Author Archives: Japonica Jackson

Money Saving Expert Martin Lewis sues Facebook over ‘scam’ adverts

The personal finance expert Martin Lewis is suing Facebook for allowing scammers to use his name and image in fake adverts on the social network. Mr Lewis will lodge an action for defamation against the company today, arguing that as a publisher it is responsible for the false ads. The case is thought to be the first of its kind. The broadcaster said that he had been deeply upset over cases in which people had lost up to £100,000. “It’s so distressing, when all my life I have campaigned against this kind of thing,” Mr Lewis said.

View Full Story


The post Money Saving Expert Martin Lewis sues Facebook over ‘scam’ adverts appeared first on IT SECURITY GURU.

Router security not understood by most

A recent survey of 2,205 regular users has proven once again that most people don’t update router firmware, don’t change default credentials, and don’t generally know how to secure their devices. For the past two-three years, there has been a deluge of news articles and research papers detailing large botnets built by exploiting router vulnerabilities and by hijacking devices still running default login credentials. These are the two main methods exploited by attackers.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post Router security not understood by most appeared first on IT SECURITY GURU.

The digital gold rush: the dark side of cryptocurrency adds to the infosec challenge

As the general public tried to get its head around the concept of cryptocurrency and blockchain at the back-end of 2017, infosecurity professionals were facing one of the universal truths of our industry: whenever there is an innovation in technology or society, those who want to exploit it for illicit gain are never far behind.

In the case of cryptocurrency, its current high profile is legitimising a means of exchange that, until recently, was mostly the preserve of the deep and dark web as the preferred payment method from victims of ransomware attacks. So, while Joe Public began a twenty-first century gold rush to try and make a killing in the fluctuating cryptocurrency markets, the cybercriminal community started putting its own ideas of how to get its hands on the digital gold into action. The result? Cryptojacking looks set to overtake ransomware as the number one motive for cyberattacks in 2018.

Black market dynamics

The reasons for this are not hard to work out. Fundamentally, the majority of cybercriminals are motivated by the prospect of making a quick buck with as little effort as possible. Ransomware, though lucrative does have a couple of drawbacks that have its exponents looking for an easier target:

  • Setting up a cryptocurrency wallet takes time and most companies don’t have one at the point they are attacked. This means the criminal has to wait for payment instead of seeing an instant profit.


  • Using exchanges costs money. Fees vary but if you want to be profitable do you really want to pay exchange fees at all?


  • The fluctuating price of cryptocurrency makes it hard to rely on as a means of payment – attackers constantly have to tweak their files so that the value of the payment remains within the range that victims are likely to pay: a bit too much like hard work.

On top of this, diversification is critical for any business. Like any other venture, cyber criminals want to spread out their sources of income. By seeding cryptojacking malware. They can avoid the hassle and admin of running ransomware campaigns and settle back while unsuspecting victims print money for them.

High profile victims bring the issue to the fore

Injecting malware into websites is still depressingly easy to do, and the growing scale of the problem hit the headlines earlier this year when 4,000 sites were infected with a cryptojacking bug designed to mine the currency Monero. The Coinhive cryptominer was injected into the sites via a compromised plugin that was designed to assist site accessibility; in this case it allowed cybercriminals to access a bunch of Monero. There were red faces at the UK Information Commissioner’s Office, among many other government agencies, as they shut their sites down to deal with the problem and tighten security.

An interesting point about this attack was that the perpetrators only aimed to hijack around 60% of the site visitors’ CPU power, causing a slowdown but not the kind of total shutdown that would immediately bring the attack to everyone’s attention. Already, attackers are showing the kind of evasion and innovation that we associate with a tactic that is here to stay. I expect to see strategies becoming more sophisticated as time goes on, making life difficult for infosec professionals tasked with protecting the ever-growing number of endpoints under their jurisdiction.

Blurred lines – cryptomining for good causes

Of course, mining cryptocurrency is perfectly legitimate when done openly, and it can even be harnessed for good. How about instead of seeing adverts when you visit your favourite website, your computer is used to mine cryptocurrency while you browse? No more irritating ads, but the site owner still makes money. The site could even decide to mine currency to donate to a charity for users who opt in. While this is perfectly legitimate and even praiseworthy, it presents a headache for infosec professionals trying to put protocols in place to protect systems. What do you allow and what do you block?

Preventing your endpoints from joining the cryptomine workforce

For infosec professionals, this latest scourge is yet more evidence of the importance of protecting endpoints, especially as we’re seeing cryptojacking starting to morph from misdirection of processing power towards actual malware installation on compromised systems. Vulnerable endpoints are susceptible to infiltration and, once an attacker can execute a piece of code on an organisation’s endpoint, it can do all kinds of damage. Just as with ransomware, we saw an evolving into credential theft and lateral movement, so we should expect the same from malicious crypto-software.

Protecting against cryptojacking and related malware requires the same measures that any strong endpoint security programme should have because attackers are generally using the familiar tactics we’re used to defending against.

So, we’re looking for great cyber hygiene in the form of patching; reducing the attack surface with technology such as application whitelisting; tuned next-generation antivirus (NGAV); and good content filtering and control of admin accounts. Organisations can control browser settings in their environment and use those settings to help thwart these types of attacks. You should also pay close attention to an increase in the number of tickets or user complaints related to system slowness that could indicate cryptomining in progress.

Rapid detection and response remain the key to robust network defence. Employing a threat hunting tool, such as Carbon Black’s Cb Response, lets you go further and proactively search for anomalies that flag malicious activity.

Cryptojacking and cryptomining malware are the latest new kids on the block designed to exercise the ingenuity of cybercriminals and those of us who make it our business to stop them. Effectively, it’s just yet another reason threat actors are trying to get control of your endpoints except this time, instead of stealing your data, they’re after processing power to mine cryptocurrency. The battle continues for mastery over the endpoint and deploying sound strategies to defend against attacks will keep us busy for the foreseeable future.

The post The digital gold rush: the dark side of cryptocurrency adds to the infosec challenge appeared first on IT SECURITY GURU.

AWS server found unprotected exposing data on 48 million people

LocalBlox, a company that scrapes data from public web profiles, has left the details of over 48 million users on a publicly accessible Amazon Web Services (AWS) S3 bucket.

View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post AWS server found unprotected exposing data on 48 million people appeared first on IT SECURITY GURU.

Watch out users of Ad Blockers, there could be malware!

As if trying to navigate your online privacy wasn’t complicated enough, it turns out the adblocker you installed on your browser may actually be malware. Andrey Meshkov, the cofounder of ad-blocker AdGuard, recently got curious about the number of knock-off ad blocking extensions available for Google’s popular browser Chrome.

View Full Story


The post Watch out users of Ad Blockers, there could be malware! appeared first on IT SECURITY GURU.

With less than 50 days to the General Data Protection Regulation (GDPR) deadline, are you ready for the change?

It is virtually impossible to open a magazine or newspaper recently without reading something about GDPR but with little over a month until the introduction of the regulation on 25th May 2018, it seems few British people and businesses are prepared for its implications.

Despite the new regulations being announced two years ago, there still appears to be a great deal of mystery surrounding GDPR for most British people. The noise surrounding the regulation is often negative with a great deal of scaremongering surrounding heavy fines to business for data breaches and little said about the effect GDPR will have on real people – the data subjects.

To the average consumer, GDPR appears overwhelmingly complex and difficult to understand but this doesn’t have to be the case. In fact, what most people don’t yet seem to appreciate is that the new regulation offers an opportunity to individuals to own their details giving them the ability to control and even revoke consents for sharing and storing their personal data. In an increasingly data driven digital world, the requirement to share our personal information is often a daily activity and the general public are becoming much more familiar with requests for their details.

A 2017 survey conducted by market research company, YouGov highlighted that the majority of British people still don’t understand what GDPR is and how it will affect them personally. The survey revealed that while two in five people said they had seen or heard something in the media about a new data protection regulation, almost three quarters (72 percent) hadn’t actually heard of the regulation itself.  A more recent survey conducted by Kantar earlier this year found that just 35% of those polled had heard of GDPR and had little understanding of the regulation. Even as the deadline approaches, it seems the British public remain uniformed.

News stories of data breaches in the UK and around the world make headlines highlighting the risks when personal data falls into the wrong hands but most people seem unaware that GDPR should help in avoiding some of these issues. Just a few weeks ago, data analytics firm, Cambridge Analytica found itself at the centre of a dispute with Facebook over the use of personal data and whether this activity impacted the outcome of the UK Brexit referendum or the US 2016 presidential election. According to data and research website, eMarketer, around 34 Million people in the UK are currently Facebook users so news of misuse of personal data on this social media giant will obviously unsettle a large proportion of the population and raise awareness of the implications of oversharing personal information.

It seems that the British public often provide an uninformed market to those organisations that retrieve and hold personal data. The new rules under GDPR, offer a real opportunity to consumers to control their own personal information making it incredibly important for people to understand their rights. It is important not only for individuals to educate themselves on the new regulation, but for businesses and service providers to ensure they have the robust processes in place to simplify the consent process for consumers. The new regulation empowers individuals to own their personal information ensuring that data is not processed prior to consent being given. UK businesses not only need to ensure they have policies and procedures in place to adhere to GDPR, but must also ensure all staff who deal with consumers personal information are thoroughly trained on its impact and on the rights of the individual.

Firstly, people should understand that the term ‘personal data’ can refer to anything that identifies an individual including photographs, name and date of birth, home address, dependents, racial or ethnic origin, religious belief, health conditions, gender etc. Many organisations hold vast quantities of outdated, inaccurate information in databases and hard copy filing systems and the individuals concerned often aren’t even aware that the data being held still exists. Under the new regulation, organisations are permitted to hold historical data however GDPR introduces the much talked about ‘right to be forgotten’ which enables data subjects the right to request an organisation delete all information held about them if it is no longer relevant.

Whilst placing greater focus on the data subject, GDPR also offers businesses the opportunity to clear a backlog of unnecessary information and provide a better, trusting and more secure service to their clients and customers. Under GDPR, data subject consent must be explicit and permissions must be easily understood with the minimum use of jargon. The regulation will simplify the process and empower individuals to control their own personal data whilst also making organisations who deal with personal information more accountable for its security. There is no doubt the introduction of the regulation will present a challenge but overall GDPR represents a very positive change for us all.

The post With less than 50 days to the General Data Protection Regulation (GDPR) deadline, are you ready for the change? appeared first on IT SECURITY GURU.

Employees responsible for 35% of ICO data security incidents since 2015

New analysis has found that over the last three years, 35% of all major data breaches were caused by negligent or malicious employees, costing the UK-based organisations involved almost £500,000 in fines from the Information Commissioner’s Office (ICO).

This study, carried out by global security software company Avecto, looked at all the breaches between August 2015 and January 2018, where the ICO issued fines for ‘failing to take appropriate technical and organisational measures against the unauthorised processing of personal data’.

Examples of data breaches directly caused by insiders at the organisations involved include negligent staff members sending emails containing personal data to the wrong people, as well as employee laptops being lost or stolen when taken out of the office. Another data breach which highlighted failed processes and resulted in a fine of £180,000 occurred when a server that was meant to be locked in a secure cupboard and contained a significant amount of sensitive information, was stolen.

In another instance, a malicious insider was able to access a data server room and steal information from a device, including 59,592 customer names, addresses, bank account and sort code numbers.

Andrew Avanessian, Chief Operating Officer at Avecto, said: “Strict company processes and staff training can’t be relied upon when it comes to safeguarding company devices and protecting sensitive data. Although both are important elements of a security strategy, people will make mistakes and can be easily duped into initiating malicious activity, meaning that employees are always going to be the weakest link.

“Organisations need to start by having the right technology in place to provide a solid security foundation that protects their data and their employees. For example, limiting administrative privileges is one simple way for organisations to massively reduce the threat so that all users have only the access they need to perform their job roles. Limiting unknown and therefore unauthorised applications from running ensures that employees are not subjected to drive by attacks. It is also crucially important to ensure employees have the freedom to get on with their jobs without limiting productivity.

“The analysis highlights a clear need for a defence-in-depth approach to security and a focus on having both the technological and operational processes in place to prevent data breaches.”

The post Employees responsible for 35% of ICO data security incidents since 2015 appeared first on IT SECURITY GURU.

DHS Funds Tech to Root Out Malware in Government Mobile Apps

Federal agencies have built hundreds of mobile apps during the past decade, ranging from useful to educational to um, this. Many of those apps weren’t built with security in mind, however, and even apps that were built securely half a decade ago may now be riddled with unpatched vulnerabilities if no one’s been actively maintaining them. That means there’s a real danger that an app the government built to serve the public could now be serving up malware that will compromise users’ personal information.

View full story


The post DHS Funds Tech to Root Out Malware in Government Mobile Apps appeared first on IT SECURITY GURU.

Google And Apple Absent From Cybersecurity Tech Accord That Facebook And Microsoft Signed

The Cybersecurity Tech Accord is a “watershed agreement” signed by 34 tech companies: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro, and VMware.

View full story


The post Google And Apple Absent From Cybersecurity Tech Accord That Facebook And Microsoft Signed appeared first on IT SECURITY GURU.

Why G Suite admins should enable Gmail’s advanced anti-phishing and malware settings

In March 2018, Google added optional G Suite Gmail safety settings that affect how the system handles potentially problematic attachments, links, and external images, as well as how it processes unauthenticated or spoofed messages. Google always guards against malware in messages, however these settings offer additional protection.

View full story


The post Why G Suite admins should enable Gmail’s advanced anti-phishing and malware settings appeared first on IT SECURITY GURU.

Tens of thousands of Facebook accounts compromised in days by malware

Criminals have compromised tens of thousands of Facebook accounts in the past few days using malware that masquerades as a paint program for relieving stress.  “Relieve Stress Paint” is available through a domain that uses Unicode representation to show up as on search engines and in emails, researchers from security firm Radware said in a post published Wednesday morning. (This query showed the trojan was also available on a domain that was designed to appear as The researchers suspect the malware is being promoted in spam emails.

View full story


The post Tens of thousands of Facebook accounts compromised in days by malware appeared first on IT SECURITY GURU.

TaskRabbit is Back Online After Suspected Data Breach With Plans to Bolster Security

TaskRabbit, the handyman-for-hire app, is back online after being intentionally taken down on Monday following an apparent data breach. “While our investigation is ongoing, preliminary evidence shows that an unauthorized user gained access to our systems,” the company said. “As a result, certain personally identifiable information may have been compromised.”

View full story


The post TaskRabbit is Back Online After Suspected Data Breach With Plans to Bolster Security appeared first on IT SECURITY GURU.

Malware infecting 50,000 Minecraft accounts (and possibly more)

Minecraft, the immensely popular world-building game with more than 74 million players, has a malware problem. Users who download skins for their avatars, from the official Minecraft website, are unwittingly allowing malicious code onto their computers.
Currently, nearly 50,000 Minecraft accounts are known to be infected with the malware which is designed to reformat a person’s hard drive and delete backup data and system programs.

View Full Story


The post Malware infecting 50,000 Minecraft accounts (and possibly more) appeared first on IT SECURITY GURU.

Major tech corporations sign Cybersecurity agreement

Dozens of major technology companies including Microsoft, Facebook, Cisco, and SAP have signed onto a pledge to protect their users around the globe against cybersecurity threats and to abstain from helping any government launch a cyber attack.

View Full Story


The post Major tech corporations sign Cybersecurity agreement appeared first on IT SECURITY GURU.

Commonwealth to be more cyber secured

The UK Prime Minister will today announce up to £15 million to help Commonwealth countries strengthen their cyber security capabilities and help to tackle criminal groups and hostile state actors who pose a global threat to security, including in the UK.
View Full Story


The post Commonwealth to be more cyber secured appeared first on IT SECURITY GURU.

TaskRabbit has been hacked

TaskRabbit, the mobile marketplace that matches freelance labor with local demand, has apparently been hacked. Both the company’s website and app were down at time of writing and notifications had been sent out to users warning of a security issue.
View Full Story


The post TaskRabbit has been hacked appeared first on IT SECURITY GURU.

Russia to blame for global cyber attack

The United States and Britain on Monday accused Russia of launching cyber attacks on computer routers, firewalls and other networking equipment used by government agencies, businesses and critical infrastructure operators around the globe.

View Full Story


The post Russia to blame for global cyber attack appeared first on IT SECURITY GURU.

RAT Gone Rogue: Meet ARS VBS Loader

Malicious VBScript has long been a fixture of spam and phishing campaigns, but until recently its functionality has been limited to downloading malware from an attacker-controlled server and executing it on a compromised computer.


Researchers at Flashpoint have seen and analysed a unique departure from this norm in ARS VBS Loader, a spin-off of a popular downloader called SafeLoader VBS that was sold and eventually leaked in 2015 on Russian crimeware forums.


ARS VBS Loader not only downloads and executes malicious code, but also includes a command and control application written in PHP that allows a botmaster to issue commands to a victim’s machine. This behaviour likens ARS VBS Loader to a remote access Trojan (RAT), giving it behaviour and capabilities rarely seen in malicious “loaders”, i.e. initial infection vector malware families used to install subsequent payloads.


The new loader has been spammed out in email attachments enticing victims with lures in subject lines related to personal banking, package shipments, and toll road notifications. Should a victim interact with the attachment and launch it, analysts say numerous types of commodity malware could be installed, including the AZORult information-stealing malware. AZORult was also used in campaigns targeting more than 1,000 Magento admin panels; in those attacks, the malware was used to scrape payment card information from sites running the popular free and open source ecommerce platform.


ARS VBS Loader targets only Windows machines and supports Windows 10, according to posts to a Russian-speaking forum going back to December. Previously, another loader called FUD ASPC Loader, first advertised in May 2017, contained similar functionality but not Windows 10 support.


The loader is also likely to side-step detection by signature-based antivirus and intrusion detection systems because of the relative ease in which attackers can obfuscate VBScript, Flashpoint analysts said. Obfuscation through a variety of means allows attackers to hide malware; if the malware is obfuscated with encryption or packing, it’s exponentially more difficult for antivirus to sniff out malicious code, for example.


Once the ARS VBS Loader executes on a victim’s computer, it immediately creates a number of entries in nearly a dozen autorun locations, including registry, scheduled tasks, and the startup folder, ensuring persistence through reboots. ARS VBS Loader will connect to the attacker’s server, sending it system information such as the operating system version name, computer user name, RAM, processor and graphics card information, a randomly generated ID for infection tracking, and machine architecture information.


The botmaster, meanwhile, can remotely administer commands to bots through the PHP command-and-control application. Communication with the command-and-control server is carried out in plaintext over HTTP, making it easy to spot, Flashpoint analysts said.


The malicious code that runs on the victim’s machine is written entirely in VBScript and contains functionality for updating and deleting itself, and deploying plugins such as a credentials stealer, or launching application-layer denial-of-service (DoS) attacks against websites, and loading additional malware from external websites.


The most common command spotted by analysts is download, which instructs bots to download and execute malware from a supplied URL. There is also the plugin command where plugins that steal passwords or capture desktop screenshots can be pushed to compromised computers.


The DDoS command is also noteworthy because it’s a unique capability; analysts said they have not seen this command used in the wild. The command tells bots to send a specified amount of HTTP POST requests to a particular URL. Since this is a simple application layer flooding attack, it is currently unknown how successful this attack would be against targets in the wild, analysts said, adding that it would be easy to spot such traffic because the same hardcoded POST values are sent in the HTTP flood.


Analysts caution that users should be vigilant about not opening email attachments from unknown sources, and that it’s likely ARS VBS Loader will continue to be an effective initial infection vector for spam campaigns.

The post RAT Gone Rogue: Meet ARS VBS Loader appeared first on IT SECURITY GURU.

Data visibility: the antidote to Snake-bites

By Matthias Maier, Security Evangelist, Splunk

It’s usually wrong to judge people by their names, but an organisation that calls itself “Snake” probably isn’t up to much good.

Citing unidentified security sources, DPA reported that Snake is the group suspected of carrying out a sophisticated and successful attack on the government’s computer network. As always, it’s difficult to be completely certain who exactly is behind a well-executed cyberattack, but this is believed to be connected with Russian intelligence, which has targeted government organisations in Ukraine, Europe and the US for most of the last decade.

What does this new attack tell us, other than confirming Russian hackers’ penchant for infantile names? The most important lesson is that no organisation is safe from a well-resourced and determined adversary – not even the government of one of the most developed nations on earth. If the German Interior ministry can’t protect themselves from hackers like Snake, then what?

Acknowledging the inevitability of a successful breach is the first step towards forming an effective response to cyberattacks. In the long run, what matters is how prepared an organisation is to detect, analyse and respond to an attack, when prevention techniques have failed.

Snakes and foxes

While it might help to give its operatives a sense of malevolent derring-do, “Snake” is a poor choice of name for a hacking collective. In most cases, serpents only attack when threatened – and only as a last resort. A more appropriate animal would be a fox, which returns again and again to a well-protected chicken coop, sniffing for weaknesses and probing the chicken wire for holes that it can creep through.

Foxes are both cunning and persistent, and practically impossible to guard against. What we must do is to study each successful intrusion, and learn how we can improve our defences, minimalise loss and in some cases, stop them at source.

What, then, can other organisations (and, indeed, the German government) learn from attacks like these?

Outfoxing the hackers

Organisations that find themselves in a similar position to the German government should immediately begin an investigation to find out how the attacker entered the network, where the weak point was, what systems or data was accessed, and how far the malware has spread.

This is no easy task – Snake’s attack is reported to have occurred in December, and it is still being investigated. This task is only possible if the organisation has collected and stored all log data from its entire digital ecosystem to put these pieces of the puzzle together – ideally in a centralised platform where it can be searched and analysed quickly by multiple stakeholders.

Clearly, having easy access to this information is crucial to understand what went wrong, what the damage was and fix the vulnerabilities that you uncover. But there are other important reasons for organisations to have a holistic view of their digital infrastructure and data. One of the most-neglected factors in a breach is the organisation’s communications strategy, and this depends on having as much accurate information to hand as soon as the organisation makes the hack public.

If an enterprise release erroneous or inaccurate information, it compounds the problems caused by the initial attack, making the organisation look incompetent. If, however, it takes too long to gather, verify and release information, organisations create a news vacuum that leads to speculation, which only leads to greater mistrust and loss of confidence. This, in fact, is one of the key goals of groups like Snake – to delegitimise national institutions such as governments, to spread fear, doubt and distrust, and so to undermine the very fabric of a nation’s democracy.

The attack on the German government provided us with other lessons, too. For example, their response showed the importance of developing collective security intelligence, where organisations share information with each other about potential attacks and threats. In this instance, the page first hacked belonged to an eLearning website. The attackers used this to gain access to the government digital ecosystem.

Organisations cannot face these threats alone, but rather cultivate a connected security network with their partners, which includes facilities to communicate on new threats as soon as they appear. This ecosystem will also be crucial in pulling together the historic data required (often stretching back years) for understanding a breach, where information on past interactions with other organisations can be so helpful in understanding how the attack developed.

Above all, any organisation that has suffered a breach is to use the experience as an opportunity. Of course, they should focus their immediate efforts on identifying, isolating and removing the intruder – but they should also learn from the attack. By having full oversight of their historic and real-time data, organisations can much better understand how the fox (or, if you like, the snake) has slipped through the wire, and so learn how to fix the fence more securely against future attacks.

The post Data visibility: the antidote to Snake-bites appeared first on IT SECURITY GURU.

New malware strikes panic among B’luru bank customers

The bankers in Bengaluru claimed to have discovered a new malware that helps the hackers siphon off money from a number of bank accounts forcing the southern city policemen to probe a number of complaints they received from the affected account holders. The policemen probing the cyber crime initially talk of MazarBot, a malware, used to sent some SMS to the bank account holders’ smart phones which provides the hackers with the banking details of the accountholders. These include the One Time Passwords and PIN required for banking transactions through net and Mobile phones apart from images, call details and messages. The hackers are believed to have been targetting those whose banking details are in their possession since they were trapped by the notorious malware which sent them SMS link to be downloaded without sensing any consequences thereof. As a result, the hackers had an easy access to the account holders’ details in their devices, be it Mobile phone, personal computer or laptop.

View full story


The post New malware strikes panic among B’luru bank customers appeared first on IT SECURITY GURU.

NHS Digital execs showed ‘little regard’ for patient ethics by signing data deal

MPs have voiced “serious concerns” about NHS Digital’s leadership, claiming execs paid “little regard” to the ethics of sharing patient details for immigration enforcement and are too close to government. Members of the House of Commons Health Committee slammed the body – which provides IT and data services for the NHS – for signing a data-sharing agreement with the Home Office. The government, meanwhile, was blasted for taking a stance on health data confidentiality that is at odds with the NHS’s own code – and warned it would open the door to other departments seeking patient addresses.

View full story


The post NHS Digital execs showed ‘little regard’ for patient ethics by signing data deal appeared first on IT SECURITY GURU.

Thousands of Android Apps are Tracking Kids Without Parental Consent

The Google Play Store might be full of apps and games that are tracking children without the express permission from the parent, and Google doesn’t seem to be doing much about it. Following Facebook’s data leaking scandal with Cambridge Analitica, a lot of people have turned their attention to other social networks that might be doing the same thing. It turns out that we ought to be looking towards mobile apps as well, at least on Android, as a newly released study revealed. It’s one thing to track adults on Facebook or through other means, but tracking children it feels even more despicable. And they companies doing this actively have a very good reason for it, and it’s usually all about making money.

View full story


The post Thousands of Android Apps are Tracking Kids Without Parental Consent appeared first on IT SECURITY GURU.

Lords: UK Could be World Leader in “Ethical” AI

The UK could be a world-leader in artificial intelligence (AI) if it puts ethics first, according to a new House of Lords report — with experts claiming the technology could also help combat cybersecurity challenges. The Lords select committee’s reportAI in the UK: ready, willing and able?, argued that by taking a proactive role in the development of the new technology, the UK could boost its economy and help to mitigate any associated risks and “misuse.” The committee recommended AI tech be developed on five principles. It said it should be designed “for the common good and benefit of humanity” and that “the autonomous power to hurt, destroy or deceive human beings should never be vested in artificial intelligence.”

View full story

ORIGINAL SOURCE: Infosecurity Magazine

The post Lords: UK Could be World Leader in “Ethical” AI appeared first on IT SECURITY GURU.

Windows Servers Targeted for Cryptocurrency Mining via IIS Flaw

Hackers are leveraging an IIS 6.0 vulnerability to take over Windows servers and install a malware strain that mines the Electroneum cryptocurrency. Attacks aren’t widespread, as they target a quite old IIS version, but they are happening at scale. Hackers are using CVE–2017–7269 to take over servers. This is a vulnerability discovered by two Chinese researchers in March 2017 that affects IIS’ WebDAV service. At the time it was discovered last year, the flaw was a zero-day, being under heavy exploitation for almost nine months, since June 2016.

View full story

ORIGINAL SOURCE: Bleeping Computer

The post Windows Servers Targeted for Cryptocurrency Mining via IIS Flaw appeared first on IT SECURITY GURU.

Nation State attacks 500% slower to evict from networks and can remain undetected for years

Cybersecurity specialist Secureworks is today releasing its Incident Response Insights Report.

The global report which pulls from real-world incidents unearths some surprising truths of the cybersecurity landscape; including the most targeted industries and preferred hacking tools used by cybercriminals. The report also hones in on the increasing complexity of nation state attacks.

Let me know if you’d like to speak to the authors of the report, Senior Security Researcher, Mike McLellan and/or Senior Security Researcher, Matthew Webster, who will be able to provide unique insight into the cybercriminal landscape and report findings.


Main research findings


  • The top three industries most impacted by targeted cyber threats were manufacturing, technology, and government
  • The average time it took to evict nation state attacks was 500% greater than the time to evict non-targeted threats, due to the often entrenched nature of adversaries plus the necessity to fully understand the extent of the threat actor’s capability and access
  • On average, these targeted cyber threats remained undetected in an organisation’s IT networks for 380 days. In fact, Incident responders frequently encountered threat actors that had access to compromised environments for months, sometimes even years
  • Phishing continues to be a hackers’ favorite method for gaining access into organisations. 40% of the incidents Secureworks conducted began with a phishing email
  • Financially-motivated criminal activity far outweighs government-sponsored threat actors and insider threats, with 83% of attacks being financially motivated
  • Compared to North America and the APJ region, organisations within EMEA adopted a far more reactive security approach to cyber threats rather than proactive
  • When a threat actor becomes aware of an eviction attempt, it can quickly become a complex game of ‘cat and mouse’ with threat actors aiming to avoid the attention of the respond


Secureworks Incident Response

Secureworks Incident Responders log 250 billion events every day, and help hundreds of organisations navigate through complex and high-risk incidents. This report shares best practices and valuable lessons learned over the past year from real-world incidents, and unearths the risks, remedies, and best practices for defending against cyber threats.

The post Nation State attacks 500% slower to evict from networks and can remain undetected for years appeared first on IT SECURITY GURU.

Black Report Bites at ‘Candy Bar’ Security

Hackers can break into the vast majority of targets in less than 15 hours, using freely available open source tools and exploit packs. Nearly half can then exfiltrate high value data in less than an hour, according to 2018’s “Black Report” from Australian security software specialists Nuix – whether they’re using third party access or the aircon as an attack vector.

View full story


The post Black Report Bites at ‘Candy Bar’ Security appeared first on IT SECURITY GURU.

Data exfiltrators send info over PCs’ power supply cables

If you want your computer to be really secure, disconnect its power cable. So says Mordechai Guri and his team of side-channel sleuths at the Ben-Gurion University of the Negev. The crew have penned a paper titled PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines that explains how attackers could install malware that regulates CPU utilisation and creates fluctuations in the current flow that could modulate and encode data. The variations would be “propagated through the power lines” to the outside world.

View full story


The post Data exfiltrators send info over PCs’ power supply cables appeared first on IT SECURITY GURU.

New authentication standards aim to make the web more secure

A pair of authentication standards published this week have received endorsement from Mozilla, Microsoft and Google: the WebAuthn API, and the FIDO Alliance’s Client-to-Authenticator Protocol. The aim of WebAuthn and CTAP is to offer an authentication primitive that doesn’t rely on server-stored passwords, since a user’s fingerprint or even their unlock pattern is safer for both user and Web site owner.

View Full Story


The post New authentication standards aim to make the web more secure appeared first on IT SECURITY GURU.

UK Govt clamping down on Dark Web crime

The National Cyber Security Centre’s CYBERUK conference in Manchester will be the backdrop for the launch of a £9m fund to increase cyber capabilities and tackle organised crime online, focusing on those who use anonymous and hidden online services for illegal activities such as hacking, people trafficking, selling weapons and drug dealing.

View Full Story


The post UK Govt clamping down on Dark Web crime appeared first on IT SECURITY GURU.

Facebook warned of Russian hacking back in 2016

Facebook detected Russian government hackers targeting the Facebook accounts of campaign officials before the 2016 presidential election, Mark Zuckerberg revealed during a congressional hearing on Tuesday.

View Full Story


The post Facebook warned of Russian hacking back in 2016 appeared first on IT SECURITY GURU.

YouTube videos hacked

A number of high-profile music videos disappeared from YouTube and had their titles and hold images defaced, after the video streaming website was targeted by hackers. This includes the most viewed video of all time ‘Despacito’ by Luis Fonsi and Daddy Yankee.

View Full Story


The post YouTube videos hacked appeared first on IT SECURITY GURU.

Bitdefender survey shows Right Size EDR, not SOC needed to address Security Flaws

Bitdefender, a leading global cybersecurity technology company protecting 500 million users worldwide, today announced the results of its latest survey, showing that more than half of CISOs worldwide (65 percent UK) are worried about a global skills shortage. Sixty-nine percent of respondents around the globe also reported that their team is under resourced, with more than half of respondents in all markets but Italy reporting that their IT security team is too small. Seventy-two percent of information security professionals admitted that their IT team experienced agent and alert fatigue, and 33 percent of UK respondents said their budget could not accommodate infrastructure expansion.


The Bitdefender survey explores CISOs’ needs in the prevention-detection-response-investigation era and reveals how the lack of visibility, speed, and personnel affects the development of stronger security practices in companies with both over-burdened and under-resourced IT teams. The survey polled 1,050 people responsible for purchasing IT security within companies in the US and Europe.


Half of the CISOs surveyed worldwide admitted their company was breached in the past year, but one sixth of those respondents don’t know how the breach occurred. Fifty-seven percent of UK respondents had experienced an advanced attack or malware outbreak. One quarter of all respondents expect this issue to continue, and think their company is likely to face an ongoing security breach without them knowing it. Using existing security tools, UK CISOs believe 63 percent of advanced attacks can be prevented, detected, and isolated, but anticipate it would take three weeks to detect any such attack.


With the global cost of cybersecurity breaches expected to reach $6 trillion by 2021, analysts have seen companies’ security spending start migrating from prevention-only approaches to focus more on detection and response. Gartner expects that spending on enhancing endpoint detection and response (EDR) capabilities will become a key priority for security buyers through 2020.


Better tools needed for rapid detection and response

CISOs agree that prevention is faulty, but investigation is a burden. EDR capabilities can provide improved detection and response approaches to prolific security incidents, and using automation can help to address the global shortage of cybersecurity professionals. Specifically, EDR tools best fit resource-strapped businesses with lean IT teams that operate without a Security Operation Center (SOC). However, half of IT executives worldwide said that managing EDR tools is difficult or very difficult. In both the US and UK, 49 percent of all endpoint alerts triggered by monitoring and response techniques turned out to be false alarms. Sixty-nine percent of UK respondents in companies with no SOC said speed to investigate suspicious activities is one of their toughest challenges. Spotting an ongoing breach also means fighting alert fatigue caused by noisy traditional security solutions. It’s a race against time when filtering security alerts, which can be especially difficult if the organization is understaffed and overburdened. 38% of UK respondents, and one third of respondents across all markets, said that lack of proper security tools is the main obstacle that prevents rapid detection and response during a cyberattack.


Time is of the Essence

On average, 82 percent of security professionals in Europe and the US say that reaction time is a key differentiator in mitigating cyberattacks. CISOs attest that time is of the essence when isolating the incident to prevent spreading (68 percent), identifying how the breach occurs (55 percent), and evaluating losses and the impact of the breach (51 percent). CISOs agree that delayed response to a cyber incident can also make it harder to accurately identify the initial time of attack and assess the timeframe (30 percent), understand the motivation for the cyberattack (19 percent), or improve the incident response plan for future attempts (17 percent).


“Today’s resource- and skill-constrained IT security teams need an endpoint detection and response (EDR) approach that allows for less human intervention and a higher level of fidelity in incident investigations,” Bitdefender’s VP of Enterprise Solutions Harish Agastya said. “EDR for everyone can be achieved through a funnel-based approach of prevention-detection-investigation-response, leaving the EDR layer to focus on threats further down the funnel in the unknown or potential threat category, and IT teams to focus solely on the alerts and tasks that are truly significant.”


Bitdefender security specialists strongly advise enterprise CISOs consider: the importance and value of an integrated prevent-detect-investigate-respond-evolve approach to endpoint security.


  • Prevent: block all known bad and a high percentage of unknown bad automatically at pre-execution and on-execution layers without needing manual intervention
  • Detect: Gain visibility into suspicious events that could lead to an attack early by built-in intelligence from threat protection engines and analysis of a stream of behavioral events from an endpoint event recorder
  • Investigate: aided by root cause and contextually relevant information on the class of threat that is detected (via the built-in intelligence), the reason of detection (via threat analytics), and ultimate verdict (via an integrated sandbox)
  • Respond: via intuitive incident response interface that enables remedial actions immediately and widely across the enterprise without needing deep expertise
  • Evolve: enables the feedback loop from current detection to future prevention via in-place policy tuning and fortification

The post Bitdefender survey shows Right Size EDR, not SOC needed to address Security Flaws appeared first on IT SECURITY GURU.

Patch Tuesday Commentary, Chris Goettl, Director of Product Management, Security at Ivanti

Microsoft has released updates today including 65 vulnerability fixes.  While there are no Zero Day exploits in the April patch release, there were a couple of Zero Days identified between March and April Patch Tuesdays, which we will mention in a moment.  There is one public disclosure this month in SharePoint Server. The challenging aspect of this month is that there are enough critical vulnerabilities in the Operating System, browser updates, and in Office that all three should be prioritized.

While the CVE-2018-1038 vulnerability was identified between March and April Patch Tuesday’s, it should be a top priority for anyone who has Windows 7 for x64-based Systems or Windows Server 2008 R2 for x64-based Systems. If you have installed any of the servicing updates released during or after January 2018, you need to install 4100480 immediately to be protected from this Elevation of Privilege vulnerability.

Microsoft also released an update to the Malware Protection Engine that resolved a remote code execution vulnerability that was identified. The fix for this is simply to update to the latest definitions. For the majority of environments using Microsoft’s Malware Protection Engine, this would have happened automatically. In the article, they identify the minimum definition version needed to resolve this issue, which is Version 1.1.14700.5.

There are multiple critical vulnerabilities in the Windows Operating System, Internet Explorer and Edge browsers, and on Office this month.  There are a few critical kernel vulnerabilities resolved, several Microsoft graphics and TrueType font driver vulnerabilities resolved and a host of critical browser vulnerabilities resolved.

Microsoft has lifted the AV compliance key from the rest of the Windows OS updates in all but some vaguely mentioned edge cases. If you recall, the introduction of the Meltdown\Spectre mitigation updates caused a number of blue screens on systems running AV engines that were interacting with the kernel in unexpected ways.  Microsoft introduced this key to prevent the blue screen scenarios from occurring, but required customers to jump through hoops if their AV vendor did not apply the key or if they were not running AV on a system. That restriction is now fully removed.

On the non-Microsoft front Adobe has released several updates today including an update for Adobe Flash Player.  The Flash update resolves three critical vulnerabilities and three important vulnerabilities. Adobe Flash Player can show up in many forms on a single system. It can be installed on the system and as a plug-in in the major browsers, so to fully plug these vulnerabilities you may need to apply multiple updates on a single system.

Oracle is going to be releasing their quarterly Critical Patch Update next week on Tuesday, April 17th.  Expect an update for Java. We strongly urge rolling out Java updates as they release. Java may not be as highly targeted as it once was, but it is still a low-hanging fruit target for Threat Actors. The recent SamSam Ransomware attacks are good examples. SamSam is able to exploit a variety of software vulnerabilities including some in Java. Attackers know that Java is one of those products that lags behind updates, leaving a number of exploits open.

The post Patch Tuesday Commentary, Chris Goettl, Director of Product Management, Security at Ivanti appeared first on IT SECURITY GURU.

CISO Chat – Rick Orloff, Chief Security Officer at Code42

Ever wondered what the role of a Chief Information Security Officer (CISO) encompasses? To put it simply, they are the guardians and protectors of everything information security related to a business. However, the tasks are far from simple as their teams work around the clock to respond to incidences that directly affect the safety of the company and its data. As the issues in cyber have evolved, so too has the role of the CISO, which also involves consulting to boardroom level executives about the multitude of potential risks that threaten their business and being prepared for an eventual attack.

To get a better understanding on the life of a CISO, the IT Security Guru will chat to leading CISO’s to get their thoughts and ideas on the 2018 cyber landscape and will include advice, guidance & problems faced. We will leave the favourite food and hobby questions for another time.

Leading this week’s CISO Chat is Rick Orloff, Chief Security Officer at Code42 who believes the biggest concern related to GDPR going into effect in May is that it’s untested.


As a CISO, what is your objective? What is the goal of information security within your organisation?

As a CXO, you must have a clear view of the entire business, including technology, operations and data flow. The ability to detect and mitigate risk as well as comply with government and industry regulations also is essential. While it’s impossible to completely eliminate risk from any organisation, CISOs must constantly assess and quantify their attack surface and understand how hackers might try to exploit their environments. This includes addressing human behaviors as part of the attack surface and enabling employees so they can operate freely in a secure environment. Knowing how to support and empower employees to perform their roles in the best way possible is a major factor in successfully safeguarding a business.


What is more important for cybersecurity professionals to focus on, threats or vulnerabilities?

The answer is vulnerabilities. You need to focus on process and framework to manage vulnerabilities. If you successfully manage and remediate vulnerabilities, you may not have to worry about the threats. That said, situational awareness is key to a good program. Knowing what new threats are emerging is very important.


With GDPR less than five months away, how prepared is your organisation? What is your biggest worry or concern regarding the regulation?

We embraced and prepared for GDPR early on.


I believe the biggest concern related to GDPR going into effect in May is that it’s untested. We will need to wait and see how regulators will hold companies accountable and respond when a breach is reported. Most businesses, particularly public companies, have embraced the need to comply with the regulation, so the open question now is: what will happen if they violate it?


Social media is everywhere. So how much of it is a security issue in the workplace?

Social media is not going away, ever. It’s part of the DNA of the modern-day employee base. Employees use it professionally and personally. Employees and kids concerned about their futures need to understand the risks of integrating social media with their careers. It’s mostly a security and training issue related to defining its boundaries and compartmentalising the accounts and the data being shared. Offering training programs that engage pen-testers who employ social engineering, running spoof phishing attacks and more, all can be smart ways to educate employees about the importance of adequate data protection.


What would your no.1 piece of cyber security advice be as we begin 2018?

As it relates to the software development lifecycle, we need to make sure our organisations design with security in mind – and we need to make it a top priority. A meaningful software security program works to eliminate technical debt, holds firm on software security standards and remains current on patch management. If you do this, you can significantly reduce your vulnerabilities.


Today, IoT and AI have become a real big focus for organisations with almost every device, toy and appliance created having technology built in. Worryingly, security seems to be an afterthought in IoT. Why is this the case and how can this be changed?

IoT devices – along with endpoints like laptops and computers – are adding to an already dispersed attack surface. With laptops, tablets and mobile phones, we upgrade the operating systems and receive patches regularly. On the other hand, once deployed, IoT devices are largely unmanaged. Most IoT devices don’t provide a mechanism for their owners to upgrade the firmware or otherwise mitigate security risks as they become known or anticipated. So, if you have a home firewall and have an IoT connected refrigerator, oven or saltshaker, these devices are behind your firewall with a connection to the outside world and there’s little management. That means, an attacker can try to compromise your oven in order to gain lateral movement to the other devices connected inside the house, i.e., baby monitor, computer, webcam, etc.


Lack of management isn’t the only factor driving a lack of IoT security. There are a couple of other reasons why security for IoT devices seems to be an afterthought. One is that the most popular IoT devices today are designed to deliver an experience or service and tend to have low cost and essentially disposable components. Ensuring the security of these devices would drive the cost up for consumers. Another reason is there aren’t defined security requirements for IoT devices. Until these basic conditions change, it is unlikely that IoT devices will become secure.


How do you believe we can improve the cyber skills gap? What advice would you give to anyone wanting to go into the cybersecurity industry?   

High tech companies need to provide a lucrative path for employees to develop cyber skills and opportunities to grow organically. To become a next-gen cybersecurity professional, you must work your way up the ladder and be well-versed in multiple domains. You must have enough knowledge about general infrastructure, data correlation, actionable intelligence, networks, incident response and risk models to lead a team.


What’s your worst security nightmare? What would be your plan to prevent and mitigate it?  

My worst security nightmare is the same as it was in 2001 – that is, a bad actor would take encryption software and point it not just at endpoints, but also at corporate data on the servers or in the cloud. To prevent this type of scenario, you must have a meaningful recovery program that extends beyond backup. While backup is a requirement for recovery, it does no good if it takes you ninety days to recover.


How often do you have to report to the boardroom level? In light of the major attacks in 2017, have they become more responsive and shown a better understanding of the work you and your team do?
Even two years ago, boardroom conversations about security weren’t as meaningful as they are today. It was not unusual for CSOs/CISOs to get 10 minutes on a board agenda once a year. In some cases, they might not even attend the meeting. Instead, a CIO might present one or two security slides on their behalf.


With the rise of cyberattacks, however, security’s role in the boardroom has changed. CXOs/CIOs together with their boards are mutually engaged in security discussions. Boards want to understand how security programs are being measured and whether CEOs are supporting them. In fact, many boards are seeking to fill positions with security executives in order to help advance their understanding of security.


Rick Orloff, Chief Security Officer at Code42

Rick brings to Code42 more than 20 years of deep information security experience. Prior to joining Code42, Rick was Vice President and Chief Information Security Officer at eBay, led and built a variety of global security programs at Apple (AAPL), and directed global security at Lam Research (LRCX). Rick is currently an active member of several advisory boards focused on new and emerging security technology companies.

Throughout his career, Rick has driven meaningful and actionable results across a range of security areas, including global threat management, cyber intelligence, geospatial correlation of data and security operations centres.

The post CISO Chat – Rick Orloff, Chief Security Officer at Code42 appeared first on IT SECURITY GURU.

The digital transformation roadblock: existing IAM solutions are creating major barriers to digital technology adoption

Digital transformation is a much-hyped business buzzword, driven by the adoption of cloud IT services around the world. This hype has seen enterprises scramble to become more digitally agile in a fight to stay competitive. In fact, a new study by OneLogin[2], the industry leader in Unified Access Management, reveals that 92% of UK enterprises have developed a digital transformation strategy, with over two-thirds of those surveyed expecting to deploy up to 100 new commercial SaaS apps and on-premise apps in the next twelve months alone. However, there is a fundamental flaw in their progress to a more digital future – navigating and securing the digital network across a combination of legacy IT, on-premise and cloud platforms. This is where Identity and Access Management (IAM) solutions have a role to play, but are falling short of unifying all corners of the corporate network.


With more cloud applications coming into the corporate network and employees switching between on-premise and cloud applications daily, the corporate network has become more complex than ever before. It is therefore unsurprising that almost 90% of the 250 IT decision makers surveyed see IAM as an important, if not critical, part of their digitalisation strategy.


Yet the survey results reveal a strong link between the barriers to digital transformation and the pain points they feel with their current IAM solution. Key barriers to digital transformation include a fear of spiralling costs (40%), legacy systems (46%) and project complexity (37%) and the major pain points for existing IAM solutions are cost (43%), complexity (45%) and fragmented access control for multiple environments (22%).


Enterprises need IAM to progress their digital transformation strategies, but there is clear demand for a solution that supports every end-point of the complex corporate network, regardless of whether it’s cloud-based or on-prem.


To combat this issue head-on and unify the corporate network through one single solution, OneLogin has announced the newest addition to its unified platform: OneLogin Access. The solution lets customers manage access for traditional on-premise applications through a “single pane” management console that also manages access for cloud applications.


“Never has it been more critical — or more complex — to securely manage access across the explosion of distributed applications, data, and intelligence,” said OneLogin CEO Brad Brooks. “Our Unified Access Management Platform featuring OneLogin Access is purpose-built for hybrid customer environments. Historically, a customer’s only option was building a cumbersome, multi-vendor, prohibitively expensive solution. That all changes today.”

Companies can now modify access privileges across all applications in real time vs. days or weeks, and slash access management costs by 50% or more — all with a single Unified Access Management Platform. This platform unifies access management not only for applications, but also for networks and devices, using SaaS infrastructure to synchronise all corporate users and user directories.

The post The digital transformation roadblock: existing IAM solutions are creating major barriers to digital technology adoption appeared first on IT SECURITY GURU.

Healthcare will become digitised by 2030 to keep services alive, experts predict

Within ten years your medical check-up could involve more interaction with sensors, cameras and robotic scanning devices than human doctors and nurses, as healthcare organisations re-build services around the Internet of Things (IoT), according to a new report by Aruba, a Hewlett Packard Enterprise company.


The ‘Building the Hospital of 2030’ report, features the results of interviews carried out with senior healthcare leaders and futureologists. It explains both the likelihood, and the need, for the healthcare industry to create smarter workplaces that incorporate mobile, cloud and IoT technology, and explores the ways in which this will transform the patient experience and improve clinical care.


The study makes five key predictions for how the industry will transform by 2030, including:


  1. Patient self-diagnosis: Using app-based and wearable tools to monitor your health and even carry out your own scans, patients will finally have the ability to self-diagnose a wide number of conditions at home, without needing to visit a surgery or hospital.


  1. The automated hospital: Hospital check-in will feature imaging technology that can assess your heart rate, temperature and respiratory rate from the moment you walk in, followed by sensors that can perform a blood pressure and ECG test within 10 seconds, and lead to an automatic triage or even diagnosis right there and then.


  1. Health professionals double their free time: Doctors and nurses, who are currently spending up to 70% of their time on administrative work, will be able to quickly analyse scans or patient records via their mobile device, freeing up huge amounts of their day to focus on patient care.


  1. Digital data repositories: Devices will automatically integrate with your digital patient records, automatically updating on your condition and treatment, giving caregivers a richer, real-time, readily-accessible data to make more better decisions.


  1. Acceptance of AI: As artificial intelligence (AI) starts to play an increasing role in diagnosis and treatments, public support will grow to the extent that you will be willing to be diagnosed by machine – provided that services are designed and implemented around patients, the benefits are explained, and permission is sought.


Explaining the ability of AI to enhance medical, care, UCL Professor, Dr. Hugh Montgomery said: “Within ten years, you may be able to essay around 50,000 different blood proteins from a single drop, and make much quicker, or even automatic, diagnoses. That’s radical and in no way happens at the moment. I might get 30 variables, today.”


On the topic of patient self-care, Digital Health Futurist, Maneesh Juneja adds: “Let’s say you are diagnosed with diabetes or high blood pressure in 10 years time. Once you’ve been diagnosed, a lot of the monitoring of how you’re taking your medication could be done without the healthcare system seeing you as frequently. They could track your data in real-time and know if you’re deviating from your recommended diet or treatment plan, then send you a digital nudge on your smartwatch or augmented reality glasses.”


Such advances are far from science-fiction, argues the report, and could prove vital in the struggle to better care for an ageing population: UN figures suggest that the population of over 60s will have increased 56% by 2030, greatly increasing the need for more efficient health services.


“We’re in for a massive transformation and disruption in the next 5-10 years for two reasons,” said Hugh Montgomery. “Firstly the technology’s changing that fast, and secondly, there’s this massive pressure to get it out there. Because if we don’t, health services are going to fall over.”


Digitising and securing the hospital


Recognising the need to modernise, healthcare organisations are already beginning the journey towards digitisation, says the report. Aruba’s own research finds that nearly two thirds (64%) of healthcare organisations have begun to connect patient monitors to their network, and 41% are connecting imaging or x-ray devices. Such measures are the building blocks for an Internet of Things (IoT) strategy, with potentially millions of interconnected medical, wearable and mobile devices sharing up-to-date information that can be more easily shared and used to provide higher quality care.


However, the approach is currently fraught with risk. 89% of healthcare organisations that have adopted an IoT strategy, have experienced an IoT-related data breach. With the explosion of new technology devices appearing over the course of the next decade, a key challenge for organisations will be to maintain visibility of all devices connecting to their network and sharing medical data, in order to apply strict security rules.



Morten Illum VP EMEA at Aruba, concludes: “The rise of digital health services is about improving patient experiences, and increasing accuracy and quality of care. Above all else, that is what we think healthcare providers and members of the public should be excited about. But data security risk is emerging as one big challenge here. That’s why these changes take time to deploy, and we expect to see healthcare companies partnering with technology providers to negotiate both technological and cultural change in the coming years. With the benefits that are on offer, it is certainly worth the effort.”

The post Healthcare will become digitised by 2030 to keep services alive, experts predict appeared first on IT SECURITY GURU.

Indian Government websites being hacked

On April 06, India’s official ministry of defence (MoD) website——was reportedly hacked. Instead of the homepage, visitors to the site saw the following message: “The website encountered an unexpected error. Please try again later.” Alongside the error warning, a Mandarin character—meaning either “Zen” or “home”—appeared at the top of the page, media reports said, fueling conjecture that Chinese hackers were responsible for the attack.
View Full Story


The post Indian Government websites being hacked appeared first on IT SECURITY GURU.

The Many Faces of Cryptocurrency

While it may be a bit harsh to label it the currency of crime, Bitcoin and its dozens of cryptocash cousins certainly have an underworld appeal. Profit-motivated cybercriminals are drawn to its decentralised nature and the anonymity that it affords. Cryptocurrency also simplifies cashing out for the bad guys, and the potential for extortion through ransomware and attacks on unsecured exchanges grows exponentially as digital cash inches toward the mainstream.  It has become a multi-billion-dollar enterprise.

The range of threats associated with the abuse of cryptocurrency extends from the relatively petty—malware dropping mining software on compromised machines—to the sublime—nation-states accused of stripping exchanges clean for the purposes of funding state-sponsored espionage. It’s a harsh and somewhat unregulated environment that has grown faster than those trying to secure its surroundings have anticipated.


The early days of cryptocurrency, and especially those focused on maintaining the privacy of users and transactions, are often described as an academic exercise. Although the widespread adoption of cryptocurrency among Dark Web marketplaces such as the now-defunct Hansa, for example, may seem as if determined by some sort of initial market study, it wasn’t. Once criminals recognised that cryptocurrency could enable them to obfuscate their transactions, they decided to use it.

Of Miners and Monero


If you’re looking for low-hanging fruit, it’s largely concentrated among the various families of miners, in particular silent miners, found on the Deep & Dark Web (DDW). Many of them mine Monero, which is marketed as cryptographically secure currency; its advanced obfuscation algorithms hide the origin and destination of transactions, as well as amounts. It is approaching Bitcoin as the currency of choice for criminals purchasing illicit goods and services on the DDW, including malware, stolen personal information, drugs and weapons. Bitcoin, despite its mainstream appeal and skyrocketing valuation, operates under a much more transparent blockchain and doesn’t cloak transactions, allowing researchers and law enforcement the ability to better analyse criminal activity.


Indeed, this is why more people are abandoning Bitcoin in favour of Monero. Multiple markets now accept Monero, and many vendors will only transact with it, not Bitcoin. The challenge with using Monero is that it requires a cryptocurrency savviness. Purchasing Monero and moving it out of an exchange is generally more complex than doing so with Bitcoin.


A number of DDW forums sell cryptocurrency miners and attackers are distributing them in a number of and devious ways, including as a payload in popular exploit kits, malvertising campaigns, and via email-based attacks, to name a few. Last May, attackers used the freshly released NSA exploit EternalBlue and the DoublePulsar rootkit to distribute the Adylkuzz miner, adding an additional layer of sophistication and urgency to these types of incidents.

The end result is an infected computer grinding to a halt as the malware eats up CPU cycles to create virtual money, all to benefit malicious users, including criminal enterprises. The legitimate business with the infected machines on its network could be in line for expensive power and utility costs, as well as hardware-replacement expenses due to wear-and-tear under the weight of cryptocurrency mining.

Dirty Money, Clean Laundry


Cryptocurrency isn’t just a means of generating revenue, it’s also a realm where dirty money is laundered. A number of criminals are discussing DDW-based as well as legitimate services that convert cryptocurrency into payment card funds. Actors have recently been observed discussing how to best transfer funds from their crypto wallets to another actor or service providing payment cards, physical cards, or virtual bank accounts.


In the meantime, law enforcement resigns itself to gradual gains against criminals who have already figured out how to use cryptocurrency to beat the system on many levels. The problem figures to intensify as currencies such as Monero inch closer to the mainstream.

While blockchain analysis can help law enforcement and private enterprises gain tangible insight into the activities and identities of criminals who use bitcoin, the landscape is changing. As blockchain technology and criminal behaviour continue to evolve and advance, this type of analysis may become more difficult for law enforcement and researchers in the future.


The post The Many Faces of Cryptocurrency appeared first on IT SECURITY GURU.

Bot-ched security: Chat system hacked to slurp hundreds of thousands of Delta Air Lines, Sears customers’ bank cards

Hackers are feared to have swiped sensitive personal information held by two of the best known companies in the US – after malware infected a customer support software maker.
Both Sears and Delta Air Lines said Wednesday that hundreds of thousands of customers’ payment card numbers, expiration dates, and CVV security codes, were potentially extracted by the malware and siphoned to its masterminds.

View full story


The post Bot-ched security: Chat system hacked to slurp hundreds of thousands of Delta Air Lines, Sears customers’ bank cards appeared first on IT SECURITY GURU.

Microsoft Adds Anti-Ransomware Features in Office 365

Three months after news first leaked, Microsoft officially announced today the launch of new anti-ransomware features for Office 365, the company’s commercial subscription-based office tools suite. The new feature is called File Restore and is a OneDrive feature that will allow users to go back in time and restore files to a previous state from the past 30 days.

View full story

ORIGINAL SOURCE: Bleeping Computer

The post Microsoft Adds Anti-Ransomware Features in Office 365 appeared first on IT SECURITY GURU.

Don’t want to alarm you, but defence bods think North Korea could nuke UK ‘within a few years’

North Korea maintains a hacking base in China, the UK Parliament’s Defence Select Committee has been told, while government snooping body GCHQ struggles to retain “cyber-staff”. Then there’s the slightly greater concern that the communist nation could nuke Britain “within a few years”. The House of Commons’ Defence Committee published its latest report, Rash or rational? North Korea and the threat it poses today. As well as setting out the Norks’ nuclear, cyber and chemical weapons capability, the committee called for greater funding for British cyber-defences – while staunchly insisting that cutting funds from conventional armed forces is not the way to do this.

View full story


The post Don’t want to alarm you, but defence bods think North Korea could nuke UK ‘within a few years’ appeared first on IT SECURITY GURU.

Intel Remote Keyboard app nixed after discovery of critical remote control vulnerability

Intel has issued a security advisory about its remote keyboard app after discovering a bug that made it possible for a remote user to mimic keyboard and mouse input with elevated privileges.
Intel Remote Keyboard was available for both iOS and Android, but the critical vulnerability — and two other bugs with a High rating — means that it has now been pulled from Google Play and the App Store. Intel is also recommending that anyone using the app uninstalls it as soon as possible.

View full story


The post Intel Remote Keyboard app nixed after discovery of critical remote control vulnerability appeared first on IT SECURITY GURU.

State AG’s Equifax case may portend big problems for data breach defendants

We may be on the verge of a breakthrough in data breach litigation. A state judge in Massachusetts ruled Wednesday that the Massachusetts Attorney General can move forward with a potentially gigantic data breach case against the credit reporting firm Equifax. The AG, Maura Healey, is asking for statutory damages under Massachusetts consumer and data security law on behalf of every state resident whose private information was exposed when hackers broke into Equifax’s systems – regardless of whether the breach actually injured any consumers.

View full story


The post State AG’s Equifax case may portend big problems for data breach defendants appeared first on IT SECURITY GURU.

Best Buy hit by [24] data breach, too

Earlier today, we learned that hundreds of thousands of Delta Airlines, Sears and Kmart online shoppers could have had their names, addresses, and credit card information stolen by hackers.
You can now add Best Buy to that list. The big-box electronics retailer says it was also affected by the same breach, due to its use of online customer service software from [24]7.Ai during a 15-day period when its online chat tool was infected with malware.

View full story


The post Best Buy hit by [24] data breach, too appeared first on IT SECURITY GURU.

OneDrive gets Files Restore rollback, Office 365 malware protection

Once upon a time, viruses were the bane of the computing industry. They haven’t totally disappeared, they just evolved and took on different forms. Malware is now even spread through malicious links and some can even hold your files for ransom. Microsoft’s software and services still have the notoriety of being the target of such attempts and Redmond is taking a few steps to ensure the safety of its OneDrive and Office 365 users.

View full story


The post OneDrive gets Files Restore rollback, Office 365 malware protection appeared first on IT SECURITY GURU.

Combating seven common threat techniques in 2018

By Keiron Shepherd, Senior Security Specialist, F5 Networks 

With automated tools and hackers for hire, cybercrime has turned into a game for profit. Recent research from F5 Labs shows that out of 429 reported breaches studied between 2005 and 2017, hackers gained $2.75 billion on the black market.

The digital world has opened the door to unprecedented levels of malicious attacks putting applications, corporate data, operational infrastructure, and reputations at risk. The consequence is that many CISOs and C-Suite executives are falling on their swords due to serious data breaches. In addition, cuts to IT budgets and slashes in resources means the onslaught of cyber-attacks leaves many organisations vulnerable. 

Offensive Moves 

New cloud-based apps create a host of complex challenges and new risks. Hackers thrive in this fast-paced environment of uncertainty, wielding seven common threat techniques for maximum disruption and profit. Their key offensive moves include Malicious Bots, Credential stuffing, DDoS, Ransomware, Web fraud, Phishing, and Malware.

What do these attacks have in common? They are frequently associated with malicious bots as the delivery mechanism or the exploit kit. According to Verizon’s latest Data Breach Investigations Report, 77% of web application breaches were associated with the use of botnets to carry out the attacks.

On the web fraud front, attacks often stem from Man-in-the-Browser Injection techniques delivering a Trickbot via phishing, drive-by-download, or SMB ports. Java-script is then injected into users’ browsing e-commerce or banking sites. This allows attackers to access credentials and steal from bank accounts.

Phishing scams are also on the rise. Attackers typically use this method to trick people into clicking on a link that can infect their system with malware or take them to a fake website designed to steal personal information. In the first quarter of 2017, a new specimen of phishing and malware emerged every 4.2 seconds.

Credential stuffing is another growing concern. Here, cybercriminals turn to the dark web to purchase previously stolen usernames and passwords. They then make repeated attempts with automated tools to “stuff” the login fields of other websites with the credentials to gain access to accounts held by corporate users or customers. If users reuse their passwords, then the likelihood is that their credentials have already been stolen.

DDoS, meanwhile, is here to stay and becoming increasingly tricky to defend against. These days, attacks can range from prankster activity to targeted acts of retaliation, protest, theft and extortion. Attackers often use readily available DDoS tools to disrupt service availability and businesses performance. There are four main types of attacks: volumetric (flood-based attacks), asymmetric (invoke timeouts), computational (consume CPU and memory), and vulnerability-based (exploit application software). The most damaging DDoS attacks mix volumetric attacks with targeted, application-specific attacks.

Defensive moves

Security experts recommend that a robust web application firewall (WAF) is the first piece of your armour against credential stuffing attacks. A full-featured modern WAF, enables businesses to tackle offensive moves head on with advanced bot detection and prevention. This is essential as most attacks are launched using automated programmes. By analysing behaviours, such as IP location, time of day, and connection attempts per second, a WAF can help your security team identify non-browser login attempts.

It is also important to ensure that data in the browser or your mobile applications is encrypted, protecting all the information transferred from users and rendering any intercepted data worthless. As an added layer of security, you can force the form parameters to be encrypted using a client-side function. Automated credential stuffing tools will be hard-pressed to properly execute the page to encrypt the form fields and send the correct secure channel cookie. When the bots submit unencrypted credentials, it will trigger a system alert to let your security team know that a credential stuffing attack is taking place.

Set up policies that make it easy for users to change passwords regularly to avoid repeat usage on multiple sites and report an incident to IT immediately if they think they have clicked on a malware link in a phishing email.

A smart move 

In the cut and thrust of cybercrime, threat intelligence is fundamental. Greater visibility, context, and control are critical to protecting infrastructure, applications, and sensitive data. It is vital to adapt your strategy to fortify applications with cutting-edge security tools, and shift resources to deliver a swift blow to malicious moves from hackers, ensuring operations remain smart, fast and safe.

The post Combating seven common threat techniques in 2018 appeared first on IT SECURITY GURU.

Delta says online chat cyber security breach put some customer payment info at risk

Delta Air Lines said Tuesday that a cyber security breach involving an online chat service it uses put some customer payment information at risk. Atlanta-based Delta said it was notified of the “cyber incident” March 28 by online chat service provider [24] From Sept. 26 to Oct. 12, 2017, “certain customer payment information” for clients of the online chat service including Delta may have been accessed.

View full story


The post Delta says online chat cyber security breach put some customer payment info at risk appeared first on IT SECURITY GURU.

The Company that Controls Rover Pipeline was a Cyber-Attack Target

The Rover Pipeline’s corporate parent came under cyber-attack this week, according to Bloomberg News, as did three other natural gas transmission companies. No pipeline operations or safety systems were affected.

View full story


The post The Company that Controls Rover Pipeline was a Cyber-Attack Target appeared first on IT SECURITY GURU.

Only 1% of media companies are ‘very confident’ in their cybersecurity

As more consumers cut the cable cord, media companies are increasingly transitioning to over-the-top (OTT) content, offering online-based shows and information. However, increasing cyber threats may halt media organizations’ online services and ability to innovate in the space, according to a Wednesday report from security firm Akamai.

View full story


The post Only 1% of media companies are ‘very confident’ in their cybersecurity appeared first on IT SECURITY GURU.

List of data breaches and cyber attacks in March 2018

Healthcare breaches are common in our monthly lists – but the number of incidents this month is insane. Take a look at the list, and you’ll quickly notice that the majority of them are healthcare related. There’s a mixture of incidents in there, from a rogue employee to someone accidentally sending information to the wrong fax number.

View full story


The post List of data breaches and cyber attacks in March 2018 appeared first on IT SECURITY GURU.

Pyongyang Hackers Could be Major Future Threat: Parliament

The North Korean cyber-threat to the UK remains below that of Russia and China but could increase in the future, a new parliamentary Defence Committee report has claimed. It reiterated the view that the WannaCry ransomware attack which decimated large parts of the NHS was carried out by the Kim Jong-un regime, but that the UK was not its intended target.

View full story

ORIGINAL SOURCE: Infosecurity Magazine


The post Pyongyang Hackers Could be Major Future Threat: Parliament appeared first on IT SECURITY GURU.

SEC Charges $32 Million DJ Khaled-Backed Centra ICO With Fraud

It’s a harsh awakening for celebrities who have entered the wild west of initial coin offerings amid the Bitcoin craze. Late Tuesday, the Securities and Exchange Commission charged the founders of an ICO, Centra, with fraud, saying the creators raised $32 million from investors with an intricate marketing campaign, including the use of paid endorsements from prominent celebrities such as boxer Floyd Mayweather and singer DJ Khaled.

View full story


The post SEC Charges $32 Million DJ Khaled-Backed Centra ICO With Fraud appeared first on IT SECURITY GURU.

Bank card fraud fears: Cloning can be carried out by STANDING CLOSE

A WARNING has been issued over contactless bank cards with details being “skimmed” while the card is still in your pocket. And criminals can gain access to the equipment by purchasing it legally for just £20 online. One of the biggest threats to consumers using contactless cards is that there details can be very easily “skimmed”, this is when a criminal does not steal any cash from your card but instead your card details.

View full story


The post Bank card fraud fears: Cloning can be carried out by STANDING CLOSE appeared first on IT SECURITY GURU.

86% of software vulnerabilities patched on day 1

Software vulnerabilities more than doubled between 2012 and 2017, but vendors are doing a better job of patching the holes in a timely manner, with 86% of vulnerabilities having patches available on the day of disclosure. These are among the key findings from Flexera’s latest Vulnerability Review. The annual report found that 19,954 vulnerabilities were documented in 2017, up 14% from 2016 and more than double the 9895 vulnerabilities recorded in 2012.

View full story

ORIGINAL SOURCE: Technology Decisions

The post 86% of software vulnerabilities patched on day 1 appeared first on IT SECURITY GURU.

What’s up with these ‘Congratulations Amazon User’ pop-up ads?

Pop-up ads have long been the scourge of the internet. But the rise of ad blockers, plus anti-pop-up moves by Google and Firefox had given us hope that those days would soon be behind us. So why are even the most tech-savvy among us starting to see ads appear congratulating us for being “selected as a winner” of a $1,000 Amazon gift card?

View full story


The post What’s up with these ‘Congratulations Amazon User’ pop-up ads? appeared first on IT SECURITY GURU.

Over 1,000 Magento Stores Hacked to Steal Card Data, Run Cryptojacking Scripts

Security researchers say they’ve identified at last 1,000 Magento sites that have been hacked by cybercriminals and infected with malicious scripts that steal payment card details or are used as staging points in the delivery of other malware. “The Magento sites are being compromised through brute-force attacks using common and known default Magento credentials,” Flashpoint researchers say.

View full story

ORIGINAL SOURCE: Bleeping Computer

The post Over 1,000 Magento Stores Hacked to Steal Card Data, Run Cryptojacking Scripts appeared first on IT SECURITY GURU.

Intel Says It Won’t Fix Meltdown and Spectre in Some Vulnerable Chips

Intel originally promised to fix the Meltdown and Spectre hardware flaws in all of its processors, but in a recent microcode revision guidance, the company says that won’t be possible and some chips would no longer receive updates. The company has assigned the “Stopped” production status to a total of 10 product families covering more than 200 processor models. “After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release microcode updates for these products for one or more reasons,” the company said.

View full story


The post Intel Says It Won’t Fix Meltdown and Spectre in Some Vulnerable Chips appeared first on IT SECURITY GURU.

Software Bug discovered in largest Telecom Outage in US History

A software bug in a telecom provider’s phone number blacklisting system caused the largest telephony outage in US history, according to a report released by the US Federal Communications Commission (FCC) at the start of the month.
The telco is Level 3, now part of CenturyLink, and the outage took place on October 4, 2016.
View Full Story

ORIGINAL SOURCE: Bleeping Computer

The post Software Bug discovered in largest Telecom Outage in US History appeared first on IT SECURITY GURU.

Automation and gamification crucial to cyber security

The use of automation and gamification are critical to winning the fight against cyber criminals in the face of the skills’ shortage, a study investigating challenges facing IT security teams reveals.

View Full Story

ORIGINAL SOURCE: Computer Weekly

The post Automation and gamification crucial to cyber security appeared first on IT SECURITY GURU.

Panera bread website leaks millions of customer records

It has been discovered that Panera Bread left the information of up to 37 million customers who signed up for delivery and other services including “names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number” in plain text format accessible via its web site.

View Full Story

ORIGINAL SOURCE: Infosecurity Magazine

The post Panera bread website leaks millions of customer records appeared first on IT SECURITY GURU.

How Remote Browser Isolation Can Protect Your Endpoints from the Danger of Zero-Day Exploits

Innocuous-seeming online activities put your organization at risk on a daily basis. A bug recently discovered in the popular web-based grammar checker Grammarly, for instance, leaked the authentication tokens of millions of users. Not many people would predict that installing a widely-used app plug-in or browser extension to help improve their spelling could result in strangers being able to access all their data, including logs and documents, at other websites they visit.

Fortunately, Grammarly closed the loophole within only a few hours after Google reported finding it in the Grammarly Chrome extension. The Google team called this “really impressive response time.” But such fast turnaround is the exception rather than the rule.

The Grammarly bug is an example of a “zero-day threat,” an attack that takes advantage of a security vulnerability in hardware or software — an operating system, browser or application — that is not yet known to the software developer. The name stems from the fact that there are zero days between the discovery of the vulnerability and the attack, and no patch has yet been publicly released.

Global researcher Cybersecurity Ventures forecasts that by 2021, zero-day exploits reported will increase to one each day, compared to one each week in 2015. Here are some other examples of exploits disclosed so far in 2018:

●      WordPress

A vulnerability in the core of the popular content management system would allow a denial-of-service attack to be executed remotely. A researcher at Imperva, the security company that discovered the flaw, said the vulnerability is so simple that it could be used by a low-skilled actor to take down an unprotected WordPress website. Yet WordPress reportedly said it wouldn’t patch this flaw and recommended other mitigation techniques.

●        Storage Apps

Cloud-based ransomware, like Shurl0ckr, infected web-based applications and was distributed via phishing and drive-by downloads (downloads that happen automatically when you visit a webpage). In most instances, it was undetected by the app providers. Researchers found many infected storage/collaboration apps, including a 55 percent infection rate for Microsoft’s OneDrive, 43 percent rate for Google Drive, and 33 percent rate of infection for Dropbox and Box.

●       Adobe Flash Player

A Flash exploit delivered via the web as well as via Office documents and emails affected most Windows versions and browsers, along with Linux and MacOS devices. The security flaw allowed malicious actors to take full control of infected machines and was used by sophisticated North Korean actors against South Korean researchers.

●       Transmission BitTorrent

A critical zero-day exploit in the popular BitTorrent client could allow websites to execute malicious code on end devices. The hackers could then remotely take control of the BitTorrent interface. The bug affected several browsers on Windows and Linux OS.

Why Zero-Day Exploits Are Dangerous

Hackers create malware and other exploits to manipulate security “holes” in software and hardware for financial and other gains. According to nonprofit research organization RAND Corp., zero-day exploits can be developed very quickly. In fact, median development time is 22 days. Yet the vulnerabilities and their associated exploits have a very long shelf life. RAND found that the average life expectancy was 6.9 years, while 25 percent made it past 9.5 years.

Zero-day exploits are becoming more dangerous and are increasingly being used by nation-sponsored hackers and other highly sophisticated actors. These cybersecurity threats can cause extensive financial damages. The mind-boggling losses due to the WannaCry ransomware illustrate the potential devastation. FedEx alone estimated that WannaCry cost the company $300 million; some estimates put the total global economic losses at $4 billion and others as high as $53 billion.

How You Can Protect Your Endpoints

Prevention is the best way to protect your endpoints from breaches. Zero-day flaws are particularly challenging for organizations since security experts don’t know what threats to look for and guard against. However, taking these steps can help you protect your systems from zero-day attacks:

Patch software and update browsers.

This best practice will not prevent a zero-day attack. However, executing a policy of regular patching and updates will protect you from exploits once patches for the vulnerability are available.

Way too many users become victims of cybercrimes because they fail to apply patches when they are issued, and continue to use unpatched browsers or applications for months and even years. This is unfortunate, but not surprising, considering the sheer volume of updates and the diligence required to apply them.

Consider this: The Zero Day Initiative published about 170 zero-day patches that were released in just one 6 week period, through mid-February of this year, affecting a variety of web-based software including a security-management platform.

Don’t rely on antivirus.

Signature-based antivirus software offers no defense against zero-day threats since it’s based on signatures of known threats. Newer antivirus solutions use behavior-based antivirus protection that looks for malicious behavior — but this technology is not full-proof either, since new exploits sometimes exhibit new behaviors.

Reduce the attack surface.

According to Gartner, “browser-based attacks are the leading source of attacks on users”, and keeping all browser-executable code off endpoints reduces the attack surface. Remote browser isolation is the most effective way to protect against zero-day attacks, since it ensures that no browser-executable code runs on the endpoints, protecting them from unknown as well as known threats.

How Remote Browser Isolation Works

Remote browser isolation solutions create a secure airgap between the endpoint and the Internet—a safe zone for browsing, in which all code executed away from the endpoint. Websites are rendered in the remote virtual browser, where all executable code remains until it is destroyed at the end of each session, along with any malware. Only an interactive, completely safe content stream reaches the browser on the user device, in real time.

While web-borne zero-day attacks can sneak past your firewall and antivirus solutions, remote browser isolation protects your organization from risk without changing the user experience.

To reduce overhead for implementation and management, look for a clientless remote browser isolation solution that requires no endpoint installation or plug-ins. Be sure that the solution you choose can scale up quickly, works well with all security infrastructure, and supports all devices and operating systems.

With all the zero-day threats out there, organizations need to find new ways to proactively guard against them. As part of a multilayered defense, remote browser isolation lets you stay in front of Internet-based threats.

The post How Remote Browser Isolation Can Protect Your Endpoints from the Danger of Zero-Day Exploits appeared first on IT SECURITY GURU.

5 ways CEOs can create a culture of improvement vs blame when it comes to cybersecurity

For those of you who haven’t come across one yet, I have written a series of articles recently focused on CEOs. In these articles I have been looking at a number of questions a CEO should be asking when thinking about the cybersecurity stance of their organisation. So far, I have discussed the importance of critical data encryption, safety programmes, and how to create a healthy company culture towards cybersecurity, among other topics. In this article, I will discuss why organisations should have an ongoing, continuous assessment plan.

Continuous improvement seems like common sense for any function but after meeting with teams all over the world, I can say it isn’t that common. For a security function to be successful, there should be a process for continuous improvement. This could arguably be the trait that separates successful programmes from ones that aren’t. Too often, security becomes rigid without a loop for improvement.

As your organisation grows and evolves, so must your cybersecurity program. Risks, threats and vulnerabilities change over time. Business models change. All of these factors matter for a programme to evolve and constantly improve.


The inputs to security assessments vary and can be built internally. There are also plenty of qualified external entities that can help assess the programme and put a plan in place for continuous improvement.


What are the five steps to creating a culture of continuous improvement?


  1. Set goals for excellence and measure against them.


For cybersecurity to be successful, the mission of the programme, goals, and success metrics should be agreed upon and reported on regularly. Maturing your programme will take a steady hand and patience at your level. Changing missions or strategies too often is a sure way to miss any security goal you have.


  1. Eliminate fear


For continuous improvement to be successful, your organisation needs a culture where failure is OK. If your employees are afraid to bring up issues, you will never improve. Employees also need to feel like management is addressing failures when it occurs. Having a great process in place with a feedback loop to improve will ensure a culture that minimises fear and maximises improvement. It’s also amazing for employee engagement.


  1. Actively manage the process


As with any process, continuous improvement should be managed. The outputs of managing this process may include both tactical and strategic efforts. Your team should have a process to manage and report up to appropriate levels on these efforts.


  1. Train and develop leaders with the same mindset for improvement


Leaders in your organisation should be trained on improvement techniques and best practices. They should also be rewarded for offering improvement suggestions and, more importantly, for executing on the efforts needed to improve. These types of employees and leaders should be developed and retained to maximise the continuous improvement cycle at your organisation.


  1. Focus on fixing, not blaming


Far too often, we see CISOs and cybersecurity leaders being blamed and/or replaced as the result of a failure. This has to stop. What other function in an organisation is held to the standard of needing to be 100% right all of the time? In almost every case, a breach is systemic and there are multiple points along the timeline that lead to the breach.

Creating a culture that focuses on improvement versus blame will create a ripple effect in your organisation allowing leaders to operate more freely. Things will happen. Acknowledge that failures will happen. Acknowledge that people will make mistakes. It’s not what happens when someone makes a mistakes or when something fails but how your organisation responds. Cybersecurity isn’t about perfection. It’s about failing fast, iterating, and constantly improving.

The post 5 ways CEOs can create a culture of improvement vs blame when it comes to cybersecurity appeared first on IT SECURITY GURU.

New security regulations are fine, but there is no substitute for innovation

“Everyone is part of our cyber security team,” said the chief information security officer at a private trust company in New York. “It doesn’t matter what myself or my colleagues do from a technical perspective. If I have one user who clicks a bad link or answers a phisher’s question over the phone, it’s all for naught.”

These are sage words from someone in the frontline against the onslaught of cyber crime. Such chief information security officers (CISOs) are becoming ever-more important to all types of organisation. So much so that their appointment is one of the requirements of last September’s ground-breaking New York State Department of Financial Services regulations covering Wall Street and other financial organisations.

Introducing these data security regulations is a move that no other state has undertaken and marks the seriousness of the threat against the financial sector, in which IBM calculates more than 200 million records were breached in 2016.  The new regulation’s stipulations are relatively wide-ranging and include requirements for risk-assessment tests, multi-factor authentication, formal cyber security planning and policies, a duty to notify the authorities of a hack within 72 hours, and crucially, staff-awareness training.

Emails are still the biggest danger

This is an excellent starting grid, but the point made by the CISO at the head of this article is still the most telling. The biggest danger for financial organisations lies in the single slip by an employee clicking open a malicious attachment or link. That alone is enough to give hackers access to the entire systems of a large organisation, no matter how sophisticated its security. Emails are used in more than 70 per cent of successful hacking attacks, with criminals hiding malware triggers in standard files like Word docs, Excel spreadsheets and PDFs.

The result is that no amount of training will prevent cyber criminals targeting a specific employee with a spoofed email or phishing attack, tricking them into opening an infected attachment that appears to be legitimate. Unless, of course, an organisation has the technology to remove the threats from attachments without affecting the normal conduct of business.

Research confirms how vulnerable organisations are to phishing emails

A survey conducted by Glasswall among 2,000 office-workers at medium-to-large businesses in the UK and US revealed just how organisations are vulnerable to human error or ignorance. More than six-out-of-ten employees (62 per cent) admitted they do not usually check the legitimacy of attachments in emails from unknown sources, while a dangerous minority of 15 per cent said they always or usually trust email attachments sent by people they have never even heard of.  More than eight-in-ten staff (83 per cent) always or usually open attachments in emails purporting to be from known contacts.

Among staff who were more alive to the dangers, invoices were seen as the primary document used by criminals to trick them, but only tiny percentages recognised the full scale of threats posed by spreadsheets or simple Word files.

Other findings revealed how too many employees have no sense of responsibility with more than one-in-five unwilling to report anything they had done that may have compromised security. There was however, a consensus among 61 per cent of employees that their organisations should install more technology to protect them.

The steps necessary to ensure security

The truth of cyber security is that employees will always be the weakest point in the chain of defences, whether through ignorance, irresponsibility or pressure of work. While the New York State measures are very welcome there needs to be more emphasis in every jurisdiction on technology and innovation, because it is quite apparent that neither employees nor current anti-virus defences will protect any major financial business.

Large organisations need to embark on a series of steps to thwart these threats so they can keep sensitive data protected from criminals and malicious agents. Firstly they must accept that emails are the main gateway for malicious code and ransomware. After analysing the nature of its email traffic, a business should must then decide which email-related functions should be retained or dropped. This is a necessity in order to operate safely, because criminals exploit the many functional elements in files (such as macros) as well as hiding code in file structures.

Since almost 98 per cent of files do not conform to the manufacturers’ original designs, the organisation needs to be capable of determining whether an aberration in a file is due to an attack, or something poorly written or configured. Once risks are understood, appropriate security solutions must be applied. Most organisations have all the standard border-controls, including firewall, anti-spam, anti-virus and even a sandbox. Yet they are still by-passed by targeted attacks, using socially-engineered emails.

There is no substitute for technological innovation

This requires a shift in thinking and the adoption of more innovative technology that establishes what should be in an email file, using the manufacturer’s standard as a baseline. Instead of trying to match AV signatures against the “bad” elements in a file, organisations need techniques that look for and validate the “known good”.

The reason is simple. Millions of malware variants are released by criminals every year and the AV industry cannot keep pace in its battle to assign them signatures. File-regeneration technology does not require signatures. It will validate documents against the manufacturers’ specifications down to byte-level and then regenerate “known good” versions that have been stripped of all the code that the business has decided it does not want to risk admitting.  A clean and benign file is regenerated in its original format in fractions of a second, which can be sent out again and passed along without any interruption to business.

Of course, training has its place. Organisations need to reduce the risk of a single employee opening them up to a malware attack, so education will help reduce exposure and raise awareness of data security and best practice.

Businesses need to examine mobile device-usage too, since many smartphones and tablets are not equipped with advanced security solutions, making them capable of transmitting malware in documents.

While well-designed regulation that recognises real-world practice and avoids onerous burdens is to be welcomed, it must be accompanied by insistence on innovative technology that can stop dead the chief threats facing businesses today.

The post New security regulations are fine, but there is no substitute for innovation appeared first on IT SECURITY GURU.

New malware named ‘Fauxpersky’ identified

A newly-discovered keylogger malware has been found infecting computers in the wild. Though the malware is far from advanced, it’s efficient at stealing passwords. Researchers at Cybereason, a Boston, Mass.-based security firm, call the malware “Fauxpersky,” as it impersonates the Russian antivirus software Kaspersky.

View Full Story 


The post New malware named ‘Fauxpersky’ identified appeared first on IT SECURITY GURU.

Majority of airports lack proper cyber security

The heightened focus on airport security started well over 40 years ago after Israeli forces had freed hostages from a hijacked aircraft in a major attack, according to Eliezer Marum, chairman of the Israel Airports Authority. Today, the airport is equipped with sophisticated physical security systems and intelligent security units to fend off growing threats that have also become increasingly cyber in nature.
View Full Story 

ORIGINAL SOURCE: Computer Weekly

The post Majority of airports lack proper cyber security appeared first on IT SECURITY GURU.

Suburban town in Atlanta reports data breach

As a massive cyberattack continues to cause issues for the city of Atlanta, one suburban town is reporting its own possible data breach. The city of Loganville, which is in Gwinnett and Walton counties, announced in a Monday afternoon Facebook post that it had been victimized — and said that the suspected breach “may involve [customers’] personal information.

View Full Story


The post Suburban town in Atlanta reports data breach appeared first on IT SECURITY GURU.

Baltimore emergency service hacked for 17 hours

The city of Baltimore says part of its 911 dispatch system was hacked over the weekend by an unknown actor. The breach lasted 17 hours. Mayor Catherine Pugh’s office says the system supports 911 and 311 emergency systems. The mayor’s office emphasized that the incident was a “limited breach” and that critical services were not impacted or disrupted.

View Full Story 


The post Baltimore emergency service hacked for 17 hours appeared first on IT SECURITY GURU.

Countries that trust Facebook are more likely to be breached

The latest shoe has dropped on Facebook: Private data on 50 million users found its way to a shadowy research outfit, Global Science Research, and then on to Cambridge Analytica, a political consulting firm launched by former White House adviser Steve Bannon.

View Full Story

ORIGINAL SOURCE: Business Standard

The post Countries that trust Facebook are more likely to be breached appeared first on IT SECURITY GURU.

What you should know about the recent Atlanta ransomware attack

By David Bohannon, senior security consultant at Synopsys

The city of Atlanta has become one of the latest victims of a ransomware attack. The attack is believed to be the result of the SamSam malware that has compromised various healthcare, government, and educational systems over the past several years.

Is SamSam malware responsible?

This malware initially targeted a remote code execution vulnerability in JBoss web servers, but it has also been known to target exposed RDP and FTP services. If we continue with the assumption that the SamSam malware is responsible for locking down Atlanta’s IT systems, what could have been done to prevent such an attack, and what are some of the hurdles an organization may encounter?

Is a simple patch the solution?

If the ransomware attack originated from the original flavor of SamSam, which targets vulnerable JBoss servers, the first solution is to patch to a nonvulnerable version of JBoss. While this may sound easy in theory, it often becomes difficult in practice.

For many organizations with hundreds or thousands of systems spread across multiple business units, simply maintaining an accurate technology inventory is challenging. Additionally, JBoss is only one piece of the technology stack that must be inventoried and patched regularly—the operating system, as well as applications served by JBoss, must also be inventoried and patched accordingly.

Many organizations have critical applications that are not compatible with newer JBoss instances, preventing them from patching to a secure version. In these scenarios, the vulnerable JBoss components must be disabled manually, or compensating network-level controls must be implemented to block access to the vulnerable components.

What’s next?

Remember that vulnerable JBoss servers are only one entry point for this malware, as it may also be introduced over a compromised RDP or FTP service.

In most environments, there is no business justification for having these services externally exposed. Like patching, when an organization uses many systems spread across multiple business units, maintaining updated firewall rules and continually auditing system services can become a complex task.

While Atlanta’s ransomware attack may be the result of poor IT hygiene, hindsight is always 20/20, and relatively simple tasks that are easy in theory become complex when applied to the IT infrastructure of large organizations.

How can my organization be proactive in the wake of this attack?

The Building Security In Maturity Model (BSIMM) framework from Synopsys helps clients across various industry verticals identify these types of deficiencies and improve their organizations’ security posture

The post What you should know about the recent Atlanta ransomware attack appeared first on IT SECURITY GURU.

Return Fraud and Fake Receipts Up for Sale On The Deep & Dark Web

By Liv Rowley, Analyst, Flashpoint

As online sales in the UK rose by 3.6% in 2017, there is an ongoing need for online retailers to enhance their customer experience and in turn sustain rapid growth. This is where recognising customer satisfaction as a key driver of retention is critical. Many online retailers have implemented generous refund or replacement policies to help improve the customer journey and generate loyalty, but unfortunately, these policies can be susceptible to various forms of merchant abuse. Refund fraud is a pervasive form of merchant abuse in which an actor purchases a product from an online store and has it shipped to their home or a drop site. After delivery, the actor falsely claims that the product never arrived, prompting the company to issue a refund. Thus, the fraudster receives their chosen product at no cost.

Research shows that online retail businesses lose approximately £500,000 per month due to fraudulent refunds. The potential loss when you take into consideration fraudulent vouchers, fake goods and account take over, almost doubles. Cyber criminals’ capabilities are further advancing with digitalisation and they are now pursuing bigger and more advanced targets. Equally these criminals are starting to not only gather mass following among those who want to copy their crimes but are also setting up “specialist” services to help these followers do just that.

Chatter on the Dark Web

Refund fraud is openly discussed on the underground forums and marketplaces of the Deep & Dark Web (DDW), where illicit vendors offering fraudulent refund services are commonplace. Since accomplishing a successful refund depends more on a vendor’s social engineering skills than on bypassing any particular type of anti-fraud measure, many vendors offer refunds for a variety of companies.

Successful refund vendors have gained loyal followings within their cybercriminal communities. Indeed, satisfied customers have been known to leave positive reviews accompanied by screenshots of emails sent by impacted stores issuing refunds. After finding a reliable refund vendor, forum members will often become repeat customers, requesting refunds from a variety of companies the vendor targets.

As analysts of business risk intelligence, we have observed numerous vendors advertising fraudulent receipts for sale on the DDW. These actors are capable of producing counterfeit receipts in a variety of formats, including physical store receipts, packing slips, and digital receipts. Fake receipts typically target retailers that sell technology products, and they are often available for less than $10 USD per receipt. However, fake receipt vendors are often capable of targeting a variety of companies and are able to adjust their tactics, techniques and procedures (TTPs) in response to customer concerns and demands. 

Fake receipts facilitate fraud by eliminating the need for malicious actors to make an initial purchase from the targeted retailer. They also make it more difficult for retailers to trace multiple instances of fraud to the same individual. Moreover, physical receipts may be used to return stolen items in exchange for money or store credit.

Digital receipts may be used to make false claims about an online order to elicit a refund or replacement shipment from the retailer. For example, fraudsters may claim they received an empty box, items were missing from their shipments, they received the wrong item, or the item arrived in a damaged state.

Flashpoint analysts discovered that several receipt vendors also offered product serial numbers to their clients as well. These serial numbers are likely used in conjunction with other tactics to obtain a refund or replacement shipment. Based on DDW chatter, Flashpoint analysts assess with a low degree of confidence that these vendors may be using serial number generators—software capable of generating valid serial numbers—in order to supply their clients. Such generators can be found in DDW forums and in some surface-web communities.


In 2018 cybercriminals will continue to leverage faked receipts to commit fraud. The rise in competition and transparency has led many retailers looking to differentiate themselves in the market to offer generous customer service and flexible return policies. It is those gaps that these threat actors are seeking to penetrate. In an era of digital transformation, companies are exposing themselves to numerous threats. Cybercriminal activities are continuously advancing and businesses need to keep up with their pace in order to mitigate these threats. By maintaining a robust, year-round intelligence operation that leverages insights gleaned from the DDW, retailers can keep up with emerging TTPs and fraud schemes used to target their sector, such as newly discovered loopholes or novel social engineering strategies. Hopefully these insights can help retailers develop and implement comprehensive and effective anti-fraud policies and procedures.

The post Return Fraud and Fake Receipts Up for Sale On The Deep & Dark Web appeared first on IT SECURITY GURU.

Cloud Computing: How to Get Better, Faster and Cheaper

By Gabriel Lopez, Program Manager – Global Service Quality, DellEMC

As trained technology professionals, we’ve become used to the idea that technology changes faster every year and the need to ‘minimise negative business disruptions’ is even more critical today, when more and more business transactions are relying on effective and efficient IT Services. Many years ago, I learned how difficult it was to be ready and able to support hardware, software and, most importantly, customers in the face of this rapid change.

To put this into context, in just a few decades, we’ve gone from mainframe to distributed systems to cloud computing. Now according to Gartner, the cloud market grew close to 20 percent in 2017. With digital transformation at the top of every executive’s mind, it’s likely that this trend will only accelerate. So much so that by 2020, Gartner estimates that the overall market will reach $411 billion, and IaaS $72 billion, 87 percent and 185 percent raises respectively from 2016.

When we see this rapid growth and the current compute power, storage quantity and networking capacity required to handle today’s daily business transactions, the numbers are really quite astonishing. However, most demand faster response times, more compute power, more storage, increased bandwidth and throughput, and much faster provisioning just to meet the most basic daily business needs. 

Better, Faster and Cheaper

Better, faster, cheaper is and has always been the name of the game; no surprises there. Some organisations, though, can’t quite seem to focus on all three of these attributes at the same time. In my experience they tend to focus on just two, faster and cheaper, and disregard the better. But, can they really afford to just deliver two out of three?

I am surprised that many organisations pay little to no attention to their IT operations’ maturity level. Organisations large and small, new and not so new, are sometimes so entrenched in delivering the faster and cheaper that they forget that the better can significantly contribute to achieving the performance and cost efficiencies that we all seem to be chasing after and dreaming about.

Cloud computing is certainly not a new concept. The availability of today’s amazing compute power, paired with fantastic virtualisation solutions, represent key contributing factors to achieving faster and cheaper IT service. This is very evident with an efficient orchestration layer that automates provisioning by providing the end customer with a powerful and complete IT catalogue, at their fingertips, to meet their needs faster and cheaper than ever before. 

But is it really fast and cheap?

But what happens when companies decide to invest in new cloud computing technologies to make their IT run faster and cheaper, but lack the backbone and processes to deliver better IT services? Even worse, what happens when they invest in cloud computing to migrate business critical applications, such as SAP, to a cloud environment without having the ‘better’ factor in place and actually end up doing damage to their business?

In these cases, the new solution fails to deliver any of the three desired attributes: It is not faster due to recurring service disruptions, is not cheaper due to the lack of service availability and is certainly not better because it ends up hurting the business.

The better factor is, in my opinion, critical for success in deploying new technologies such as cloud computing and something that I know the folks at Virtustream really subscribe too. This better factor I’m referring to is also known as maturity. The maturity level of your IT operations is a key factor in provisioning a fast and reliable IT service at the right cost, enabling your organisation to meet, and sometimes exceed, business demands. 

Finding the better.

Whether you run your business on a private, public or hybrid cloud, increasing the maturity level of your IT organisation and engaging IT service providers, like Virtustream with a proven record of effective operational maturity is critical to achieving faster, cheaper and better IT services.

Reaching appropriate ‘Operational Maturity Levels’ – by yourself and in conjunction with an IT partners like Virtustream who focus on hosting mission critical applications in the cloud will save you money in the short and long term. You will enjoy the benefits of a proactive support organisation that will:

  • Enable your IT services to minimise and even eliminate negative impacts to the business, sometimes even before disruptions actually occur.
  • Empower the business to self-serve their own needs consistently with technology and enjoy higher levels of availability with predictable service levels.
  • You will also increase retention of key resources. A higher level of operational maturity immediately translates into less “firefighting”, reduced stress and minimised unpredictable working hours.

 What can you afford?

So, can you really afford not to focus on the better factor and do you still believe you’ll be able to deliver IT services faster and cheaper without it? Can you afford to not reach an appropriate maturity level in your IT Operations? Can you afford to hire vendors who are lacking operational maturity?

If you think you can, my advice to you would be to take a closer look at your bottom line, particularly around hidden costs such as project delays, loss of business, and loss of potential business. It should become apparent quickly that fast and cheap will not deliver over the long term without the presence of better. It makes the most sense to partner with a vendor like Virtustream who can prove to you how mature their operations are and who will willingly discuss their operational best practices. Include certain maturity level requirements (for whatever level is appropriate for your organisation) in your future RFPs before hiring new vendors and make operational maturity a prerequisite. This will not only improve your overall services but will also contribute to increasing the maturity level of your own operations at a much faster pace.

The post Cloud Computing: How to Get Better, Faster and Cheaper appeared first on IT SECURITY GURU.

Doping – UK agency says no data lost in weekend cyber attack

Cyber attackers targeted British sport’s anti-doping agency over the weekend without gaining access to any data, it said in a statement on Monday. London-based UK Anti-Doping (UKAD) holds the test details and medical records of thousands of athletes, ranging from soccer players to high-profile Olympic medallists.

View full story


The post Doping – UK agency says no data lost in weekend cyber attack appeared first on IT SECURITY GURU.

25% decrease in DDoS attacks in Q4 2017: Verisign

There was a 25 per cent decrease in the Distribution Denial of Service (DDoS) attacks in the fourth quarter of 2017 as compared to the third quarter, a new report said on Tuesday. Verisign, a global leader in domain names and internet security, found that the largest volumetric and highest intensity DDoS attack observed by Verisign in the fourth quarter of 2017 was a multi-vector attack that peaked at approximately 53 Gbps and over 5 Mpps.

View full story

ORIGINAL SOURCE: Business Standard

The post 25% decrease in DDoS attacks in Q4 2017: Verisign appeared first on IT SECURITY GURU.

Cash-machine-draining €1bn cybercrime kingpin suspect cuffed by plod

European cyber-cops have felt the collar of a bloke suspected of running a network of crims that used malware to pinch €1bn (£874.8m, $1.24bn) from cash machines and other banking systems. The crew developed the software nasty Anunak, later updated to Carbanak, as well as cyber-weapons based on Cobalt Strike’s penetration testing toolkit. The gang lobbed this malicious code at more than 100 financial institutions around the globe from 2013 until 2016, we’re told.

View full story


The post Cash-machine-draining €1bn cybercrime kingpin suspect cuffed by plod appeared first on IT SECURITY GURU.

Iranian Hackers Charged Last Week Were Actually Pretty Damn Good Phishers

The group of Iranian hackers the US charged last week with hacking over 300 universities across the globe were actually master phishers astute at their craft, so much so that they used the same phishing lure for years without needing to change it.

View full story

ORIGINAL SOURCE: Bleeping Computer

The post Iranian Hackers Charged Last Week Were Actually Pretty Damn Good Phishers appeared first on IT SECURITY GURU.

GoScanSSH Malware Avoids Government and Military Servers

Security experts have discovered a new strain of malware that targets vulnerable Linux-based systems and tries its best to avoid infecting devices on government and military networks. The name of this new strain is GoScanSSH, and its name is a tell-tale sign of its main features and capabilities — coded in Go, use of infected hosts to scan for new ones, and the SSH port as the point of entry.

View full story

ORIGINAL SOURCE: Bleeping Computer

The post GoScanSSH Malware Avoids Government and Military Servers appeared first on IT SECURITY GURU.

Five on-the-ground insights on implementing endpoint security in the cloud

By Rick McElroy, Security Strategist, Carbon Black

Today’s “access-everything-anywhere-anytime” mobile data environment is great news for business productivity and performance but on the flipside it’s also a huge opportunity for cybercriminals. The increasing multitude of endpoints represents an ever-expanding playground in which to develop new ways of infiltrating corporate networks and making off with the digital goods. Malware, ransomware and a rising incidence of fileless attacks all constantly chip away at the perimeter while security pros now have to secure an environment that can comprise thousands of potential attack points. So, it’s not surprising that getting smarter about endpoint security is high on the CISO agenda and we’re seeing many turning to the cloud to cope with the scale and complexity of the task.

At Carbon Black we regularly talk to experienced CISOs who are in different stages of implementing cloud-based endpoint security and we see common threads – some operational, some strategic – running through those conversations. It’s also fascinating how these threads demonstrate the diverse skillset required by today’s CISOs. Here are five key insights that we’ve gleaned that will help anyone moving to cloud-based next generation security:

Before you start – know your data risk

When scoping your endpoint security strategy start by understanding what data is being accessed through your endpoints and its associated risk profile so you can devise an appropriate response in terms of mobile access to that data. This varies depending on the level of regulation in your industry. Linked to this is identifying compliance issues or privacy considerations that must be factored in when increasing endpoint monitoring – particularly if you operate in multiple territories. Having this understanding at the outset means you can devise a system that fits the challenge at hand, avoiding any surprises further down the line.

Layer it up to complement existing systems

Endpoint security has become a priority due to the expansion and increasing vulnerability of the network perimeter. It therefore makes sense to view moving to next generation endpoint security in the cloud as an evolutionary stage in an organisation’s security strategy. CISOs tell us that they see it as an additional layer that enhances their capabilities by delivering far greater real-time intelligence and visibility of the network, allowing them to detect and mitigate more attacks, faster.

At the same time as adding layers, though, they are aiming to keep a rein on the time and resources needed to manage their systems. This means that choosing products with intuitive management consoles and straightforward reporting is a key priority.

Balance security and system performance

For all that a breach in security could bring an organisation to its knees, try persuading users to tolerate any kind of slow-down in system performance and you’ll soon face a people’s revolt. The vast processing power of the cloud takes away the burden from on-premise systems and ensures that there is no user-detectable impact on performance. For CISOs this is one of the most important pillars in building the business case for moving endpoint security to the cloud.

People are your biggest security weakness – change management is crucial

Speaking of user impact, as employees become increasingly mobile they need to understand their own responsibility to protect the organisation. This is where, on top of all the other skills that today’s CISOs need, change management enters the mix. It is as much a psychological challenge as an operational one to create a security-conscious culture throughout the business.

As the lines between personal and business technology become increasingly blurred this actually represents an opportunity to frame cybersecurity as something that’s important across all aspects of our online lives: a security mindset shouldn’t be something you switch off when you leave the workplace. Education programmes that help users safeguard their home systems as well as the ones they use for work have more resonance and lead to smarter, more secure behaviour across the board, which has got to be a good thing.

Another angle is to make users feel a valued part of security. Explaining what the system is designed to do and how what’s being asked of them – e.g. adopting two-factor authentication – actually protects the network is a great way to create a sense of mission around security. CISOs also favour phased rollout – so users can receive adequate support during the adoption cycle and frustration is reduced.

Bring it to the board

Cybersecurity has shot up the board agenda thanks to a proliferation of high profile ransomware and DDoS attacks and the ever-tightening regulatory environment. Basic generalisations about the threat environment don’t cut it with the board anymore as directors want to know to what degree their business is under attack and what management plans to do about it.

CISOs are finding themselves more frequently invited to present to the board and this is a great opportunity to secure ongoing buy-in for endpoint security. Boards are motivated by understanding risk, so a powerful approach is to use the reporting capabilities of cloud-based security to demonstrate the number of security incidents that the system is encountering and neutralising on an ongoing basis. This offers an overall picture of the threat environment and demonstrates the importance of swift mitigation and forensic analysis of attacks to inform future strategy. With this evidence the board is better-positioned to assess risk in relation to business objectives and it is putting CISOs in a stronger position to bid for budget to protect the business.

There’s no doubt that implementing endpoint security in the cloud requires CISOs to draw on many very different areas of expertise: data management, privacy and compliance, business case building and change management to name just a few. What I take from our conversations is the knowledge that we, as solutions providers, need to support the whole process from start to finish – from the business user to the boardroom. At Carbon Black and we bring our expertise to complement that of our customers, protecting their business and making sure they reap the huge advantages of moving next-generation endpoint security to the cloud.

The post Five on-the-ground insights on implementing endpoint security in the cloud appeared first on IT SECURITY GURU.

UK launching Cyber Security Export Strategy today to support sales

The UK clearly sees its cyber-capabilities and its robust approach to security as an asset that it can offer to partners and allies and a driver of UK exports. Cyber-security expertise as a UK specialisation is being made more explicit later today  (Monday 26 March) when International Trade Secretary Dr Liam Fox launches the UK government’s new Cyber Security Export Strategy to promote UK expertise and strengthen defence capabilities in the UK and allied countries.

View full story


The post UK launching Cyber Security Export Strategy today to support sales appeared first on IT SECURITY GURU.

AGs urge Congress to change proposed data breach law

Mississippi Attorney General Jim Hood and 31 of his colleagues have written Congress to urge them to oppose parts of a pending bill that would allow businesses attacked by security breaches to take more time to notify the public.

View full story


The post AGs urge Congress to change proposed data breach law appeared first on IT SECURITY GURU.

Chrome Extension Detects URL Homograph (Unicode) Attacks

The team from has developed and released a Google Chrome extension that can detect when users are accessing domains spelled using non-standard Unicode characters and warn the users about the potential of a homograph attack. Miscreants often use such intentionally misspelled domains to lure users on phishing sites, where they collect user credentials or trick victims into downloading files laced with malware.

View full story

ORIGINAL SOURCE: Bleeping Computer

The post Chrome Extension Detects URL Homograph (Unicode) Attacks appeared first on IT SECURITY GURU.

Yes, Even Elite Hackers Make Dumb Mistakes

On Thursday, a report from the Daily Beast alleged that the Guccifer 2.0 hacking persona—famous for leaking data stolen from the Democratic National Committee in 2016—has been linked to a GRU Russian intelligence agent. What appears to have given Guccifer away: The hacker once failed activate a VPN before logging into a social media account. This slip eventually allowed US investigators to link the persona to a Moscow IP address. In fact, they traced it directly to GRU headquarters.

View full story


The post Yes, Even Elite Hackers Make Dumb Mistakes appeared first on IT SECURITY GURU.

The dawn of the Robot CEO: Are we making it easier for cybercriminals?

Adam Maskatiya, General Manager, Kaspersky Lab


Earlier this year, Alibaba CEO Jack Ma made headlines for proclaiming the imminent arrival of the robot CEO. He told an audience at a conference in China that we are only decades away from having robots run our companies. He backed that claim up shortly after via a television interview with CNN, predicting that, in 30 years, a robot would grace the cover of Time Magazine.

As implausible as that scenario might seem to some, he’s not isolated in his thinking. Earlier this year, SoftBank CEO Masayoshi Son spoke at Mobile World Conference 2017 about the concept of ‘singularity’ – the point at which machine intelligence will surpass our own and start improving itself at an exponential rate – which he predicts will happen as soon as 2047.

In fact, the entire jobs market looks set to suffer from the rise of robotics and AI – results from a report by Nesta, published this month, include widespread predictions that 40 to 60 per cent of jobs could be lost to robotics and artificial intelligence by 2030, as many become automated.

When taking into consideration the advantages that robots hold over their human counterparts – having continuous availability and working without breaks, holidays or even sleep – robot CEOs may seem an attractive prospect to a company board. A human CEO working 16 hours a day, 5 days a week would still do less than half the hours of a robot CEO in 7 days.

Not only that, but the variables to which humans are subject (chiefly emotions) wouldn’t have any bearing on performance. In many ways, a robot CEO would make a lot of sense.

So where does this leave us? Well, if we are to believe the hype, it won’t be long before speculation over the size of the CEO’s salary and bonus becomes irrelevant, and the corner office (not to mention the best parking spot in the building) will be up for grabs. It might not be that bad after all, right?

Well, there are some potential pitfalls of course. Aside from the obvious fact that your new robot boss might lack the emotional intelligence needed to navigate complex people issues, there’s also the issue of vulnerability to tampering, or hacking.

Human factor: the saving grace?

A human CEO can be corrupted by outside influence, but generally they have the freedom to make up their own minds and will face life-changing consequences should their impropriety be discovered.

Robot CEOs on the other hand, could be completely ‘brain-washed’ by cybercriminals. For all of their incisive decision making and their unfaltering commitment to the company’s balance sheets, board and shareholders, a robot CEO could effectively ruin a company in seconds, or – if obfuscation is the game – quietly skim the company of profits in a ‘death by a thousand cuts’ approach.

Kaspersky Lab researchers think the idea of robot CEOs is intriguing, but has some very real concerns about a future where robots are given too much responsibility.

Cybercriminals go where the money is. That means if the robot stands between them and the possibility of substantial financial gain, they’ll find a way to exploit it. It’s always a cat and mouse game in cybersecurity. We come up with a defence; they find a way around it. It would be no different for a robot CEO.

One example could be a firmware level attack, such as was seen in 2015 when Kaspersky Lab researchers uncovered the Equation Group APT. A threat of such an advanced nature would be very expensive to create, but hard to detect and could have devastating consequences for the robot (and anyone relying on it). Kaspersky Lab researchers believe such an attack, is not beyond comprehension. There are currently plenty of attacks on robots that make critical decisions. Robot CEOs will face the same challenges.

Does this mean robot CEOs are simply inviting cybercrime to the door?

CEOs in the cybercrime crosshairs

Towards the end of 2014, Kaspersky Lab researchers uncovered the Darkhotel APT hacking campaign, which was aimed at stealing swathes of data from the laptops of thousands of senior business people from across the globe. The victims were specifically targeted according to their seniority and the likelihood of their laptops containing sensitive company information.

CEOs make excellent targets for cybercriminals. They have access to, and often store, all manner of sensitive information on their laptops and mobile devices that could be used in a multitude of ways by a nefarious hacker. Whether directly to achieve ill-gotten gains, indirectly to more easily gain access to a company network, or (as is becoming increasingly common) to carry out CEO fraud.

CEO fraud is growing fast. According to Kaspersky Lab’s most recent research, one fifth (21%) of phishing attacks targeting businesses globally now involve communications from a cybercriminal masquerading as the boss.

In fact, so prolific is CEO fraud now that Cisco recently claimed Business Email Compromise (BEC), as it is otherwise known, earns more money for cybercriminals than ransomware. In its mid-year cybersecurity report, citing data from the Internet Crime Complaint Center, Cisco claims that between October 2013 and December 2016 business email compromise (BEC) resulted in £3.9bn being stolen from businesses – equating to £1.25bn a year. In comparison, ransomware exploits took £740m from businesses in 2016.

CEO fraud has serious implications for business. Last year Brussels-based Crelan Bank lost USD $76 million to CEO fraud in one of the largest known attacks. While such considerable rewards are on offer, there’s little doubt that CEOs will continue to be one of the favourite targets of cybercriminals.

The importance of security by design

Whether a robot CEO would have greater ability to defend against such attacks is question that can only be answered in time. Until then, one thing is certain. Before we start entrusting robots with executive decision making powers (in fact, before we even build them), a great deal of thought will need to be put into the security systems and safeguards around such technology.

The arguments for and against robot CEOs are equally powerful. But whether biological or artificial, CEOs will always be attractive targets and in need, therefore, of intelligent and layered protection from the cybercriminals who would seek to prey on them.

The post The dawn of the Robot CEO: Are we making it easier for cybercriminals? appeared first on IT SECURITY GURU.

Cryptocurrency sites hit hard by DDoS in Q4 2017

Imperva has released its Q4 2017 Global DDoS Threat Landscape Report and key findings reveal that the cryptocurrency industry continued to draw the attention of DDoS offenders, ranking as the fifth most attacked industry during the quarter alongside some of the more regular attack targets.

Imperva says that the increase in attacks against bitcoin-related sites is likely linked to a growth spike experienced by the industry late last year when cryptocurrency prices reached an all-time high. As prices have since subsided, it will be interesting to see if the overall number of attacks declines as well in the coming months.

Igal Zeifman, security evangelist at Imperva, said: “In the second half of 2017 the cryptocurrency industry became an attractive target for DDoS attacks, now ranking as the fifth on the most attacked list. While it hard to know for sure, it is likely that many of these attacks were driven by the accelerated financial growth the industry had experienced in the last month of the year. This, together with the resulting media coverage, likely drew the attention of bad actors. Another contributing factor was likely the relative lack of security readiness of the young industry, that has been flourishing in an accelerated pace and hasn’t had time to adequately address the security concerns that come with that growth. Whatever the reasons are, data collected by us in the last six months of 2017 shows that attacks against crypto industry are now the new norm. ”  

Application Layer Attacks Double, Assaults Become More Persistent

The report also revealed that the number of application layer attacks nearly doubled in Q4 2017, just as the number of network layer assaults declined.

This quarter, Imperva saw a spike in the number of application assaults, which increased 43 percent over their Q3 levels. Network layer attacks, on the other hand, fell by more than 50 percent since last quarter. In the case of network layer attacks, the number of repeat DDoS assaults went up to 67.4 percent, compared to 57.8 percent in Q3. However, the average number of attack decreased, as most of the repeat assaults consisted of two to five bursts.

Interestingly, even as the number of application layer assaults went up and network layer attacks decreased, both became more persistent. Imperva’s data shows that 63.3 percent of application layer DDoS targets were subjected to repeat attacks, up from 46.7 last quarter. The increase in attack persistence reflects the growing ease with which bad actors can launch multiple DDoS attacks. Today, even if a mitigation service is able to deflect an initial attack, perpetrators have every reason to try again and again, until they take down their target or grow bored and move on

The post Cryptocurrency sites hit hard by DDoS in Q4 2017 appeared first on IT SECURITY GURU.

The Key Challenges of Migrating Databases to the Cloud

By Roberto Mircoli, EMEA CTO for Virtustream 

As enterprises continue to embark on their digital transformation journeys part of this change may involve migrating in-house applications, databases and data to the cloud.  But while all the benefits of cloud are widely understood, migrating a database or an application to the cloud is not always smooth sailing and there can be challenges to overcome when transitioning.  Here I wanted to highlight some of the steps enterprises should take to ensure their database migration is successful.

Why migrate to the cloud?

Let’s first look at why organisations might want to migrate their mission critical database to the cloud. As stated above, the benefits of cloud adoption have been widely documented over the last few years. Factors such as convenience, scalability, flexibility, and economic efficiency, all leading to improved productivity being the key takeaways. During the first wave of cloud adoption we saw that the main benefit was the cloud’s availability of low-cost IT infrastructure, which suited project-based development, Test & Dev, and DevOps. Now during the current wave of adoption, we are seeing more mission critical applications and a wider range of workloads migrating to the cloud. The net effect is a shift up the stack with an increased emphasis on application availability and assurance. Along with this, cloud environments are becoming more manageable, which enables companies to focus on more strategically relevant IT tasks such as defining transformative IT services for their internal and external users.

With the rise of remote working, the ease of access that cloud provides to its users is important. With cloud accessible from a multitude of devices, employees have access to vital information wherever they are located.  What we are seeing more often now is organisations migrating mission critical applications into the cloud including workloads with a variety of requirements. Furthermore, cloud migration enables very effective disaster recovery and hi‑availability options for geographically‑distributed businesses. 

Don’t migrate half-heartedly 

Migrating workloads to the cloud is a strategic decision for an organisation, as it underpins the transformation towards a more agile and business-aligned operating model for their IT. Because of this, I would avoid migrating half-heartedly. If you are going to migrate to the cloud you should move over as much as possible. While a database can be migrated to the cloud independently, it usually makes more sense – technically and strategically – to also migrate with it the applications which are served and interact with it in order to take full advantage of the benefits of cloud. 

If you are going to migrate a database to the cloud in isolation without its associated application, it’s crucially important to rely on specific expertise both for the migration and the following service management related to it. The migration should consider all the interdependencies and resource requirements to guarantee performance, availability and security in the cloud; and adequate service management skills are key to ensure proper configuration and change management. That’s why when it comes to a mission critical database, those serving an ERP system – a specialised enterprise‑class cloud provider which also provides managed services and SLAs – should be considered over general purpose or pure‑IaaS cloud alternatives.

Three key reasons why enterprises don’t migrate to the cloud 

Enterprises are often cautious about putting their mission critical workloads into the cloud for very specific reasons: 

  1. Security and compliance. Often security burdens are so heavy that enterprises are cautious about considering alternatives.
  2. Performance degradation. Many enterprises cannot compromise on the performance of mission critical apps.
  3. Availability. If users cannot access applications, they are unproductive; workflows are stifled and the business is up in arms. That’s exactly what Enterprise‑class cloud providers which specialise in mission‑critical workloads effectively address, with a combination of ad hoc cloud architectures and cloud management tools as well as stringent operating principles and expertise.

For example, rather than using a general‑purpose cloud architecture, with Enterprise‑class cloud providers who specialise in mission‑critical workloads, enterprises can utilise dedicated individual VRF domains. VRF is a network virtualisation technique used by Telco Providers, the same one used to isolate MPLS circuits. This helps in isolating domains in a multi-tenanted cloud, with many benefits in terms of security, compliance, resource utilisation and optimisation of network topologies and segmentation. This option provides enterprises the freedom of the public cloud while still keeping it virtually private and as secure – or even more secure – than what they have on-premise.

Make sure you have a plan

With any large scale programme of work like moving a mission critical application into the cloud, the first step is to devise a plan. By doing so, organisations can avoid the worst-case scenarios that may appear both during and after the migration. This plan should cover what features you require in the cloud and what steps are being taken to secure this data. It is also important to truly understand the cloud environment being used, whether Private, Public, Hybrid or Multi-Cloud, as no one cloud does it all, and different use cases require specialised attributes. Therefore, preparing and understanding the use case is another important requirement.

There is another key aspect, which is the complexity of different application environments. They don’t live in isolation. There is a lot of interdependency between different application modules or between the applications and the databases. The way those interdependencies are sustainable in a private cloud environment is via very sophisticated network topologies through the use of VLANs, etc. These are the driving principles which govern the network or VLAN configuration in a private environment. When you consider moving legacy applications to the cloud, you don’t want to disrupt those configurations, topologies and related private IP addressing schemes, as the ripple effect could be fatal. Lifting and shifting to a standardised cloud environment just won’t work here. 

And finally – cost efficiencies 

The biggest cost of mission critical applications and databases is not building them and starting them up, but rather the total cost of running them. Migrating a database to an enterprise‑class specialised cloud gives access to a set of automation tools and operating templates which reduce human intervention and improve speed and accuracy for most of these important tasks, while significantly reducing the associated operating costs.

The post The Key Challenges of Migrating Databases to the Cloud appeared first on IT SECURITY GURU.

New ransomware Zenis will delete backup files even if victim pays

A self-proclaimed “mischievous boy” who calls himself “ZENIS” unleashed ransomware attacks that encrypt the files and then purposely deleted the backups. Discovered last week by MalwareHunterTeam, Zenis uses a customized encryption method that warns recipients to pay up or risk losing forever their infected files.

View full story


The post New ransomware Zenis will delete backup files even if victim pays appeared first on IT SECURITY GURU.