Our data-driven society has a tricky balancing act to perform: building innovative products and services that use personal data while still protecting people’s privacy. To help organizations keep this balance, the National Institute of Standards and Technology (NIST) is offering a new tool for managing privacy risk. Version 1.0 of the NIST Privacy Framework The agency has just released Version 1.0 of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management. … More
The post NIST Privacy Framework 1.0: Manage privacy risk, demonstrate compliance appeared first on Help Net Security.
Over the next two years, 50% of organizations will experience increased collaboration between their business and IT teams, according to Gartner. The dispute between business and IT teams over the control of technology will lessen as both sides learn that joint participation is critical to the success of innovation in a digital workplace. “Business units and IT teams can no longer function in silos, as distant teams can cause chaos,” said Keith Mann, senior research … More
The post Business units and IT teams can no longer function in silos appeared first on Help Net Security.
CyberArk, the global leader in privileged access management, unveiled new just-in-time access capabilities that help reduce risk and improve operational efficiency as organizations implement broader least privilege strategies. By extending just-in-time support with the ability to remove unnecessary standing access to Linux systems, CyberArk remains the only privileged access management vendor to provide comprehensive just-in-time offerings across cloud and hybrid environments and on the endpoint. Some privileged accounts are granted standing, “always on” access despite … More
The post CyberArk’s new just-in-time access capabilities help reduce risk and improve operational efficiency appeared first on Help Net Security.
Many years ago when I first started my career in network security as a support engineer, I received a phone call from a customer. (Let’s call him “Frank.”) He used our vulnerability scanner as a consultant for his own customers, and he was concerned that the scanner came back with 0 results. After reviewing his […]… Read More
The NIS Directive is the first EU horizontal legislation addressing cybersecurity challenges and a true game-changer for cybersecurity resilience and cooperation in Europe. The Directive has three main objectives: Improving national cybersecurity capabilities Building cooperation at EU level Promoting a culture of risk management and incident reporting among key economic actors, notably operators providing essential […]… Read More
The post NIS Directive: Who are the Operators of Essential Services (OES)? appeared first on The State of Security.
To ensure the highest levels of endpoint security across more than 8,000 devices and to help achieve HIPAA compliance in the face of rising data breaches across the healthcare industry, Apria Healthcare leverages Absolute, the leader in endpoint resilience, for comprehensive endpoint visibility and control. Apria Healthcare serves nearly 2 million patients annually across 300 locations in 49 states. They have more than 8,000 laptops, desktops and tablets, many of which regularly leave the organization. … More
The post Apria Healthcare leverages Absolute to protect patient data and ensure HIPAA compliance appeared first on Help Net Security.
Virsec, a cybersecurity company delivering a radically new approach to protect against advanced targeted attacks, announced it has partnered with ProtectedIT, a leader in delivering enterprise security solutions, remote infrastructure, and cloud services to offer advanced cybersecurity protections to its clientele. The Virsec Security Platform stops fileless attacks and in-memory threats that escape detection by conventional security tools. These advanced application attacks have been indefensible, putting many businesses in jeopardy. Virsec stops these threats, protecting … More
The post Virsec partners with ProtectedIT to offer cybersecurity protections to its clients appeared first on Help Net Security.
Fortanix, the Runtime Encryption company, announced it had a record year in 2019, which saw sales climb 285 percent over the previous record year. Important new partnerships with Equinix, Google, IBM and Intel set the stage for both innovation and go-to-market success. The company doubled its workforce and expanded geographically in 2019 with new offices in the United Kingdom and the Netherlands to support its growing European customer base and attract engineering talent. “We believe … More
The post Fortanix announces record sales year, new partnerships and global expansion in 2019 appeared first on Help Net Security.
Global private investment firm Skyview Capital has added to its software technology portfolio with the acquisition of Bethesda, MD-based Fidelis Cybersecurity from a consortium of investors in a stock transaction. Fidelis Cybersecurity is a leading provider of Network Traffic Analysis and Digital Forensics and Incident Response solutions that enable enterprises and government organizations to detect, hunt and respond to advanced threats that evade traditional security solutions. Fidelis solutions are delivered as standalone network, endpoints and … More
The post Skyview Capital acquires Fidelis Cybersecurity to expand portfolio and accelerate growth appeared first on Help Net Security.
Security Compass, a leading provider of enterprise DevSecOps software solutions, announced it has secured growth equity funding from FTV Capital, a sector-focused growth equity investment firm. This investment will enable Security Compass to enhance its position as a global leader in empowering organizations to achieve agility at scale by streamlining software risk management. By leveraging FTV’s deep expertise and access to its Global Partner Network, Security Compass will further enhance its solutions portfolio and accelerate … More
The post Security Compass secures funding to enhance solutions portfolio and accelerate growth appeared first on Help Net Security.
New Relic, the industry’s largest and most comprehensive cloud-based observability platform built to help customers create more perfect software, announced that Bill Staples will join New Relic as chief product officer on February 14, 2020. Reporting directly to CEO and Founder Lew Cirne, Staples will be responsible for driving the company’s market-leading platform strategy and will lead the Product Management, Engineering and Design functions. Staples has spent his career building and scaling cloud-based businesses. He … More
The post Bill Staples joins New Relic as chief product officer appeared first on Help Net Security.
Zscaler, the leader in cloud security, announced that Zscaler stockholders elected David Schneider to its Board of Directors at the annual stockholder meeting held January 10, 2020. Schneider is President, Global Customer Operations at ServiceNow. Mr. Schneider’s term will expire at the 2022 annual stockholder meeting. “David is an inspirational technology leader with deep experience scaling and growing disruptive SaaS companies. ServiceNow is one of the greatest cloud businesses in history, and he has been … More
The post Zscaler elects David Schneider to its Board of Directors appeared first on Help Net Security.
Bringing a rich tech background and executive experience in the association sector, Julia Kanouse has joined ISACA’s leadership team as senior vice president of membership. ISACA has more than 145,000 members in 188 countries working in information and cyber security, governance, audit and assurance, risk and privacy, and in Kanouse’s new role, she will lead the strategy to elevate their experiences through diverse membership and chapter initiatives. In doing so, she will oversee a dynamic … More
The post ISACA appoints Julia Kanouse as senior vice president of membership appeared first on Help Net Security.
McAfee, the device-to-cloud cybersecurity company, announced that its Board of Managers has appointed Peter Leav to the role of Chief Executive Officer, effective February 3, 2020. Leav will succeed Chris Young, who has decided to step down as Chief Executive Officer of McAfee. Young will remain at McAfee in an advisory role to assist with the transition and will become a Senior Advisor at TPG Capital. Leav will also be appointed to McAfee’s Board of … More
The post Peter Leav joins McAfee as Chief Executive Officer appeared first on Help Net Security.
ioXt, the global standard for IoT security and preeminent IoT security alliance, announces the appointment of Gregory Guez, Senior Director of Product Marketing, IoT Security at Silicon Labs, to its board of directors. As a founding member of the ioXt Alliance, Guez has been instrumental in shaping ioXt’s work towards creating the internet of secure things. “The need for a universal security standard is critical to enabling the exponential growth of the IoT market,” said … More
The post ioXt appoints Gregory Guez to its board of directors appeared first on Help Net Security.
Resolve Systems, the leader in enterprise IT automation and AIOps, announced the promotion of Vijay Kurkal to Chief Executive Officer, effective immediately. Since joining the company as Chief Operating Officer in 2018, Kurkal has been instrumental in the company’s global growth and product development as Resolve has delivered on heightened demand for its transformative technologies. He also drove company investments in sales, marketing, and channel programs. “It is an incredibly exciting time for Resolve, and … More
The post Resolve Systems promotes Vijay Kurkal to Chief Executive Officer appeared first on Help Net Security.
UFC’s Kamaru Usman claims his Twitter account was hacked, after it posted explicit messages about rival fighter Conor McGregor and his partner Dee Devlin.
The availability online of a new collection of Telnet credentials for more than 500,000 servers, routers, and IoT devices made the headlines.
A hacker has published online a massive list of Telnet credentials for more than 515,000 servers and smart devices, including home routers. This is the biggest leak of Telnet passwords even reported.
According to ZDNet that first published the news, the list was leaked on a popular hacking forum by the operator of a DDoS booter service.
The list includes the IP address, username and password for the Telnet service for each device.
The list appears to be the result of an Internet scan for devices using default credentials or easy-to-guess passwords.
“As ZDNet understands, the list was published online by the maintainer of a DDoS-for-hire (DDoS
“When asked why he published such a massive list of “bots,” the leaker said he upgraded his DDoS service from working on top of IoT botnets to a new model that relies on renting high-output servers from cloud service providers.”
The lists leaked online are dated October-November 2019, let’s hope that Internet Service Providers will contact ZDNet to receive them and check if the devices belong to their network and secure them.
Many IoT devices included in the list have default and well-known credentials (i.e., admin:admin, root:root, or no authentication required).
Top five credentials included in the list were:
The popular researcher Victor Gevers, the founder of the GDI Foundation, analyzed the list and confirmed it was composed of more than 8200 unique IP addresses, about 2.174 are accessible via Telnet with the leaked credentials.
(SecurityAffairs – Telnet credentials, hacking)
The post Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online appeared first on Security Affairs.
Here’s an overview of some of last week’s most interesting news and articles: Cable Haunt: Unknown millions of Broadcom-based cable modems open to hijacking A vulnerability (CVE-2019-19494) in Broadcom‘s cable modem firmware can open unknown millions of broadband modems by various manufacturers to attackers, a group of Danish researchers has warned. High-risk Google account owners can now use their iPhone as a security key Google users who opt for the Advanced Protection Program (APP) to … More
The post Week in review: Windows crypto flaw, API security risks, exploits for Citrix security hole abound appeared first on Help Net Security.
A new round of the weekly newsletter arrived! The best news of the week with Security Affairs
Microsoft has warned Windows users that there is an unpatched zero-day vulnerability in Internet Explorer that is being exploited in targeted attacks.
Attacks on Citrix servers are intensifying, one of the threat actors behind them is patching them and installing its own
backdoor to lock out other attackers.
Security experts are monitoring a spike in the number of attacks against Citrix servers after
Researchers from FireEye noticed that one of the threat actors involved in the attacks is patching the vulnerable Citrix servers, installing their own backdoor, tracked as NOTROBIN, to clean up other malware infections and to lock out any other threat from exploiting the CVE-2019-19781 Citrix flaw.
“One particular threat actor that’s been deploying a previously-unseen payload for which we’ve created the code family NOTROBIN.” reads a report published by FireEye.
“Upon gaining access to a vulnerable NetScaler device, this actor cleans up known malware and deploys NOTROBIN to block subsequent exploitation attempts! But all is not as it seems, as NOTROBIN maintains backdoor access for those who know a secret
The popular expert Kevin Beaumont first reported the scans for vulnerable systems earlier in January, but only last week the exploits were made public.
The issue affects all supported product versions and all supported platforms:
- Citrix ADC and Citrix Gateway version 13.0 all supported builds
- Citrix ADC and NetScaler Gateway version 12.1 all supported builds
- Citrix ADC and NetScaler Gateway version 12.0 all supported builds
- Citrix ADC and NetScaler Gateway version 11.1 all supported builds
- Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds
It has been estimated that 80,000 companies in 158 countries are potentially at risk, most of them in the U.S. (38%), followed by the UK, Germany, the Netherlands, and Australia.
The CVE-2019-19781 vulnerability was discovered by Mikhail Klyuchnikov from Positive Technologies.
The NOTROBIN backdoor was designed to prevent subsequent exploitation of the flaw on Citrix servers and also to establish backdoor access, a circumstance that suggests that attackers are preparing future attacks.
Experts pointed out that the threat actor exploits CVE-2019-19781 to execute shell commands, attackers send the malicious payload to the vulnerable
Below a web server access log entry reporting the exploitation attemp:
|127.0.0.2 – – [12/Jan/2020:21:55:19 -0500] “POST|
/vpn/../vpns/portal/scripts/newbm.pl HTTP/1.1″ 304 – “-” “curl/7.67.0”
The experts have yet to recover the POST body contents and analyze them.
Then attackers execute
NOTROBIN is written in Go, it scans every second for specific files and delete them. If the filename or file content includes a
“The mitigation works by deleting staged exploit code found within NetScaler templates before it can be invoked. However, when the actor provides the
The experts from FireEye noticed threat actors deploying NOTROBIN with unique keys, they observed nearly 100 keys from different binaries.
The keys look like MD5 hashes, the use of unique keys makes it difficult for third parties, including competing attackers, to scan for NetScaler devices already infected with NOTROBIN.
Further technical details are reported in the analysis published by FireEye, including Indicators of Compromise (IoCs).
The post Hackers patch Citrix servers to deploy their own backdoor appeared first on Security Affairs.