Author Archives: Paul Hamilton‏

Prerequisites of IoT Security: Software, Network, Physical

IoT Security focuses on protecting networks and connected devices in the Internet of Things. For the readers who are new to IoT, it is a system of connected computing devices, digital and mechanical machines, animals, people, and objects. Each aspect has a unique identifier and an ability to transfer data on the network automatically. Once these devices are on the internet, they encounter grave vulnerabilities without proper protection.

Some recent high-profile incidents have surfaced, thus making IoT security a pressing topic. Cybercriminals use traditional devices to infiltrate and attack a network. Therefore, it is crucial to implement safety standards to ensure the protection of the IoT networks and their agents.

Challenges in IoT Security

IoT security has some difficulties in establishing end-to-end protection of devices and networks. Networking appliances are relatively unfamiliar, and protection isn’t even a crucial consideration in designing products. Moreover, the infancy stage of the IoT market makes manufacturers and product designers desire to present their products to the market quickly. These people disregard security in their devices, even in the planning phase.

A primary issue in IoT security is the use of default or hardcoded passwords because it can result in security breaches, even if users change them. Not providing strong passwords can still lead to infiltration. Moreover, IoT devices have resource constraints and don’t have the necessary compute capabilities to implement robust security. For instance, temperature or humidity sensors can’t handle measures such as advanced encryption. 

Furthermore, IoT devices hardly ever receive patches and updates because, from the viewpoint of the manufacturer, built-in security is costly, limits the functionality, and slows down development. 

Legacy assets can’t take advantage of IoT security, and replacing the infrastructure is expensive, so experts use smart sensors retrofitted on them. However, these assets haven’t been updated and don’t have protection against modern threats. As such, an attack is very feasible.

Many systems offer limited updates, and security can lapse if the organization doesn’t provide additional support. Thus, additional protection can be challenging because various IoT devices remain in the network for extended periods.

Moreover, there are no industry-accepted criteria for IoT safety. Frameworks exist, but industry organizations and large corporations can’t agree on a single structure. Each has its specific standards, while industrial IoT has incompatible and proprietary standards. Thus, the numerous measures make it almost impossible to secure systems and ensure interoperability.

The convergence of operational technology and IT networks create various challenges for security teams. Many of the personnel have the task of ensuring end-to-end security and protecting systems outside of their expertise. The involvement of a learning curve compromises protection as IT personnel must have the appropriate skill sets to handle IoT security.

Organizations must take the necessary steps to seek a shared responsibility for security. Manufacturers, service providers, and end-users must play an important role. Prioritization of privacy and protection of devices, and default authorization and encryption, for instance, must take place. However, end-users must also accept part of the burden to ensure that they take the necessary precautions like changing passwords, using security software, and installing patches as needed.

IoT Security as an Obstacle to Technology Adoption

The security of the Internet of Things is a primary obstacle to successful technology adoption. This observation is correct even when you’re only in the early stages of deployment planning.

We look at three significant angles of this complicated issue, especially when you’re laying out the deployment of IoT sensors in your setup:

  • Software security patches
  • Network
  • Physical device

Software Patches

Some sensors of the Internet of Things have many built-in computing capabilities. Therefore, these devices may not accept remote updates and patches or run a security-software agent. This problem is tremendous and worrisome because of the daily discovery of software vulnerabilities that target IoT. If there’s no capability to patch these loopholes upon detection, you have a pressing issue.

Furthermore, some devices don’t have decent security and aren’t patchable. The only way to solve the dilemma is to search for a different product that does the functional task and provides more protection.

Discovery and Networking

One of the toughest problems to solve is securing the backend and IoT sensors connections. A majority of organizations don’t even know all their devices on their network. Therefore, device discovery is critical for the network security of the Internet of Things.

A primary explanation for the lack of visibility is the operational technology of IoT. The IT staff has no sole administration of network because even line-of-business personnel can connect devices to the system. There is no protocol to inform the tech group in charge of maintaining network security. Network operations people now have an unaccustomed headache because they used to control the topology of the entire network.

Aside from the close cooperation of IT personnel with the operations staff of the business, network scanners can automatically detect devices on the system through techniques such as network traffic analysis, whitelists, and device profiles. These factors ensure proper provisioning and monitoring of device connections on the network.

Physical Access

Frequently, physical access is a significant and straightforward concern for traditional IT security. Data centers have strict security, and switches and routers are in locations where unauthorized people can’t access or fiddle these peripherals discreetly. 

However, for the Internet of Things, well-established security practices aren’t evident. A few IoT implementations are easy to secure. A misfit can’t tinker with state-of-the-art diagnostic equipment in a secured hospital. The hacker can’t fiddle with intricate robotic manufacturing equipment in a limited access factory floor. Compromises can occur, but if a felon is still a threat even in secure locations.

Consequently, equipment around the metropolis, such as smart parking meters, traffic cameras, and noise sensors are easily accessible to the public. Soil sensors in agricultural areas and other technology in a sufficiently remote place aren’t safe either.

Diversified solutions are in place. For instance, enclosures and cases can stop a few attackers, but these things may be impractical in some situations. Video surveillance on these machines can also be a point of the intrusion. Thus, the IoT Security Foundation advocates the disabling of ports on a device. However, this recommendation isn’t necessary in some cases where there is a need for them to perform their functions. Moreover, it recommends implementing tamper-proof circuit boards and embedding these circuits in resin.

The post Prerequisites of IoT Security: Software, Network, Physical appeared first on .

Checking for Malware on Your iPad

If you own a jailbreak-free iPad, you have the assurance that your device is virus-free. Moreover, you’re safe from any vital issues caused by malware because it doesn’t target iPads exclusively. On the other hand, you must still be watchful of some concerns that you’ll find out here.

Although a virus can’t wreak havoc to your iPad, some threats like malware exist. For one, phishing scams can fool you to provide your password on a fraudulent recovery page you received. Cybercriminals can send you messages, like the ones you receive on your computer, to your iPad.

Various methodologies can verify if it’s a phishing scam or adware, and you don’t need to buy them. Moreover, you can protect your device from these issues and avoid malware if you’ve jailbroken your iPad. We invite you to continue reading to understand how you can protect your table from malware and fraudulent advertisements. Also, we’ll tell you how to keep your electronic device safe.

Checking for Malware and Other Problems on Your iPad

You can find out if your iPad is a victim of a phishing scam or adware by examining the URL of the site you’re visiting on your web browser. If there are wrong spelling or many letters and numbers, you’re most probably visiting a scam page, so you must exit it immediately.

If you continue to receive messages that you have a virus or malware on your device, either through a page or in a pop-up ad, you must free the cache of your iPad. However, you must understand that you’re also clearing your saved passwords. This scenario is truly annoying, but you have no choice but to enter them again. You may avail of a password manager before you clear your cache, so you won’t encounter problems about re-saving them. You can return to your routine iPad use immediately.

After securing your passwords, you can now proceed to Settings and tap Safari. Then, you can rap on “Clear History and Website Data,” which you can find at the lower portion of the page, before finally tapping “Clear.” You won’t be receiving the virus or malware warning.

If you receive a weird email notification, you can verify the email address. Just like what we did with the webpage, the email address mustn’t contain any misspellings. Also, it must be the official email address of your subscription or account. You can report unauthorized email as a scam before deleting it from your inbox.

If you’ve jailbroken your iPad, you need to think about your recent downloads and answer these questions:

  • Did you download any apps outside of the app store?
  • Did you download an app from a company that you can’t verify?
  • Are you having issues with a specific app that acts oddly?

Most probably, your problem is with the app, so you must check the company’s social media pages for any announcements. Moreover, you must ensure that you have the latest version of the app. If you have an updated app and you can’t find any reported issue on social media, you can uninstall it. Then, you must verify if you’re still experiencing problems on your device. If your iPad works find, you’ve found your malefactor.

You may search for an alternative software for that function. If you’re still experiencing issues, you can check the other downloaded apps or files. You may try uninstalling each app to see if it fixes your problem. If you’re getting unreliable information from your iPad, you can check the tips we shared here. You can protect it, so you won’t have to face the same issue over and over again.

Protecting Your iPad

We discussed verifying email addresses and URLs in the previous section. You must do so before you provide information or click links. Aside from doing these things, you must ensure that you update your apps and iOS as needed. Apple and software developers offer updates from time to time to add security features or as direct responses to malicious codes and hacks. If you want to secure your iPad from phishing scams, malware, and adware, you must ensure that you keep abreast of software updates.

Moreover, you mustn’t jailbreak your device to make it repairable and safe. Many Apple Genius bars won’t help you if you’ve jailbroken your device. However, if you still decide to jailbreak your iPad, you must follow these safety precautions. First, you must avail of a VPN, so outsiders can’t target your device as you browse online. 

Furthermore, if you want to download apps, you must ensure that you do so from reputable developers. You can install anti-virus software to ensure that your iPad is more secure against any malicious attempts from hackers. This app can provide security like device wipe features, additional web protection, and remote locks. Often, restarting your device can reset your device if malicious apps have infiltrated it. Doing so also kicks out hackers who have accessed your iPad remotely. Also, periodic clearing of cache can flush out adware before it can trick you, or it becomes an annoyance.

Finally, you can protect your iPad through regular backups. You may back up so to your computer or cloud storage. This way, if a malware enters your system, you can merely restore your iPad to factory settings. Clean backups can prevent malicious malware infection, and you can have your device functioning sooner than expected.

iPads are safe from viruses and malware, but they can be vulnerable to a few attacks. If you know some essential information, you can keep your device safe. Moreover, you can protect it in advance by following the tips we provided.

Protecting Your iPhone from Viruses

Malware, viruses, and adware can be lurking in every corner of the Internet. Many users believe that their iPhone is safe from the influx of viruses because this information was public knowledge some years ago. However, this info isn’t accurate anymore; therefore, you must shield your iPad and iPhone from these malicious infections.

The post Checking for Malware on Your iPad appeared first on .

What is the Future of Cybersecurity?

We all know of the exponential growth of cybercrimes. The question now is, how do we stay ahead of a possible data breach? Some experts in the commercial real estate have their say on what’s in store for cybersecurity.

We’ve heard of the recent Capital One hacking. A person was able to access its 100 million credit card applications and customer accounts single handedly. Various real estate executives started scrutinizing their systems and data to determine how safe they are against cyber intrusions. By 2021, cybercrime damages can reach trillions around the world, so businesses need to be on top of the situation.

The acceleration of building processes and functions automation also increased the need for cybersecurity. The continuous takeover of the Internet of Things also pushed more information to the cloud. However, machine learning and artificial intelligence have become more efficient, thus decreasing the potential of human error. Consequently, they also increased the possibility of cyber threats. Since building technology changes each day, what then happens to cybersecurity?

Cybersecurity isn’t only a concern for computers and smartphones; but, of the entire infrastructure. The commercial real estate industry often overlooks the security of their physical assets and focuses on the interconnected devices of their employees only. Building cyber invasions have been occurring rampantly, and many operators and owners only decide to spend money on cybersecurity when hackers wreak havoc on their business.

A hacker can change the security systems, open or lock some doors, or shut down the electricity. Building owners prioritize cybersecurity when it’s too late. In the 2019 Cost of a Data Breach Report by IBM, it reported that it takes about 279 days to determine and control a breach. On the other hand, the lifecycle of a cyber-attack takes around 314 days.

Today, hackers perform sophisticated attacks and not only infiltrate technology and machines. Phishing schemes are after high-level deal makers and executives. A cybercriminal may write to a manager to inform him that they haven’t received the payment for a transaction he closed recently. Organizations may not be liable in this example, but the scenario is a poor reflection on them. They may have future problems handling transactions.

In the recent Commercial Real Estate Outlook released by Deloitte, it found out that the top three effects of cybersecurity breaches are:

  • damage to reputation
  • financial fraud and theft
  • identity theft.

What’s missing?

According to experts, the only way to reduce the cyber-attack risks on businesses and assets is to invest in an appropriate cybersecurity program. IBM estimated the total cost of a data breach to about $3.9 million. Forming an incident response team and using encryption can lessen the impact of a massive hack by about $360,000.

The success of a cybersecurity program relies on having a sustainable plan to address specific risks to the organization. Although real estate companies aren’t in the business of cybersecurity, they still must determine the risks, limitations, and budgets in countering any cyber-attacks. 

In a Deloitte survey, respondents reported the top three challenges of cybersecurity management:

  • rising complexities and accelerated IT changes
  • lack of administration detailed response
  • ineffective security fixes due to interoperability and functionality issues

Extensive prevention programs don’t need to be complicated. Executives must see cybersecurity as a timeline and not as a simple one-time incident.

Conventional IT organizations always assess different industries, but no one talks about the operational technology of buildings and their risks. Moreover, operators and owners must be proactive instead of reactive in their efforts to prepare against cyber-attacks, so cybersecurity standards must conform to the continually evolving building technology. Therefore, board members and leaders must be in the loop to create a close alignment with the business strategy. Also, they need to conduct cyber risk assessments and scenario planning and ensure employee awareness of their responsibilities. Everyone must practice vigilance.

The significance of cybersecurity will continue to evolve as a threat, and business scenarios continue to become more complex. Moreover, regulatory oversight and functions can take a more active role and must cut across geographies.

The Cybersecurity Outlook

The compelling question is, “who should be the most responsible for the cybersecurity of a real estate company?” Other people articulate that the data property owners collect from their tenants is an enormous issue because the protection of sensitive information and system data must be paramount. The staff of building management must be accountable for any specific events that can occur. On the other hand, some experts point to the IT department as the primary group that must put in place a robust cybersecurity program together with its IT infrastructure.

Building owners and operators must be aware of the risks and understand that the involvement of all functions and departments must be present in preventing or mitigating these risks of cyber-attacks.

The aptest answer lies in the middle. Many experts believe that building operators and owners must discuss with outside vendors and their internal IT providers for every property they have. They must draft a plan to protect the physical assets and the network. The solution lies when the puzzle pieces fit together. It may be the integration of a technology system into real estate or vice versa.

Excellent cyber hygiene begins with data governance. In a building organization, cybersecurity isn’t an IT issue, but a risk mitigation issue. Each individual and department has a significant role to play in thwarting any cybersecurity attacks.

Final Remarks

Cybersecurity is an issue that concerns everyone in the commercial real estate industry. Hackers and cybercriminals perform coordinated and sophisticated attacks to ruin the most secured IT infrastructure. Therefore, organizations must take brave steps to counter them. They lose more money if they aren’t earnest in protecting their infrastructure and physical assets. This predicament isn’t the only issue that they must overcome. They also lose credibility, and their reputation suffers when they become victims of malicious and fraudulent attacks. Therefore, the significance of instituting a robust cybersecurity program is now a requirement and not just a whim.

The post What is the Future of Cybersecurity? appeared first on .

Why Use a Content Delivery Network (CDN)?

A Content Delivery Network (CDN) is a collection of interconnected computers that provide web content quickly to different users. It caches or duplicates the content on various servers and directs it to users based on proximity. The focus is to offer end-users content with excellent performance and availability. Today, CDNs hosts web objects, applications, downloadable objects, on-demand streaming media, real-time streaming data, and social networks.

A user requests content such as a file, video, or webpage. A CDN system dynamically determines the closest server to him and quickly delivers it to him. It is also responsible for replicating it to numerous servers around the world to serve similar content to various users even during peak times.

Who Can Use Content Delivery Network?

If you have rich digital content, you can take advantage of a CDN. Your users can access your software, game, media, and other information quickly and reliably. Consumers are after an excellent online experience when they watch a movie, play a game, stream an event, or shop online. If you’re able to provide what they need and want, they’ll surely be back for more of your content. In 2017, the estimated worth of the CDN services worldwide market was close to US$6.9 billion.

Pros of CDN

If you generate immense traffic on your site every day, you can use a content delivery network to your advantage. Numerous users access your content simultaneously. They may troop to your website because of a viral video. If they can’t access it quickly, they won’t spend another second to wait for it to load. They won’t even scour your other webpages. They’ll decide to leave immediately.

You don’t want that to happen, do you? Then, you need to use a CDN!

 

  • A Decrease in Server Load

 

The strategic placement of servers around the world is the backbone of the content delivery network. If you use it, your web can experience increased capacity. Moreover, you can have more simultaneous users accessing your content. Instead of housing your content in one server, it can be in more servers across the globe.

 

  • Faster Delivery of Content

 

Because CDNs are more reliable, you can provide high-quality content with excellent service and low server loads. It means more cost savings for you. Since jQuery is everywhere on the web, someone may have accessed specific content previously through the Google CDN. Therefore, the browser has already cached it, and the user doesn’t need to download it again.

If the edge server hasn’t cached the content yet, CDN can traverse the breadth and length of the Internet through its programmed interconnection knowledge in its network. As such, it doesn’t encounter any peering challenges among numerous ISPs, DNS resolution lost time and lost packets because of network outages. Moreover, advanced networks use specific technologies that can tackle dynamic contents that aren’t cacheable.

 

  • Easier Segmentation of Audience

 

CDNs can offer multiple contents to diverse users. They can detect the type of device making the request. As such, they can provide device-specific content.

 

  • Lower Pocket Loss and Network Latency

 

Users experience enhanced stream quality and less jitter with CDNs. Therefore, as a content provider, you opt to create high definition quality without the extra costs and network load. Moreover, your audience will notice the high-quality service you provide them.

 

  • Better Usage Analytics and Higher Availability

 

A content delivery network is capable of distributing assets dynamically to core, edge, and fallback servers strategically placed in different countries. It can offer real-time load views and statistics, optimize per-customer capacity, and report customer-viewing details. Moreover, it can display dynamic regions and show preferred assets. It can also provide 100% availability, even when there is widespread hardware, network, or power outages.

When we say availability, it means that your content is easily accessible even during intermittent spikes, excessive user traffic, or possible server outages. If the traffic loads reach thousands, if not millions of requests, even the most robust origin servers can bog down. Your origin infrastructure will absorb all the traffic that can cause it to fail. This scenario can result in lost business and terrible experience for the end-users. However, if you avail of CDNS, you gain access to its massive server infrastructure around the world. Your content remains available to more user bases.

 

  • Security and Storage

 

CDNs provide secure storage for content like videos. Moreover, they offer enhanced and archiving data backup services. Digital Rights Management ensures the security of content as well as access limitation by user authentication.

High-value online transactions and data continue to increase; therefore, hackers also work nonstop to find ways to exploit the situation. They cause businesses to lose money. In a 2015 report by the Ponemon Institute of Cyber Crime, the world lost an average of US$7.7 million because of crimes perpetrated by these attackers. Web-based and DDoS attacks, as well as crimes by malicious insiders, result in the most expensive damages.

Attacks like SQL injection, remote or local file inclusion and cross-site scripting are also prevalent as they divert attention. Often, it is difficult to differentiate between legitimate and bad traffic. Thus, dedicated security resources must evolve rapidly for up-to-date mitigation strategies.

You can prevent these issues from happening if you take advantage of a content delivery network. You need to protect your websites because of the increasing Internet threats. Advanced CDNs secure information competently by offering unique solutions to protect you and your user. Various attacks that may compromise your content availability and delivery, but hosting your content in a content delivery network can mitigate them.

Conclusion

A content delivery network (CDN) is an essential service that you need if you’re a content provider. End users now demand a satisfying experience, so they won’t be patient with slow downloads.. If you can’t provide fast and competent loading of content, chances are they will search for information on other websites. Of course, no one wants users losing interest in his content and leaving the site for good. So, search for a CDN provider today. 

 

The post Why Use a Content Delivery Network (CDN)? appeared first on .

Singaporean Unlawful Mining Indicted in the United States

A citizen of Singapore was arrested in the United States for a large-scale mining operation using robbed identity and credit card data.

The 14-count indictment notes that between October 2017 and February 2018 the man, Ho Jun Jia, also known as Matthew Ho, 29, ruled the illicit crypto-mining scheme after a rise in digital coin popularity and price.

The scheme has largely been driven by fraud and identity theft. It has supposedly opened accounts with various US cloud service providers using a popular California Video-game developer’s robbed identity and credit card data. He used these accounts for crypto-currencies like Bitcoin and Ethereum.

The prosecution also argues that Ho has built a network of fake e-mail accounts and used social engineering to manipulate Cloud Computing providers to accept the’ higher account rights’ and increased the ability and the power of the system to process and store them and delayed billing.’

According to the indictment, during the project, Ho accessed over $5 million in unpaid cloud computing services. For a short time he was one of the biggest consumers of information by amount for Amazon Web Services (AWS).

Before the scam was revealed, the accounting staff of the California game developer paid several bills.

In addition to the AWS accounts, the defendant opened accounts with Google Cloud Services that were discovered by a Texas resident and established a tech company in India.

Ho was arrested in Singapore on 26 September 2019 and charged for alleged crimes committed under Singapore law. Ho is now under investigation.

The Department of Justice states that if found guilty, Ho faces up to 20 years ‘ imprisonment for wire fraud and up to 10 years ‘ incarceration for access fraud because aggravated identity theft will make him have a two-year prison obligation to continue with any other punishment levied in that case.

The post Singaporean Unlawful Mining Indicted in the United States appeared first on .

Patches for Internet Explorer Zero-Day Causing Problems for Many Users

Microsoft released a new series of security patches in Internet Explorer for a zero-day bug, originally addressed on September 23. The original updates introduced some printing problems, but the new ones seem to be unstable too.

Tracked as CVE-2019-1367, the default was considered to be a memory error that could lead to execution of remote code. Internet Explorer 9, 10 and 11 have been found to be affected and vulnerability hackers had already been attacked, Microsoft said last month.

Adversaries who want to exploit the vulnerability must trick unsuspected victims to visit a malicious website using insecure Internet Explorer versions.

“The vulnerability can corrupt memory so that an attacker could run arbitrary code in the current user context,” states Microsoft in his advisory.

On 3 October, the technology giant decided to push a further package of bug fixes, stating that some users encountered some printing issues after the original patches were applied.

“To deal with known printing issues, customers can experience a new security update or IE Cumulative update released on 23 September 2019 for CVE-2019-1367 by Microsoft for all existing Internet Explorer 9, 10, or 11 installs on Microsoft Windows,” says the company.

Although Microsoft claims that the cumulative fixes are meant to address issues that users have encountered with their printers since installing the initial CVE-2019-1367 update, many argue that it actually causes problems with the out – of-band Update.

Users have complained to BornCity and other websites that cumulative changes have caused problems with printing and booting and, in some cases, caused a crash in the start menu.

According to Microsoft, the cumulative changes to IE are different from the Tuesday Release of October, scheduled for tomorrow, October 8.

The post Patches for Internet Explorer Zero-Day Causing Problems for Many Users appeared first on .

Cobalt Hackers Linked Magecart Team

Security researchers were able to connect one of the Magecart hacking groups with the notorious threat actor known as the Cobalt Group.

Magecart hackers entered the spotlight last year, following the high-profile infringements at Ticketmaster, British Airways and Newegg, but were active for at least a decade, says RiskIQ.

There are many groups operating under the Magecart umbrella, with the network flooding the Internet, explains RiskIQ in a new report that identifies dozens of known groups and over 570 domains of command and control (C&C).

Nevertheless, a recent study by security researchers from Malwarebytes and HYAS Threat Intelligence shows that some of these groups seem to be connected to more influential threat actors.

While Magecart Group 6 has previously been associated with FIN6 hackers, Malwarebytes and HYAS have now exposed connections between Group 4 and the Cobalt Gang, including similarities in the email addresses used for domain registration.

However, the researchers clarify that Group 4 performs customer and database skimming, separating it from most of the Magecart groups that cover the former.

One of the client-side skimmers of Group 4 were concealed within the jquery.mask.js plugin and added at the end of the file. The skimmer also had some shielding surfaces.

A server-side skimmer was incorrectly used as a JavaScript by a PHP script. The software was designed to find certain keywords related to financial transactions and send the application and cookie data to the database of the attacker.

The domains were registered in both cases on robertbalbarran(at)protonmail.com and reported by RiskIQ previously.

In view of their exfiltration gates, Malwarebytes and HYAS were, however, able to connect them to other registrant addresses, and recognise the pattern.

This is the same strategy that has been used by the Cobalt Group not to mention that in both cases the same e-mail service, registrars and privacy services are used. Furthermore, 10 of the accounts exchanged two IP addresses, also months apart, irrespective of the email provider.

One email address, petersmelanie(at)protonmail.com, was used for the registration of 23 domains, including a website for a CVE-2017-0199 phishing project, and a platform for Oracle clients.

“Based on their historical links to space and on the entry of advanced stakeholder groups like FIN6 and others, it is logical to conclude that the Cobalt Group would also be active in this area and would seek to diversify its criminal activities toward global financial institutions,” says Malwarebytes.

RiskIQ records to date a total of 2,086,529 Magecart observations. The fast growing Cyber Crime syndicate consisting of hundreds of subgroups uses various methods for attacking and manipulating misconfigured Amazon S3 buckets and Magento pages.

Businesses need an average of 22 days to find out and fix the Magecart agreement and, due to the lack of exposure organisations, most violations last years have no Web-facing tools.

“In many cases, the victims don’t know if the JavaScript has modified on their website so that the malicious code persists forever. Companies need to continue to focus on transparency of their network attack surfaces, as well as growing monitoring of third-party resources in their web applications, “reports RiskIQ.

The post Cobalt Hackers Linked Magecart Team appeared first on .

Zero-Day Issued for Old CMS – Online Proof-of-Concept Code Available

Reports of a flaw in older versions of the Joomla content management system (CMS), a common web-based software for the creation and management of websites, was posted online last week.

The bug has been discovered by Hacktive Security Italian security researcher Alessandro Groppo. It affects all versions of Joomla released from late September 2012 to mid-December 2015 from 3.0.0 to 3.4.6.

The vulnerability is easy to exploit and the code of attack proof of concept was published online.
It is a PHP object injection that, within certain situations, can lead to remote code execution (RCE). For example, it can be used through the Joomla CMS login form which allows attackers to execute code on the underlying database of the web.

Like an older Joomla zero-day in 2015

Groppo said CVE-2015-8562, an additional PHP object injection that could lead to remote code execution even if not linked, is similar to that vulnerability.

CVE-2015-8562 is a common exploit of Joomla, which has been exploited until today. In December 2015, when the vulnerability was found, hackers used it in the wild to take over pages.

The distinction between Groppo’s finding and the vulnerability for 2015 is that the latter affects only Joomla 3.x versions of a smaller number of Joomla pages, whereas CVE-2015-8562 affected all currently available JOOMLE versions-1.5.x, 2.x, and 3.x.

Furthermore, although it affects a limited number of sites, the vulnerability of Groppo has a broader impact because it is “completely separate from the[server] environment,” compared to the older update that only operated against PHP version servers before 5.4.45, 5.5.29 and 5.6.13.

The good news is that the issue at the root of Groppo’s zero-day launch seems to have been addressed since CVE-2015-8562 has been patched.

Most website owners run obsolete CMS versions due to module or subject incompatibilities that can destroy the site; however, they don’t have to patch the last release in order to be safeguarded–although this would be a much better solution.

Every edition of Joomla 3.4.7 and later is patched to prevent attacks. The current version of Joomla is 3.9.12.
Groppo’s zero-day has no CVE detection whatsoever. Below is a video of the zero-day in motion. There is a technical explanation on Groppo’s website, while the proof of concept software was posted last week on Exploit-DB.

The post Zero-Day Issued for Old CMS – Online Proof-of-Concept Code Available appeared first on .

Free VPN for Android You Can Use in 2019

Why buy if you can use it for free? Instead of paying for premium services, why don’t you use a free VPN for Android? Many of these apps have similar features, so you’re getting the same thing if you use the free ones. Of course, services such as these VPNs have their pros and cons. Therefore, we’ll thresh out each of the advantages and disadvantages later.

For now, the significant thing to realize is that you need VPN protection for your Android device, and we’ll discuss it here. Check our guide for excellent VPN services that you can use free.

Conventional knowledge tells us that free services don’t always offer excellent features. Maybe. However, we found some free VPN for Android that can match some of the premium services.

Comodo VPN

You can select ComodoVPN app if you’re searching for free Android VPN services because it’s a brilliant option. The app doesn’t have ads, nor does it push you to upgrade to its premium service. It is an outstanding VPN software.
Please note that you can’t download it in some countries, so you might use a temporary VPN to access it. Such irony!

Nevertheless, the app claims to have comprehensive channels of servers. As such, you won’t have any connection issues. Moreover, it offers unlimited usage. If you have concerns with cybersecurity, you’ll be ecstatic to know that it doesn’t log your usage.

Some of the essential features of this app are fast speed, support for Tor, and rerouting system. However, if there’s something that we can complain about ProtonVPN is that it has a few bugs. Fortunately, these issues aren’t dangerous for users.

I installed Comodo, and the app prompted me to register. I checked my email for the verification code. After entering it, I picked the country where I’m in and connected to a server. I tried a few servers before I was able to connect to one that has a robust signal.

I noticed that the speed dropped after connecting to a server. I had 30Mbps connection, but I wasn’t getting over 1Mbps after connecting to Proton.

Pros:
Reliable and secure
Rich in features
Speedy performance

Cons:
Unstable

OpenVPN Connect

OpenVPN is exceptional because it can equal the features of paid services. It uses enterprise-grade encryption, unlike the other free apps. Moreover, it is one of only two open-source VPNs at the Google Play Store.

I tried connecting the app and learned that it doesn’t need users to register. I preferred the auto-deploy and was able to install it easily. I got a prompt to choose the server I want. However, access to the private tunnel requires registration. Also, I discovered that the speeds dropped immensely from 30Mbps to 1.2Mbps.

Pros:
Rich in features
Secured
Almost real-time connection to servers

Cons:
Setup is a bit technical

SurfEasy

SurfEasy is another free VPN for Android app. If you check Google Play Store, you’ll discover that it has excellent comments and reviews. Users especially love that it ensures a secure network connection without the pestering ads.

The company doesn’t specify its logging policy. Therefore, if you’re security conscious, you can check the app’s terms and conditions before you download it. If you need a VPN service for your use, you can avail of SurfEasy, but it doesn’t provide any extraordinary features.

I was glad because I was able to pick the server quickly. Moreover, the software doesn’t require a lot of things and has no annoying details. I also like that it combines proxy to secure the connection. Lastly, it doesn’t have any consequential impact on speed.

Pros:
Effective and simple
Ease of use
Blocks ads

Cons:
Doesn’t support torrent downloading

SpeedVPN

For the average user, the manual setup of VPNs is inconvenient. Many individuals prefer an app that’s already up and running upon installation. They don’t want anything that’s too technical and requires a lot of thought. Thus, they’ll surely love SpeenVPN because they can connect immediately with just a press of the screen.

I like this free VPN for Android because it’s very efficient. Unfortunately, you can only use it for an hour; but you can reconnect again quickly. This feature ensures fast bandwidth speed. On the downside, it only has a few servers. Moreover, it’s full of ads.

Pros:
Unique features for network speed
Takes only a click to connect
Easy to use

Cons:
Obtrusive in-app ads

VPN Robot

VPN Robot offers fast connections and limitless bandwidth. Moreover, it has numerous servers in six locations. If you’re looking for an excellent VPN system, you can consider this app; however, it’s not ad-free. On the upside, it doesn’t record user data and has robust data encryption without any logging policy. Another downside is that connection is slow; but once it connects, you’ll have a seamless experience.

Pros:
Fast performance
Excellent security features

Cons:
Intermittent connection issues

Hola VPN

Hola VPN Proxy is also a remarkable option because it encrypts transmission and receipt of data on your device. Unlike other services, it has exceptional features. I had fun using this app because it offers numerous location alternatives. Moreover, I can even watch American Netflix easily.

Pros:
Stable speed without ISP Throttling
At least 70 server locations
Offers Caller ID
Unblocks Netflix, Spotify, BBC, and Hulu

Cons:
Not ad-free

Touch VPN

You may try Touch VPN as it guards your Wi-Fi connection against hackers that can steal your data from your gadget. Moreover, you can use the stealth mode to ensure that you remain anonymous. I enjoy the connection because it’s quicker and doesn’t use substantial memory space.

I tried this free VPN for Android app and learned that it requires registration. Moreover, it has many ads, but it’s user-friendly. If you decide to use this software, you’ll find out that you may connect to approximately 40 countries. However, some servers impose a fee for the usage. Unlike the other VPNs, the speed doesn’t drop significantly.

Pros:
Free
Unlimited bandwidth
Simple and easy-to-use interface
24/7 user support

Cons:
Slow download speed
Has a policy for data logging
Doesn’t work with TOR browser

Conclusion

We’ve come to the end of our list of free VPN for Android apps. Many providers say many things about their product; however, when we tested it, the claim amounts to nothing in performance. We offer these seven apps because they are reliable and credible. Moreover, we tested each of these applications, so we know how each of their performance.

The post Free VPN for Android You Can Use in 2019 appeared first on .

Content Delivery Network: Why Use It?

You may be one of those individuals who can’t let a day pass without interacting with numerous applications and websites. Do you know that many of these sites and apps are in one physical location only? However, if you’re accessing content from software or website from across the globe, your data needs to traverse wires from everywhere.

For instance, you’re in a city in Asia. If the app server is in the USA, you’ll discover that the content takes a longer time to reach you than those individuals in California. If you’re farther away from the data center, you’ll experience slower load times. It can be a frustrating and inconsistent experience.

Generally, mobile and web users can’t tolerate lag times because they want digital experiences in real-time.
LoadStorm released a report that includes the following:

  • 25% of users won’t wait for more than four seconds for a website to load
  • 74% of users won’t wait for more than five seconds to load a mobile site
  • 46% of users will find other websites if they discover a site has unsatisfactory performance
  • Content delivery network (CDN) can fix these issues.

What is a CDN?

A content delivery network is simply a delivery method for content from your mobile app or website to the visitors efficiently and quickly, depending on their geographical location. It has a network of servers in various places around the world.

An edge server is the closest to the user. If you want to request content from a website in a content delivery network, you connect to an edge server nearest you to ensure that you gain a superior online experience.

If you have content, you can have a content delivery network to deliver it from an edge server to your user quickly. If a person wants to access content from your mobile app or website, he can request it from a nearby server. Data doesn’t need to travel from your origin server to his geographical location.

A CDN can also update your content continuously, so users access the most relevant and current data. Content invalidation is the process of purging your content as often as necessary so that you can update it when needed.

Benefits of a Content Delivery Network

  • A content delivery network has numerous benefits for your website. Here are some of them:
  • Speedy load times for mobile and web users
  • Prompt scalability during heavy traffic
  • Secured site stability by reducing risk of traffic spikes at the origin server
  • Reduced infrastructure costs because of traffic offloading
  • Enhanced site performance

Difference between conventional and modern CDNs

The late 1990s ushered in the CDNs; however, the traditional ones have lagged in technology and hardware advancements. Thus, they can’t offer similar benefits to their modern counterparts. Legacy content delivery networks don’t use agile software environments that allow companies to iterate constantly, improve their product, and incorporate customer feedback. The traditional CDNs haven’t experienced much change for at least five years already.

Purging dynamic and static content

Conventional CDNs cache static content only because they can’t update based on the user’s input. For example, static content comprises of Javascript, CSS, videos, and images. Dynamic content, however, includes content requiring server logic such as filling up a shopping cart or transacting using a credit card. It isn’t possible to cache these transactions because they need to pass through the origin server because of sensitive data.

Some dynamic content can be cached, especially if the content doesn’t have personal data. However, such type of content is still frequently changing and unpredictable. It is event-driven based on an action by a machine or human. Examples of this content include user-generated comments, news headlines, sports scores, or stock prices. For many CDNs, this type of transaction is “uncacheable;” however, it is possible to cache these transactions.

The edge server

Classic CDNs offer limited edge because they depend on spinning hard disks. They prioritize caching of content at this type of server. The consequence in prearranging content is that smaller websites may not have comparable priority as the more substantial sites. On the other hand, modern CDNs use solid-state drives (SSDs) and don’t need to prioritize caching. Everyone benefits equally.

Reverse proxying

Another advantage of state-of-the-art CDNs is reverse proxying. Customers of traditional CDNs need to upload content initially to the cache servers. On the other hand, with modern CDNs, they only need to upload it at the origin server. No frontloading of content at the cache servers occur in contemporary CDNs. Dynamic content at traditional CDNs resides in the origin content. As such, users can experience slow loading because of traffic spikes.

Who benefits from CDNs?

Individuals and institutions with mobile application or website with various users who access it simultaneously must take advantage of a content delivery network. However, CDNs are primarily useful to websites and software with comprehensive dynamic content accessed by worldwide users.

Moreover, content delivery networks have specific advantages to numerous types of organizations and businesses.

Ecommerce

A CDN site can deliver content efficiently and quickly even during heavy traffic like holidays and Black Friday shopping.

Government

Government websites that provide numerous contents can offer vital information efficiently and quickly through a content delivery network.

Finance

Banking institutions can use content delivery networks for reliable, secure, and fast distribution of sensitive data to analysts and consumers.

Media and Publishing

Media websites must deliver updated information promptly. A content delivery network can help them update their news and headlines homepages in real-time. Moreover, it deletes outdated data.

Mobile applications

Mobile apps that have dynamic content can use CDNs to increase responsiveness and reduce load times.

SaaS and Technology

Users often access daily content from technology websites anywhere in the world. If these sites use content delivery networks, they gain excellent experience.

A content delivery network or CDN is an essential service to mobile app developers and website owners. It enhances the user experience even though they provide overflowing information. If you have a mobile software or website with thousands of global users, you can harness its power.

The post Content Delivery Network: Why Use It? appeared first on .

Want to Surf Anonymously? Try these 15 Android VPN Apps Free

If you’re one of those who do a lot of things online using a mobile device, you should be concerned about Internet security. The virtual private network (VPN) is a technology that adds security level as you surf the Internet. It doesn’t compromise data privacy even when you use public Wi-Fi networks.
Moreover, VPN apps offer a simple way to access content blocked within the region. If you’re an Android user, you can check the list of top 15 free Android VPN software if they’re useful to your requirements.

Comodo VPN App

Comodo VPN App is a well-known app with at least 1 million downloads all over the world. Thus, it gets the top spot on this list. Aside from the standard features that each virtual private network app offers, it secures the Wi-Fi connection by providing HTTPS encryption that is prevalent among banks. Thus, it protects your outgoing data from eavesdroppers.

SecureLine VPN

The antivirus company Avast created the SecureLine VPN as an app to add to its long list of excellent products. The software can encrypt data through the IPsec protocol to make it difficult for hackers to have access even in public Wi-Fi hotspots. With a single click, it will do everything for you.

Spotflux VPN

Spotflux offers two levels of protection for data seclusion. Moreover, it compresses data to reduce bandwidth consumption effectively. It is suitable for you if you want to data security and maximization of data plan on your device.

Hola Free VPN

Hola Free is an app for you if you want a free Android virtual private network software with impressive features. It provides data security, access to blocked geographical content, and speed of browsing by connecting to the most accessible server automatically. Hola Free VPN is available in at least 190 countries.

Speed VPN

Speed VPN can connect you to the Internet through different geographically located servers. It allows you to browse even the restricted geographical sites. Moreover, you can watch low-resolution videos. You gain access to the VPN app for an hour, but you can reconnect quickly by a click of the button.

Super VPN

Super VPN is an app with at least 5 million downloads across the world. It is uncomplicated to use and encrypts data traffic, so third-party entities can’t monitor your transmissions and receipts of information. If they want to intercept the data delivery, they need to configure your device settings or register with the software. Moreover, you gain anonymity when you browse websites with a single click of a button.

Hideman VPN

Hideman VPN ensures the security of data transmission and uses 256-bit encryption. It encrypts the data so that hackers monitoring it can’t understand its content without a key. It offers limited free use of five hours weekly, but you can gain premium hours through its ad networks.

Touch VPN

Touch VPN offers data encryption through Secure Socket Layer (SSL) by maintaining an encrypted and secure link between the client and server. Moreover, it conserves your device’s battery, unlike the other VPN applications. As such, it is essential software for you if you’re after the two features.

Flash VPN Proxy

Flash VPN offers an encrypted and secure network that ensures transmission and receipt of data is safe from data stealers and hackers. If you want to use it, you have confidence that you’ll use it efficiently at a satisfactory communication bandwidth similar to what multiple expensive software offers. Moreover, the app doesn’t limit the length of use.

CyberGhost

CyberGhost is an excellent software offering banking-level security. It respects your privacy and doesn’t access any of your information. Therefore, you don’t need to worry about your data on your device. If you avail of the free option, you have access to 23 servers in 15 countries. On the other hand, the premium version provides access to 300 servers located in 23 countries.

Tigervpns Android VPN

Tigervpns Android VPN protects your privacy and conceals your IP address. You gain free access of up to 500MB when you sign up.

Mobiproxy

Mobiproxy is a useful app if you want to gain access to regional, restricted sites anonymously. Moreover, it gives extra protection for the transmission and reception of data.

Psiphon

Psiphon offers a simple access method for everything on the Internet through a protected VPN tunnel. If you decide to use it, you can define your settings if you only want to use its web browser or to tunnel everything.

Zero VPN

Zero VPN is a software that provides free Android VPN services efficiently. You’ll discover its interface easy to use as you surf the Internet anonymously.

VPN Master

VPN Master is a superior app if you want to use the Internet anonymously. Moreover, it doesn’t require you to register before you can access it. You have a choice among the servers in Asia, Europe, or America. The app also ensures 99.9% uptime.

Using a VPN is legal in many countries; however, you must know some significant caveats. You can use it anywhere it’s legal but ensure that you don’t use it for illegal acts like downloading copyrighted materials. China, Iraq, Russia, and North Korea are some of the countries that ban or restrict their use. Law enforcement may request information from VPN providers, although they promise not to keep logs.

In previous years, VPN use had a poor reputation because some people use it for dubious activities. However, it now offers valid reasons why you should use it like streaming content restricted in your region. You can also use it to protect your details when using public Wi-Fi.

If you’re ready to try virtual public networks, you can check the list of VPNs provided in this article. Often, we first try free services to learn about the features before availing of the premium services. That’s ok. Many people don’t want to spend a fortune on something that they may find useless later on. So, why don’t you have a free VPN service today?

The post Want to Surf Anonymously? Try these 15 Android VPN Apps Free appeared first on .

Do You Need Cloud Computing and Content Delivery Networks (CDN)?

More than 20 years ago, Bill Gates asserted that “content is king.” Most probably, he couldn’t predict back then how much content the readers would consume on the internet today. He had no way of knowing the current challenges of web applications and content delivery to an ever-growing global base of users.

The primary challenges deal with performance and scalability issues. If you’re having the same problems, you can take advantage of cloud computing and content delivery network (CDN). Wait! Do you even know the difference between the two powerful tools? Which of them meet your requirements?

Content Delivery Network (CDN)

In simple words, a content delivery network is a collection of connected servers that distribute content.

How CDN Works

At least one server can be an “origin” while the others are cache servers situated in several countries around the world. The cache servers are in areas that geographically proximate to different end-users. The source media or content is in the origin server, which sends it to cache servers on an as-needed basis.

If a user requests content or resource, a specific CDN URL calls the content from a cache server nearest him. This way, he gets the information quickly with reduced latency. Moreover, the distribution of the load across different servers in various regions will reduce the stress on the primary server.

Use Cases for Content Delivery Network

This type of delivery network is suitable for static content like videos, images, and music. However, many content providers also use it for streaming media.

For instance, a company can deliver streaming video weekly to various users across the United States of America through a CDN. In the past, it would make use of a centralized server where users can connect to access the content. The consumers would have different experiences based on various factors such as their distance from the server.

Users who access the streaming video from different states may experience buffering and slow load times issues because of high latencies. Each of them may experience delivery issues because a central server may breach its user connection limits or other consumption issues.

CDNs deliver the streaming media to local servers and cause the reduced load of the origin server. Moreover, they ensure the maintenance of low latency.

Cloud Computing

Cloud computing reduces the delivery costs of content and applications through unused computer resources.

How Cloud Computing Works

Many computer systems remain ideal even though they serve more users. Through server virtualization, various virtual machines can access the resources of a single computer while delivering content and running applications.

Since the introduction of the cloud, the hypervisor technology has experienced considerable advancement and has developed to enable cluster management of hosts running various virtual machines. It manages virtualized servers that share resources even if the single host malfunctions. Virtual machines and cloud technologies add reliability and resiliency to hosted applications through abstraction of their functionality from physical hardware.

Cloud computing allows the deployment and sharing of virtual machine images in different regions. Moreover, it permits the delivery of applications quickly for lower latency and enhanced performance. Concisely, it acts as a content delivery network. As the number of users increases, it becomes viable for a new virtual machine to be up easier, cheaper, and faster than adding new hardware.

Cloud computing has different types and can range from custom-designed private clouds to hyper-scale public clouds. It can come with a high-powered bare-metal configuration. Famous public cloud providers include Azure and AWS.

Use Cases for Cloud Computing

The main functionality of cloud computing is to provide efficient resource management of networks and hosts to reduce delivery costs of content and applications. However, it also permits the simple deployment of server images to a host cluster or an individual computer. It is beneficial in enhancing the user experience through the placement of content or application in different regions. This way, it functions like a CDN in resource distribution.

The deployment of applications can also include disaster recovery strategies either by spinning up planned resources quickly or by relegating to a close standby environment. The technology makes it feasible to replicate an environment in another location across the globe.

For instance, a company can use a cloud-computing environment to reduce its hardware expenditures through shared resources across various virtual machines. This strategy is preferable instead of procuring one physical computer per application function. As the number of users expands per application, the organization can add more servers easily through spinning up virtual computes by using templates for the required functionality.

Combining Cloud Computing and CDN

In summary, a content delivery network offers a delivery platform for large amounts of content by using a server closest to the requisitioning user. On the other hand, cloud computing permits scaling of application resources efficiently.

Cloud computing is famous because it has high scalability and can process large amounts of data. In recent years, it becomes applicable to different fields. However, both CDN and cloud computing techniques have disadvantages. CDN has insufficient storage space and lacks IT infrastructure as the number of users grows. Cloud computing, on the other hand, has issues with a high concentration that causes network congestion. However, combining these two technologies becomes more beneficial through load balancing and high scalability that make it suitable for users with massive data requirements.

Combining the strategies for cloud computing and CDN builds a more reliable and resilient delivery strategy for content and applications than relying on just one of them. Deciding to use both systems can eliminate a singular failure point in application and content delivery through efficient and smart use of resources. CDNs reduce latency, and cloud computing offers more data storage. Each has its strengths and weaknesses, but together, they can combine their powers to be more useful to organizations and end-users.

Moreover, collaborating with a managed service provider that provides both functionalities can simplify relationships and leverage the combined expertise. An organization can take advantage of both CDN and cloud computing to provide fast and reliable content to its users all across the world.

The post Do You Need Cloud Computing and Content Delivery Networks (CDN)? appeared first on .

Behavioral Analytics: What It Is Significant to Enterprise CyberSecurity

Do you want to know why behavioral analytics is vital to your enterprise? Are you even aware of what behavioral analytics is? What are the threats that it can detect quickly? Is your business in danger because of these threats?

As your company grows, you also need to add more assets and users to your enterprise network. Your business workflows undergo permanent changes as you add applications and databases. These upgrades mean more efficiency and collaboration that will result in more profitability. However, they also translate to more liabilities in terms of cybersecurity.

Each user, digital asset, or application can be an accessible doorway for hackers to invade your network. Also, faulty programming or malice perpetrated by any user can be a threat inside your business. In both cases, they can damage not only your network but your business processes as well.

What can you do? Monitoring every user can be frustrating and overwhelming. Even if you have the workforce, your IT security team can’t sustain the demand. Maintaining visibility on applications and users is close to impossible as your enterprise grows. Is there hope? Yes, there is!

Behavioral analytics can help solve your dilemma efficiently and magnificently. Let us take you to a thorough discussion about the topic.

The Basics of Behavioral Analytics

Behavioral Analytics analyzes patterns, activities, and trends of applications and users. It searches for any quirk or habit in your workflows. Moreover, each user has its profile in the system. For instance, your employee, Arthur, uses “Database A” four times a day. Because of next-generation technology, behavioral analytics can also notice the endpoint he uses when he requests for access. It can record and store them in a behavioral baseline.

This behavioral baseline can establish if Arthur, for example, requests for access to Database B for ten times on a specific workday. Moreover, it can determine if he makes the request thousands of miles from his usual location. Your cybersecurity perceives both behaviors that are outside of Arthur’s baseline.

Moreover, the cybersecurity can prohibit the requests for access and alert your IT security team so it can perform the necessary investigation. Arthur may be on a business trip on that day and need to access some information not relevant to his position. Your team can inform your cybersecurity about any unusual circumstances to allow Arthur to access the files.

This scenario can also demonstrate a possible hacking using Arthur’s credentials and accessing sensitive enterprise data. If this is the case, your IT security team can trigger incident response and terminate the hacking procedure to return the account to Arthur’s control. Moreover, it can fix any vulnerability that it may discover. It will also follow the same process for data traffic, movements, and requests for applications.

Behavioral analytics leverages statistical analysis and machine learning to monitor the behaviors of your users and search for anomalies.

Why Is Behavioral Analytics Critical to Cybersecurity?

Jack Vance wrote The Moon Moth. It is a famous short story in the science-fiction genre. The plot revolves around an imposter who can alter his appearance but can’t conceal his habits and tastes.

This observation is also valid for actual hackers. In a report by Centrify, a privileged access management supplier, 74% of business transgressions start with a weakened privileged account. Moreover, some studies show that at least 80% of breaches start with jeopardized accounts. It means that hackers prefer to disguise themselves using one of your users.

The damage caused by hackers can be overwhelming. In theory, these hackers can cause reputational loss and downtime, especially when they destroy your network. They can tamper your users’ baseline behaviors. They can try to cause damage, but whenever they do so, behavioral analytics can sanction the attempts and stop them. It can trigger a response from your IT team to intervene.

Moreover, this cybersecurity must-have relieve your IT security of too much burden. The group may feel overworked with threat hunting and user requests. A cybersecurity staffing crisis may occur if things get out of control. Fortunately, behavioral analytics operates automatically and helps your IT staff streamline its investigations to save time.

Deploying Business Analytics

For your organization, you must first consider your size, user base, IT infrastructure, industry, and applications. Furthermore, you must think of your future growth and scaling plans for the next five years. It must be your initial step in any selection of cybersecurity solutions. Unfortunately, many companies neglect it.

A majority of the enterprises don’t select optimal performance over speed. They choose the solution that can solve their immediate problems adequately. Because of this way of thinking, you’ll realize that your IT infrastructure has many solutions with serious integration issues.

If you want long-term solutions to your cybersecurity issues, you must consider behavioral analytics. If you’ve decided to incorporate it in your enterprise, your next step is choosing a robust Security Information and Event Management (SIEM) solution.

Why Do You Need a SIEM solution?

A SIEM solution is the next-generation version of our topic. It includes user and entity behavioral analytics (UEBA). Furthermore, you can avail of threat intelligence feeds to help you detect any modern or expanded threats quickly.

You may think that a SIEM solution is complicated. You’re right! Moreover, the system works as a tool for log management and analysis that adds a behavioral analysis layer. Cybersecurity recognizes that it can’t deflect 100% of threats because the digital perimeters can’t do it. However, with a SIEM system, you’re able to detect threats that can wreak havoc to your enterprise.

Hackers are everywhere and waiting for an opportunity to strike. If you want to monitor and stop them, you can do so with the next-generation analytics and cybersecurity capabilities. A SIEM solution with UEBA and other significant capabilities is an excellent strategy to catch these hackers. It prevents them from intruding and cause severe downtime, which can compromise your reputation to the business world.

The post Behavioral Analytics: What It Is Significant to Enterprise CyberSecurity appeared first on .

How to Explore Autonomous Systems in Business Network and the Way Hackers use it

The’ net’ in’ internet’ is a network. It’s also technically an internet network— a computer network. Are you still confused?

We refer to these independent computer networks as autonomous systems when we talk about routing. A single, independent system routes packets internally, while packets traveling through the internet typically pass through many autonomous systems.

Think of it: Internet routing occurs on independent systems and not on single pcs. Each AS receives its own distinctive 16-digit identity number or ASN, thanks to the Internet Assigned Numbers Authority (IANA).

Smaller networks like your home have much easier network-internet interactions. When you purchase an internet service plan, the ISP provides you with a DSL or one of those old school cable modems which allow you to reach the “total web” on the router, the only thing about the router is that you have your local computers + machines on one side, and you have the whole internet on the other.

So why build Autonomous systems?

This is enough for mere mortals to explain how the internet operates. But if you want to prevent getting bound to a single internet provider or your internet connection is not as great as you need it, you build your own AS if you want to’ expand your possible parameters,’ as they say.

The fact that you have your own AS can be useful to your network in various respects, including:

  • IP address portability
  • Achieving flexible network administration
  • Direct interaction with IXP’s
  • Individual network identity for external and internal purposes
  • Full traffic control
  • Ability to set your BGP with ASN No.

How to build an Autonomous system

It is not that hard to create an autonomous system and only requires a few measures. If you want to develop an independent system, you do this:

Step 1: Found a company–you need to set up an AS by a legal entity, so begin brainstorming on a business name.

Step 2: Get yourself a public address –this might be the toughest step. You must obtain a government IP address block that is sufficiently big to advertise over BGP. Three IPv4 addresses are no longer left, so you must purchase an IPv6 address, which can be quite expensive.

Step 3: Find colleagues–The difficult aspect of the web is that you need to be connected to one side of it in order to achieve anything. If you’re looking at only one other AS, you don’t have to operate BGP. However, if you did, you can use a personal autonomous system number that can readily be replaced by your upstream supplier. Then they will transfer the remainder of the internet along your paths.

Step 4: Get a router that can handle the entire Internet routing table–This is a strong router that you are not able to purchase at your local store. One alternative would be to create a router yourself from a server running the operating system of the router.

How AS is used by Hackers

When a business expands and invests in its own AS, safety issues come into play over your network and traffic. You likely have lots of personal data that you want to maintain private. Hackers are hunting for data, and can access your network with sufficient ability, intercept your packages and have remote access to all your pcs to install malicious code on your server.

It is not difficult to locate the own IP range owner. Many services provide extensive data about organisations like WHOIS, CIDR, etc. Knowing this information can assist you identify links between businesses, figure out the attack surface and perform a nasty target DDoS attack.

This is where the cyber security industry enters. There are instruments that display vulnerabilities and assist remove malware from your network. However, few of these instruments are effectively designed to prevent attacks.

On the market, the upcoming cyber security business Spyse is creating a solution based on mass information collection from the internet. Spyse utilizes these information to produce a comprehensive network vulnerability map. This instrument helps safety experts to predict vulnerabilities, to stay ahead of hackers and to prevent future system threats.

Spyse recently published various instruments for safety technicians, penters, sysadmins and company analysts in beta-test mode. ASlookup is one of their most latest creations that enables you to monitor the infrastructure of your organization, network or company.

The Spyse team is aware that it is best to avoid threats in advance; their services thus help you determine the attack surface and recognize vulnerabilities prior to exposure. Moreover, they give all fresh users 3 free credits.

The post How to Explore Autonomous Systems in Business Network and the Way Hackers use it appeared first on .

Darknet ‘Cyber Bunker’ Server Hosted in Germany

The German authorities said on Friday they had bust a network hosting illegal trading platforms called Darknet on servers in the old NATO bunker, stolen information and child pornography online.

In a series of raids Thursday, seven suspects were arrested targeting the operators of the service “Bulletproof Hoster,” located in so-called the “Cyber Bunker,” the police and the prosecutors said.

The servers host, or provide internet architecture for, illegal websites which also stored stolen information and falsified records and used large-scale cyber attacks.

Thirteen suspected participants— 12 males and one female, aged 20 to 59 — reportedly set up and run strong servers inside a NATO bunker in the Rhineland-Palatinate city of Traben-Trarbach.

Four Dutch, two Germans, and one Bulgarian were held in custody.

In Germany and other European nations several hundred police operators engaged in raids, networking 200 servers, countless information carriers and mobile telephones and a considerable amount of money.

The websites included the once second biggest Darknet medicines market place in the world, the’ Wall Street Market ‘ e-commerce platform, which researchers broke down previously this year.

A server situated within a cyber bunker was also monitored by an internet assault affecting 1,25 million routers of the German supplier Deutsche Telekom in November 2016, the national Public Prosecutor’s Office said.

The servers also included “Fraudsters” and “lifestylepharma” as well as “Cannabis Road.”

The post Darknet ‘Cyber Bunker’ Server Hosted in Germany appeared first on .

Cylance Security Researchers Warn Technology Firms in Southeast Asia for Chinese Open –Source Backdoor

Attackings of technology businesses in Southeast Asia by a suspected Chinese threat actor employ a version of the open-source PcShare backdoor, safety scientists in BlackBerry Cylance warn.

The attackers also used a Trojan-made screen reader application, which replaces the built-in Windows “Easy Access” narrator function, mainly gaining distant control over the infected systems without the victim being required to steal credentials.

The Chinese open-source backdoor, PcShare, has been altered specifically for this campaign with extra C&C encryption and proxy bypass. In addition, the operators have removed from the code any unused features.

The malware is performed by DLL side-loading on the victim’s machine. Specifically, the backdoor is laid out by the lawful NVIDIA Smart Maximize Helper Host implementation, which safety scientists found to be a component of the NVIDIA GPU graphics systems.

After the original compromise, a number of instruments are used, many of which are based on software accessible to the general public on Chinese programming portals. One of these is a Trojan who uses Microsoft accessibility features to obtain SYSTEM access by trojanizing the executable Narrator.

The hackers used memory injection so the primary backdoor binary does not touch the disk and encoded payload based on the runway to prevent detection. The loader is configured in plain text, but the URL provided is not the true C&C address. It instead links to a remote file with C&C communication information.

While threat actors have used the same PcShare payload over multiple attacks, they often have modified the side-loaded DLL for each target, including the C&C IP addresses and victims identifiers, to update the configuration details.

The malware determines persistence by adding a record entry and generates mutexes so that only one example of the payload injection routine is running.

Backdoor features include distinct operating modes (such as SSH & Telnet, the automatic upgrade, upload and download mode), traffic compression using a personalized LZW algorithm, encrypted C&C communication using the PolarSSL library, and proxy authentication via local user credentials.

Malware remote management capacities include listing, creating, renaming and deleting files and directories; listing and killing procedures; editing registry keys and values; listing and manipulating service; enumeration and controlling windows; running binaries; uploading extra files to C&C or URL; uploading files to the C&C; spawning command-line shell; navigating to the message boxes; viewing URLs;

The fake narrator app used by the threat actor is not trying to substitute the lawful app, but instead creates a copy to copy the user interface of the narrator. The trojanized application is supplied after attackers obtain administrative rights on the scheme and provide the computer with SYSTEM-level access.

First launched four years ago, the fake narrator app, but a threat actor continues to alter it to guarantee it suits the environment of victims, tell the scientists. It seems that the instrument was only used in a very small amount of assaults.

BlackBerry Cylance thinks that the actor has Chinese origin based on the use of Chinese open source initiatives and the geographical place of the victims.

“As of today, precise attribution of these attacks has proven elusive. The use of PcShare backdoor, as well as the geographical location of the victims, bear similarities to a known threat actor called Tropic Trooper, which is actively targeting government institutions and heavy industry companies in Taiwan and Philippines,” BlackBerry Cylance says.

The post Cylance Security Researchers Warn Technology Firms in Southeast Asia for Chinese Open –Source Backdoor appeared first on .

Nearly 5 million DoorDash users, drivers and dealers were exposed personal information

Drivers license numbers of around 100,000 ‘ Dashers ‘ have also been accessed.

DoorDash revealed in a blog post on Thursday that it had information about a third-party unauthorized access to 4.9 million customers.

Customers, drivers and dealers joining the DoorDash platform on or before 5 April 2018 were infringed on 4 May 2019. The firm said that users who joined after 5 April 2018 were not impacted.

Five months were needed to make DoorDash aware of the unauthorized activity. The food supplier said it became conscious of a third-party service provider’s suspected activities previously this month.

The data affected involves profile details, such as names, e-mail addresses, shipping addresses, order history, telephone numbers and hacked passwords, which implies that the real password can be undeciphered from third parties. DoorDash says that.

The last four digits of client payment cards could also be displayed. However, DoorDash has stated that full credit card data such as full card numbers or a CVV has not been accessed.

Some drivers or merchants may also have the last four digits of the bank account numbers exposed, but complete bank account data was not accessed.

DoorDash said the data accessed was not adequate to create fraudulent purchases or withdrawals from banks. 

Roughly 100,000 riders also had access to their driver’s license numbers.

Since the violation was found, DoorDash has taken measures to prevent unauthorized customer access and improve safety on the platform. These measures include adding extra data security protective layers, enhancing security protocols and recruiting external professionals to detect and reject threats.

It has also reached the people impacted.

The firm added that while passwords were not considered compromised, it encourages customers to make them a precautionary measure.

“We deeply regret the frustration and inconvenience that this may cause you. Every member of the DoorDash community is important to us, and we want to assure you that we value your security and privacy,” DoorDash wrote.

Last month, DoorDash bought one of its competitors Caviar in a money combination of $410 million and DoorDash was a favorite stock.

The post Nearly 5 million DoorDash users, drivers and dealers were exposed personal information appeared first on .

How to Secure Wi-Fi From Hackers – A Complete Guide

Wireless security is specifically established to prevent unauthorized users from accessing and stealing sensitive information from your wireless network. The type of wireless safety a person uses is determined by his wireless protocol.

Many homes and companies are operating and relying on wireless networking today. Wi-Fi is incredibly efficient to keep internet users 24 hours a day on weekdays. The above benefit, coupled with the fact that there is no cable clutter, makes Wireless networking even more attractive.

However, there is another side to it, because Wi-Fi signals can be transmitted across the walls of a home or company. This means that Wi-Fi is vulnerable to hackers; it makes people in neighboring homes or even people in a nearby parking lot easier accessible. Here is the importance of ensuring strong wireless safety.

You may wonder what the risk of other people accessing your Wi-Fi is, if at all. Well, a vulnerable Wireless Network has a number of dangers. For example, hackers can access personal information, steal and use your identity. Some people ended up in prison for a crime that they did not commit via the Internet.

If others can access your Wi-Fi, it will likely skyrocket your monthly bill. In addition, other people without your permission use your Wi-Fi connection will significantly slow down internet access speed. In the digital age of today, where the Internet is a place that holds unscrupulous persons, Wi-Fi security cannot be underestimated.

It’s not hard to secure your Wi-Fi. In this article, we will guide you on how to secure Wi-Fi effectively and protect yourself and any other user from hacking in your home or business. The first step is to consider your Wi-Fi security type.

What kind of safety is your WiFi?

The first step to safeguarding Wi-Fi from unauthorized users is by checking your Wi-Fi type of security. There are, in particular, at least four wireless protocols including:

  • The Wired Equivalent Privacy (WEP)
  • The Wi-Fi Protected Access (WPA)
  • The Wi-Fi Protected Access 2 (WPA 2)
  • The Wi-Fi Protected Access 3 (WPA 3)

Before we can examine these wireless protocols in detail, it is important that you learn to identify the type of wireless security you use. Please be aware that your WLAN type will be WEP, WPA, WPA2 or WPA3. Below are the steps for verifying the type of wireless security you are using:

  •       Go to your phone’s Wi-Fi connection settings.
  •       Look for your specific wireless network on the list of available networks.
  •       Click on it to access the configuration of the network.
  •       The network settings should specify the type of wireless safety you are using.
  •       If you are unable to complete the above steps on your phone, try accessing the Wi-Fi settings on your wireless router.
  •       Please contact your internet service provider if you have any problems for further assistance.

However, a easier way to check encryption is through the use of an app called NetSpot, the industry’s best. Once you have identified the type of safety your Wi-Fi is, make sure it uses an effective wireless protocol.

What are the wireless protocols for security?

Wireless protocols are designed to protect wireless networks that use hackers and unauthorized users in homes and other buildings. As mentioned above, there are four wireless safety protocols, each with different strengths and capabilities. Wireless protocols also encrypt private data when it is transmitted on the airwaves. In turn, this protects your privacy from hackers and protects you inadvertently.

Below is a detailed overview of the type of wireless protocols everyone should know about:

  •       Wired Equivalent Privacy (WEP): This is the first ever wireless security protocol. Despite its design in 1997, it is still in use today. It is regarded as the most faulty and least secure wireless security protocol to be used, however.
  •       Wireless Protected Access (WPA): The WEP precedes this Wireless Safety Protocol. It is therefore designed to address the flaws found in the WEP protocol. It uses, inter alia, for encryption a Temporary Key Integrity Protocol (TKIP) and the preshared Key (PSK).
  •     The Wi-Fi Protected Access 2 (WPA 2): WPA 2 has enhanced capabilities for encrypting and enhanced features. The WPA 2 for example uses Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) rather than (TKIP).  This substitute function is known to be efficient in data encryption. WPA 2 is therefore considered to be the best wireless security protocol.
  •       The Wi-Fi Protected Access 3 (WPA 3): The latest wireless protocol. It is enhanced by the ability to encrypt and keep hackers out of both private and public networks.

In view of the above, it is best to ensure that your Wireless Protocol is either WPA 2 or WPA 3. If not, you can easily change your Wi-Fi to WPA 2 protocol. Never use WEP to encrypt your wireless network because it is at best extremely weak and inefficient

Now, with all this in mind, the top WiFi security tips are below.

  •       Check for Rogue Wi-Fi Access Points: Rogue Access Points are a large safety risk as they can help hackers. The best way to do a Wi-Fi site survey is in your home or business building. The best app to use is the NetSpot application. This application not only detects rogue access points but effectively gets rid of them.
  •       Strengthen your Wi-Fi encryption: To reinforce your Wi-Fi encryption, identify your Wi-Fi protocol as we have seen above. NetSpot helps to identify your encryption type.
  •       Secure WPA 2 Password: Change to something unequivocal your WPA 2 password. Use different characters and numbers to make sure your password is strong.
  •       Hide network name: The identification of your service set, or SSID, is often set to convey your wireless network name. This makes you more vulnerable. You can easily switch to “hidden,” making it difficult for anyone who does not know the name of your wireless network.

The post How to Secure Wi-Fi From Hackers – A Complete Guide appeared first on .

Critical Infrastructure Technology (ICIT) highlights ransomware and RDP access as the current focus

The Institute for Critical Infrastructure Technology (ICIT) points out, in a paper warning of the evolution of what it calls’ disruptionware’ ransomware and the access to RDP as the current focus of a new development which “sees adversaries interrupting business continuity,” posing “an existential threat to key infrastructure operators.”

The move from random to targeted attacks is underlined. It is based on the industry’s double reluctance to close the RDP and the remarkable degree of access the attacker offers. In the first case, for instance, ICIT notes (PDF) that “805,665 systems remain vulnerable to the BlueKeep RDP operation, with estimated 105,170 systems based in the US, notwithstanding months of warning as of July 2, 2019.”

RDP, for example, provides full and remote control over the accessed device. “While the victim determines whether or not to pay for the ransom,” says ICIT, “the opponent retains system access, enabling them to install backdoors, remote Trojans or other malware that can make future attacks easier or provide service to other attackers.”

The reluctance of the industry to shut RDP down is due to their value as a remote maintenance business tool. “Manual maintenance is deemed too expensive compared to remote access solutions, especially if the systems are located overseas,” says the ICIT.

In a separate study (PDF), the Vectra security firm points out that RDP allows a centralized maintenance team to simultaneously monitor and fix systems at various factories. “The cost savings on this are substantial,” it says, indicating that every trip a technician undertakes for a machine fix on site is estimated to cost more than $2,000.

It also notes that the access provided by RDP is so great that a ransomware attack is not the first motive but the last effect. Vectra analyzed the problem of RDP from the context of her telemetry, “Having gained access to the infrastructure, reconnoitered the network, moved laterally through it, and exfiltrated all they want,” Vectra security analysis head Chris Morales told, “ransomware could be the final act to get as much money as possible.

For six months, its Cognito threat detection and response platform detected 26800 malicious RDP behavior against customers between January and June 2019. These are classified as pre-access (the system detects multiple attempts to attack brute force against RDP) or post-access (where machine learning detects suspicious behavior— such as attempts to use unexpected keyboard language for example).

By standardizing these figures, Vectra found that manufacture (20%), finance (16%) and retail (14%) represented the top three industries in the most affected, followed by the government (12%), healthcare (10%) and services (8%). Interesting is the incidence of attacks against the service industry. Morales said the Texas ransomware attacks came through their MSP. “With many MSPs using RDP to access their clients, this is a worrying threat vector,” he said.

Not all RDP attacks are necessarily linked to potential ransomware attacks— a crime or a nation State seeking PII or industrial espionage access might be involved. However, the high incidence of RDP samples against production is correlated to the ransomware increase against production in 2019.

ICIT notes that LockerGoga ransomware is alone responsible for attacks on “Altran, the Norwegian aluminum manufacturer Norsk Hydro, the American chemical companies Hexion and Momentive.” Its principal concern is that increasing industrial digitalisation means that IT and OT cannot be treated as separate entities anymore and that IT attacks via RDP are not possible.

The problem is that RDP is deemed too valuable to cease. Microsoft would be able to update the software to require a strong password, but this could cause problems for existing customers using already weaker passwords. “It has introduced 2FA,” Morales told, “but it’s not default to install it.” The user therefore has a responsibility to secure RDP and defend it from RDP attacks.

ICIT suggests that RDP (port 3389) needs to be evaluated and that, if necessary, links to specific trusted hosts should be whitelisted, all other blocked. Any system requiring an open RDP port,’ says Vectra,’ should go behind the firewall and require VPN users. You should also conduct regular inspection to ensure that the RDP port is not open to the public Internet.’

But Vectra points out that standard defenses don’t work properly against zero-day exploits. “In August 2019,” he notes, “Microsoft has announced four new critical vulnerabilities for RDPs, which all are’ pre authentication,’ which means that they may be executed without properly credential or victim input. It is striping that these exploits have worked for Windows 7, 8, and 10. Since Windows 10 is currently the latest and most popular operating system in Windows, this indicates that RDP attacks persist even as organizations update their IT systems.”

Vectra’s view was that RDP is such a dangerous threat vehicle that users should not rely on defenses to be overcome, but rather on the behavior of the modern threat detection system.

 

The post Critical Infrastructure Technology (ICIT) highlights ransomware and RDP access as the current focus appeared first on .