Category Archives: Don’t miss

Discover hidden cybersecurity talent to solve your hiring crisis

Not having access to technical talent is a common complaint in the cybersecurity world. Folks with security experience on their resumes are in such high demand, CISOs need to hunt beyond the fields we know. To borrow a phrase from the ever-logical Mr. Spock, CISOs need to embrace Infinite Diversity in Infinite Combinations. By this I mean embracing diversity not only of bodies but of talents and experiences. First, focus on acquiring the key cybersecurity … More

Global cyber risk perception: Highest management priorities

Few organizations are highly confident in their ability to manage the risk of a cyber-attack, despite viewing cybersecurity as a top risk management priority, according to a survey conducted by Marsh and Microsoft. Cybersecurity confidence In the global survey of more than 1,300 senior executives, two-thirds ranked cybersecurity among their organizations’ top five risk management priorities – approximately double the response to a similar question Marsh asked in 2016. The survey also found that a … More

Dell EMC plugs critical bugs in VMAX enterprise storage offerings

Dell EMC has patched two critical flaws in vApp Manager, the management interface for its VMAX enterprise storage systems, and is urging all customers to implement fixes as soon as possible. About the VMAX enterprise storage vulnerabilities The flaws were discovered and reported by Tenable’s director of reverse engineering Carlos Perez. The graver of the two is CVE-2018-1216, which marks the existence of a hard-coded password vulnerability. “The vApp Manager contains an undocumented default account … More

Scanned IDs of 119,000 FedEx customers exposed online

An unsecured Amazon Web Services bucket holding personal information and scans of IDs of some 119,000 US and international citizens has been found sitting online by Kromtech security researcher earlier this month. The stored data had been stockpiled by Bongo International, a company that specialized in helping North American retailers and brands sell online to consumers in other countries. Bongo was acquired by FedEx in 2014, relaunched as FedEx Cross-Border International, and ultimately shuttered in … More

GDPR quick guide: Why non-compliance could cost you big

If you conduct business in the EU, offer goods or services to, or monitor the online behavior of EU citizens, then the clock is ticking. You only have a few more months – until May – to make sure your organization complies with GDPR data privacy regulations. Failure to abide by GDPR means you could get hit with huge fines. Finding and investigating data breaches: Why it’s always too little, too late Personal data protection … More

New infosec products of the week​: February 16, 2018

ScramFS: Encryption system for safeguarding cloud data Scram Software has announced that ScramFS – an internationally peer-reviewed encryption system for safeguarding cloud data – is now available globally to SMEs, government and not-for-profit organizations, enabling encryption of sensitive data to reduce breaches and assist in ensuring legal, HIPPA and GDPR compliance. Dtex Systems updates its Advanced User Behavior Intelligence Platform Dtex Systems announced innovations to its Advanced User Behavior Intelligence Platform, designed to meet the … More

Intel offers to pay for Spectre-like side channel vulnerabilities

Intel is expanding the bug bounty program it started last March, and is raising considerably the awards it plans to give out for helpful vulnerability information. Where information about critical vulnerabilities in Intel software, firmware and hardware could have previously been rewarded with up to $7,500, $10,000 and $30,000, respectively, now the bounties in those same categories go up to $10,000, $30,000 and $100,000. A new bug bounty program for side channel vulnerabilities The company … More

Still relying solely on CVE and NVD for vulnerability tracking? Bad idea

2017 broke the previous all-time record for the highest number of reported vulnerabilities. The 20,832 vulnerabilities cataloged during 2017 by Risk Based Security (VulnDB) eclipsed the total covered by MITRE’s Common Vulnerability Enumeration (CVE) and the National Vulnerability Database (NVD) by more than 7,900. “Incredibly, we see too many companies still relying on CVE and NVD for vulnerability tracking, despite the US government funded organization falling short year after year. While some argue that the … More

UK government officially blames Russia for NotPetya attack

The UK government has officially attributed the June 2017 NotPetya cyber attack to the Russian government. The statement is backed by an assessment of the UK’s National Cyber Security Centre, which has found that the Russian military was “almost certainly” responsible for it. The NotPetya attack “The NotPetya attack saw a malicious data encryption tool inserted into a legitimate a piece of software used by most of Ukraine’s financial and government institutions,” the NCSC noted. … More

IoT botnet bypasses firewalls to get to ZyXEL modems

NewSky Security’s honeypots have detected a new IoT botnet in the making. The botnet was named DoubleDoor, as it leverages two distinct backdoors to get to the target: ZyXEL PK5001Z modems. The DoubleDoor attacks What’s interesting about this particular botnet is that it’s ready to pass an extra layer of security to get to the modem: Juniper Networks’ NetScreen hardware firewall devices. To pull off the attack, it employs exploits for two vulnerabilities: CVE-2015–7755, which … More

Why do we need a risk-based approach to authentication?

20 years ago, everyone worked at a desktop workstation hardwired into an office building. This made network security simple and organizations felt they could depend on the time-tested method of the trusted perimeter. Firewalls were relied on to keep out external threats, and anything within the network was considered secure and safe. Today, however, the number of variables has skyrocketed. The move to the cloud, BYOD, and increased use of outside contractors means a legitimate … More

A five-year analysis of reported Windows vulnerabilities

Based on analysis of all disclosed Microsoft vulnerabilities in 2017, a new Avecto report shows a significant rise in the number of reported vulnerabilities. Last year, 685 vulnerabilities were found versus 325 vulnerabilities that were found in 2013. The removal of admin rights could mitigate 80% of all critical Microsoft vulnerabilities reported in 2017. Nearly all (95%) of critical vulnerabilities in Microsoft browsers could be mitigated by the removal of admin rights. The rise of … More

Microsoft boosts Windows Analytics to help squash Meltdown and Spectre bugs

A day after Microsoft announced it will be adding Windows Defender ATP down-level support for older OSes comes the news that its Windows Analytics service is getting new capabilities aimed at helping businesses tackle Meltdown and Spectre vulnerabilities on machines in their fleet. What is Windows Analytics? Windows Analytics is a free telemetry analysis tool for business administrators. It is meant for guiding organizations through upgrading to and staying current on Windows 10 by providing … More

How cybercriminals exploited Telegram flaw to deliver malware

A “vulnerability” in Telegram’s desktop instant messaging client for Windows was exploited for months by Russian cybercriminals to deliver malware to users. Kaspersky Lab researchers discovered in October 2017 that the flaw – which is actually more of a loophole, really – was being actively exploited. They notified Telegram about the issue, and sometime between then and now the loophole was closed by the developers. “We don’t have exact information about how long and which … More

Microsoft, Adobe February 2018 security updates: An overview

The Microsoft February 2018 security updates are for Internet Explorer, Edge, Windows, Office, Office Services and Web Apps, Adobe Flash, and ChakraCore (the core part of the Chakra Javascript engine that powers Microsoft Edge). Jimmy Graham, director of product management at Qualys, considers the Adobe Flash update and that for StructuredQuery in Windows servers and workstations to be the most critical and best implemented as soon as possible. The former plugs the Flash zero-day bug … More

Here’s what keeps your CISO up at night

89.1 percent of all information security leaders are concerned about the rise of digital threats they are experiencing across web, social and mobile channels, according to the 2018 CISO Survey by RiskIQ. Some 1,691 U.S. and U.K. information security leaders across multiple verticals, including enterprise, consulting, government and education, provided insights into their cyber risk concerns and plans for 2018. Overall, the survey revealed a coming “perfect storm,” where the problem of staff shortages collides … More

Love letters from a Black Hat to all the fools on the Internet

As an underground, “black hat” hacker, I don’t have time for significant others. I’m too busy earning stacks of cash to improve my Bitcoin mining rigs and working to pay off college loans. This Valentine’s Day I want to show my appreciation by sending love letters to all those ignorant and over-trusting fools on the Internet that pay my bills by making the same mistakes over and over. To Bob from the law firm Roses … More

Millions of Android devices forced to mine Monero for crooks

No device is safe from criminals looking to make it stealthily mine cryptocurrency for them. However weak its processing power is, it still costs them nothing. With that in mind, forced crypto mining attacks have also begun hitting mobile phones and tablets en masse, either via Trojanized apps or redirects and pop-unders. An example of the latter approach has been recently documented by Malwarebytes’ researchers. The attack “In a campaign we first observed in late … More

Microsoft to provide Windows Defender ATP for older OS versions

Microsoft will backport Windows Defender Advanced Threat Protection (ATP) to meet the security needs of organizations that have not yet entirely switched to Windows 10. Windows Defender ATP provides deep insights into Windows 7 events on a rich machine timeline What is Windows Defender ATP? Windows Defender ATP is a unified endpoint security platform that provides administrators a central view of threats on company endpoints. For that to work, the OS must have the Windows … More

German court says Facebook use of personal data is illegal

Facebook’s default privacy settings and some of its terms of service fall afoul of the German Federal Data Protection Act, the Berlin Regional Court has found. By not adequately securing the informed consent of its users, Facebook’s use of personal data is illegal – and so is the social network’s “real-name” clause, as the German Telemedia Act says that providers of online services must allow users to use their services anonymously or by using a … More

Tackling the insider threat: Where to start?

Many organizations still believe the definition of an insider threat is limited to a rogue employee purposefully leaking embarrassing information, or nuking a couple of systems when he or she quits and walks out the door with internal or customer data to take to a new job. But not all insider threats have to be malicious to cause an incident. Perhaps someone on your marketing team wasn’t aware of their regulatory obligations in handling customer … More

What CISOs prioritize in order to improve cybersecurity practices

In a new study by the The Financial Services Information Sharing and Analysis Center (FS-ISAC), CISOs weighed in on the most critical cyber-defense methods, frequency of cyber-preparedness reporting to their respective boards of directors as well as the current cyber chain of command within their respective financial organizations. Critical defense CISOs surveyed were split on their top priorities for securing their organizations against cyberattacks. 35 percent of CISOs surveyed said that employee training is a … More

Polisis: AI-based framework for analyzing privacy policies in real time

It has been known for a while that the overwhelming majority of Internet users doesn’t read privacy policies and terms of service before agreeing to them. Those few that do usually skim over them. That’s mostly because these documents and agreements are extremely long and – intentionally or unintentionally – written in a way that makes them unintelligible to the great majority of users. Companies’ privacy policies and terms of service also change through time, … More

Download: The 2017 State of Endpoint Security Risk Report

To determine the cost and impact of evolving threats, the Ponemon Institute, a preeminent research center dedicated to data privacy and protection, surveyed 665 IT and security leaders. Their responses indicate today’s organizations are struggling to secure their endpoints, and paying a steep cost for each successful attack — $5 million for a large organization or an average of $301 per employee. Get the full report here. Attacks are evolving This year, over 40% of … More

Thousands of government, orgs’ websites found serving crypto mining script

On Sunday, over 4,200 websites around the world started hijacking visitors’ browsers to mine the Monero crypto currency. The attack The problem was first noticed and partly documented by security researcher Scott Helme: Ummm, so yeah, this is *bad*. I just had @phat_hobbit point out that @ICOnews has a cryptominer installed on their site… 😮 pic.twitter.com/xQhspR7A2f — Scott Helme (@Scott_Helme) February 11, 2018 Among the compromised websites were that of UK’s Information Commissioner’s Office and … More

Cybercrime shifts: Rise of Russian cybercrime, attacks on cryptocurrency marketplaces

Cryptocurrency marketplaces, designed to facilitate trading on the full range of digital currencies, are experiencing a range of fraudulent activity. The world of cryptocurrency has moved from being the playground of the criminal underworld to be a prime target for attacks on legitimate transactions, according to the Q4 2017 Cybercrime Report by ThreatMetrix. Fraudulent new accounts are created using stolen or synthesized identities to set up mule accounts to launder money. Additionally, legitimate accounts are … More

February Patch Tuesday forecast: Key updates to act on

Love is in the air! Can’t you feel it? This Patch Tuesday falls the day before the most romantic day of the year – Valentine’s Day! We’ve been hearing just how much love our fellow security administrators have been shown by both their bosses and their users as a result of the Spectre and Meltdown vulnerabilities. First Microsoft released a series of patches in early January to mitigate the issue. And then AMD released their … More

Chrome will mark HTTP pages as “not secure”

Starting with Chrome 68, which is scheduled to be released in July 2018, Google will explicitly mark all HTTP sites as “not secure”: According to Google’s numbers, 68% of Chrome traffic on both Android and Windows is now encrypted, as is 78% of Chrome traffic on both Chrome OS and Mac. In July, those numbers are going to be even higher. “Developers have been transitioning their sites to HTTPS and making the web safer for … More

New infosec products of the week​: February 9, 2018

Protect network, IoT, ICS, and SCADA devices from privilege-based attacks BeyondTrust announced a privilege management solution for network, IoT, ICS, and SCADA devices. PowerBroker for Networks is an agentless solution that controls what commands users can run, records sessions, alerts, and provides a complete audit trail of user activity on network devices via the command line. Lifecycle management for groups and persistent listing from AD Hitachi ID Systems released version 11 of its Identity and … More

Server-side exploits dominate the threat landscape

Skybox Security released its inaugural Vulnerability and Threat Trends Report, which analyzes vulnerabilities, exploits and threats in play in 2017. Cybercrime is a money–making machine A trend observed for the last several years has seen threat actors turn cybercrime into a money–making machine. An integral part of this approach means taking the path of least resistance: leveraging existing attack tools rather than developing new ones, using the same attack on as many victims as possible … More

Intel releases new Spectre microcode updates for some affected processors

Intel has provided a new update on the Spectre patch situation. Skylake fix ready, others to follow “Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners, and we expect to do the same for more platforms in the coming days,” Navin Shenoy, general manager of the Data Center Group at Intel Corporation, has announced on Wednesday. “We also continue to release beta microcode updates so … More

When crypto-mining malware hits a SCADA network

Stealthy crypto-mining is on track to surpass ransomware as cybercriminals’ most favorite money-making option, and companies with computers and servers that run all day and night long are the preferred targets. This could be more than just a nuisance to the companies – it could seriously affect business operations and render some companies unable to operate for days and even weeks. In some instances, namely when the companies are part of critical infrastructure, the consequences … More

Most remain dissatisfied with threat intelligence quality and accuracy

While security professionals are increasingly recognizing the importance of threat intelligence, the majority remain dissatisfied with its accuracy and quality, according to a study conducted by the Ponemon Institute. Meanwhile, because many security teams still execute threat investigations solo rather than pooling intelligence, their ability to quickly act on threats is limited. The report found that 67 percent of IT and security professionals spend more than 50 hours per week on threat investigations, instead of … More

Data of 800,000 Swisscom customers compromised in breach

Swisscom, the biggest telecom company in Switzerland, has suffered a data breach that resulted in the compromise of personal data of some 800,000 customers, i.e., nearly ten percent of the entire Swiss population. “The data accessed included the first and last names, home addresses, dates of birth and telephone numbers of Swisscom customers; contact details which, for the most part, are in the public domain or available from list brokers,” the company explained. The data … More

Credential phishing kits target victims differently depending on location

There is a new attack vector in town – the customization of phishing kits. In a recent case uncovered by PhishMe Intelligence, a phishing kit was crafted to target residents of specific regions using either TrickBot or Locky. Instead of determining what malware to deploy, this kit determined what personal information to collect from its victims. Because the United States was the first in online banking, phishers originally began targeting United States residents. As online … More

99 percent of domains are not protected by DMARC

Essentially every global domain is vulnerable to phishing and domain name spoofing. A new report incorporates data from Agari, revealing that 90 percent of its customers have been targeted by domain name fraud. Insight from the Farsight Security indicates that less one percent of all domains are authenticated and protected by Domain Message Authentication Reporting & Conformance (DMARC). “This report provides compelling evidence of the successes of DMARC adoption in protecting customers and brands, driving … More

How to track smartphone users when they’ve turned off GPS

As it turns out, turning off location services (e.g., GPS) on your smartphone doesn’t mean an attacker can’t use the device to pinpoint your location. A group of Princeton University researchers has devised of a novel user-location mechanism that exploits non-sensory and sensory data stored on the smartphone (the environment’s air pressure, the device’s heading, timezone, network status, IP address, etc.) and publicly-available information to estimate the user’s location. The PinMe mechanism The non-sensory and … More

Hotspot Shield VPN flaw can betray users’ location

A flaw in the widely used Hotspot Shield VPN utility can be exploited by attackers to obtain sensitive information that could be used to discover users’ location and, possibly and ultimately, their real-world identity. About the vulnerability According to the entry for the vulnerability (CVE-2018-6460) in the National Vulnerability Database, Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895, and the web server uses JSONP and hosts sensitive information including … More

Android devices roped into new Monero-mining botnet

A new Monero-mining bot sprang up a few days ago and, in just a few days, has created a botnet consisting of over 7,000 Android devices, most of which are located in China (39%) and Korea (39%). Spreading capabilities The rise of the botnet has been flagged by researchers with Qihoo 360’s Netlab, who analyzed the mining malware and discovered that it has worm-like spreading capabilities. Once ADB.miner – as they’ve dubbed the threat – … More

2017 was extraordinary: 5,200 breaches exposed 7.8 billion records

Once again, the record has been broken for both the most breaches and the most data compromised in a year. There were 5,207 breaches recorded last year, surpassing 2015’s previous high mark by nearly 20%, according to the 2017 Data Breach QuickView Report by Risk Based Security. The number of records compromised also surpassed all other years with over 7.8 billion records exposed, a 24.2% increase over 2016’s previous high of 6.3 billion. “The level … More

Identity fraud enters a new era of complexity

The number of identity fraud victims increased by eight percent (rising to 16.7 million U.S. consumers) in the last year, a record high since Javelin Strategy & Research began tracking identity fraud in 2003. The 2018 Identity Fraud Study found that despite industry efforts to prevent identity fraud, fraudsters successfully adapted to net 1.3 million more victims in 2017, with the amount stolen rising to $16.8 billion. With the adoption of EMV cards and terminals, … More

Why developing an internal cybersecurity culture is essential for organizations

ENISA published a report providing organisations with practical tools and guidance to develop and maintain an internal cybersecurity culture. Understanding the dynamics of cybersecurity culture The Cybersecurity Culture in Organisations report is based on a multi-disciplinary research, conducted to better understand the dynamics of how cybersecurity culture can be developed and shaped within organisations. This research draws from different disciplines, including organisational sciences, psychology, law and cybersecurity as well as the knowledge and experiences of … More

Realistic, well-positioned Reddit clone is out to grab users’ login credentials

A convincing clone of the popular social news aggregation and discussion site Reddit has been spotted on the reddit.co domain. The author is obviously counting on users not to spot it for what it is: a site meant to harvest users’ username and password. HEADSUP: Looking for infosec people at @Reddit. Website at (phishing?) domain reddit(.)co — using the Colombian TLD — was acting a pitch-perfect apparent MITM of the actual Reddit. Now returning 500 … More

Flaw in Grammarly’s extensions opened user accounts to compromise

A vulnerability in the Grammarly Chrome and Firefox extensions allowed websites to read users’ authentication tokes and use to them to log in to the users’ Grammarly accounts and access all the (potentially sensitive) information held in them. About the vulnerability The vulnerability was discovered by Google project Zero researcher Tavis Ormandy, who reported it to Grammarly on Friday. “I’m calling this a high severity bug because it seems like a pretty severe violation of … More

Cisco issues new, complete fixes for critical flaw in enterprise security appliances

Cisco researchers have identified additional attack vectors and features that are affected by the “perfect 10” remote code execution and denial of service vulnerability they attempted to patch last Tuesday. This discovery also means that the fix they pushed out at the time is incomplete, and administrators now have to update the vulnerable software again. More on CVE-2018-0101 Initially, they thought that the vulnerability (CVE-2018-0101) only affected the webvpn feature of the Cisco Adaptive Security … More

8 trends in government tech for an enterprise-focused approach to IT

Deloitte examined emerging trends in government technology, and highlighted eight trends that are shaping strategic and operational transformations and redefining IT’s role within the enterprise. “Instead of implementing ‘one-off IT initiatives’ in a single domain, government organizations can be more forward-looking and develop an approach by which disruptive technologies can work in harmony in a holistic way across an agency, department or multiple departments,” said Scott Buchholz, managing director, Deloitte Consulting LLP, and federal CTO. … More

Mac crypto miner distributed via MacUpdate, other software download sites

Software download site/aggregator MacUpdate has been spotted delivering a new Mac crypto miner to users. A new Mac cryptominer was being distributed from hacked MacUpdate pages yesterday, disguised as Firefox, OnyX and Deeper.https://t.co/W8jcotFixl#macOS #Malware #CryptoMining — Thomas Reed (@thomasareed) February 2, 2018 A rare threat Stealthy cryptocurrency miners are most often aimed at Windows and browser users (e.g., the Coinhive script), but no one is safe: neither Linux users, nor Mac users, even though cryptocurrency-mining … More

About the Flash zero-day currently exploited in the wild

The zero-day Flash Player vulnerability (CVE-2018-4878) that Adobe warned about on Thursday was leveraged by North Korean hackers. FireEye calls the group TEMP.Reaper and Cisco researchers named it Group 123 (and have been tracking their exploits for a while). The threat actors leveraging the Flash zero-day “We have observed TEMP.Reaper operators directly interacting with their command and control infrastructure from IP addresses assigned to the STAR-KP network in Pyongyang. The STAR-KP network is operated as … More

The new gold rush: A look inside cryptocurrency fraud

Cybercriminals are flooding to the new world of cryptocurrencies looking to exploit the boom in interest and adoption of these electronic currencies, according to Digital Shadows. This new gold rush is creating a new frontier for professional cybercriminals moving away from less profitable techniques and exploits to make money on the back of the huge interest in these digital currencies. With over 1,400 cryptocurrencies in circulation, and new alternative coins – “altcoins” – emerging every … More

Macro-less malware: The cyclical attack

Last year, attackers linked to the Russian hacking group APT28 (sometimes called Fancy Bear) started hacking like its 1999 with Microsoft Word-based malware that doesn’t trigger security warnings along the way. These types of attacks are called “macro-less malware” because they bypass the security warnings added to Microsoft Office programs in response to traditional macro malware like the Melissa virus at the end of the 20th century. In a November 2017 analysis, security giant McAfee … More

7 steps for getting your organization GDPR-ready

While the EU has had long established data protection standards and rules, its regulators haven’t truly commanded compliance until now. Under the General Data Protection Regulation (GDPR), financial penalties for data protection violations are severe – €20 million (about $24.8 million USD) or 4 percent of annual global turnover (whichever is higher), to be exact. What’s more is that GDPR does not merely apply to EU businesses, but any organization processing personal data of EU … More

Number of Internet-accessible ICS components is increasing every year

The number of industrial control system (ICS) components – which run factories, transport, power plants and other facilities – left open to Internet access, is increasing every year. In Germany, for example, researchers from Positive Technologies found 13,242 IP addresses for ICS components, up from 12,542 in 2016. Internet-accesible ICS components around the world Advanced industrial countries, such as the U.S., Germany, China, France, and Canada, were home to the largest numbers of Internet-accesible ICS … More

Scammers steal nearly $1 million from Bee Token ICO would-be investors

Another day, another ICO-related scam. In an attack similar to that which fooled investors into the Enigma cryptocurrency investment platform, users who were aiming to buy Bee Tokens during a Token Generation Event (i.e., an initial coin offering) were tricked into sending the money to scammers instead. What is the Bee Token? Beenest is a home-sharing network built on top of a set of Bee Protocols (Ethereum smart contracts) running on the Ethereum network. The … More

Groundhog Day: Third-party cyber risk edition

Over the past four years, I’ve had countless conversations with hundreds of companies around third-party cyber risk issues. It’s been my personal Groundhog Day, so to speak. Regardless of sector or size of company, the conversations are almost identical as most everyone faces a similar challenge: “How can I truly manage risk from third parties where I have little or no control over their information security practices?” “I know I have massive risk from third … More

New infosec products of the week​: February 2, 2018

Stop threats in enterprise container runtime environments StackRox announced StackRox Detect and Respond 2.0, enhancing its robust threat detection capabilities across five phases of container attacks defined by the new StackRox AIM. With expanded depth and breadth of threat detection, auto-tuned machine learning, and application auto-grouping, StackRox Detection and Response 2.0 enables customers to get ahead of threats aimed at their Docker containers running in production with efficiency. Kenna Security announces vulnerability exploit prediction capability … More

The future of smartphone security: Hardware isolation

Mobile spyware has become increasingly more ubiquitous in corporate networks and devices. In a 2017 study, Check Point has found that out of the 850 organizations that they queried, 100% had experienced a mobile malware attack at least once in the past. To date, most cybersecurity companies have focused either on software-only or built-in hardware solutions as a way of fighting back against these threats. While some of these solutions have proven to be effective, … More

Researchers showcase automated cyber threat anticipation system

A group of researchers is trying to develop an automatic early warning system that should help defenders take preventative action before specific cyber attacks start unfolding. How does their system work? Their approach leverages the fact that preparation of cyber attacks often occurs in plain sight, discussed on online platforms and publicly accessible discussion forums. “The system monitors social media feeds of a number of prominent security researchers, analysts, and white-hat hackers, scanning for posts … More

Google booted 100,000 malicious developers from Google Play

New malware and unwanted apps are discovered on Google Play nearly every day – or so it seems. According to Google’s statistics, in 2017 the company has taken down more than 700,000 apps that violated the Google Play policies: copycat apps, apps showing inappropriate content, and outright malware (apps that conduct SMS fraud, act as trojans, or phishing user’s information). The number might seem small to some and significant to others, but it is definitely … More

AutoSploit: Automated mass exploitation of remote hosts using Shodan and Metasploit

A “cyber security enthusiast” that goes by VectorSEC on Twitter has published AutoSploit, a Python-based tool that takes advantage of Shodan and Metasploit modules to automate mass exploitation of remote hosts. “Targets are collected automatically as well by employing the Shodan.io API. The program allows the user to enter their platform specific search query such as; Apache,IIS, etc, upon which a list of candidates will be retrieved,” the tool’s creator explained. “After this operation has … More

BEC scams surge, cybercriminals target nearly all organizations

96 percent of organizations have received business email compromise (BEC) emails during the second half of 2017, according to Agari. “BEC is a particularly effective attack vector because its lack of payload makes it nearly impossible for conventional email security solutions to detect and prevent,” said Markus Jakobsson, chief scientist, Agari. “At its core, business email compromise is a social engineering attack that leverages familiarity, authority and trust, which can result in billions of dollars … More

The Ransomware Survival Handbook

When a ransomware infection spreads through your network, its goal is to encrypt any files it can access (even backups) as quickly as possible. That can happen in a matter of minutes or even seconds. And from there, the clock starts ticking. Because everyone is expecting you to get things back up and running. Read The Ransomware Survival Handbook and learn how to recover quickly and effectively (and not get hit again). Written based on … More

Attackers disrupt business operations through stealthy crypto mining

WannaMine, a Monero-mining worm discovered last October, is increasingly wreaking havoc on corporate computers. Either by slowing down computers or by crashing systems and applications, the crypto mining worm is, according to CrowdStrike researchers, seriously affecting business operations and rendering some companies unable to operate for days and even weeks. In one case, a client informed CrowdStrike that nearly 100 percent of its environment was rendered unusable due to overutilization of systems’ CPUs. As time … More

Mozilla plugs critical and easily exploitable flaw in Firefox

Firefox users would do well to upgrade to the browser’s latest release if they want to keep their computers safe from compromise. Released on Monday, Firefox 58.0.1 contains one but very important security fix that plugs a vulnerability arising from insufficient sanitization of HTML fragments in chrome-privileged documents. (In this context, chrome is not the popular Google browser, but a component of Firefox.) The vulnerability (CVE-2018-5124) is considered critical because a successful exploit could allow … More

Multiple zero-day vulnerabilities found in ManageEngine products

Digital Defense uncovered multiple, previously undisclosed vulnerabilities within several Zoho ManageEngine products. ManageEngine offers more than 90 tools to help manage IT operations, including networks, servers, applications, service desk, Active Directory, security, desktops, and mobile devices. Currently, the company claims to have more than 40,000 customers, including three out of every five Fortune 500 company. Vulnerability impact The discovered vulnerabilities allow unauthenticated file upload, blind SQL injection, authenticated remote code execution and user enumeration, potentially … More

Building a coping mechanism for data breaches

Data breaches may be daily news, but they will always be a significant worry for business stakeholders. It is the IT team, however, that have to deal with the technical side of breaches. Here’s my view on establishing a coping mechanism. In most of the breaches that we analyse, there is always an element of human failure: You are just one stupid password away from a data breach Default passwords are asking for trouble Build … More

Most top US and EU e-retailers are putting their consumers at risk

A new study by 250ok has revealed that 87.6 percent of the root domains operated by top e-retailers in the United States and European Union are putting their brands and consumers at risk for phishing attacks. SPF and DMARC Phishing and spoofing attacks against consumers are most likely when companies don’t have a published Sender Policy Framework (SPF) or Domain-based Message Authentication, Reporting and Conformance (DMARC) policy properly in place. SPF is an email validation … More

Widespread API use heightens cybersecurity risks

A new Imperva survey showed a heightened concern for cybersecurity risk related to API use. Specifically, 63 percent of respondents are most worried about DDoS threats, bot attacks, and authentication enforcement for APIs. APIs power the interactive digital experiences users love and are fundamental to an organization’s digital transformation. However, they also provide a window into an application that presents a heightened cybersecurity risk. The survey shows that 69 percent of organizations are exposing APIs … More

Cisco plugs critical hole in many of its enterprise security appliances

There’s an eminently exploitable remote code execution flaw in the Adaptive Security Appliance (ASA) Software running on a number of Cisco enterprise appliances, and admins are advised to plug the hole as soon as possible. The Cisco Product Security Incident Response Team (PSIRT) says that it is aware of public knowledge of the vulnerability, but not of any current malicious use of it. Nevertheless, active exploitation might be close at hand. Also, details about the … More

How to prepare for the future of digital extortion

Digital extortion has evolved into the most successful criminal business model in the current threat landscape, and Trend Micro researchers predict that it will continue to grow rampant because it’s cheap, easy to commit, and many times the victims pay. Attackers can go after a wide variety of targets The line between blackmail and extortion is blurred in the digital realm. “Many digital crimes we normally think of as blackmail are, in fact, extortion — … More

Dridex gang follows trends, also created FriedEx ransomware

The gang behind the infamous banking Trojan Dridex has also created the FriedEx (aka BitPaymer) ransomware, ESET researchers confidently claim. The similarities between Dridex and FriedEx By analyzing and comparing the code of both threats, the researchers discovered a handful of similarities: Both malware use the same function for generating UserID (i.e., that generates a unique string from several attributes of the victim’s machine) Most of the other functions that correspond to the specific malware … More

UK critical operators risk £17m fines for poor cybersecurity practices

UK essential service operators risk fines of up to £17 million if they fail to implement robust protections against cyber attack. The penalties will apply to energy, transport, water, digital infrastructure, and health firms. “A simple, straightforward reporting system will be set up to make it easy to report cyber breaches and IT failures so they can be quickly identified and acted upon. It will also cover other threats affecting IT such as power outages, … More

Achieving zero false positives with intelligent deception

Cyber attacks are not single events. When attackers compromise an asset, they don’t know which asset is infected. They must determine where they are in the network, the network structure and where they can find valuable information. That means attackers carefully try to find out as much as possible about the organization. This is precisely the behavior that intelligent deception technology can exploit in order to thwart attackers and protect organizations. Breadcrumbs are clues for … More

What is a security data lake?

The concepts of the data lake and the specialized security data lake are relatively new. While data lakes have a bit of a head start in adoption – largely among data science teams – some security teams are beginning to look into security data lakes to keep afloat in the wash of security log data they amass every day. Understanding the capabilities and differences between the two types of repositories will help determine if implementing … More

British cryptocurrency traders robbed of Bitcoin at gunpoint

Cryptocurrency heist are usually covert affairs that leave users with empty wallets, but not fearing for their life. Still, there are always some unlucky individuals who get the worst of everything. Case in point: Bitcoin traders Danny Aston and Amy Jay, who were robbed at gunpoint on January 22 in their home in Moulsford, Oxfordshire (UK). The two are directors of Aston Digital Currencies, and Aston traded cryptocurrency online under the pseudonym “Goldiath.” He has … More

Lenovo Fingerprint Manager Pro is full of fail

Lenovo Fingerprint Manager Pro, a piece of software that allows users to log into their PCs or authenticate to configured websites using fingerprint recognition, has been found seriously wanting in the security department. The problems are several: the software contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in. Also, the data it stores – users’ Windows logon credentials and fingerprint data, among other … More

Strava user heatmap reveals patterns of life in western military bases

In November 2017, online fitness tracker Strava published a heatmap of the activity many of its users around the world engage in (and track) daily. But what might have seemed as a harmless sharing of anonymized, aggregated data turned out to reveal potentially sensitive information about (mostly western) military bases and secret sites. The revelation was made and shared over the weekend by Nathan Ruser, an Australian university student and founding member of Institute for … More

It’s time to get serious about email security

In today’s hyper-connected world, email is the foundation of every organization’s collaboration, productivity, and character. And despite annual rumors of its demise, there’s no reason to believe we’ll be writing its eulogy anytime soon. With its ubiquity and universal appeal, email is a treasure trove of sensitive business information. That’s why emails leaks aren’t just data loss events. They’re direct attacks on your brand and reputation. Despite team collaboration and communication tools like Slack and … More

Authentication today: Moving beyond passwords

A new global study from IBM Security examining consumer perspectives around digital identity and authentication, found that people now prioritize security over convenience when logging into applications and devices. Authentication methods perceived as most secure (global perspective) Generational differences also emerged showing that younger adults are putting less care into traditional password hygiene, yet are more likely to use biometrics, multifactor authentication and password managers to improve their personal security. With millennials quickly becoming the … More

How can we avoid another record year for breaches and ransomware?

More than 14.5 billion emails laced with malware were sent in 2017 according to the annual Global Security Report issued by AppRiver. The majority of cyber threats were initiated in the US and persisted throughout the year, with significant peaks in August, September and October. In the first half of 2017, 1.9 billion data records were lost or stolen as a result of cyberattacks. This followed a tough year in 2016, when losses totaled $16 … More

Old Bitcoin transactions can come back to haunt you

A group of researchers from Qatar University and Hamad Bin Khalifa University have demonstrated how years-old Bitcoin transactions can be used to retroactively deanonymize users of Tor hidden services. It seems that Bitcoin users’ past transactions – and especially if they used the cryptocurrency for illegal deals on the dark web and didn’t think to launder their payments – may come back to haunt them. Researchers’ findings “We crawled 1.5K hidden service pages and created … More

Facebook, Microsoft announce new privacy tools to comply with GDPR

In four months the EU General Data Protection Regulation (GDPR) comes into force, and companies are racing against time to comply with the new rules (and avoid being brutally fined if they fail). One of the things that the regulation mandates is that EU citizens must be able to get access to their personal data held by companies and information about how these personal data are being processed. Facebook users to get new privacy center … More

New infosec products of the week​: January 26, 2018

Empowering security teams with unlimited security data collection, indexing and search Exabeam Data Lake centralizes all relevant logs to reduce the work of collecting logs from multiple systems. It is built on open source, big data technology, providing unlimited security data collection, indexing, and search. It supports better analytics and enables compliance reporting. Data Lake now has a database collector which enables logs to be collected from remote Microsoft SQL Server and MySQL databases. Proxmox … More

Good privacy is good for business, so pay attention

Data privacy concerns are causing significant sales cycle delays for up to 65 percent of businesses worldwide, according to findings in the new Cisco 2018 Privacy Maturity Benchmark Study. The study shows that privacy maturity is connected to lower losses from cyberevents: 74 percent of privacy-immature organizations experienced losses of more than $500,000 last year caused by data breaches, compared with only 39 percent of privacy-mature organizations. Privacy maturity is a framework defined by the … More

Alphabet enters enterprise cybersecurity market, launches Chronicle

Google’s parent company Alphabet has announced its entry into the lucrative enterprise cybersecurity market through Chronicle, a company started in early 2016 as a project at X, Alphabet’s “moonshot factory.” Chronicle has now “graduated” to the status of an independent company within Alphabet, and is lead by Stephen Gillett, formerly an ​executive-in-residence at Google Ventures and Chief Operating Officer of Symantec. VirusTotal, a malware intelligence service acquired by Google in 2012, will be become a … More

PCI Council sets security requirements for mobile point of sale solutions

The PCI Security Standards Council has announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf (COTS) devices such as smartphones and tablets. What are we talking about here? Stores that offer customers the possibility to purchase things with their payment card usually have a hardware terminal and PIN entry device. But this can be too pricey an option for small merchants in markets that require EMV chip-and-PIN acceptance. A cheaper option … More

Data breaches at an all time high: How are businesses protecting themselves?

Digitally transformative technologies are shaping the way organisations do business and moving them to a data-driven world, with 94% of organisations using sensitive data in cloud, big data, IoT, container, blockchain and/or mobile environments, according to the 2018 Thales Data Threat Report. Digital transformation is driving efficiency and scale as well as making possible new business models that drive growth and profitability. Enterprises are embracing this opportunity by leveraging all that digital technology offers, with … More

ICO protection: Key threats, attack tools and safeguards

Group-IB has analyzed the basic information security risks for the cryptoindustry and compiled a rating of key threats to an ICO (initial coin offering). On average, over 100 attacks are conducted on one ICO, and criminals are increasingly using modified Trojans that were previously used for thefts from banks, as well as targeted attacks with a view to compromise secret keys and secure control over accounts. Ranking threats While summing up a year of protecting … More

Download: 2018 Cybersecurity Checklist

Today’s attacks are spreading faster, evolving quicker, and evading even the most widely used security solutions. But that doesn’t mean you can’t fight back. Get practical recommendations for preventing and mitigating the latest attacks with this free checklist. Get actionable suggestions on how to: Prevent compromise in the first place by defending against the most popular attack vectors Mitigate post-exploitation activities like privilege escalation and lateral movement attempts Know when attackers attempt to launch malicious … More

Security in the enterprise: Things are looking up!

Cybersecurity is quickly becoming the number one business priority, says identity and access management company Okta. Based on the results of an analysis of authentication and verification events made through the company’s enterprise offerings between November 1, 2016 to October 31, 2017, security tools by Jamf, KnowBe4, DigiCert, Cisco, Mimecast, Sophos, and CloudFlare all ranked in the top 15 fastest growing apps for the first time. “Jamf, which provides software for managing and securing Apple … More

DuckDuckGo offers new privacy extension and app

DuckDuckGo, the company behind the eponymous privacy-minded Internet search engine, has announced a new browser extension and mobile app: DuckDuckGo Privacy Essentials. DuckDuckGo Privacy Essentials does four things: It makes DuckDuckGo the default search engine (this features is optional – it can be switched off). Forces websites to serve users with an encrypted version (i.e., HTTPS version) of the site – if it’s available. Blocks all hidden, third-party trackers it can find and provides users … More

Industries most at risk of phishing attacks revealed

A new KnowBe4 study of phishing statistics for top industries, shows small insurance companies have the highest percentage of phish-prone employees in the small to mid–size organization category. Not-for-profit organizations take the lead in large organizations. Benchmark phish-prone percentage by industry Radical drop of careless clicking The study, drawn from a data set of more than six million users across nearly 11,000 organizations, benchmarks real-world phishing results. Results show a radical drop of careless clicking … More

Will explosive data exfiltration continue in 2018?

Last year was a banner year for cybercrime. More data was stolen in the first six months of 2017 than in the entirety of 2016. Gemalto’s Breach Level Index found that over 900 data breaches occurred during the first half of 2017, compromising 1.9 billion records. According to Jing Xie, senior threat intelligence analyst for Venafi, this explosive development in data exfiltration will continue in 2018. In an even more ominous trend, the number of … More

Government CIOs will increase spending on cloud, cybersecurity and analytics

Cloud solutions, cybersecurity and analytics are the top technologies targeted for new and additional spending by public sector CIOs in 2018, while data center infrastructure is the most commonly targeted for cost savings, according to a survey from Gartner. Sixteen percent of government CIOs said they plan to increase spending on business intelligence (BI) and analytics (16 percent) and data management (six percent) in 2018. Gartner’s 2018 CIO Agenda Survey gathered data from 3,160 CIO … More

Fake cryptocurrency wallet carries ransomware, leads to spyware

People around the world are rushing to acquire all kinds of cryptocurrency, hoping that prices will go up and they will be rolling in money when they sell their investment stash. Criminals have, expectedly, noticed the rush and are doing their level best to cash in on it. The latest attack on cryptocurrency-hungry users comes in the form of fake wallet software carrying ransomware. About the malware Fortinet FortiGuard Labs researchers have spotted and analyzed … More

Intel testing new Spectre fixes, tells everyone to hold off on deploying current firmware updates

Shortly after Red Hat stopped providing microcode to address variant 2 (branch target injection) of the Spectre attack, Intel has advised OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current firmware updates that fix the same vulnerability (CVE-2017-5715). Red Hat’s decision “Red Hat is no longer providing microcode to address Spectre, variant 2, due to instabilities introduced that are causing customer systems to not boot. The latest microcode_ctl and … More

Cybercriminals stole $172 billion from 978 million consumers in the past year

Consumers are confident they’re safe online, but hackers have proven otherwise, stealing $172 billion from 978 million consumers in 20 countries in the past year, according to the 2017 Norton Cyber Security Insights Report. Globally, cybercrime victims share a similar profile: they are everyday consumers who use multiple devices whether at home or on the go, but have a blind spot when it comes to cyber security basics. This group tends to use the same … More

Human trafficking victims forced to defraud Chinese computer users

Late last week, the Croatian police executed a coordinated raid on two houses where 59 individuals were confined and forced into defrauding Chinese and Taiwanese computer and smartphone users through a police-ransom-type-of-scheme. According to an announcement by the Croatian Ministry of the Interior, the raids were the result of a months-long joint investigation with the Slovenian National Police and a collaboration with the People’s Republic of China’s police force. The 59 individuals – mostly from … More

British teenager hacked top ranking US officials using social engineering

How did British teenager Kane Gamble, who at the time was only 15 years old, manage to break into email accounts of the CIA and DNI chiefs, as well as gain access to a number of sensitive databases and plans for intelligence operations in Afghanistan and Iran? The answer is social engineering. A day in court Gamble, who was part of Crackas With Attitude (CWA), a group of hackers with a pro-Palestinian agenda, pleaded guilty … More

Escape future ransomware attacks by leveraging the right technology

Last year, multiple industry verticals saw the extreme effects of ransomware, with WannaCry and Petya leading the pack in terms of damage. To make matters worse, according to a report by Kaspersky, the number of ransomware threats is expected to increase in 2018. The evolution of ransomware, resulting in more diverse and innovative attacks, is going to heavily hit enterprises in 2018. In my previous articles, I explained how ransomware has evolved over the years … More

GDPR: Whose problem is it anyway?

With the GDPR deadline looming on May 25, 2018, every organization in the world that transmits data related to EU citizens is focused on achieving compliance. And for good reason. The ruling carries the most serious financial consequences of any privacy law to date – the greater of 20 million EUR or 4 percent of global revenue, potentially catastrophic penalties for many companies. Compounding matters, the scope and complexity of GDPR extends beyond cyber security, … More

What has the Necurs botnet been up to?

The Necurs botnet has been slowly growing since late 2012 and still tops the list of largest spam botnets in the world. Since then, the botnet has occasionally stopped or temporarily minimized the sending out of spam but has returned in full force. How big is the Necurs botnet? It’s difficult to say precisely, but the latest information provided by the Cisco Talos team can give a general idea. The researchers analyzed 32 distinct spam … More

Researchers uncover mobile, PC surveillance platform tied to different nation-state actors

The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign that has targeted activists, journalists, lawyers, military personnel, and enterprises in more than 20 countries in North America, Europe, the Middle East, and Asia. They have dubbed the threat Dark Caracal, and have traced its activities to as far back as 2012. The malware used by Dark Caracal The attackers went after information stored on targets’ Android devices … More

Infosec expert viewpoint: Google Play malware

Researchers routinely discover a variety of malicious apps on Google Play, some of which have been downloaded and installed on millions of devices worldwide. Here’s what infosec experts think about the security of Google Play, what they think Google should do better, and what users can do in order to protect themselves from malicious apps on the official Android app store. Chris Boyd, Lead Malware Intelligence Analyst, Malwarebytes Google Play continues to have issues where … More

New infosec products of the week​: January 19, 2018

Continuous vulnerability management for ICS cybersecurity PAS Cyber Integrity 6.0 now includes continuous vulnerability management providing visibility into vulnerability risk within industrial process control networks. Cyber Integrity moves beyond traditional IT vulnerability management by also addressing the proprietary industrial control systems that comprise 80 percent of a facility environment. BlackBerry releases cloud-based static binary code scanning solution BlackBerry Jarvis is a cloud-based static binary code scanning solution that identifies vulnerabilities in software used in automobiles. … More

HITB Security Conference in Amsterdam to feature innovative research on attack and defense topics

The agenda for Day 1 of the 9th annual HITB Security Conference in The Netherlands has been announced and it’s packed with cutting edge research on a range of attack and defense topics from crypto currencies to fuzzing and more. Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation) In this presentation, Daniel Bohannon, a Senior Applied Security Researcher with MANDIANT’s Advanced Practices group, will dive deep into cmd.exe’s multi-faceted obfuscation opportunities beginning with … More

What is the impact and likelihood of global risks?

The World Economic Forum, a not-for-profit foundation that each year gathers participants from around the world to discuss a wide range of global issues, has published its yearly Global Risks Report. Based on the opinions of almost 1,000 global experts and decision-makers, the top 5 global risks in 2018 in terms of likelihood are extreme weather events, natural disasters, cyber attacks, data fraud or theft, and failure of climate-change mitigation and adaptation. Cyber attacks and … More

Is ethical hacking more lucrative than software engineering?

HackerOne published its 2018 Hacker Report, which examines the geography, demographics, experience, tools used and motivations of nearly 2,000 bug bounty hackers across 100 countries. On average, top earning ethical hackers make up to 2.7 times the median salary of a software engineer in their respective home countries; hackers in India are making as much as 16 times the median. And yet, the new data finds that overall hackers are less motivated by monetary gain, … More

Vulnerability in ISC BIND leads to DoS, patch today!

The Internet Systems Consortium has released security updates for BIND, the most widely used Domain Name System (DNS) software on the Internet, and a patch for ISC DHCP, its open source software that implements the Dynamic Host Configuration Protocol for connection to an IP network. BIND update The BIND update should be implemented as soon as possible: the vulnerability (CVE-2017-3145) can lead to denial-of-service and crash, and instances of that happening have been reported by … More

Why GDPR will drive a best practice approach

When GDPR was first discussed, many feared that it would force businesses to act more insular and become more defensive about their data. Some even believed there would be a counter-movement against the cloud with organisations taking back data into their internal systems. Thankfully, the reality has been very different. Instead we’ve seen a new willingness to work together with partners and specialist cloud providers. Now it looks likely that this collaboration will help to … More

Oracle addresses 237 vulnerabilities across multiple products

The January 2018 Oracle Critical Patch Update (CPU) fixes 237 new security vulnerabilities across hundreds of Oracle products, including the company’s widely used Oracle Database Server and Java SE. The CPU includes: Fixes for the Java Virtual Machine and four other vulnerable components within the Oracle Database Server, the most severe of which carries a CVSS Base Score of 9.1 out of 10; three of the flaws may be exploited remotely without credentials. New security … More

Insights from 700M thwarted cyberattacks show how the fight against cybercrime has intensified

2017 was a record-setting year in the fight against cybercrime. Based on analysis of real world cybercrime attacks, ThreatMetrix confirmed a 100 percent increase in volume of attacks over the last two years. The good news is that record numbers of these attacks are thwarted by organizations investing in innovative, digital-first strategies to protect consumers facing downstream attacks from large-scale data breaches. Fraudsters are no longer looking to make a quick buck from stolen credit … More

Stackhackr: Free malware simulation tool

Stackhackr lets you create and customize your own mock malware that simulates malicious behavior — without actually doing any harm on your machine. It’s a quick and safe way to find out whether your company’s machines are vulnerable to real attacks. In just two minutes you can build and customize your own mock malware and see how your current security stands up to two of the most common and damaging types of cyber attack — … More

Abandoned by Microsoft, Equation Editor gets “security-adopted” by micropatch pros

Last week, Microsoft did away with Equation Editor, a tool that has been part of Microsoft Office for over 17 years. The reason behind the move? A remote code execution vulnerability actively exploited in the wild. About Equation Editor Equation Editor is a (mathematical) formula editor that allows users to construct math and science equations in a WYSIWYG environment. While the software component has not been the default method of creating equations since 2007, it … More

DoS attacks against hard disk drives using acoustic signals

A group of Princeton and Purdue researchers has shown that it’s possible to mount a denial-of-service (DoS) attack against hard disk drives via acoustic signals. Threat severity Hard disk drives (HDDs) have become the most commonly-used type of non-volatile storage due to their increased reliability, fault tolerance, storage capacity, and so on. “These technological advances in HDDs, along with the ever-increasing need for storing the huge amount of data, made them one of the core … More

The rise of ransom hacks, and the potential impact on your business

The percentage of companies reporting financially motivated cyber attacks has doubled over the past two years, with 50% of companies experiencing a cyber attack motivated by ransom in the past year, according to Radware. As the value of bitcoin and other cryptocurrencies has appreciated, ransom attacks provide an opportunity for hackers to cash out for lucrative gains months later. Ransom attacks “The rapid adoption of cryptocurrencies and their subsequent rise in price has presented hackers … More

Phishers target Netflix users, ask for info and photo of their ID

Should you send Netflix a selfie in which you hold your ID card to get your account reinstated? The answer is an emphatic no, but each one of us knows at least one person who would find the request unremarkable and proceed to do it. The campaign The request is the last of several steps of the most recent Netflix-themed phishing campaign, which starts with an email purportedly coming from the streaming company and warning … More

Internet of Things security issues bleed into 2018

In 2017 Internet of Things (IoT) devices rose to prominence as attackers have continued to target and use them to support various cyberattacks. IoT devices are almost the perfect target for cyberthieves. They sit on internal networks, have their own IP address, and allow communication with other internet connected devices and systems. Their ubiquity and large numbers make them highly attractive targets. Yet, despite their growing numbers, IoT devices are relatively unprotected and make easy … More

As the cloud’s popularity grows, so does the risk to sensitive data

While the vast majority of global companies (95%) have adopted cloud services, there is a wide gap in the level of security precautions applied by companies in different markets. Organizations admitted that on average, only two-fifths (40%) of the data stored in the cloud is secured with encryption and key management solutions. Who is responsible for protecting sensitive data stored in the cloud? The findings – part of the Ponemon Institute “2018 Global Cloud Data … More

eBook: 5 emerging rails cybersecurity standards

With massive capital investments in rail infrastructure and technology, many countries understand that it’s time cybersecurity standards prescribe technology that prevents cyberattacks from entering critical signaling and control networks. Unidirectional Gateway technology has featured throughout these standards as best practice for protecting control networks. Download Waterfall’s eBook detailing global rail standards’ view on industrial control systems cybersecurity and Unidirectional Gateway technology.

Apple updates iOS security guide

Apple has published an updated version of its iOS security guide, in which it details features introduced in iOS 11.2 (released on December 4, 2017) and iOS 11.1 (October 31, 2017). The company first released the first version of the document in June 2012, and has been updating it periodically ever since. New information in the iOS security guide This latest iteration contains more and updated details about Apple Pay Cash, security certifications and programs, … More

Google removes 60+ fake game apps displaying porn ads from Google Play

Google has removed some 60+ game apps from Google Play, as they were found to contain code that either delivered inappropriate and pornographic ads, attempted to trick users into installing fake security apps or into signing up for (paid) premium services. About the apps The offending apps have been first flagged by Check Point researchers, who named the threat “AdultSwine.” The threat posed as different game apps – “Drawing Lessons Angry Birds,” “Temple Crash Jungle … More

Meltdown and Spectre: To patch or to concentrate on attack detection?

Patching to protect machines against Meltdown and Spectre attacks is going slow, and the provided patches, in some instances, lead to more problems than just slowdowns. In fact, Intel has admitted that they have “received reports from a few customers of higher system reboots after applying firmware updates.” “Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center,” Navin Shenoy, general manager of Intel’s Data Center Group, confirmed. “We … More

Skype users are finally getting end-to-end encryption

The move was announced on Thursday by Open Whisper Systems, the software organization behind the open source Signal Protocol, which has been implemented by Microsoft to offer the feature. Private Conversations The option, named Private Conversations, is currently being tested by Skype Insiders and has some temporary limitations. Firstly, it can be used to protect audio calls, text messages, and files (images, audio, videos), but not video calls. Secondly, Private Conversations are limited to one-on-one … More

Intel AMT security issue gives attackers complete control over a laptop

F-Secure reports a security issue affecting most corporate laptops that allows an attacker with physical access to backdoor a device in less than 30 seconds. The issue allows the attacker to bypass the need to enter credentials, including BIOS and Bitlocker passwords and TPM pins, and to gain remote access for later exploitation. It exists within Intel’s Active Management Technology (AMT) and potentially affects millions of laptops globally. The simple yet dangerous security issue The … More