Daily Archives: May 13, 2020

The Health Care Technology Trends

Technology is currently evolving with such a fast speed that yearly predictions of trends might appear outdated even before they go live as an article or a published blog post. As the technology advances, it enables even quicker change as well as progress, thus causing a speeding up of the pace of change, until finally, when it will turn out to be exponential.

Staying current with technological trends in healthcare means keeping your eyes open in the future, to recognize the skills that you will have to know as well as what kinds of jobs you need to be competent to do. Below are several technology trends that you are supposed to look at in 2020, and various jobs which will be formed by these trends.

The future of healthcare technology is getting into a new era as lawmakers researchers and innovators, do their utmost to improve the effectiveness, accessibility, and cost of care. Technology, without a doubt, will play a major role in the future of healthcare, but how? The chief information security officer at Greenway states that technology will empower the changeover of healthcare delivery ahead of the point-of-care form to a more effective, efficient approach to whole-patient care.

Artificial Intelligence (AI)

AI or Artificial Intelligence has now received scores of buzz in recent years. However, it goes on to be a trend to look at since its effects on the way we work live, and play is just in the initial stages. Additionally, other AI branches have developed, and this includes Machine Learning, that we will go into here below. Artificial Intelligence is computer systems that are built to copy human intelligence so as to carry out tasks like recognizing images, patterns or, speech as well as decision making. Artificial Intelligence can perform these tasks quicker and also more perfectly than humans

In addition to understanding what the lifestyle of a patient is like, the providers will quickly gain access to information like the current benefits that are given by the insurance providers. This is usually based on the health profile of the patient

Machine Learning

With Machine Learning, the computers are normally programmed to gain knowledge of doing something that they are not programmed to perform: they gain knowledge of discovering patterns as well as insights from data. In most cases, we have two kinds of learning, supervised learning and unsupervised learning.

While the Machine Learning is a division of AI, we as well have subsets in the sphere of Machine Learning, and this includes natural language processing, neural networks, and deep learning. Every one of these subsets presents a chance for focusing on a career field that will just grow.

Edge Computing

previously a technology trend to look at, cloud computing has to turn out to be conventional, with Microsoft Azure,  major players Amazon Web Services (AWS), and Google Cloud leading in the market. The acceptance of cloud computing is continuing to grow, seeing that many and many healthcare systems are migrating to a cloud solution. However, it is now no longer the up-and-coming technology.

As the amount of data that we are dealing with goes on to increase, we have comprehended the weakness of cloud computing in several of the situations. Edge computing is tailored to assist in solving several of those issues as a way of bypassing the latency that is normally caused by cloud computing.

It may exist “on edge,” and if you will, nearer to where computing requires to happen. That is why; edge computing may be used to process data that is time-sensitive in remote places with a low or no connectivity at all to a centralized place.

The function of Health IT is to offer enhanced care for patients and also to help attain health fairness. Health IT encourages recording the patient data so as to improve the healthcare delivery and permit for the study of this data for both the healthcare practitioners as well as the ministry of health or government bodies. The data is used for the accomplishment of policies so to better treat and to avoid the spreading of the diseases.

Quality of healthcare

Health IT typically improves the delivery of the quality of healthcare, increases the safety of the patient, lessens medical errors, and also makes stronger the communication between the healthcare providers and patients. In low and middle-income countries (LMIC), the need for reliable and affordable medical record software is paramount.

The use of Health IT in medical clinics improves the quality of healthcare, which is delivered through offering accurate patient records and also allows doctors to better understand the medical history of the patient. A detailed history of the patient empowers the doctors, thus enabling them to treat ailments more accurately and also avoiding over-prescribing medicines, which can be deadly. With no medical records, the doctors would require to depend on the memory of the patient’s memory, which can lead to the inaccurate medical history of the patient due to poor memory, difficult drug names, and ailments that affect the patient’s memory. Several of this modern technology can also tell the patient if they require going on a diet too and a lot more.

The New technology might still come forward to deliver further Health as well as cost-savings benefits; however, the privacy of the patient is supposed to remain a priority for the providers and technologists. Getting the right associate who will be capable of managing data will happen to be even more dangerous in the future

Additionally, society has a big pool of senior medical as well as healthcare workers, who are informaticians too. These health care workers can mentor and also guide the just like that software. Finally, the communities can share and as well discuss any information they have.

Customers, too, have their right to the privacy of healthcare records. It is their data; thus, they have the right to state who can access their data and the way to use it. With no legislation and regulatory bodies to drive privacy and state how the data can be used, and with what permissions, the data might be sold.

The post The Health Care Technology Trends appeared first on .

Magellan Health Ransomware Attack Exposes Customer Data

In the wake of an April ransomware attack, Fortune 500 healthcare company Magellan Health announced that a hacker exfiltrated customer data.

The ransomware attack was first detected by Magellan Health April 11, 2020, and was traced back to a phishing email that had been sent and opened five days earlier. Subsequent investigation revealed that customer data had been exfiltrated prior to the deployment of the ransomware.

“The exfiltrated records include personal information such as name, address, employee ID number, and W-2 or 1099 details such as Social Security number or Taxpayer ID number and, in limited circumstances, may also include usernames and passwords,” stated the company in a letter sent to affected individuals.

This incident comes months after the company announced several of its subsidiaries had been targeted by phishing attacks that resulted in the compromise of the health information of more than 55,000 members.

 

The post Magellan Health Ransomware Attack Exposes Customer Data appeared first on Adam Levin.

Smashing Security #178: Office pranks, meat dresses, and robocop dogs

Graham shares stories of email storms, Carole describes the steps being taken by firms as they try to coax employees back to the office, and special guest Lisa Forte details a hack that has impacted Lady Gaga and other celebrities.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with computer security veterans Graham Cluley and Carole Theriault.

“The security industry doesn’t have to be this way”. Talking people powered security with Masha Sedova

Masha Sedova, cofounder of Elevate Security

This week’s episode of the Security Stories podcast was one of my favorites to record, for a few reasons.

Our interview is with a remarkable lady called Masha Sedova, who co-founded Elevate Security. Elevate uses data and analytics to invoke cultural and behavioural change in a company’s approach towards cybersecurity.  I met Masha at RSA when she had just been announced as finalist for the 2020 Innovation Sandbox award, which tells you something about how unique and interesting her solution is.

Before Elevate, Masha was a Security Executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners and customers. And it’s there where she had the idea for Elevate.

I have always loved that within the security industry, you really can make a difference. Masha saw something that could change, and had the courage to go out and set something up herself, rather than wait for someone else to do it. “The industry doesn’t have to be this way” is the mantle she had when she decided to go for it.

There’s many reasons why this was one of my favorite interviews.  For anyone tempted to listen, I would say – come for the unique insights into human behavior and why we make the security choices that we do sometimes.  And then stay for the discussion on setting up a business, as a woman, in the security industry.

During the interview, Masha recalls a specific and very personal example of gender discriminatory behavior she came up against whilst she was trying to raise investment three years ago.  This led to Masha creating a hiring policy in her organization which focusses on hiring more women, and embracing diversity as a rule.

It really struck a chord with me. Because this type of gender discrimination isn’t uncommon for women in the technology sector (dare I say most sectors). I myself can still recall, very vividly, when it’s happened to me. I know it’s happened to friends of mine.  It does stay with you, and it has lasting impact.

So I wanted to share this important message to say that it doesn’t have to be this way, and Masha is an example of the kind of leadership that’s required to ensure it doesn’t have to happen to anyone else. Thanks also to Masha’s co-founder Robert Fly, who had her back in that investor meeting.

I have a few friends with daughters who are growing up, and I hope that soon, the world is open to whatever they want to do with their lives and careers.

Also in this episode, Ben talks about the resurgence of digital extortion scams, what they tend to include, and what to do about them.

And finally we have our ‘On this Day’ feature. For this, we go back into the cybersecurity archives and pick out significant events that happened around this time, however many years ago.  We’ve gone back to the 70s to talk about the first ever network attack, and we visited the 90s in the last episode to talk about the launch of Snort onto opensource, but for this episode we’re only going to go back 3 years, because, well we couldn’t not.

Because on May 12th 2017, something called WannaCry began to wreak havoc within computer systems across the world.  We revisit the timeline of the attack, how it all unfolded, and the significance that WannaCry still has today.

You can listen to Security Stories on Apple Podcasts, Spotify, Google Podcasts, or wherever you normally get your podcasts from! You can also listen right here and now:

The post “The security industry doesn’t have to be this way”. Talking people powered security with Masha Sedova appeared first on Cisco Blogs.

Crooks continues to use COVID-19 lures, Microsoft warns

Microsoft discovered a new phishing campaign using COVID-19 lures to target businesses with the infamous LokiBot information-stealer.

Microsoft has discovered a new COVID-19 themed phishing campaign targeting businesses with the LokiBot Trojan.

Lokibot was already employed in Coronavirus-themed campaigns, early of April, security experts at FortiGuard Labs discovered phishing attacks using alleged messages from the World Health Organization (WHO) to deliver the LokiBot trojan.

COVID-19 themed phishing campaigns recently observed by Microsoft was using messages with subject lines like “BUSINESS CONTINUITY PLAN ANNOUNCEMENT STARTING MAY 2020.”

The LokiBot data stealer is able to collect information from tens of different web browsers, access to browsing data, locate the credentials for more than 15 different email and file transfer clients, and check for the presence of popular remote admin tools like SSH, VNC and RDP.

One of the phishing campaigns observed by Microsoft sees attackers pretending to be from the Centers for Disease Control (CDC), the messages promise latest information on the COVID-19 pandemic and a new “BUSINESS CONTINUITY PLAN ANNOUNCEMENT STARTING MAY 2020”.

Another campaign use messages that pretend to be from a vendor asking for updated banking information to process payments due to the COVID-19 virus lockdown.

The emails in both campaigns use ARJ attachments that contain malicious executables disguised as PDF files.

The choice of password-protected ARJ files aims at bypassing some security solutions. Upon opening the enclosed files, the infection process will start to finally deliver the LokiBot Trojan.

Microsoft pointed out that its Microsoft Threat Protection’s machine learning algorithms were able to detect the campaign, Microsoft users are automatically protected by the Microsoft Defender.

“Microsoft Defender’s advanced detection technologies, including behavior learning and machine learning, started blocking this attack right away. We used deeper analysis of the blocked attacks, which helped us to identify the end-to-end campaign detailed,” Tanmay Ganacharya, director of security research of Microsoft Threat Protection, told BleepingComputer.

“We see a lot of benefits of leveraging machine learning and we are in a very unique position here at Microsoft because of the quality and diversity of our 8.2 trillion signals we process daily through the Microsoft Intelligent Security Graph.” 

Pierluigi Paganini

(SecurityAffairs – COVID-19, hacking)

The post Crooks continues to use COVID-19 lures, Microsoft warns appeared first on Security Affairs.

NICE Webinar: The Continuity of Learning and Skills Development in Virtual Environments

The video archive will be available here when available. The PowerPoint slides used during this webinar can be downloaded here. Speakers: James R. Stellar Professor of Behavioral Neuroscience, Department of Psychology, University at Albany, SUNY David Lasater Senior Director in Human Resources, Akamai Technologies Synopsis: One of the NICE Strategic Plan values is to Challenge Assumptions: Examine the rationale for past and present education, training, and workforce approaches and apply critical analysis to future solutions. Many organizations are rethinking past practices and seeking to

Secured-core PCs help customers stay ahead of advanced data theft

Researchers at the Eindhoven University of Technology recently revealed information around “Thunderspy,” an attack that relies on leveraging direct memory access (DMA) functionality to compromise devices. An attacker with physical access to a system can use Thunderspy to read and copy data even from systems that have encryption with password protection enabled.

Secured-core PCs provide customers with Windows 10 systems that come configured from OEMs with a set of hardware, firmware, and OS features enabled by default, mitigating Thunderspy and any similar attacks that rely on malicious DMA.

How Thunderspy works

Like any other modern attack, Thunderspy relies on not one but multiple building blocks being chained together. Below is a summary of how Thunderspy can be used to access a system where the attacker does not have the password needed to sign in. A video from the Thunderspy research team showing the attack is available here.

Step 1: A serial peripheral interface (SPI) flash programmer called Bus Pirate is plugged into the SPI flash of the device being attacked. This gives access to the Thunderbolt controller firmware and allows an attacker to copy it over to the attacker’s device

Step 2: The Thunderbolt Controller Firmware Patcher (tcfp), which is developed as part of Thunderspy, is used to disable the security mode enforced in the Thunderbolt firmware copied over using the Bus Pirate device in Step 1

Step 3: The modified insecure Thunderbolt firmware is written back to the SPI flash of the device being attacked

Step 4: A Thunderbolt-based attack device is connected to the device being attacked, leveraging the PCILeech tool to load a kernel module that bypasses the Windows sign-in screen

Diagram showing how the Thunderspy attack works

The result is that an attacker can access a device without knowing the sign-in password for the device. This means that even if a device was powered off or locked by the user, someone that could get physical access to the device in the time it takes to run the Thunderspy process could sign in and exfiltrate data from the system or install malicious software.

Secured-core PC protections

In order to counteract these targeted, modern attacks, Secured-core PCs use a defense-in-depth strategy that leverage features like Windows Defender System Guard and virtualization-based security (VBS) to mitigate risk across multiple areas, delivering comprehensive protection against attacks like Thunderspy.

Mitigating Steps 1 to 4 of the Thunderspy attack with Kernel DMA protection

Secured-core PCs ship with hardware and firmware that support Kernel DMA protection, which is enabled by default in the Windows OS. Kernel DMA protection relies on the Input/Output Memory Management Unit (IOMMU) to block external peripherals from starting and performing DMA unless an authorized user is signed in and the screen is unlocked. Watch this video from the 2019 Microsoft Ignite to see how Windows mitigates DMA attacks.

This means that even if an attacker was able to copy a malicious Thunderbolt firmware to a device, the Kernel DMA protection on a Secured-core PC would prevent any accesses over the Thunderbolt port unless the attacker gains the user’s password in addition to being in physical possession of the device, significantly raising the degree of difficulty for the attacker.

Hardening protection for Step 4 with Hypervisor-protected code integrity (HVCI)

Secured-core PCs ship with hypervisor protected code integrity (HVCI) enabled by default. HVCI utilizes the hypervisor to enable VBS and isolate the code integrity subsystem that verifies that all kernel code in Windows is signed from the normal kernel. In addition to isolating the checks, HVCI also ensures that kernel code cannot be both writable and executable, ensuring that unverified code does not execute.

HVCI helps to ensure that malicious kernel modules like the one used in Step 4 of the Thunderspy attack cannot execute easily as the kernel module would need to be validly signed, not revoked, and not rely on overwriting executable kernel code.

Modern hardware to combat modern threats

A growing portfolio of Secured-core PC devices from the Windows OEM ecosystem are available for customers. They provide a consistent guarantee against modern threats like Thunderspy with the variety of choices that customers expect to choose from when acquiring Windows hardware. You can learn more here: https://www.microsoft.com/en-us/windowsforbusiness/windows10-secured-core-computers

 

Nazmus Sakib

Enterprise and OS Security 

The post Secured-core PCs help customers stay ahead of advanced data theft appeared first on Microsoft Security.

U.S Defense Warns of 3 New Malware Used by North Korean Hackers

Yesterday, on the 3rd anniversary of the infamous global WannaCry ransomware outbreak for which North Korea was blamed, the U.S. government released information about three new malware strains used by state-sponsored North Korean hackers. Called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, the malware variants are capable of remote reconnaissance and exfiltration of sensitive information from

Getting more value from your endpoint security tool #2: Querying Tips for security and IT operations

As far back as I can remember, I have had a fascination with power tools. My father was an auto mechanic and he had a toolbox filled with both hand tools and power tools. As a youngster, I watched him wield them with confidence, knowing exactly which tool to use for the task at hand. I recall thinking “real, professional mechanics use compressed air powered tools”. As I mentioned in my last blog, he always took the time to teach me how to handle them and I realized that power tools offered efficiencies and saved tremendous amounts of manual labor. The adage holds about “working smarter, not harder”. Using a power tool, “Pops” was able to complete tasks quickly and without breaking a sweat.

The same holds true with cybersecurity tools today. With so many tools in our toolboxes and so many threats to combat, we need to drive for efficiencies – reducing the manual labor required to accomplish the goal of securing environments.

As a feature in Cisco’s AMP for Endpoints Advantage, Orbital Advanced Search, our power tool for Threat Hunting. Orbital Advanced Search enables you to search your endpoints for malicious artifacts such as suspicious registry and system file changes. Orbital has an entire section of its Catalog, mapped to the MITRE ATT&CK™ framework, and dedicated to Threat Hunting with descriptions of live and on-demand easy-to-run-queries to get you the information you need, fast.

Whether you plug your tools into air compressors or electrical outlets to be efficient, let the machine do the work, and be safe.

Let’s start with one threat hunting Catalog query that you can run daily.

Threat Hunting LogoYOU WANT TO: Check to see if any Windows logs have been cleared by a suspect user account.

Orbital Catalog Query to run: Windows Events Monitoring – retrieves data from Windows Event Logs including such things as time event received, time event occurred on the host, source of the event: application, security, system, setup, and many more.

WHY IS THIS IMPORTANT: Windows Event Logs can provide great insight into actions taken on a host as part of a breach. Finding those items can be challenging, unless you know what to look for. The Windows Event Monitoring search in Orbital Advanced Search is preconfigured to pull back events specific to Threat Hunting and can be customized with additional Event IDs to push your hunt even further. Queries such as these can power organizations to a more productive, more efficient way of working.

STEPS:

  1. Select the endpoints you wish to query
  2. Search the Catalog for “Windows Event Monitoring”
  3. Click the “+” to copy into your SQL query window
  4. Close the Query Catalog Window
  5. Click the Query button

QUERY RESULT: Each event should have an Account Name and a Domain Name field to identify who took the action logged. If the log is cleared by a suspect user account, you may have a problem and need to continue investigations.

FREQUENCY TO RUN: Daily for specific groups of systems

That’s it! It’s easy to get you started on your first threat hunt using Cisco’s Orbital Advanced Search. Orbital Advanced Search’s Catalog has dozens of pre-built threat hunting queries to streamline your endpoint threat hunting operations, from checking if malware has disabled the task manager to providing a list of listening ports on a host.

If you don’t already have Cisco AMP for Endpoints and are interested in trying Orbital Advanced Search, sign up for our virtual Threat Hunting Workshop, or request a free trial.

Stay tuned, our next blog discusses Incident Investigation and how you can use Orbital Advanced Search to establish a timeline, determine installed programs on a host, if and what types of failed logins occurred, and, lastly, how to assess the damage.

The post Getting more value from your endpoint security tool #2: Querying Tips for security and IT operations appeared first on Cisco Blogs.

Empowering your remote workforce with end-user security awareness

COVID-19 has rapidly transformed how we all work. Organizations need quick and effective user security and awareness training to address the swiftly changing needs of the new normal for many of us. To help our customers deploy user training quickly, easily and effectively, we are announcing the availability of the Microsoft Cybersecurity Awareness Kit, delivered in partnership with Terranova Security. For those of you ready to deploy training right now, access your kit here. For more details, read on.

Work at home may happen on unmanaged and shared devices, over insecure networks, and in unauthorized or non-compliant apps. The new environment has put cybersecurity decision-making in the hands of remote employees. In addition to the rapid dissolution of corporate perimeters, the threat environment is evolving rapidly as malicious actors take advantage of the current situation to mount coronavirus-themed attacks. As security professionals, we can empower our colleagues to protect themselves and their companies. But choosing topics, producing engaging content, and managing delivery can be challenging, sucking up time and resources. Our customers need immediate deployable and context-specific security training.

CYBERSECURITY AWARENESS KIT

At RSA 2020 this year, we announced our partnership with Terranova Security, to deliver integrated phish simulation and user training in Office 365 Advanced Threat Protection later this year. Our partnership combines Microsoft’s leading-edge technology, expansive platform capabilities, and unparalleled threat insights with Terranova Security’s market-leading expertise, human-centric design and pedagogical rigor. Our intelligent solution will turbo-charge the effectiveness of phish simulation and training while simplifying administration and reporting. The solution will create and recommend context-specific and hyper-targeted simulations, enabling you to customize your simulations to mimic real threats seen in different business contexts and train users based on their risk level. It will automate simulation management from end to end, providing robust analytics to inform the next cycle of simulations and enable rich reporting.

Our Cybersecurity Awareness Kit now makes available a subset of this user-training material relevant to COVID-19 scenarios to aid security professionals tasked with training their newly remote workforces. The kit includes videos, interactive courses, posters, and infographics like the one below. You can use these materials to train your remote employees quickly and easily.

Beware of COVID-19 Cyber Scams

For Security Professionals, we have created a simple way to host and deliver the training material within your own environment or direct your users to the Microsoft 365 security portal, where the training are hosted as seen below. All authenticated Microsoft 365 users will be able to access the training on the portal. Admins will see the option to download the kit as well. Follow the simple steps, detailed in the README, to deploy the awareness kits to your remote workforce.

For Security Professionals, we have created a simple way to host and deliver the training material within your own environment or direct your users to the M365 security portal, where the trainings are hosted as seen below. All authenticated M365 users will be able to access the training on the portal. Admins will see the option to download the kit as well. Follow the simple steps, detailed in the README, to deploy the awareness kits to your remote workforce.

ACCESSING THE KIT

All Microsoft 365 customers can access the kit and directions on the Microsoft 365 Security and Compliance Center through this link. If you are not a Microsoft 365 customer or would like to share the training with family and friends who are not employees of your organization, Terranova Security is providing free training material for end-users.

Deploying quick and effective end-user training to empower your remote workforce is one of the ways Microsoft can help customers work productively and securely through COVID-19. For more resources to help you through these times, Microsoft’s Secure Remote Work Page for the latest information.

The post Empowering your remote workforce with end-user security awareness appeared first on Microsoft Security.

Researcher Spots New Malware Claimed to be ‘Tailored for Air‑Gapped Networks’

A cybersecurity researcher at ESET today published an analysis of a new piece of malware, a sample of which they spotted on the Virustotal malware scanning engine and believe the hacker behind it is likely interested in some high-value computers protected behind air‑gapped networks. Dubbed 'Ramsay,' the malware is still under development with two more variants (v2.a and v2.b) spotted in the

New US Electronic Warfare Platform

The Army is developing a new electronic warfare pod capable of being put on drones and on trucks.

...the Silent Crow pod is now the leading contender for the flying flagship of the Army's rebuilt electronic warfare force. Army EW was largely disbanded after the Cold War, except for short-range jammers to shut down remote-controlled roadside bombs. Now it's being urgently rebuilt to counter Russia and China, whose high-tech forces --- unlike Afghan guerrillas -- rely heavily on radio and radar systems, whose transmissions US forces must be able to detect, analyze and disrupt.

It's hard to tell what this thing can do. Possibly a lot, but it's all still in prototype stage.

Historically, cyber operations occurred over landline networks and electronic warfare over radio-frequency (RF) airwaves. The rise of wireless networks has caused the two to blur. The military wants to move away from traditional high-powered jamming, which filled the frequencies the enemy used with blasts of static, to precisely targeted techniques, designed to subtly disrupt the enemy's communications and radar networks without their realizing they're being deceived. There are even reports that "RF-enabled cyber" can transmit computer viruses wirelessly into an enemy network, although Wojnar declined to confirm or deny such sensitive details.

[...]

The pod's digital brain also uses machine-learning algorithms to analyze enemy signals it detects and compute effective countermeasures on the fly, instead of having to return to base and download new data to human analysts. (Insiders call this cognitive electronic warfare). Lockheed also offers larger artificial intelligences to assist post-mission analysis on the ground, Wojnar said. But while an AI small enough to fit inside the pod is necessarily less powerful, it can respond immediately in a way a traditional system never could.

EDITED TO ADD (5/14): Here are two reports on Russian electronic warfare capabilities.

Survey: Nearly Two-Thirds of Orgs Have Experienced COVID-19 Related Attacks

This new world is putting a strain on organizations’ digital security defenses. First, malicious actors are increasingly leveraging coronavirus 2019 (COVID-19) as a theme to target organizations and to prey upon the fears of their employees. Our weekly COVID-19 scam roundups have made this reality clear. Second, organizations are working to mitigate the risks associated […]… Read More

The post Survey: Nearly Two-Thirds of Orgs Have Experienced COVID-19 Related Attacks appeared first on The State of Security.

The Rise of Progressive Web Apps

A Progressive Web App (PWA) represents a special kind of a web page that looks, feels, and functions as a native mobile application. PWAs are accessible via a browser, and they are stored mainly on the company’s servers instead of the user’s phone. Since all users run the same version of the page’s code, no updating on the client’s side is necessary.

The main interest around PWAs stems from their ability to create immediate engagement. PWAs allow businesses to bypass the process of convincing their customers to install an application without losing to native apps in look and functionality.

What are the Benefits of PWAs Compared to Mobile Applications?

To promote a mobile application, companies need to invest sometimes inordinate amounts of time, money, and effort into marketing. Several marketing strategies are needed to attract new customers and to maintain the interest of the existing audience. These processes tend to deplete the brand’s resources. Consequently, web projects of such companies might receive smaller budgets, thus leading to the loss of customers. PWAs simply work better as the first line of interaction, and they require significantly fewer resources to develop.

With that being said, mobile apps are truly essential in many cases. They help connect to customers better, maintain the interest, deliver updates quickly, and supplement the business in a meaningful way, improving customer loyalty. For many businesses, taking the time to work with a mobile application development agency is an incredibly profitable investment.

To assess whether a mobile app or a PWA is likely to work better, consider the product that you are offering. If it can be effectively represented in the browser, a PWA is a way to go. If it’s tailored specifically to be accessed via smartphones (i.e., a running app), a mobile application is a better solution.

Top Reasons Why PWAs are on the Rise

Users Don’t Need to Install Them

Accessibility is the cornerstone of successful customer acquisition and retention. Web-based PWAs remain much closer to users than applications that must be downloaded and installed from an app store. Unlike it is with native apps, a PWA is already there when a person first encounters a brand, and it helps create interest without any action from the customer required.

PWAs load Faster than Native Applications

The loading time standard for a good PWA is less than three seconds. This is the period during which a visitor maintains their interest. PWAs’ shell architecture typically consists of HTML, CSS, and JavaScript, which allow some lightweight elements to be loaded incredibly quickly during the first visit.

PWAs Use Less Storage Space

Some data from PWAs is normally stored on a user’s device, particularly when significant offline functionality is required. However, these applications tend to use less storage than apps that require installation. This is mainly possible because PWAs are stored on the cloud instead of a user’s device.

Some Features Can Work Offline

PWAs can save certain data from previous visits to facilitate offline functioning and user interaction. Although the Internet connection is still required for the best experience, PWAs perform much better than standard mobile versions of websites when they are offline. The scope of this feature is defined by each app’s purpose and design.

Push Notifications are Available

Typical web pages don’t send push notifications to a user’s device, particularly when the user is offline. PWAs, however, have push notifications as one of their distinctive features. It helps connect to customers better, maintain their interest, and improve the engagement rate. The ability to send notifications without requiring people to install an app is one of the most invaluable features of PWAs that businesses can benefit from.

A PWA Can Have an On-Screen Icon

PWAs can generate icons on the user’s home screen when used. This feature allows people to access a particular PWA without typing its URL into a browser. The app still has a limited presence on the customer’s device, but it’s available at the person’s fingertips, significantly improving engagement.

PWAs Can Be Shared via a URL

Mobile applications are not perfectly suited to be shared, even when such an option is present on the app store’s page for this software. When it comes to PWAs, sharing is as simple as sending the link to a friend. Since PWAs are accessible via a URL like normal websites, they are much more likely to be recommended and used by other people through existing customers.

Wrapping Up

Progressive Web Applications exist to fill the gap between isolated native applications and limited mobile versions of web pages. These apps are lightweight, accessible via a browser, and easily shared. For some businesses, PWAs can present a great alternative to costly and bulky mobile applications, particularly when their products are not specifically designed to run on smartphones.

The post The Rise of Progressive Web Apps appeared first on .

A Pentester’s Voyage – The First Few Hours

Jordan Drysdale // Many methodologies have been written, but the first few hours on an internal pentest tell the story of an organization’s security culture. This type of test differs from an assumed compromise or pivot in that the tester walks into the network fully armed. requirements.txt Nmap: https://nmap.org/  Responder: https://github.com/lgandx/Responder  Impacket: https://github.com/SecureAuthCorp/Impacket  CrackMapExec: https://github.com/byt3bl33d3r/CrackMapExec  […]

The post A Pentester’s Voyage – The First Few Hours appeared first on Black Hills Information Security.

Digital identity is coming of age in Canada in 2020

You might remember the 1993 New Yorker cartoon, where a dog at a computer says to another, “On the Internet, no one knows you’re a dog.” Decades later, that problem is about to be solved, according to a digital identity expert. Canada is making great strides forward on digital identity verification, said Franklin Garrigues, VP…

AI and ML in Cybersecurity: Adoption is Rising, but Confusion Remains

Reading Time: ~ 3 min.

If you’ve been working in the technology space for any length of time, you’ve undoubtedly heard about the rising importance of artificial intelligence (AI) and machine learning (ML). But what can these tools really do for you? More specifically, what kinds of benefits do they offer for cybersecurity and business operations?

If you’re not so sure, you’re not alone. As it turns out, although 96% of global IT decision-makers have adopted AI/ML-based cybersecurity tools, nearly 7 in 10 admit they’re not sure what these technologies do.

We surveyed 800 global IT decision-makers across the U.S., U.K., Japan, and Australia/New Zealand about their thoughts on AI and ML in cybersecurity. The report highlighted a number of interesting (and contradictory) findings, all of which indicated a general confusion about these tools and whether or not they make a difference for the businesses who use them. Additionally, nearly 3 out of 4 respondents (74%) agreed that, as long as their protection keeps them safe from cybercriminals, they really don’t care if it uses AI/ML.

Here’s a recap of key findings based on responses from all 4 regions.

  • 91% say they understand and research their security tools, and specifically look for ones that use AI/ML.
  • Yet 68% say that, although their tools claim to use AI/ML, they aren’t sure what that means.
  • 84% think their business has all it needs to successfully stop AI/ML-based cyberattacks.
  • But 86% believe they could be doing more to prevent cyberattacks.
  • 72% say it is very important that cybersecurity advertising mention the use of AI/ML.
  • However, 70% of respondents believe cybersecurity vendors’ marketing is intentionally deceptive about their AI/ML-based services.

AI and ML matter because automation matters

As we’ve all had to adjust to “the new normal”, IT professionals have had to tackle a variety of challenges. Not only have they had to figure out how to support a massive shift to working from home, but they also have to deal with the onslaught of opportunistic online scams and other cyberattacks that have surged amidst the chaos around COVID-19.

With all of us working to adapt to these new working conditions, it’s become clear tools that enable automation and productivity are pretty important. That’s where I want to highlight AI and ML. In addition to how AI/ML-based cybersecurity can drastically accelerate threat detection—and even predict shifts and emerging threat sources—these technologies can also make your workforce more efficient, more effective, and more confident.

While many of our survey respondents weren’t sure if AI/ML benefits their cybersecurity strategy, a solid percentage saw notable improvements in workforce efficiency after implementing these tools. Let’s go over those numbers.

  • 42% reported an increase in worker productivity
  • 39% saw increases in automated tasks
  • 39% felt they had more time for training, learning new skills, and other tasks
  • 38% felt more effective in their jobs
  • 37% reported a decrease in human error

As you can see, the benefits of AI and ML aren’t just hype, and they extend well beyond the cybersecurity gains. Real numbers around productivity, automation, time savings, and efficacy are pretty compelling at the best of times, let alone when we’re dealing with sudden and drastic shifts to the ways we conduct business. That’s why I can’t stress the importance of these technologies enough—not only in your security strategy, but across your entire toolset.

Where to learn more

Ultimately, AI and ML-based tools can help businesses of all sizes become more resilient against cyberattacks—not to mention increase automation and operational efficiencies—but it’s important to understand them better to fully reap the benefits they offer.

While there’s clearly still a lot of confusion about what these tools do, I think we’re going to see a continuation of the upward trend in AI/ML adoption. That’s why it’s important that IT decision-makers have the resources to educate themselves about the best ways to implement these tools, and also look to vendors who have the historical knowledge and expertise in the space to guide them.

“Realistically, we can’t expect to stop sophisticated attacks if more than half of IT decision makers don’t understand AI/ML-based cybersecurity tools. We need to do better. That means more training and more emphasis not only on our tools and their capabilities, but also on our teams’ ability to use them to their best advantage.”

– Hal Lonas, SVP and CTO for SMB and Consumer at OpenText.

For further details about how businesses around the world are using AI and ML, their plans for cybersecurity spending, and use cases, download a copy of the full AI/ML report.

And if you still aren’t sure about AI/ML-based cybersecurity, I encourage you to read our white paper, Demystifying AI in Cybersecurity, to gain a better understanding of the technology, myth vs. reality, and how it benefits the cybersecurity industry.

The post AI and ML in Cybersecurity: Adoption is Rising, but Confusion Remains appeared first on Webroot Blog.

Password security is critical in a remote work environment – see where businesses are putting themselves at risk

Graham Cluley Security News is sponsored this week by the folks at LastPass. Thanks to the great team there for their support! LastPass has analyzed over 47,000 businesses to bring you insights into security behavior worldwide. The takeaway is clear: Many businesses are making significant strides in some areas of password and access security – […]

Patch Tuesday: Microsoft Fixes 111 Vulnerabilities. Some Allow Remote Code Execution and Admin Rights Abuse

The May 2020 Patch Tuesday security updates have recently been released, with 111 patched vulnerabilities related to 12 different Microsoft products, such as Windows, Edge, Visual Studio, and the .NET Framework. The tech giant issued 115 patches in March and 113 in April this year and the May 2020 edition turned out to be the third-largest Patch Tuesday ever seen. This month’s batch did not contain any zero-days.

As always, HeimdalTM Security advises you to apply these patches at your earliest convenience. None of the bugs have been identified as being actively exploited or mentioned until now. Still, if you’re running Windows on your endpoints, it’s high time to get these security flaws patched.

Read on to learn more about the May 2020 Patch Tuesday.

May’s 2020 batch of Microsoft patches, the third-biggest ever released

May is the third month in a row when Microsoft rolled out patches on its operating system and associated software for more than 110 security vulnerabilities. Luckily, there don’t seem to be any zero-day vulnerabilities to be fixed. However, there are certain bugs in Windows that need to be kept in mind and addressed.

At least 16 of the vulnerabilities are marked as “Critical,” indicating they can be abused by cybercriminals to install malware or gain remote control of compromised systems with little to no user intervention.

Significant vulnerabilities to be noted

Below we’ve listed a few instances you should consider.

This month, Microsoft fixed three critical Microsoft Edge vulnerabilities which could enable intruders to execute remote code by tricking users into visiting their specially created website. If abused, these flaws might allow malicious hackers to execute commands with full admin rights on the targeted device. At the same time, a bug in the Color Management Module (ICM32.dll) allows code execution after cybercriminals would have fooled users into accessing infected websites. Also, a remote code execution vulnerability can be noticed in Windows.

  • CVE-2020-1056 | Microsoft Edge Elevation of Privilege Vulnerability

Under this scenario, there is an elevation of privilege risk as Microsoft Edge does not fully implement cross-domain policies, which could enable intruders to access and inject data from one domain into another.

Attackers would have to host a malicious website used to exploit the vulnerability. In any case, though, intruders will have no means to force users to access information that is manipulated by the criminals and they would have to trick people into clicking a link that redirects the victims to the attackers’ website.

An intruder who abuses this flaw successfully can escalate privileges in affected versions of Microsoft Edge. This security update addresses the vulnerability by making sure Microsoft Edge enforces cross-domain policies correctly.

Should attackers convince users to access a malicious link, the attackers’ website “could either spoof content or serve as a pivot to chain an attack with other vulnerabilities in web services”.

This patch fixes a bug by changing how HTTP responses are parsed via Microsoft Edge.

  • CVE-2020-1096 | Microsoft Edge PDF Remote Code Execution Vulnerability

The CVE-2020-1096 vulnerability refers to the way Microsoft Edge handles objects in memory. More precisely, this vulnerability has the potential to corrupt memory, enabling malicious actors to execute arbitrary code on the machine.

Once successfully exploited, the bug would allow attackers to obtain the same user rights as the victim. Should the current user be logged on with full admin rights, the cybercriminal could completely take over the affected endpoint and perform malicious actions.

This kind of attack could be triggered if users are tricked into accessing the attackers’ website, where malicious PDF content would have to be stored.

  • CVE-2020-1117 | Microsoft Color Management Remote Code Execution Vulnerability

This bug is connected to the faulty way in which the Color Management Module (ICM32.dll) handles objects in memory. Users with full admin rights are heavily impacted, since the vulnerability would permit malicious hackers to completely take control of the targeted systems, allowing them to “install programs; view, change, or delete data; or create new accounts with full user rights”.

Similar to the abovementioned attack scenarios leveraged by this Patch Tuesday’s addressed vulnerabilities, in this case, users would also have to be fooled into entering malicious websites belonging to the attackers or opening infected email attachments.

The newly released security update corrects the improper way in which Windows handles objects in memory. An intruder who effectively abused the flaw would able to run arbitrary code with elevated rights on a targeted machine. The attacker who has a domain user account may craft a specially designed request to exploit the bug, enabling Windows to run arbitrary code with elevated permissions.

Did you know that 100% of vulnerabilities in Microsoft browsers and 93% in Windows OS can be mitigated by removing local admin rights?

Our unique privileged access management (PAM) tool, Thor AdminPrivilege™, allows you to efficiently manage admin rights inside your organization. It is the only solution that enables you to both escalate and de-escalate user privileges and the only tool that automatically de-escalates user rights on infected endpoints (when used in tandem with the Enterprise version of Thor Foresight, Thor Vigilance or Thor Premium).

Heimdal Official Logo

System admins waste 30% of their time manually managing user rights or installations.

Thor AdminPrivilege™

is the automatic Privileged Access Management (PAM) solution
which frees up huge chunks of sys-admin time.
  • Automate the elevation of admin rights on request;
  • Approve or reject escalations with one click;
  • Provide a full audit trail into user behavior;
  • Automatically de-escalate on infection;
Try it for FREE today Offer valid only for companies.

Bottom Line

We would also like to remind you that many of the bugs patched in today’s Microsoft patch batch impact Windows 7 operating systems, which no longer receive security updates unless your company has signed up for the Microsoft’s Windows 7 Extended Security Updates (ESU) paid service. If you are still running Windows 7 on any of your devices, HeimdalTM Security advises you to upgrade to Windows 10.

All of our Thor Foresight Enterprise and X-Ploit Resilience customers are always being provisioned in a timely manner with the latest Microsoft patches (both Windows and 3rd party) in a timely manner. Sign up for a free demo to learn how automated patch management can add a powerful layer of defense to your organization.

Heimdal Official Logo

Antivirus is no longer enough to keep an organization’s systems secure.

Thor Foresight Enterprise

Is our next gen proactive shield that stops unknown threats
before they reach your system.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Automatic patches for your software and apps with no interruptions;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today Offer valid only for companies.

The post Patch Tuesday: Microsoft Fixes 111 Vulnerabilities. Some Allow Remote Code Execution and Admin Rights Abuse appeared first on Heimdal Security Blog.