salesforce appeared first on Help Net Security.
Here’s an overview of some of last week’s most interesting news, interviews and articles: More than a year after GDPR implementation, half of UK businesses are not fully compliant 52% of UK businesses are not fully compliant with the regulation, more than a year after its implementation, according to a survey of UK GDPR decision-makers conducted on behalf of Egress. Simjacker vulnerability actively exploited to track, spy on mobile phone owners Following extensive research, AdaptiveMobile … More
The post Week in review: Simjacker attacks, critical Exim flaw, Sandboxie becomes freeware appeared first on Help Net Security.
Drone attacks have hit two major oil facilities run by the state-owned company Aramco in Saudi Arabia, one of them is the Abqaiq site.
Online are circulating the images of a huge blaze at Abqaiq, site of Aramco’s largest oil processing plant, the Abqaiq site. A second drone attack hit the Khurais oilfield.
According to the local media, the emergency response of the fire brigade teams allowed to control the fires at both facilities.
Iran-backed Houthi rebels in Yemen claimed responsibility for the attacks on the Abqaiq plant, according to a spokesman for the group in Yemen, it had deployed 10 drones in the attacks.
The group is threatening Saudi Arabia of further attacks. The Iran-aligned Houthi rebel movement fights the Yemeni government and a coalition of regional countries led by Saudi Arabia that fights the rebels since 2015, when President Abdrabbuh Mansour Hadi was was kicked out of Sanaa by the Houthis.
“The military spokesman, Yahya Sarea, told
“He said Saturday’s attack was one of the biggest operations the Houthi forces had undertaken
Secretary of State Mike Pompeo blamed Iran for coordinated the attacks, it added that we are facing an unprecedented attack on the world’s energy supply.
Officials have attributed the attacks to a specific threat actor:
“At 04:00 (01:00 GMT), the industrial security teams of Aramco started dealing with fires at two of its facilities in Abqaiq and Khurais as a result of…
The attacks will have a dramatic impact on Saudi Arabia’s oil supply, it could be cut off 50 percent following the incidents.
These latest attacks demonstrate the potential impact of drone attacks against critical infrastructures, at the time is not clear if the
“The Saudi Air Force
Groups like the Houthis and Hezbollah have access to drone technology and could use it is sophisticated operations. Intelligence analysts fear the escalating tensions in the region that could open a world oil crisis.
(SecurityAffairs – drone attacks, Saudi Arabia)
The post Drone attacks hit two Saudi Arabia Aramco oil plants appeared first on Security Affairs.
A new round of the weekly newsletter arrived! The best news of the week with Security Affairs
Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog.
Once again thank you!
Researcher discovered an unsecured database exposed online, belonging to car dealership marketing firm Dealer Leads, containing 198 million records.
The researcher Jeremiah Fowler discovered an unsecured database exposed online that belong to car dealership marketing firm Dealer Leads.
The archive containing 198 million records for a total of 413GB of data containing information of potential car buyers, vehicles, loan and finance inquiries, log data with IP addresses of visitors, and more.
“On August 19th I reported a non-password protected database that contained a massive 413GB of data and a total of 198 million records. The most shocking part was that I had seen this dataset several times in the previous weeks, but was unable to identify the owner.” reports Security Discovery. “I spent several days trying to identify the owner of the database and there was no clear indication in the millions of records.”
Dealer Leads provides content relevant and related to the auto industry for franchise and independent car dealerships, the website of the company describes itself with the following statement.
“dominates the automotive digital marketing industry with highly used automobile search strings turned i
The Elastic database was accessible to anyone with any browser, its records included name, email, phone, address, IP, and other sensitive or identifiable information, in plain text.
The archive also included IP addresses, ports, pathways, and storage info.
The good news is that after the expert reported his discovery to the company, it has secured the database restricting public access to the archive.
At the time of writing it is not clear how long the data remained exposed online and if someone had access to its records.
“Dealer Leads acted fast to restrict public access immediately after the notification. Unfortunately, the data
“It is unclear if Dealer Leads has notified individuals, dealerships, or authorities about the data incident. Because of the size and scope of the network applicants and potential customers may not know if their data was exposed,”
(SecurityAffairs – hacking, data leak)
The post Delaler Leads, a car dealer marketing firm exposed 198 Million records online appeared first on Security Affairs.
Facebook addressed a vulnerability in Instagram that could have allowed attackers to access private user information.
The security researcher @ZHacker13 discovered a flaw in Instagram that allowed an attacker to access account information, including
ZHacker13 discovered the vulnerability in August and reported the issue to Facebook that asked for additional time to address the issue. The social network giant has finally fixed the flaw.
“In putting this article together, I had the security researcher run tests on the platform and he successfully retrieved “secure” user data I know to be real. This data included users’ real names, Instagram account numbers and handles, and full phone numbers.” reads a post published by Forbes. “The linking of this data is all an attacker would need to target those users. It would also enable automated scripts and bots to build user databases that could be searched, linking high-profile or highly-vulnerable users with their contact details.”
The expert also warns that attackers could use automated scripts and bots to collect user data from the platform, linking users with their contact details.
Just a week before ZHacker13 disclosed the bug, phone numbers associated with 419 million accounts of the social
It is not clear if the two incidents could have the same root cause.
“I found a high vulnerability on Instagram that can cause a serious data leak,” @ZHacker13 told to Forbes. “The vulnerability is still active—and it looks like Facebook are not very serious about
The expert explained that he discovered by flaw by using the platform’s contact importer in combo with a brute-force attack on its login form.
The attack scenarios is composed of two steps:
- The attacker carries out a brute force attack on Instagram’s login form, checking one phone number at a time for those linked to a live Instagram account.
- The attacker finds the account name and number linked to the phone number by exploiting Instagram’s Sync Contacts feature.
A Facebook spokesman explained that his company modified the contact importer in Instagram to address the flaw
Facebook, after initial resistance, confirmed it is evaluating to reward @ZHacker13 for reporting the bug as part of its bug bounty program.
“Facebook had also told @ZHacker13 that although the vulnerability was serious, there was internal awareness of the issue and so it was not eligible for a reward under the bounty scheme.” continues the post. “This would have set a terrible precedent and
Facebook pointed out that there is no evidence that any user data has been abused by threat actors.
The post A bug in Instagram exposed user accounts and phone numbers appeared first on Security Affairs.