Category Archives: Industry News

Researchers extract master password in cleartext from 1Password

Regular internet users today juggle numerous accounts on various platforms and websites, often using the same weak password for all of them. Tech-literate users employ different passwords for different accounts, and strong ones at that. Those who are truly conscientious use a password manager. But is it really all that smart?

ISE, an independent security consulting firm headquartered in Baltimore, Maryland, decided to test this idea by poking at five popular password managers to see if they could make them give up their secrets. While it’s not easy, apparently it can be done.

The group reveals its findings in a paper titled Password Managers: Under the Hood of Secrets Management. They start by outlining “security guarantees” that a typical password manager should offer in different circumstances. These are called “states” – locked, unlocked, running – and, depending on each state that the app is in, certain guarantees must be enforced. Unfortunately, every app that ISE tested contained vulnerabilities that leaked passwords, and the team even recovered the master password from a locked instance of 1Password 4.

The popular password manager and form-filler gives up its “master” key in plaintext

The full paper is well worth a read, as is the (equally-long) blog post dedicated to the findings, with graphics and all. Both are technical enough not to bore the geek in you but digestible enough not to scare off your inner noob. It’s an important piece of research also because it can educate password manager users in the way these tools work.

It isn’t clear if ISE contacted each vendor with these findings to prompt the release of an update, but they do outline a list of additional defenses that password managers should employ to keep user passwords safe. For end-users, the team offers a list of security best practices. ISE also promises to repeat their tests in the future to check and see if the popular credential-guarding tools perform any better.

PCI SSC accepting applications for the Qualified PIN Assessor Program

PCI SSC is accepting applications for the Qualified PIN Assessor (QPA) Program. The QPA Program will enable security professionals to perform assessments using the PCI PIN Security Requirements and Testing Procedures (PCI PIN Security Standard). QPAs will be specifically trained in security controls that need to be validated as being in place to protect the transmission and processing of personal identification numbers (PINs). The new instructor-led training will cover the requirements for the secure management, … More

The post PCI SSC accepting applications for the Qualified PIN Assessor Program appeared first on Help Net Security.

Dtex Systems platform enhancements providing user behavior intelligence and insider threat detection

Dtex Systems, the leader in insider threat intelligence and detection, announced that significant enhancements are being added to the Dtex Advanced User Behavior Intelligence Platform. These will allow customers to extend visibility over system administrators and other privileged users’ actions, providing the most accurate understanding available of how this groups’ activities and behaviors impact risk. The company also announced that platform scalability improvements are allowing enterprise and government customers to rapidly extend insider threat detection … More

The post Dtex Systems platform enhancements providing user behavior intelligence and insider threat detection appeared first on Help Net Security.

Armorblox uses deep learning to solve challenges with email security and data loss

Armorblox announced that it has built the world’s first natural language understanding (NLU) platform for cybersecurity, analyzing sensitive information in emails and documents, and providing a new way to intelligently detect, alert and protect against identity-related attacks and data loss. Closing Series A funding with $16.5 million led by General Catalyst, Armorblox finally provides a way for organizations to protect against people-hacking. Armorblox will showcase the new solution at RSA Conference, March 4-8 in San … More

The post Armorblox uses deep learning to solve challenges with email security and data loss appeared first on Help Net Security.

Netsurion releases EventTracker EDR, protecting against costly data breaches

Netsurion, a leading provider of managed network connectivity, security, and compliance solutions, announced EventTracker EDR, the industry’s first managed endpoint threat detection and response (EDR) solution that is part of a unified SIEM platform and delivered as a managed security service. EventTracker EDR is optimized for small and midsized businesses, which represent 58 percent of all malware attack victims. EventTracker EDR, the next generation of endpoint protection, is effective in blocking against both known malware … More

The post Netsurion releases EventTracker EDR, protecting against costly data breaches appeared first on Help Net Security.

STEALTHbits Technologies release real-time threat detection and response platform

STEALTHbits Technologies, a cybersecurity software company focused on protecting an organization’s sensitive data and the credentials attackers use to steal that data, announced the release of StealthDEFEND v2.0, their real-time threat detection and response platform. This release capitalizes on the momentum in the Active Directory (AD) market. This momentum has been building for well over a decade as STEALTHbits has aggressively developed new technologies, acquired talent from organizations like BeyondTrust and Quest Software, as well … More

The post STEALTHbits Technologies release real-time threat detection and response platform appeared first on Help Net Security.

Arceo.ai releases platform to bridge the cybersecurity-insurance gap

Arceo.ai, the industry-first provider of cyber resilience solutions, emerged from stealth with the debut of a unique platform that enables insurance carriers to automate and enhance their cyber insurance solutions, while increasing the security of their insureds. Cyber resilience is the combination of risk mitigation and accelerated recovery to reduce the total impact of a cyber incident. Whereas cybersecurity stops or limits the scope of an attack, cyber insurance addresses financial loss and recovery costs. … More

The post Arceo.ai releases platform to bridge the cybersecurity-insurance gap appeared first on Help Net Security.

ObserveIT launches ObserveIT 7.7, increasing data exfiltration prevention capabilities

ObserveIT, the leading insider threat management platform with more than 1,900 customers around the world, announced the launch of its newest solution, ObserveIT 7.7. The latest release enhances ObserveIT’s insider threat management capabilities to provide a modern approach to data loss prevention (DLP). It provides increased data exfiltration prevention capabilities and further protects against insider threats, specifically reducing the risk of data loss while enabling streamlined investigations. Data breaches are on the rise globally and … More

The post ObserveIT launches ObserveIT 7.7, increasing data exfiltration prevention capabilities appeared first on Help Net Security.

Radware set to secure customers’ cloud-based assets

Radware, a leading provider of cyber security and application delivery solutions, launches its Cloud Workload Protection (CWP) Service. Radware’s Cloud Workload Protection Service secures customers’ cloud-based assets from data breaches, account compromise, and resource exploitation. As organizations increasingly migrate their computing workloads to publicly hosted clouds, IT and security administrators face new challenges. Cloud environments make it easy to spin up new resources and grant wide-ranging permissions that can potentially be abused. Such misuse often … More

The post Radware set to secure customers’ cloud-based assets appeared first on Help Net Security.

Opanga Networks releases machine learning platform capable of identifying large data flows

Opanga Networks, an industry-leading provider of Big Software innovations for mobile network densification, announced the next-generation N2000, which will provide even greater financial efficiencies to mobile operators via a software update, enabled quickly within a maintenance window. N2000 is the lowest cost mobile capacity expansion in the world and the newest generation is increasing network efficiencies by an additional 50 percent. Opanga’s N2000 is a machine learning platform capable of identifying large data flows such … More

The post Opanga Networks releases machine learning platform capable of identifying large data flows appeared first on Help Net Security.

Trustwave partners with Cybereason to strengthen MDR for Endpoints

Trustwave announced a strategic alliance with Cybereason to further strengthen Trustwave Managed Detection and Response (MDR) for Endpoints, a comprehensive managed security service designed to protect organizations against advanced endpoint threats. The alliance addresses an industry-wide initiative to greatly reduce dwell time of advanced cyber threats that quietly lie dormant on endpoints for the purpose of launching future attacks across the enterprise. Spearheaded and delivered by Trustwave SpiderLabs, a premier team of threat hunters, forensic … More

The post Trustwave partners with Cybereason to strengthen MDR for Endpoints appeared first on Help Net Security.

Privva partners with BitSight to make vendor security assessment comprehensive

Privva, a leading risk management technology provider, announced a partnership with BitSight, the Standard in Security Ratings, to provide customers with a 360° view of third-party risk as part of Privva’s open platform initiative. The Privva platform allows security professionals across industries to manage an efficient vendor risk management program, including automated assessments and ongoing remediation of risks. Privva’s platform allows clients the flexibility to bring an existing security assessment or utilize industry standard frameworks, … More

The post Privva partners with BitSight to make vendor security assessment comprehensive appeared first on Help Net Security.

Pulse Secure delivers secure access for hybrid IT with SDP solutions

Pulse Secure announced the integration of SDP (Software Defined Perimeter) architecture within its Secure Access platform and the inclusion of Pulse SDP as an add-on within its award-winning Access Suite. By offering a flexible path to SDP, the company extends its foundation of Zero Trust access for hybrid IT and provides enterprises and service providers unrivaled provisioning simplicity, security posture fortification and lower total cost of ownership. According to a recent Enterprise Strategy Group survey: … More

The post Pulse Secure delivers secure access for hybrid IT with SDP solutions appeared first on Help Net Security.

139 US bars, restaurants and coffeeshops infected by credit-card stealing malware

North Country Business Products (NCBP), a provider of point-of-sales systems, has revealed that 139 of their clients have been hit by a malware infection that stole the payment card details of consumers.

Retailers at dozens of locations across the United States which used NCBP’s hardware and software to process payments may have been affected by the attack which is thought to have started on January 3 2019, and continued until January 24th.

Affected outlets include – amongst others – branches of Dunn Brothers Coffee, Someburros, Holiday Inn, and Zipps Sports Grill. Details potentially stolen by the unnamed malware include cardholder’s name, credit card number, expiration date, and CVV security code.

THere’s nothing really that consumers can do to avoid being hit by malware that has hit Point-of-Sales devices other than pay in cash.

Visitors to NBCP’s website are currently being greeted by a link to a stark announcement about the data breach.

The problem is, you’ve probably never heard of NCBP. It’s extremely unlikely that you know whether a restaurant, coffee shop or bar that you visited relied upon NCBP’s point-of-sales technology or not.

And the problem for NCBP is that although it can reach out to the 139 restaurants that it believes may have had their point-of-sales systems compromised, it has no way of contacting the actual customers who made purchases with the debit and credit cards.

After all, when you buy a coffee it’s normal to make a payment with your card. It’s not likely that you were asked for your address.

It seems to me that there are only two ways you’re likely to find out that you discover you have been impacted by the North Country Business Products security breach.

You’ll either notice (or have your bank notice) some suspicious purchases on your credit or debit card, or you’ll have visited the NCBP’s website and checked the long list of known establishments and locations included in the breach.

And just how likely is it that people will even hear about this breach, let alone go to check if they have purchased something from one of the affected restaurants?

If you do believe that you might have had your payment card details compromised, you may choose to place a security freeze on your credit file, stopping anyone else from accessing your financial details.

AlgoSec to enhance security management and reduce network attack surface

AlgoSec, the leading provider of business-driven network security management solutions, has announced support for the CyberArk Privileged Access Security Solution. This enables joint customers to further enhance their organization’s security management processes with centralized control of device credentials and privileged accounts. The integration is a key feature of the AlgoSec Security Management Solution version 2018.2. It gives seamless access from AlgoSec to security devices protected by CyberArk’s solution, with no need to duplicate or save … More

The post AlgoSec to enhance security management and reduce network attack surface appeared first on Help Net Security.

Cylance releases native AI platform to detect and respond to threats

Cylance announced the Cylance native AI platform, which delivers a full suite of security solutions through a single, agile agent for comprehensive attack surface protection with deep-learning Al algorithms in its DNA to support automated threat detection, prevention, forensic investigation, and response capabilities to customers worldwide. Now that Cylance has successfully applied AI to prevent attacks from executing at the endpoint, it has advanced to another innovative use of native AI: to detect and respond … More

The post Cylance releases native AI platform to detect and respond to threats appeared first on Help Net Security.

SiteLock releases new VPN solution to protect business and consumer data

SiteLock, the global leader in website security solutions, announced the expansion of its product offering with the launch of SiteLock VPN. SiteLock’s virtual private network offering will help businesses protect all of their online activity from any location. A VPN is a vital layer of protection that eliminates concerns around employee use of public Wi-Fi, protects data transmitted online, allows businesses to view competitor ad campaigns, and removes content restrictions. For consumers, a VPN is … More

The post SiteLock releases new VPN solution to protect business and consumer data appeared first on Help Net Security.

StorageCraft optimizing OneXafe solution for healthcare providers

The widely standardized use of electronic health records and medical imaging, plus the growth in data intensive health applications such as wearable technologies and telemedicine, are catapulting even small healthcare organizations into the petabyte era. To help healthcare organizations immunize themselves against the resulting triple threat of spiraling data costs, system downtime and loss of data integrity, StorageCraft has introduced StorageCraft for Healthcare, a converged scale-out primary and secondary data platform with integrated data protection. … More

The post StorageCraft optimizing OneXafe solution for healthcare providers appeared first on Help Net Security.

Venafi and nCipher Security collaborate to protect machine identity

Venafi, the leading provider of machine identity protection, and nCipher Security, the provider of trust, integrity and control for critical business information and applications, announced a new technology partnership and integration. The integrated solution combines Venafi Advanced Key Protect with nCipher nShield hardware security modules (HSMs) and can be used to scale the generation and protection of machine identities – even in complex, high‐security environments. Cryptographic keys serve as machine identities and are the foundation … More

The post Venafi and nCipher Security collaborate to protect machine identity appeared first on Help Net Security.

NanoLock and Cypress develop flash-based solutions for automotive security and management

NanoLock Security and Cypress Semiconductor announced the companies are jointly developing flash-based solutions that bring device-level security and management to the automotive and industrial domains. The combination of NanoLock’s security and Cypress’ Semper NOR Flash devices enables a trusted management platform and secure over-the-air (OTA) updates for autonomous and connected vehicle electronics units, as well as for smart factories and other Industry 4.0 applications. This is achieved by leveraging the unique compute capabilities of the … More

The post NanoLock and Cypress develop flash-based solutions for automotive security and management appeared first on Help Net Security.

Eurofins launches a new GDPR testing service

Eurofins Digital Testing, a global leader in end-to-end quality assurance (QA) and testing services, announced that its Cyber Security division has launched a new General Data Protection Regulation (GDPR) testing service to assess data protection capabilities, and ensure CE devices and their associated businesses and processes are conforming to the GDPR. GDPR is the legal framework for personal data protection and privacy for all individuals within the European Union, and applies to any company involved … More

The post Eurofins launches a new GDPR testing service appeared first on Help Net Security.

HPE launches platform to help CSPs boost flexibility and reduce costs

Hewlett Packard Enterprise (HPE) announced the HPE Edgeline EL8000 Converged Edge System to help communication service providers (CSP) capitalize on data-intensive, low-latency services for media delivery, connected mobility, and smart cities. The new system enables CSPs to process vast amounts of data in real time directly at the edge, based on open standards to boost flexibility and reduce costs. HPE also announced collaborations with Samsung and Tech Mahindra to accelerate CSPs 5G adoption, leveraging the … More

The post HPE launches platform to help CSPs boost flexibility and reduce costs appeared first on Help Net Security.

Ethernity Networks introduces cost-effective and future-ready VPN Gateway

Ethernity Networks, a leading innovator of network processing technology and products, introduced its ENET VPN Gateway, enabling the aggregation of multiple virtual private network (VPN) tunnels. The ENET IPSec VPN solution fully offloads security functions from the CPU to the FPGA and uses Host Bypass to provide a more robust security than competitive solutions at a lower solution cost. The ENET VPN Gateway integrates widely-used open source Libreswan security management software into Ethernity’s fully programmable … More

The post Ethernity Networks introduces cost-effective and future-ready VPN Gateway appeared first on Help Net Security.

TNS and P97 provide secure connected vehicle and mobile payments

P97 Networks and Transaction Network Services (TNS) are leading the way in facilitating secure, efficient, and reliable connected vehicle and mobile payments across North America and Europe. Under the agreement, TNS provides P97 a managed tokenization service enabling the secure provisioning and payment authorization of consumer card-on-file accounts for mobile and in-vehicle applications. Since its inception the partnership has enabled in-dash fuel payments alone for more than 3 million vehicles across the United States. “The … More

The post TNS and P97 provide secure connected vehicle and mobile payments appeared first on Help Net Security.

CipherTrace raises $15M from blockchain and cybersecurity venture capital firms

Blockchain security company CipherTrace fully emerges onto the world stage with the announcement of major venture capital financing to fund rapid growth. The company has raised $15M in venture capital from top Silicon Valley and New York venture capital firms with deep cybersecurity and crypto asset expertise. The round was led by Aspect Ventures and includes other notable investors such as Galaxy Digital, Neotribe Ventures, and WestWave Capital. Aspect’s Mark Kraynak will join the Board … More

The post CipherTrace raises $15M from blockchain and cybersecurity venture capital firms appeared first on Help Net Security.

Palo Alto Networks to acquire Demisto

Palo Alto Networks, the global cybersecurity leader, announced that it has entered into a definitive agreement to acquire Demisto, a leading security company in the security orchestration, automation and response (SOAR) space. Under the terms of the agreement, Palo Alto Networks will acquire Demisto for a total purchase price of $560 million, subject to adjustment, to be paid in cash and stock. The proposed acquisition is expected to close during Palo Alto Networks fiscal third … More

The post Palo Alto Networks to acquire Demisto appeared first on Help Net Security.

Digital Guardian appointing Mordecai Rosen as CEO

Digital Guardian announced that its Board of Directors has appointed Mordecai (“Mo”) Rosen as its new Chief Executive Officer, effective immediately. Mr. Rosen was most recently the General Manager for Cybersecurity at CA Technologies (now a Broadcom company), and brings more than 25 years of high-tech senior leadership experience to Digital Guardian. With Rosen at the helm, Digital Guardian expects to aggressively grow its core data loss prevention business and extend its push into the … More

The post Digital Guardian appointing Mordecai Rosen as CEO appeared first on Help Net Security.

NTT Security appoints John Petrie to the CTA Board of Directors

NTT Security, the specialized security company of NTT Group, announces the appointment of CEO Americas, John Petrie, to the Board of Directors of the Cyber Threat Alliance (CTA). NTT Security has a reputation of collaboration and information sharing throughout the cybersecurity industry and is excited to increase its participation in the CTA, a non-profit organization working to improve cybersecurity throughout the global digital ecosystem. “It’s an honor to be selected for the CTA Board of … More

The post NTT Security appoints John Petrie to the CTA Board of Directors appeared first on Help Net Security.

Data Breach at Stanford Exposes Student Records, Personal Info

A third-party vulnerability exposed admission records, essays, transcripts and sensitive personal information of Stanford University students, including Social Security numbers, ethnicity, legacy status, home address, citizenship, criminal record and financial situation, writes The Stanford Daily.

The university has been using NolijWeb, the vulnerable content management system, for about 10 years but now plans to find another platform to host its files. NolijWeb is a highly popular platform among schools and universities to let students access school files, and other institutions could be dealing with the same vulnerability.

The glitch has apparently has leaked student files since 2015. Students who submitted requests under the Family Educational Rights and Privacy Act (FERPA) could not only see their own education records, but those of other students as well. The vulnerability was detected and investigated by a student who gained access to the data by simply changing numeric IDs in the URL. It could have been manipulated by anyone with web development experience, the student explained.

“It wasn’t anything sophisticated. You change the ID slightly and it just gives you someone else’s records,” the student said. 

During the investigation, the student looked at 81 students’ records between Jan. 28 and 29, but the security incident has been mitigated in the meantime. In total, 93 students were affected by the breach and are to be informed by the university.

According to Stanford spokesperson Brad Hayward, so far no other “instances of unauthorized viewing” have been detected.

“Exploiting this vulnerability requires an authenticated student login and specific knowledge of the application’s underlying behavior,” Hayward wrote for The Stanford Daily. “We believe this to be the first report of the issue. We regret this vulnerability in our system and apologize to those whose records were inappropriately viewed. We have worked to remedy the situation as quickly as possible and will continue working to better protect our systems and data.”

As soon as the glitch was detected, the platform was disabled until further notice.

Google in hot water after not revealing it had hidden a secret microphone in home alarm product

As if some folks weren’t concerned enough about the infiltration of potentially privacy-busting devices into the home, Google has admitted it did not disclose that it hid a secret microphone inside one of its products.

Owners of the Nest Secure were surprised earlier this month to read an announcement from Google that it was adding a new voice control feature to its home alarm product:

“Starting today, we’re adding a feature to Nest Secure to do just that: the Google Assistant will be available on your Nest Guard, so you can ask it questions like, “Hey Google, do I need an umbrella today?” before you set your alarm and leave the house.* Nest Guard is the brains of your Nest Secure; it contains a keypad and all the smarts that power the system. It’s usually placed in a spot with lots of traffic (like the front doorway) making it useful as you come and go.”

Why the surprise? Well, until then nobody had known that the Nest Secure alarm was capable of listening to anything.

Sure, it could sense motion in your household, it could know if a door or window was open, and even allow you to remotely turn your home alarm on. But nobody knew, and Google chose never to tell anyone, that there was a microphone hidden within the device.

A microphone that could be enabled via a software update.

Google says it goofed by keeping the microphone secret:

“The on-device microphone was never intended to be a secret and should have been listed in the tech specs. That was an error on our part.”

It went on to explain to Business Insider that it’s not unusual for security systems to have built-in microphones:

“The microphone has never been on and is only activated when users specifically enable the option.”

“Security systems often use microphones to provide features that rely on sound sensing. We included the mic on the device so that we can potentially offer additional features to our users in the future, such as the ability to detect broken glass.”

And I accept that there are good reasons why some people may want their home security systems to have microphones. But it seems underhand of me for a company to build a microphone into its device and not tell anyone about it.

With a growing tide of concern over IoT security and privacy, and the amount of personal data gobbled up by tech giants, it seems very shortsighted for Google to have overlooked revealing the existence – even if unused – of a hidden listening device.

Amazon and Google are market leaders when it comes to home assistants, and there are millions of folks who have excitedly placed them in their homes. However, there are also plenty of folks who shudder at the thought of what they view as devices spying on them, and their strongly-held opinions should be respected.

Baffle releases a data protection solution for serverless cloud workloads

Baffle, an advanced data protection company, announced it has released the first-to-market solution for data-centric protection of Amazon’s AWS Lambda, a pioneering serverless compute service. On the heels of its breakthrough for data-centric encryption, Baffle Advanced Data Protection Service gives enterprises the ability to provide a common data security model for existing infrastructure while also accelerating the “lift and shift” to serverless computing services such as AWS Lambda. Baffle’s award-winning and patented platform now provides … More

The post Baffle releases a data protection solution for serverless cloud workloads appeared first on Help Net Security.

Spark Connected launches The Gorgon, a new wireless power solution for 5G networks

Spark Connected, a leading technology developer of advanced and innovative wireless power system solutions, announced a proprietary 30-Watt wireless power solution, named The Gorgon specifically engineered for Telecom Infrastructure and Security applications. The Gorgon wireless power solution consists of both a transmitter and companion receiver and is currently in field trials for 5G Fixed Wireless Access (FWA). The solution integrates into in-building mmWave 5G products and eliminates the need to wire external antenna or FWA … More

The post Spark Connected launches The Gorgon, a new wireless power solution for 5G networks appeared first on Help Net Security.

Exclusive Group acquires SecureWave to advance global VAD reach

Exclusive Group, the value-added services and technologies (VAST) group, announced it is acquiring SecureWave, one of Israel’s leading independent cybersecurity VADs. The move adds another advanced economy to the worldwide market penetration of the Exclusive Group, establishes an in-country presence within one of the world’s most significant innovation hubs, and expands the Group’s service reach to the benefit of its global customers and partners. “This acquisition is about more than just filling in the gaps … More

The post Exclusive Group acquires SecureWave to advance global VAD reach appeared first on Help Net Security.

Treliant adds Gerald R. Roop as Principal

Gerald R. Roop has joined Treliant as a Principal in the firm’s Regulatory Compliance and Risk service area, bringing significant experience partnering with financial services clients to develop sustainable compliance, risk, regulatory, and financial control programs and find new efficiencies in existing programs. In his career, Gerry has held key roles in both global advisory firms as well as executive financial roles within the industry, including Chief Financial Officer for a publicly traded financial services … More

The post Treliant adds Gerald R. Roop as Principal appeared first on Help Net Security.

Ransomware to land cyber-crooks decades in Maryland prisons if new bill passes

Ransomware attacks have been increasing steadily for a few years, and operators gain confidence with every new strike. While cyber-experts burn the midnight oil coming up with solutions to thwart this dangerous form of malware, lawmakers in the U.S. state of Maryland are trying a shortcut – they aim to increase prison time for ransomware operators.

Experts have long insisted that caving in to ransomware operators’ demands not only encourages them to strike again, but it also doesn’t ensure you get your data back. Using a security solution to prevent attacks undoubtedly helps, but the best defences against ransomware remain vigilance and offline backups.

Because of the way ransomware works, though, operators often remain at large. That’s why legislators in Maryland have decided to give future cyber-crooks a scare, by increasing slammer time to 10 years for any ransomware attack resulting in losses greater than $1,000.

Via DelmarvaNow:

Maryland Senate bill 151, cross-filed with House bill 211, would define ransomware attacks that result in a loss greater than $1,000 as a felony, subject to a fine of up to $100,000 and a maximum sentence of 10 years in prison.

Under current Maryland laws, a ransomware attack that extorts a loss less than $10,000 is considered a misdemeanor, while a breach that results in a loss greater than $10,000 is a felony.

The new bill would punish any ransomware attack on any entity, regardless of the operators’ scope or intentions. But according to bill sponsor Sen. Susan Lee, the proposal mainly aims to stop attacks on hospitals – Maryland has seen a number of healthcare institutions hit heavily by ransomware in recent years.

“No industry is safe from ransomware, most importantly our hospitals,” Senator Lee said.

“Ransomware attacks on hospitals are a continuing problem across the country and often create major problems for the facilities, including loss of lives, misdiagnoses and other technological disadvantages for doctors and patients,” Lee told reporters.

The news is certainly encouraging. If the bill passes and succeeds in reducing ransomware attacks in the state of Maryland see a decrease in ransomware attacks, legislators from other states will have a precedent when deciding their next course of action against cyber-crime.

RSAC Launch Pad enables companies to pitch high-profile venture capitalists

RSA Conference released the names of three security innovators that will participate in the first-ever RSAC Launch Pad, an event designed to give burgeoning cybersecurity talent a platform to share their industry solutions. These companies will have the opportunity to pitch their new business to three high-profile venture capitalists (VCs) in a live, Shark Tank-style format. If the VCs believe in the company’s solution, participants may receive VC funding and/or mentorship support. The finalists were … More

The post RSAC Launch Pad enables companies to pitch high-profile venture capitalists appeared first on Help Net Security.

HOTforSecurity: 450,000 usernames and passwords stolen from Coinmama cryptocurrency broker

Coinmama, a site that is supposed to “make it fast, safe and fun” to buy Bitcoins and Etherium with a credit card, has suffered a data breach that has resulted in almost half a million customers having their personal details breached.

Coinmama says that it believes the breached data involves approximately 450,000 email addresses and hashed passwords of users who registered for accounts up until August 5th, 2017.

In an advisory published on its website, Coinmama linked the data leak to a wider wave of breaches that has affected at least 30 different websites (including MyFitnessPal, Houzz, and Coffee Meets Bagel) and impacted hundreds of millions of users.

The data is being sold on underground criminal websites in batches for tens of thousands of dollars.

In the latest data bundle offered by the hacker calling themselves Gnosticplayers, Coinmama’s 450,000 records are being offered alongside:

  • 57 million records stolen from interior design site Houzz
  • 40 million records stolen from video streaming site YouNow
  • 18 million records stolen from travel booking site Ixigo
  • 5 million records stolen from multiplayer online game Stronghold Kingdoms
  • 4 million records stolen from tabletop role-playing gaming site Roll20
  • 1.8 million records stolen from file sharing site Ge.tt
  • 1 million records stolen from pet care delivery service PetFlow

The Coinmama-related data is currently being offered by the hacker for 0.351 Bitcoin (US $1358), with the promise of as many as 70,000 cracked passwords.

Clearly, Coinmama users would be wise to change their password at the earliest opportunity – particularly if they created their account before August 2017. Furthermore, it makes sense – as with all data breaches which may lead to passwords being exposed – to ensure that the same password is not being reused anywhere else on the internet.

Interestingly, security researchers have noticed that many of the databases breached by Gnosticplayers appear to have been running the same software: PostgreSQL.

There is considerable speculation that the hacker may have exploited a vulnerability in the open source PostgreSQL software to trick websites into spilling their precious data.

According to TechCrunch, the coders who work on PostgreSQL are not aware of any current security holes – patched or unpatched – that might have been exploited by the hacker to steal the data.

“There are many factors that need to be taken into consideration when securing a database system that go beyond the database software. We have often found that data breaches into a PostgreSQL database involve an indirect attack vector, such as a flaw in an application accessing PostgreSQL or a suboptimal policy around data management,” said Jonathan Katz. “When it comes to vulnerabilities, the PostgreSQL community has a dedicated security team that evaluates and fixes issues and, in the spirit of open source collaboration, transparently reports on and educates our users about them.”

However the hacker is gaining access to so much sensitive data on so many websites, it would seem sensible to me for businesses who are running PostgreSQL to take a close look at their infrastructure.

After all, it’s better to find the security holes in your website yourself rather than wait for a malicious hacker to break in.



HOTforSecurity

DarkMatter launches KATIM R01 ultra secure smartphone for extreme field conditions

DarkMatter Group unveiled KATIM R01, an ultra secure smartphone designed to withstand extreme field conditions. Designed, vetted and tested by DarkMatter’s engineers in the UAE, Finland and Canada, KATIM R01 combines premium looks with powerful technology, wrapped in a unique rugged design. It’s the latest in the Company’s end-to-end secure communications solutions ranging from devices to back end services, and a full secure suite of applications based on custom and quantum-resistance cryptographic protocols. “We combined … More

The post DarkMatter launches KATIM R01 ultra secure smartphone for extreme field conditions appeared first on Help Net Security.

Cylance announces CylancePROTECT on AWS Marketplace

Cylance, the leading provider of AI-driven, prevention-first security solutions, announced the availability of its award-winning endpoint protection offering, CylancePROTECT on AWS Marketplace. Cylance has built the largest AI platform in the industry, enabling it to offer a portfolio of solutions ranging from enterprise endpoint protection, detection, and response, to Smartantivirus for consumers, to OEM solutions. Under the new agreement with AWS, marketplace customers now have access to CylancePROTECT for advanced AI-driven protection across all Windows, … More

The post Cylance announces CylancePROTECT on AWS Marketplace appeared first on Help Net Security.

QuintessenceLabs updates qClient, expands KMIP client support for large organizations

QuintessenceLabs, the leader in quantum-enhanced cybersecurity, announced the release of an enhanced version of their KMIP client software development kit (SDK), qClient. The new qClient, developed in partnership with P6R, is a highly capable, server-neutral KMIP client SDK and is fully backwards compatible with previous versions. The new qClient provides support for additional network transport formats, cryptographic operations, KMIP 2.0, PKCS #11 client applications, and additional operations and attributes for added capability in enterprise deployments. … More

The post QuintessenceLabs updates qClient, expands KMIP client support for large organizations appeared first on Help Net Security.

Micro Focus acquires Interset to expand cybersecurity expertise

Micro Focus announced the acquisition of Interset, a worldwide leader in security analytics software that provides highly intelligent and accurate cyber-threat protection. The addition of this predictive analytics technology adds depth to Micro Focus’ Security, Risk & Governance portfolio, and aligns with the company’s strategy to help customers quickly and accurately validate and assess risk as they digitally transform their businesses. Interset unlocks the power of user and entity behavioral analytics (UEBA) and machine learning … More

The post Micro Focus acquires Interset to expand cybersecurity expertise appeared first on Help Net Security.

ThreatConnect announces its interoperability with RSA Archer

ThreatConnect, provider of the industry’s only extensible, intelligence-driven security platform, is proud to announce its interoperability with RSA Archer. RSA Archer, a leader in the 2018 Gartner Magic Quadrant for integration risk management, allows organizations to implement risk management processes based on industry standards and best practices to drive more informed decision-making. This interoperability includes several Playbook Apps and Templates that enable users to create, retrieve, and update RSA Archer records automatically from within ThreatConnect. … More

The post ThreatConnect announces its interoperability with RSA Archer appeared first on Help Net Security.

Popular Torrents Uploader Caught Sharing ‘GandCrab’ Ransomware

Torrent sites are banning CracksNow, a popular source of torrent uploads, after discovering that the uploader of cracks and keygens was distributing ransomware.

CracksNow was labeled as “trusted” before a number of users started noticing bad things happening to their computers. Torrentfreak shows one of the more recent examples in a screenshot depicting comments to a now-removed torrent. According to the thread, the resulted download contained GandCrab version 5.1, the latest version of a nasty ransomware family. As any ransomware, GandCrab encrypts users’ files and demands a crypto-ransom in exchange for the keys.

An administrator at torrent site 1337x.to told the publication, “He was banned by myself because I found ransomware in his uploads.”

“I also checked the same uploads from him on a couple other torrent sites and got the same results. I immediately alerted their staff about it so they could investigate and take appropriate action, which they did,” he said.

Several torrent sites banned the uploader upon hearing the news. 1337x reportedly still has some CracksNow uploads on file but assures Torrentfreak that the uploads have been checked for malware and are clean.

“I must admit that it is rare for a trusted uploader of this caliber to go rogue. It’s normally new guys that have the infected files,” the 1337x admin added.

As a rule of thumb, torrents are a risky affair, especially those that ask you to disable your AV. Always download software from trusted sources, and avoid pirated (cracked) executables at all times. Downloading pirated software increases your risk of malware infection.

In Lead-up to Elections, Australia Confirms Nation-State Attack on Infrastructure, Political Parties

On February 8, the Australian government announced its computer network was hit by a major cyberattack. Following investigations by the country’s cyber experts, Australian Prime Minister Scott Morrison announced on Monday that the government fell victim to a nation-state cyberattack, writes The Guardian.

Duncan Lewis, the head of the Australian Security Intelligence Organization, offered no details about the impact of the attack or what was compromised. As a preventative measure, passwords have been reset.

“The electoral machinery which we have in this country, that’s the Australian Electoral Commission and the various state electoral commissions that work with the federal system — there is no evidence that they have been compromised,” Lewis said in front of Senate committee.

Considering the country will soon hold state and federal elections, the attackers may have attempted to steal information, disrupt parliamentary activity or manipulate the election outcome. Morrison, however, denied electoral interference.

“Our cyber experts believe that a sophisticated state actor is responsible for this malicious activity,” Morrison said. “Let me be clear, though — there is no evidence of any electoral interference. We have put in place a number of measures to ensure the integrity of our electoral system.”

His claim is backed by a joint statement from presiding officers Scott Ryan and Tony Smith who said “we have no evidence that this is an attempt to influence the outcome of parliamentary processes or to disrupt or influence electoral or political processes.”

The malicious activity also targeted the Liberal Party, the Nationals and the Labor Party. Morrison did not name the state actor responsible for the attack, but China is one of the countries investigated, according to agencies looking into the malicious intrusion, according to another story by The Guardian.

This is not the first time Australia’s government or political parties have been targeted by cyberattacks, as similar incidents occurred in 2011, when the email network was hacked. And, the Australian Cyber Security Agency has blamed a foreign power for a 2015 hack of the Australian Bureau of Meteorology network., Although China was named as one of the possible nations behind the attacks, there’s no strong evidence to support these accusations.

ISC2 extends training offerings beyond certification

ISC2 announced the founding of its Professional Development Institute (PDI) to combat one of the largest challenges facing the cybersecurity community today – a global shortage of skilled and trained professionals to defend organizations against the evolving onslaught of cyber threats. Provided as a free portfolio of course offerings to ISC2 members and associates, PDI will help enhance their skills and abilities by providing access to rich continuing professional education (CPE) opportunities that augment the … More

The post ISC2 extends training offerings beyond certification appeared first on Help Net Security.

Hysolate extends cybersecurity isolation platform to protect sensitive information

Hysolate, pioneer of secure software-defined endpoints, announced major extensions to the Hysolate cybersecurity isolation platform. The new capabilities, which include granular USB control, hypervisor-based VPN, and support for Microsoft Azure Information Protection, make it easier than ever for enterprises to fully protect endpoints from cyberattacks while freeing end-users to access the resources they need. “Enterprise end-users are easy and frequent targets for cyberattackers. To protect their devices, companies often layer on security tools and limit … More

The post Hysolate extends cybersecurity isolation platform to protect sensitive information appeared first on Help Net Security.

Symantec helps business stop email compromise attacks

Symantec, the world’s leading cyber security company, announced Email Fraud Protection, an automated solution that helps organizations block fraudulent emails from reaching enterprises, ensuring complete brand reputation and sender trust. Email Fraud Protection reduces workload for IT departments and eliminates the need to manually manage email security configurations while combatting Business Email Compromise (BEC) attacks. Email is a vulnerable access point for hackers who are continuously developing new and advanced strategies to expose critical data. … More

The post Symantec helps business stop email compromise attacks appeared first on Help Net Security.

Elevate Security set to solve the human element of cybersecurity

Elevate Security announced that it has raised $8 million Series A to develop the first fully integrated Security Behavior Platform, to change employees’ habits while giving Security teams unprecedented visibility into security readiness. Defy Partners led the financing, with existing investor, Costanoa Ventures, participating. Elevate has raised $10M to date and will be using this new capital to expand the team, open a new engineering hub in Montreal, and accelerate go-to-market for its platform. According … More

The post Elevate Security set to solve the human element of cybersecurity appeared first on Help Net Security.

IRONSCALES AI powered anti phishing threat protection platform available

IRONSCALES, the world’s first automated phishing prevention, detection and response platform, announced that its AI powered anti phishing threat protection platform is now available on mobile devices through Android and iOS apps. A first for the email security industry, the IRONSCALES mobile apps will enable security analysts to access the platform’s incident response center while on-the-go, providing unprecedented access to make time-sensitive decisions on phishing mitigation and resolve incidents immediately with one click. The app … More

The post IRONSCALES AI powered anti phishing threat protection platform available appeared first on Help Net Security.

Red Hat expands its integration product portfolio

Red Hat, the world’s leading provider of open source solutions, announced an expansion of its integration product portfolio with new components and capabilities for connecting applications, data and devices across hybrid architectures. The additions are featured in the latest release of Red Hat Integration, and include Red Hat AMQ Online, Red Hat AMQ Streams, new connectors for Red Hat Fuse Online, and end-to-end application programming interface (API) lifecycle support. Building on Red Hat OpenShift Container … More

The post Red Hat expands its integration product portfolio appeared first on Help Net Security.

Zyxel Communications launches high-performance gateway for service providers

Zyxel Communications, a leading provider of secure broadband networking, Internet access and connected home products, announced the expansion of its Multy Pro Whole-Home Managed WiFi System for service providers with the launch of the EMG6726 Dual-Band Wireless AC/N Gigabit Ethernet Gateway. Designed to deliver smooth multimedia streaming, the EMG6726 is a high-performance AC2400 gateway combining a powerful CPU, 802.11ac 4×4 Wave 2 technology and Gigabit Ethernet connectivity to provide service providers with the power for … More

The post Zyxel Communications launches high-performance gateway for service providers appeared first on Help Net Security.

Digital Shadows launches Photon Research Team for risk monitoring

Digital Shadows, the leader in Digital Risk Protection, has announced the formation of a specialist team dedicated to researching the trends in digital risks that organizations are facing. Headed by CISO, Rick Holland, the Photon Research Team is an international unit comprised of experts in 20 languages monitoring risks, including cyber criminal activity 24×7 in order to protect Digital Shadows’ clients and the wider business community. Photon Research Team will engage in primary research and … More

The post Digital Shadows launches Photon Research Team for risk monitoring appeared first on Help Net Security.

Tech Data launches Cloud Solutions Factory

Tech Data announced the launch of Cloud Solutions Factory, a new global portfolio of end-to-end cloud solutions. The new offering features a host of click-to-run solutions developed by leveraging Tech Data’s ecosystem of vendors to deliver specific business outcomes ranging from core infrastructure and data protection, to the internet of things and analytics. “In launching Cloud Solutions Factory, our focus has been on enabling our partners to deliver business outcomes with solutions that are immediately … More

The post Tech Data launches Cloud Solutions Factory appeared first on Help Net Security.

Applied Insight acquires ATG and Stratus Solutions

Applied Insight, a market leader in solving complex technology challenges for federal government customers, backed by The Acacia Group, has announced its acquisition of Applied Technology Group (ATG) and Stratus Solutions. These acquisitions strengthen Applied Insight’s advanced cloud, analytics and artificial intelligence capabilities to benefit customers across the intelligence, defense and federal civilian communities. The addition of ATG and Stratus marks the latest development in AI’s strategy of building an agile mid-market business supporting the … More

The post Applied Insight acquires ATG and Stratus Solutions appeared first on Help Net Security.

Attivo Networks introduces deception-based forensic collection solution

Attivo Networks introduced the Informer solution, a deception-based forensic collection offering that delivers real-time forensics with enhanced visibility. As the latest expansion to the ThreatDefend Detection and Response platform, the Informer adds in-depth, and often hard-to-assemble views of the attacker’s activity to accelerate intelligence-driven response and remediation. The Informer enhances customers’ ability to rapidly gather, understand, and disseminate adversarial intelligence critical to stopping an adversary, and effectively remediating and removing reentry points left by sophisticated … More

The post Attivo Networks introduces deception-based forensic collection solution appeared first on Help Net Security.

DJI improves geofencing to enhance protection of european airports

DJI, the world’s leader in civilian drones and aerial imaging technology, is improving its geofencing technology with the launch of its Geospatial Environment Online (GEO) 2.0 system across Europe, bringing state-of-the-art geofencing to a total of 32 European countries. GEO 2.0 creates detailed three-dimensional “bow tie” safety zones surrounding runway flight paths and uses complex polygon shapes around other sensitive facilities, rather than just simple circles used in earlier geofencing versions. This applies in the … More

The post DJI improves geofencing to enhance protection of european airports appeared first on Help Net Security.

NetQuest OMX3200 delivers high-density 100G+ network visibility

NetQuest Corporation, a global leader in optical network visibility solutions, announced the general availability of the OMX3200, a scalable packet processing platform that enables seamless migration to 100G network monitoring architectures to help SecOps and NetOps teams keep up with the dramatic growth in network traffic. The OMX3200 provides a multi-terabit visibility solution with line-rate packet optimization and metadata generation enabling persistent monitoring of every IP packet traversing 100G+ networks. “x86 and COTS switching-based monitoring … More

The post NetQuest OMX3200 delivers high-density 100G+ network visibility appeared first on Help Net Security.

OneSpan launches AI-based risk analytics to stop fraud

OneSpan, a global leader in software for trusted identities, e-signatures and secure transactions, announced the launch of its open API, cloud-based Risk Analytics solution to help financial institutions stop fraud, including account takeover and new account fraud. Account takeover and new account fraud are the top two types of fraud challenging financial institutions and in the U.S. alone, ID fraud accounted for $16.8 billion dollars in fraud losses in 20171. Risk Analytics protects against these … More

The post OneSpan launches AI-based risk analytics to stop fraud appeared first on Help Net Security.

Symantec acquires Luminate Security

Symantec, the world’s leading cyber security company, announced the acquisition of Luminate Security, a privately held company with pioneering Software Defined Perimeter technology. Luminate’s Secure Access Cloud technology further extends the power of Symantec’s Integrated Cyber Defense Platform to users as they access workloads and applications regardless of where those workloads are deployed or what infrastructure they are accessed through. Today’s sophisticated threats and attacks present unique challenges that require a new mindset, one that … More

The post Symantec acquires Luminate Security appeared first on Help Net Security.

DigiCert and Utimaco work on securing the future of IoT through collaboration with Microsoft

DigiCert, the world’s leading provider of TLS/SSL, IoT and PKI solutions; Utimaco, one of the world’s top three Hardware Security Module providers; and Microsoft Research, a leader in quantum-safe cryptography, announced a successful test implementation of the “Picnic” algorithm, with digital certificates used to encrypt, authenticate and provide integrity for connected devices commonly referred to as the Internet of Things (IoT). This proof of concept provides a path toward a full solution, currently in development, … More

The post DigiCert and Utimaco work on securing the future of IoT through collaboration with Microsoft appeared first on Help Net Security.

HID Global and Mist Systems collaborate to drive innovation for IoT

HID Global, a worldwide leader in trusted identity solutions, and Mist Systems, a pioneer in self-learning wireless networks powered by artificial intelligence (AI), announced that the two companies are working together to converge Bluetooth Low Energy (BLE)-based location services with Wireless LAN (WLAN) infrastructure for better deployment, management, and operations of IoT devices. With HID Location Services that is enabled by Bluvision, HID Global is leading innovation in the IoT space as market leaders in … More

The post HID Global and Mist Systems collaborate to drive innovation for IoT appeared first on Help Net Security.

IAR Systems Group launches business incubator

IAR Systems Group AB announces that the Group is dedicating an investment fund and efforts to help grow innovative startup companies within IoT and security solutions. Through the Ymir business incubator, the Group will support companies who have new innovative ideas and high-growth potential. Security is becoming a crucial success factor for many companies providing electronic products, and as a result, there are a large number of startup companies entering the field with new innovative … More

The post IAR Systems Group launches business incubator appeared first on Help Net Security.

ShiftLeft raises $20 million Series B funding

ShiftLeft, an innovator in application-specific cloud security, announced it has raised $20 million in Series B funding. This latest round, led by Thomvest Ventures and joined by new investor SineWave Ventures as well as existing investors Bain Capital Ventures and Mayfield, comes less than 18 months after the company announced its first round of $9.3 million, bringing the total raised to nearly $30 million. The company is also announcing the addition of Jim Sortino, who … More

The post ShiftLeft raises $20 million Series B funding appeared first on Help Net Security.

Sensu Go: Solution for enterprise monitoring at scale

Sensu, a leader in open source monitoring, announced the general availability of Sensu Go, a scalable, powerful and user-centric monitoring event pipeline, designed to improve visibility and streamline workflows for enterprises. Sensu empowers businesses to gain deep visibility into their infrastructure, from Kubernetes to bare metal, providing a single source of truth among application and infrastructure monitoring tools. With a distributed architecture, updated dashboard, a newly designed API, direct support for automated and live deployment … More

The post Sensu Go: Solution for enterprise monitoring at scale appeared first on Help Net Security.

ORNL teams with EPB to demonstrate next-generation grid security tech

A team of researchers from ORNL (Department of Energy’s Oak Ridge and Los Alamos National Laboratories) has partnered with EPB, a Chattanooga utility and telecommunications company, to demonstrate the effectiveness of metro-scale quantum key distribution (QKD) as a means of secure communication for the nation’s electricity suppliers. This initial milestone is part of the team’s three-year project focused on next-generation grid security. QKD harnesses the inherent randomness of quantum mechanics to authenticate and encrypt data. … More

The post ORNL teams with EPB to demonstrate next-generation grid security tech appeared first on Help Net Security.

NeuVector adds critical network layer of security to the Istio and Linkerd2 service meshes

NeuVector, the leader in container network security, announced a new platform integration with the Istio and Linkerd2 service meshes that expands NeuVector’s security capabilities for production Kubernetes deployments. The integration – developed in coordination with IBM Cloud and the Istio open source development team – delivers first-of-its-kind network visibility and threat detection, even for connections that are encrypted by Istio or Linkerd2. NeuVector also protects Istio and Linkerd2 application containers at run-time and provides comprehensive … More

The post NeuVector adds critical network layer of security to the Istio and Linkerd2 service meshes appeared first on Help Net Security.

Tripwire IP360 now discovers more than 200,000 conditions

Tripwire, a leading global provider of security and compliance solutions for enterprises and industrial organizations, announced that vulnerability management solution Tripwire IP360 now discovers more than 200,000 conditions, including vulnerabilities, configurations, applications and operating systems. Tripwire provides comprehensive coverage of conditions, a state-of-the-art lab, unwavering attention to the changing threat environment, and timely vulnerability intelligence through the Tripwire Vulnerability and Exposure Research Team (VERT). By identifying emerging vulnerabilities, Tripwire VERT is able to create unique … More

The post Tripwire IP360 now discovers more than 200,000 conditions appeared first on Help Net Security.

Spok introduces a new clinical communication platform

Spok, a wholly owned subsidiary of Spok Holdings and a global leader in healthcare communications, will demonstrate the latest evolution of its integrated healthcare communication platform, Spok Care Connect, in booth #3371 at the 2019 HIMSS Annual Conference and Exhibition, Feb. 11-15, 2019, in Orlando, Florida. The first-of-its-kind cloud-native enterprise communication platform includes a fully integrated healthcare contact center, clinical alerting and alarm management solution, and a multi-device application for care team messaging. Spok Care … More

The post Spok introduces a new clinical communication platform appeared first on Help Net Security.

ClearDATA introduces multi-cloud Kubernetes solution for healthcare

ClearDATA, a leading healthcare cloud, security and compliance expert, announced its Kubernetes solution for healthcare and life sciences organizations across multiple cloud platforms, including Amazon Web Services (AWS) and Google Cloud Platform (GCP). Integrated into ClearDATA’s Compliance Dashboard, healthcare organizations can leverage Kubernetes to enable the use of cutting-edge container technology while viewing the state of compliance against HIPAA, GxP, General Data Protection Regulation (GDPR) and other common standards and regulations. In addition to improving … More

The post ClearDATA introduces multi-cloud Kubernetes solution for healthcare appeared first on Help Net Security.

SGS and Graz University of Technology set up Cybersecurity Campus

The centerpiece is a new joint research center and a cybersecurity testing and certification laboratory operated by the SGS Group. Around 400 people will work and perform research there when it enters full operation. Highly integrated production plants, smart homes and autonomous vehicles: the Internet of Things, where billions of computers and systems communicate wirelessly, is becoming an increasingly significant element of private and professional life. Linking the real world with the cloud delivers greater … More

The post SGS and Graz University of Technology set up Cybersecurity Campus appeared first on Help Net Security.

CI Security launches Insight Partner Program

More businesses and organizations deserve modern, realistic cyber security. To reach that wider range of customers, CI Security is announcing that it is expanding by launching the Insight Partner Program. Partners that work with CI Security will be able to bring to their customers real Managed Detection and Response (MDR). Customers with Critical Insight MDR get CI’s dedicated technology platform with 24/7/365 monitoring by expert security analysts. Those analysts are trained to hunt for intrusion … More

The post CI Security launches Insight Partner Program appeared first on Help Net Security.

Tenable announces general availability of Predictive Prioritization

Tenable, the Cyber Exposure company, announced the general availability of Predictive Prioritization, a first-of-its-kind offering that will change how organizations tackle vulnerabilities. Predictive Prioritization enables organizations to reduce business risk by focusing on the three percent of vulnerabilities with the greatest likelihood of being exploited in the next 28 days. This game-changing capability is generally available within the company’s on-premises vulnerability management offering — Tenable.sc (formerly SecurityCenter) — which is a core component of the … More

The post Tenable announces general availability of Predictive Prioritization appeared first on Help Net Security.

Automatic 4K/HD for Youtube extension pulled from Chrome Store for pop-up ad abuse

A popular browser extension has been removed by Google from the Chrome Web Store after it started spamming users with irritating pop-up advertisements.

The “Automatic 4K/HD for Youtube” extension, used by over 4 million Chrome users to force YouTube into playing videos at high quality, was recently updated to display ads for another Chrome extension.

Ironically, as ZDNet describes, the Chrome extension it began to aggressively advertise was one that purported to be an ad-blocker.

The unwanted ads took advantage of Chrome’s desktop notification feature, in breach of Google’s developer policies.

Disgruntled users left poor reviews on the extension’s page on the Chrome Web Store, warning others who might be considering installing the code, and turned to social media as they attempted to discover the source of the unwanted ads.

Eventually they identified that the “Automatic 4K/HD for Youtube” extension was responsible for the nuisance pop-up ads.

The inevitable concern, whenever a browser extension begins to behave in an out-of-character fashion, is that it might have been hijacked by someone else with malicious intent.

In the past a number of browser extensions and plugins have either been purchased from their original creators (or even, in some cases, hijacked by hackers) who have seized the opportunity to behave maliciously on users’ desktops.

As I’ve described before, many people don’t recognise the potential security risk of browser extensions, because of the power they can have over the webpages you visit.

An ad blocker, for instance, can read and change all your data on any websites you land on. It has to have that ability to let it block website ads. When you install a browser extension, you’re placing a lot of trust in it never turning evil.

The threat of rogue extensions is not theoretical, but very real.

Late last year, for instance, researchers warned that a state-sponsored attack thought to have originated from North Korea was targeting academic institutions through a malicious browser extension called “Font Manager” in the Chrome Web Store.

And just last month, a fake “Flash Player” extension in the Chrome Web Store was found to be stealing payment card details entered in web forms.

Fortunately, in the case of “Automatic 4K/HD for Youtube” it doesn’t appear that it was planning anything outright malicious, but the aggressive pop-up ads have fallen foul of Google – which has now removed the offending extension from the Chrome Web Store.

Hackers Invited to Attack Swiss E-Voting System in Latest Bug Bounty Program

The Swiss government has just announced a CHF250,000 investment in a new bug bounty program to prevent voting manipulation. Swiss Post will let professional ethical hackers attack its system for a month to ensure the e-voting system is secure, glitch free and can be made available across the country, reads a press release on the Swiss Post website. Once the system is considered bug free, Swiss citizens will get their voting cards in the mail.

A pen test to check security has already been performed by “an accredited body.” Swiss security company SCRT will receive CHF100,000 for helping with the program. The project, to run from February 25 to March 24, is open to global applicants who could win up to CHF50,000, depending on the front-end or back-end weaknesses detected. The financial prizes will be decided by Swiss Post, not the federal government.

Participants will give it their best to alter server security, steal data and influence votes. So far more than 1,000 participants are registered from Switzerland, (30%), France (17%), the United States (5%), Germany (5%) and Canada (4%), according to Security Week.

Online voting trials have been ongoing since 2004, but Swiss Post has finally released an e-voting system that can be 100% tested for bugs to ensure “that systematic malfunction resulting from software errors, human error or attempted manipulation is detected. In accordance with the requirements of federal law, the system must be certified before first use and the source code must be disclosed.”

Software penetration testing to search for hidden system vulnerabilities has been widely adopted by organizations and government agencies worldwide, including the Pentagon and the US army, to strengthen national security.

Ping Intelligent Identity Platform enhanced with improved IT automation

Ping Identity, the leader in Identity Defined Security, announced updates to its software products, including PingFederate, PingAccess and PingDirectory. The new versions improve the user and administrative experience, while also meeting modern enterprise needs to operate quickly and purposefully. In today’s digital world, enterprise IT and security professionals are increasingly seeking identity and access management (IAM) services to provide secure and positive customer experiences. However, they often don’t have the budget allocation necessary to make … More

The post Ping Intelligent Identity Platform enhanced with improved IT automation appeared first on Help Net Security.

Idaptive unveils Next-Gen Access Cloud identity and access management platform

Idaptive unveiled the Next-Gen Access Cloud, its identity and access management platform built to help organizations secure access everywhere. Built on a zero trust approach and an integrated core of single single-on (SSO), adaptive multi-factor authentication (MFA), endpoint & mobile context and user behavior analytics (UBA), Idaptive Next-Gen Access Cloud offers companies an intelligent solution to verify and validate people, devices and services while continuously learning from, and adapting to, millions of risk factors. Idaptive … More

The post Idaptive unveils Next-Gen Access Cloud identity and access management platform appeared first on Help Net Security.

Haven Cyber Technologies acquires Onevinn

Haven Cyber Technologies (“Haven”) announces its acquisition of Onevinn, the leading Swedish provider of Microsoft cloud security services and solutions. The acquisition reflects Haven’s continued focus on strengthening its solutions, products and consulting competencies and becoming the leading European Managed Security Service Provider (MSSP). Onevinn offers security solutions for the cloud and the mobile connected world. The specialist venture capital firm C5 Capital leads Haven based out of Luxemburg. Haven is one of the fastest … More

The post Haven Cyber Technologies acquires Onevinn appeared first on Help Net Security.

Versasec unveils vSEC:CMS S-Series v5.4

Versasec, the leader in smart card management systems, rolled out the latest generation of its flagship identity and access management (IAM) solution. vSEC:CMS S-Series v5.4 incorporates a variety of important new features, including new console capabilities and support for Gemalto eToken 5300 and the Matica 8300 card printer. With Version 5.4, Versasec has also added the following new features: Supports encoded PIN policies on PIV cards Includes updates such as a new support console task … More

The post Versasec unveils vSEC:CMS S-Series v5.4 appeared first on Help Net Security.

XebiaLabs announces Now certified XL Release app

XebiaLabs, the recognized leader in enterprise-class DevOps and Continuous Delivery software tools, announced that it has received certification of its new XL Release app integrating ServiceNow and the XebiaLabs DevOps Platform. XL Release is available from the ServiceNow Store and can be downloaded for free. Designed for enterprise customers and ServiceNow partners, the integration builds a bridge between Continuous Integration/Continuous Delivery (CI/CD) and ServiceNow IT Service Management (ITSM). XebiaLabs has also been elevated to a … More

The post XebiaLabs announces Now certified XL Release app appeared first on Help Net Security.

Industry veteran Alan Cohen joins Silverfort as strategic advisor

Silverfort, the provider of next-generation authentication solutions, announced that Alan Cohen has joined as a strategic advisor. A former senior executive at leading technology companies such as Illumio, Nicira and Cisco, Cohen has had a successful 25-year career at cloud software, networking and security companies as a hands-on executive and board member, generating revenue of more than $6 billion. He is a frequent industry speaker and commentator whose work appears regularly in The New York … More

The post Industry veteran Alan Cohen joins Silverfort as strategic advisor appeared first on Help Net Security.

John McCumber becomes co-chair of NICE Working Group on Training and Certifications

ISC2 – the world’s largest nonprofit membership association of certified cybersecurity professionals – announced that John McCumber, director of cybersecurity advocacy, North America, has been selected as a co-chair for the National Initiative for Cybersecurity Education (NICE) Training and Certifications (T&C) subworking group. McCumber replaces outgoing co-chair Linda Montgomery of the Cyber World Institute, who had served a two-year term, and he will lead the group in its ongoing efforts to support cyber resiliency for … More

The post John McCumber becomes co-chair of NICE Working Group on Training and Certifications appeared first on Help Net Security.

Telrad Networks Appoints Eran Shalev as CTO

Telrad Networks, a global provider of innovative LTE telecom solutions, announced the appointment of Eran Shalev as the new Chief Technology Officer. Shalev will be responsible for the continued development of Telrad’s technology roadmap and path to 5G, harnessing his extensive experience of 28 years in the telecom industry. Chris Daniels, President of Telrad’s Wireless Division, stated, “We are delighted to welcome Eran to our team. For many years, Telrad has been a leader in … More

The post Telrad Networks Appoints Eran Shalev as CTO appeared first on Help Net Security.

Semafone appoints Gary E. Barnett as new CEO

Semafone, the leading provider of data security and compliance solutions for call and contact centres, announced the appointment of Gary E. Barnett to the role of chief executive officer as the company prepares to expand its presence in the U.S. market. Effective immediately, Mr Barnett will replace Tim Critchley who, as CEO of Semafone since 2009, has led the company from a UK start up to an award-winning international business spanning five continents. As the … More

The post Semafone appoints Gary E. Barnett as new CEO appeared first on Help Net Security.

Update your iOS devices now against the FaceTime eavesdropping bug

Last week a bug became such big news that it broke out of the technology press, and into the mainstream media – generating headlines around the globe.

The reason? A bizarre bug had been discovered in the way iPhones and iPads handled Group FaceTime calls meant that someone could potentially listen and even see you *before* you answered an incoming call.

As news of the flaw spread like wildfire on social media, Apple said it would fix the problem “later in the week” and made a change server-side that temporarily disabled all Group Facetime calls to prevent others from being at risk (much to the irritation of those hoping to prank their friends.)

The bad news for Apple grew as it not only failed to release a patch within its original estimate, but it was also revealed that a 14-year-old boy had separately discovered the problem a couple of weeks earlier, and had received no response when he attempted to report the bug to the tech giant.

Two members of the US Congress wrote to Apple CEO Tim Cook, demanding answers as to why the company had not acted immediately when the vulnerability was discovered, and how it was planning to address any harm caused to consumers.

House Energy and Commerce Committee Chairman Frank Pallone and Representative Jan Schakowsky claimed that Apple was failing to be transparent about what they described as a “serious issue.”

Meanwhile, New York Governor and Attorney General announced that they would be launching a probe into Apple’s failure to warn consumers.

Personally I do think that Apple dropped the ball somewhat in failing to take the 14-year-old’s bug report seriously when they first received it, but I find it hard to accept that the company didn’t act quickly when it understood the privacy-breaching nature of the problem.

Within hours of videos spreading rapidly on social media, and the first news reports of how to exploit the vulnerability, Apple had shut down all Group FaceTime calls – preventing others from abusing the bug.

And yes, obviously in an ideal world it would have had an iOS patch ready to roll out the next day – but the worst thing in the world would have been for Apple to have been rushed into issuing a fix that didn’t properly remediate the issue or – worse – introduced yet more flaws.

Sometimes it takes a while for code to be properly tested and quality controlled. As there was a no way for anyone to exploit the bug with Group FaceTime disabled it seems reasonable to me that Apple has only now issued an updated to iOS, iOS 12.1.4, which fixes the problem.

The update also fixes a number of other security issues, including two zero-day flaws discovered by researchers working for Google.

For many iPhone and iPad users the update will be automatically installed, but – if you want to make sure that you are protected – follow these instructions:

Click on Settings > General > Software Update, and choose Download and Install

And as for Grant Thompson, the 14-year-old high school student who first discovered the flaw? He appears to have been credited in Apple’s security bulletin about the flaw, just as any other security researcher would be.

Smart kid.

Carbonite to acquire Webroot

Carbonite, a leading cloud-based data protection provider, and Webroot, a leading cybersecurity company, announced that they have entered into a definitive agreement under which Carbonite will acquire Webroot for approximately $618.5 million in cash. Carbonite will fund the transaction with existing cash on hand and funds secured under a new credit facility. The combined business will address a top vulnerability of businesses – the endpoint – with a comprehensive approach to protection through cloud-based cybersecurity, … More

The post Carbonite to acquire Webroot appeared first on Help Net Security.

SecurityScorecard launches Project Escher to help non-profits understand third party risk

SecurityScorecard, the leader in security ratings, announced the launch of Project Escher, which provides complimentary access to SecurityScorecard’s groundbreaking security rating platform to nonprofit organizations. Nonprofits will now be able to gauge overall cybersecurity risk by assessing up to five vendors across their ecosystem. “At SecurityScorecard, we recognize that nonprofit organizations fulfill many essential roles in society, yet oftentimes do not have the resources to mitigate risk of cyber attack,” said Sam Kassoumeh, Co-founder & … More

The post SecurityScorecard launches Project Escher to help non-profits understand third party risk appeared first on Help Net Security.

Honeywell industrial cybersecurity solution against USB device attacks

Honeywell announced the latest release of Secure Media Exchange (SMX), a cybersecurity solution to protect industrial operators against new and emerging Universal Serial Bus (USB) threats. SMX now includes patent pending capabilities to protect against a broad range of malicious USB device attacks, which disrupt operations through misuse of legitimate USB functions or unauthorized device actions. These advanced protections complement additional SMX enhancements to malware detection, utilizing machine learning and artificial intelligence (AI) to improve … More

The post Honeywell industrial cybersecurity solution against USB device attacks appeared first on Help Net Security.

Veriato announces Cerebral threat intelligence platform

Veriato, an innovator in actionable User and Entity Behavior Analytics (UEBA) and a global leader in insider threat protection, has announced that the company will now offer Cerebral – an integrated and comprehensive insider threat intelligence platform, powered by Veriato AI (artificial intelligence). Cerebral is a complete insider threat intelligence platform that integrates behavioral analytics (UEBA), user activity monitoring (UAM) and data breach response (DBR) into a single powerful solution that enables security teams to … More

The post Veriato announces Cerebral threat intelligence platform appeared first on Help Net Security.

CloudPassage announces Cloud Secure for Azure

CloudPassage, the leader in automated cloud security, today announced strengthened capabilities in its Halo security automation platform. Now providing visibility and configuration best practices for applications running in Microsoft Azure, CloudPassage Halo is the most comprehensive public cloud infrastructure security solution available on the market. Cloud Secure, part of the CloudPassage Halo platform, is an automated Cloud Security Posture Management (CSPM) solution that delivers visibility, protection and continuous compliance monitoring for compute, storage, database, networking … More

The post CloudPassage announces Cloud Secure for Azure appeared first on Help Net Security.

Inductive Automation, FreeWave Technologies offer data visibility, network reliability for industrial IoT

Inductive Automation, an industrial automation software innovator with a focus on transforming the user experience, and FreeWave Technologies, a leader in long-range wireless radios and edge computing platforms, are taking charge to advance the true benefits of IIoT networks by providing increased data visibility and a more reliable data network for industrial IoT customers with remote assets. Ignition Edge MQTT, a component of Inductive Automation’s universal and multi-faceted industrial application platform, can run on FreeWave’s … More

The post Inductive Automation, FreeWave Technologies offer data visibility, network reliability for industrial IoT appeared first on Help Net Security.

Mitsubishi Electric develops the first attack algorithm for sensors

Mitsubishi Electric announced that it has developed what is believed to be the world’s first sensor-security technology that detects measurement-data inconsistencies by embedding a proprietary algorithm in sensor fusion algorithms, which combine multiple sensors for measurements used in the automatic control of drones, in-vehicle devices, production equipment and more. Going forward, the company will continue development with the aim to commercialize the technology from the year 2020 onwards. Key Features Mitsubishi Electric’s new algorithm detects … More

The post Mitsubishi Electric develops the first attack algorithm for sensors appeared first on Help Net Security.

Accenture opens flagship innovation hub in San Francisco

Accenture opened a flagship innovation hub in San Francisco’s iconic Salesforce Tower. The hub is a state-of-the-art destination where clients work side-by-side with Accenture teams to rapidly ideate, prototype and scale innovative products and services for the digital economy. As part of its investment in the Bay Area, Accenture is also adding 500 highly skilled technology jobs by the end of 2020 and expanding its national apprenticeship program. Named one of FORTUNE’s Best Companies to … More

The post Accenture opens flagship innovation hub in San Francisco appeared first on Help Net Security.

F5 Networks teams with Equinix to enhance security

F5 Networks announced the availability of a joint solution with Equinix, the global interconnection and data center company, that provides automated HSM (hardware security module) capabilities as-a-service. Previously introduced at F5’s 2018 global Agility conference, this integration combines F5 BIG-IP and Equinix SmartKey technologies to simplify encryption key lifecycle management and provide superior security for organizations hesitant to store their ever-increasing number of keys in the public cloud. “Our focus is on applications—front and center,” … More

The post F5 Networks teams with Equinix to enhance security appeared first on Help Net Security.

Adrian McDermott joins FireEye board of directors

FireEye, the intelligence-led security company, announced that Adrian McDermott has been appointed to the FireEye board of directors. McDermott is currently President of Products at Zendesk, a global company that builds software for customer service and engagement. McDermott brings 25 years of business experience across a number of technology markets. McDermott has led the product management and engineering teams for Zendesk since 2010. In his role, McDermott is responsible for defining and leading global product … More

The post Adrian McDermott joins FireEye board of directors appeared first on Help Net Security.

Respond Software experiences explosive growth in adding expert capacity to cybersecurity teams

Respond Software, innovators in Robotic Decision Automation software, announced it grew customer acquisition 6Xs year-over-year in 2018. Additionally, its flagship product, the Respond Analyst, delivered the equivalent of 14 full-time security expert analysts on average to every Respond Software customer’s security team last year. The Respond Analyst’s ability to deploy quickly and increase the capacity of security teams appealed to a wide array of customers, including companies representing financial services, healthcare, construction, telecommunications, gaming, retail … More

The post Respond Software experiences explosive growth in adding expert capacity to cybersecurity teams appeared first on Help Net Security.

Ziften expands its use of proprietary machine learning – improving endpoint threat protection

Ziften, a leader in endpoint protection plus visibility and hardening, announced the expanded use of its proprietary artificial intelligence (AI) / machine learning (ML) algorithms throughout all phases of its endpoint security continuum. Ziften Zenith is the first cyber security platform that provides one agent for all endpoints – laptops, desktops, servers, and cloud – preventing multi-vector attacks with advanced AV, detection and response, plus visibility and hardening. Zenith’s Advanced AV capability, built entirely on … More

The post Ziften expands its use of proprietary machine learning – improving endpoint threat protection appeared first on Help Net Security.

Addressing UK Security Concerns in Huawei Products May Take 5 Years, Exec Says

Huawei P10

Huawei’s been having a rough time recently. After the US, New Zealand and Australia prevented the telecom company from working on their 5G mobile networks for fear it would spy for the Chinese government, the European Commission expressed concern over potential backdoors that could threaten national security and lead to a ban. Then, Huawei’s CFO was arrested in Canada over alleged Iran sanctions violations.

Huawei may now face another blow: even though the company committed to invest some $2 billion to assuage UK government security concerns over issues with Huawei products, it may take the company years to get everything in place, writes The Guardian.

Ryan Ding, Huawei’s carrier business group president, said measures needed to ease the concerns, raised in a 2018 Huawei Cyber Security Evaluation Centre Oversight Board annual report mandated by the UK, constitute “a complicated and involved process and will take at least three to five years to see tangible results. We hope the UK government can understand this.”

 “Modern communications networks are complex systems that keep evolving in new and innovative ways,” Ding wrote in a letter to UK MP Norman Lamb, the chairman of the House of Commons Science and Technology Committee. “Enhancing our software engineering capabilities is like replacing components on a high-speed train in motion.”

The report by the oversight board stated that a technical and security evaluation of Huawei products on the UK market revealed a number of issues “leading to new risks in the UK telecommunications networks.”

MI6 chief Alex Younger has also voiced his concern about integrating Chinese companies into the country’s telecom infrastructure.

“We need to decide the extent to which we are going to be comfortable with Chinese ownership of these technologies and these platforms in an environment where some of our allies have taken a very definite position,” Younger said.

Huawei further denied accusations of misappropriating data collected in the UK by handing it over to foreign intelligence agencies.

“Were Huawei ever to engage in malicious behavior, it would not go unnoticed – and it would certainly destroy our business,” Ding said. “For us, it is a matter of security or nothing; there is no third option. We choose to ensure security.”

Congress Wants Written Answers from Apple on FaceTime Privacy Glitch

Apple is not getting off so easily with the FaceTime privacy violation incident. Two members of the US Congress are “deeply troubled” that the company didn’t immediately address the software glitch end demand further explanations for an issue they think could easily create “ultimate spying machines,” writes Reuters.

House Energy and Commerce Committee Chairman  Frank Pallone and Representative Jan Schakowsky, both Democrats, wrote a letter to Apple CEO Tim Cook demanding to know when the company was first made aware of the privacy intrusion, how consumer privacy may have been affected and “whether there are other undisclosed bugs that currently exist and have not been addressed.” They are calling for transparency with the outcome of the investigation and a written response to their questions.

The FaceTime privacy violation was detected by a 14-year-old and his mom who were trying to use the group call feature, but found that strangers could easily eavesdrop on their conversation even before the call officially started. Once the two came across the flaw, they repeatedly contacted Apple to fix it.

“Your company and others must proactively ensure devices and applications protect consumer privacy, immediately act when a vulnerability is identified and address any harm caused when you fail to meet your obligations to consumers,” reads the letter. “We do not believe Apple has been as transparent as this serious issue requires.”

Once the software bug was publicly disclosed, Apple disabled the feature and is working on software updates to fix the issue in the near future.

The issue doesn’t seem to have affected Apple’s business strength and stock price, as it has regained its title of “most valuable public company in the world,” ahead of Amazon and Microsoft, writes CNBC.

Masergy launches Secure Wi-Fi and extends protection into the customer LAN

Masergy, a leading provider of secure hybrid networking, cloud communications and managed security solutions, has launched Masergy Secure Wi-Fi as the latest feature in the ongoing evolution of the company’s Secure Hybrid Networking offering. The new capability delivers swift and secure enterprise-grade wireless network access to both high- and low-density areas including retail and corporate environments. “Our customers wanted us to extend our network management down to the LAN. With this new offering we empower … More

The post Masergy launches Secure Wi-Fi and extends protection into the customer LAN appeared first on Help Net Security.

New Accenture Microsoft Business Group will empower enterprises to thrive in the era of digital disruption

Accenture and Microsoft, in conjunction with their joint venture Avanade, today announced the launch of the Accenture Microsoft Business Group. The new group elevates a longstanding strategic alliance, expanding combined service capabilities, global scale and joint solution development to help clients overcome disruption and lead transformation in their industries. Majority owned by Accenture, Avanade was founded in 2000 by Accenture LLP and Microsoft Corporation. Clients around the globe are looking to Accenture, Microsoft and Avanade … More

The post New Accenture Microsoft Business Group will empower enterprises to thrive in the era of digital disruption appeared first on Help Net Security.

Zettaset releases XCrypt Archive for Pivotal Cloud Foundry to automate encryption

Zettaset, a leading provider of software-defined encryption solutions, announced that Zettaset XCrypt Archive for Pivotal Cloud Foundry (PCF) is now available on the Pivotal Services Marketplace. XCrypt Archive for PCF enables DevOps teams to transparently and automatically encrypt and restore backup artifacts with a software-only solution that provides high-level security and scalability. Zettaset’s software-only approach to encryption simplifies deployment and eliminates the need for proprietary appliances, making it ideal for cloud applications. With XCrypt Archive, … More

The post Zettaset releases XCrypt Archive for Pivotal Cloud Foundry to automate encryption appeared first on Help Net Security.

Remote wipe SAN and EFI computers with BCWipe Total WipeOut by Jetico

Jetico, leading developer of approved DoD wipe software, announced the release of version 4 of BCWipe Total WipeOut to erase hard drive data. Enterprise users gain more advantages to remotely wipe SAN devices and EFI computers, now including enhanced reporting and an improved interface. Storage Area Networks (SANs) are nowadays more common in corporate environments for expanding data storage capacity. BCWipe Total WipeOut helps to securely manage this growing digital footprint. Jetico CEO, Michael Waksman … More

The post Remote wipe SAN and EFI computers with BCWipe Total WipeOut by Jetico appeared first on Help Net Security.

Daniel Stenberg, founder and Chief Architect of cURL, joins wolfSSL

wolfSSL, the leading provider of TLS cryptography and the world’s first commercial release of TLS 1.3, announces integration with cURL, the open source command line tool and library written in C with more than 5 billion installations worldwide. As part of the integration, Daniel Stenberg, founder and Chief Architect of cURL, will join the wolfSSL team. If you are not familiar, cURL is used in command lines or scripts to transfer data. It is also … More

The post Daniel Stenberg, founder and Chief Architect of cURL, joins wolfSSL appeared first on Help Net Security.

Mocana introduces device security solutions to protect the electric grid

Mocana, the leading provider of device security solutions for IoT and industrial control systems, today announced the availability of solutions to protect and manage the security of legacy devices and industrial equipment. Mocana TrustCenter and TrustPoint provide strong device-based authentication and encryption solutions for protecting brownfield devices, making it easy for utilities, asset owners, operators and equipment vendors to achieve end to end device security. According to IMS Research, 85% of all industrial devices in … More

The post Mocana introduces device security solutions to protect the electric grid appeared first on Help Net Security.

AdaCore enhances security-critical firmware with NVIDIA

AdaCore, a trusted provider of software development and verification tools, today announced it is working with NVIDIA to implement Ada and SPARK programming languages for select security-critical firmware used for applications that demand stringent safety and security capabilities, like automated and autonomous driving. Some NVIDIA system-on-a-chip product lines will migrate to a new architecture using the RISC-V Instruction Set Architecture (ISA). Also, NVIDIA plans to upgrade select security-critical firmware software, rewriting it from C to … More

The post AdaCore enhances security-critical firmware with NVIDIA appeared first on Help Net Security.

CrowdStrike opens its endpoint protection platform to third-party applications

CrowdStrike, the leader in cloud-delivered endpoint protection, today announced the availability of The CrowdStrike Store, the first cloud-native security solution that opens the CrowdStrike Falcon platform to third-party applications, enabling a single-agent, single-cloud ecosystem experience. The CrowdStrike Store allows customers to discover, try, buy, and deploy trusted partner applications and add-ons alongside the Falcon platform, without having to deploy additional agents or manage other infrastructures. Through the CrowdStrike Store, security technology providers can bring innovation … More

The post CrowdStrike opens its endpoint protection platform to third-party applications appeared first on Help Net Security.

Acer Cloud Technology launches Being Device Management Platform

Acer Cloud Technology announced the debut of Being Device Management (BDM), a device management platform for system integrators and managed service providers. BDM looks to address the device management needs of a growing number of IoT-integrated devices for business. Acer Cloud Technology has joined forces with smart system suppliers Axiomtek, NEXCOM, IBASE, Shuttle, and AOPEN to provide an all-in-one device management platform across a variety of industries, such as retail, health, and transportation. Together, Acer … More

The post Acer Cloud Technology launches Being Device Management Platform appeared first on Help Net Security.

Secure Decisions streamlines and enhances web application penetration testing

Secure Decisions, a division of Applied Visions, Inc. and a leader in cyber security research, has developed a new application security testing technology, the Attack Surface Detector, that enhances software penetration testing. Developed under the Department of Homeland Security Science and Technology Directorate’s multi-year Application Security Technologies and Metrics program, ASD helps penetration testers by automating discovery of a web application’s hidden endpoints and optional parameters, identifying gaps in an application’s visible attack surface. Automated … More

The post Secure Decisions streamlines and enhances web application penetration testing appeared first on Help Net Security.

Security veteran Stephan Spitz joins Secure Thingz as Chief Strategy Officer

Secure Thingz, a global domain expert in device security, embedded systems, and lifecycle management, announced it has appointed Dr. Stephan Spitz as its chief strategy officer. Spitz will be responsible for formulating, facilitating and communicating Secure Thingz’ strategic initiatives for its business and technology offerings, as the company continues to focus on making best-in-class security solutions easier to implement for the Internet of Things (IoT). Spitz will report directly to Secure Thingz CEO Haydn Povey. … More

The post Security veteran Stephan Spitz joins Secure Thingz as Chief Strategy Officer appeared first on Help Net Security.

Signal Sciences raises $35M to accelerate wide-scale market expansion and technology innovation

Signal Sciences, the fastest growing web application security company in the world, announced that it has raised $35 million in Series C funding to continue its explosive growth and disruption of the web application firewall (WAF) market. The round is led by Lead Edge Capital, with participation from existing investors CRV, Index Ventures, Harrison Metal and OATV. Additionally, Lorrie Norrington, an Operating Partner at Lead Edge Capital and the former President of eBay and former … More

The post Signal Sciences raises $35M to accelerate wide-scale market expansion and technology innovation appeared first on Help Net Security.

RSA Conference announces finalists for Innovation Sandbox Contest 2019

RSA Conference announced the 10 finalists for its annual RSAC Innovation Sandbox Contest. The competition is dedicated to providing innovative startups a platform to showcase their groundbreaking technologies that have the potential to transform the information security industry. Past winners include companies such as Phantom, Invincea, UnifyID and, most recently, BigID. Dr. Herbert (Hugh) Thompson On Monday, March 4, the Top 10 finalists listed below will present a three-minute quick-pitch followed by Q&A with a … More

The post RSA Conference announces finalists for Innovation Sandbox Contest 2019 appeared first on Help Net Security.

Student Loan Company Fought Off 1 Million Cyberattacks in a Year

The financial services industry registered three times more security incidents than any other industry in 2018. According to data released under Freedom of Information legislation, UK government organization The Student Loans Company (SLC) experienced close to a million cyberattacks in the 2017 – 2018 fiscal year. The information was made public upon written request from the Parliament Street think tank.

While most attacks were categorized as malware (323), Denial-of-Service, and malicious emails or calls (235), they all failed, except for a cryptojacking attack. Manipulating a third-party plugin, hackers injected Monero mining software into the company’s network. This was attributed to third-party incidents.

Dealing with student grants and loans, SLC had access to a high volume of confidential personal and financial information. According to its annual report, the company has 8.1 million customers and a loan book value of £117.8 billion, and it processed about 1.8 million applications in the fiscal year.

The non-profit organization says it stores no customer data on its servers, so no critical information was compromised. The company further said they only “host publicly available data.”

During the 2017 – 2018 fiscal year, The Student Loans Company suffered 1 million attacks meant to compromise the network and access financial information. This figure is of particular concern since the organization only suffered 95 attacks in the previous year and just three the year before that.

“Firstly we’d stress that malicious online activity affects every organization and individual,” a company spokesperson said for IT Pro. “It is also necessary to put in context that 99.9 % of the ‘attempts’ recorded in 17/18 present an extremely low level of threat. The apparent increase in 17/18 figures is largely due to changes in the way security incidents are recorded. It is also worth stressing that, while we remain permanently aware and vigilant, every one of these attempts was detected and prevented at an early stage, with no violation of systems or data security.”

Indegy Industrial Cybersecurity Suite available on IBM Security App Exchange

Indegy, a leader in industrial cyber security, today announced the integration between its Indegy Industrial Cybersecurity Suite and IBM’s QRadar Security Intelligence Platform, which bridges the visibility gap between enterprise information technology (IT) environments and industrial, operational technology (OT) environments. Recent attacks such as TRITON, Dragonfly 2.0, and CrashOverride/Industroyer have shown that today’s Industrial Control Systems (ICS), many of which are now connected to enterprise IT systems, are no longer isolated from cyber threats. Meanwhile, … More

The post Indegy Industrial Cybersecurity Suite available on IBM Security App Exchange appeared first on Help Net Security.

Orange acquires SecureData to increase expertise in cybersecurity

Orange has announced the acquisition of SecureData Group for an undisclosed amount. The UK-based company, SecureData, is the largest independent cybersecurity service provider in the UK, the first market in Europe. The company has a 25-year track record of providing integrated cyber solutions designed to assess risks, detect threats, protect customer’s IT assets and respond to security incidents. The company’s elite consulting arm, SensePost, enjoys a worldwide reputation for its expertise in cyber-criminality, security research … More

The post Orange acquires SecureData to increase expertise in cybersecurity appeared first on Help Net Security.

The Industrial Internet Consortium and OpenFog Consortium unite

The Industrial Internet Consortium (IIC) and the OpenFog Consortium (OpenFog) today announced that they have finalized the details to combine the two largest and most influential international consortia in Industrial IoT, fog and edge computing. Effective immediately, the organizations will work together under the IIC umbrella to drive the momentum of the industrial internet, including the development and promotion of industry guidance and best practices for fog and edge computing. The announcement brings OpenFog members … More

The post The Industrial Internet Consortium and OpenFog Consortium unite appeared first on Help Net Security.

Fidelis Cybersecurity hires a Chief Scientist

Fidelis Cybersecurity (Fidelis), a leading provider of threat detection, threat hunting, and response solutions, announced the appointment of Dr. Abdul Rahman as chief scientist. Dr. Rahman brings over 10 years of experience in government cyber defense programs and building security infrastructures able to protect against a variety of threats. “I am happy to announce the addition of Abdul to our management team as we have an opportunity to change the security game,” said Nick Lantuh, … More

The post Fidelis Cybersecurity hires a Chief Scientist appeared first on Help Net Security.

Madhav Sonthalia joins Zimperium as CPO

Zimperium announced Madhav Sonthalia has joined the company as Chief Product Officer. Sonthalia’s significant experience building and delivering enterprise cyber security products will help Zimperium continue its industry-leading growth and further extend its leadership position. As more companies, especially those in the public sector, financial and healthcare industries, move toward a mobile-centric approach, there is an increased need to protect the sensitive information living on mobile devices. Zimperium’s on-device, machine learning-based detection protects mobile devices … More

The post Madhav Sonthalia joins Zimperium as CPO appeared first on Help Net Security.

Tanium appoints Ryan Kazanciyan as CTO

Tanium, the platform for Business Resilience, has announced the appointment of Ryan Kazanciyan to Chief Technology Officer (CTO). With deep industry experience, Kazanciyan will focus on oversight of our product vision and strategy to help organizations and governments around the world achieve Business Resilience. Kazanciyan is an accomplished technology executive with almost 20 years of experience enabling growth and driving business value at global organizations. As CTO, Kazanciyan will have end-to-end responsibility over the Tanium … More

The post Tanium appoints Ryan Kazanciyan as CTO appeared first on Help Net Security.

Hackers Breach Airbus, Steal Employee Information

Hackers stole data on Airbus employees in a cyber attack on systems of the French aircraft maker, according to a company press release.

Airbus said it detected a cyber incident on its “Commercial Aircraft business” information systems, “which resulted in unauthorised access to data.” The company’s commercial operations were not affected.

“This incident is being thoroughly investigated by Airbus’ experts who have taken immediate and appropriate actions to reinforce existing security measures and to mitigate its potential impact, as well as determining its origins,” reads the notice.

Airbus is now trying to figure out whether specific data was targeted, which would help build a profile of the attacker (i.e. a competitor or a state-sponsored hacker looking to steal engineering blueprints).

“However we do know some personal data was accessed. This is mostly professional contact and IT identification details of some Airbus employees in Europe,” Airbus confirmed.

Airbus, which designs and manufactures aircraft ranging from commercial airliners to combat planes and helicopters, employs a massive workforce of around 129,000.

As per the EU’s General Data Protection Regulation requirements, the company has immediately contacted the relevant regulatory authorities to provide a formal notice of the breach.

“Airbus employees are being advised to take all necessary precautions,” Airbus concluded.

Last year, the WannaCry ransomware infected “a small number of systems” at Boeing, the world’s largest manufacturer of commercial airplanes.

HOTforSecurity: Hackers Breach Airbus, Steal Employee Information

Hackers stole data on Airbus employees in a cyber attack on systems of the French aircraft maker, according to a company press release.

Airbus said it detected a cyber incident on its “Commercial Aircraft business” information systems, “which resulted in unauthorised access to data.” The company’s commercial operations were not affected.

“This incident is being thoroughly investigated by Airbus’ experts who have taken immediate and appropriate actions to reinforce existing security measures and to mitigate its potential impact, as well as determining its origins,” reads the notice.

Airbus is now trying to figure out whether specific data was targeted, which would help build a profile of the attacker (i.e. a competitor or a state-sponsored hacker looking to steal engineering blueprints).

“However we do know some personal data was accessed. This is mostly professional contact and IT identification details of some Airbus employees in Europe,” Airbus confirmed.

Airbus, which designs and manufactures aircraft ranging from commercial airliners to combat planes and helicopters, employs a massive workforce of around 129,000.

As per the EU’s General Data Protection Regulation requirements, the company has immediately contacted the relevant regulatory authorities to provide a formal notice of the breach.

“Airbus employees are being advised to take all necessary precautions,” Airbus concluded.

Last year, the WannaCry ransomware infected “a small number of systems” at Boeing, the world’s largest manufacturer of commercial airplanes.



HOTforSecurity

Deloitte launches new proprietary solution to help manage records disclosure and data privacy

In response to increasing demand for disclosure of government records and mounting regulatory requirements for personal data privacy, Deloitte launched a workflow management platform. Built on Relativity’s ediscovery platform and hosted in Deloitte’s FedRAMP-authorized environment, Deloitte’s disclosure solution is designed to help Deloitte clients manage information requests, create Freedom of Information Act (FOIA) responses and reports and manage data privacy. In coming months, Deloitte’s disclosure solution will also be available on Relativity’s cloud-based software as … More

The post Deloitte launches new proprietary solution to help manage records disclosure and data privacy appeared first on Help Net Security.

Cradlepoint and Microsoft create integrated solution to simplify and accelerate enterprise IoT projects

Cradlepoint introduced a platform integration with Microsoft Azure that will make it faster and easier for enterprises to “Build Your Own IoT” solutions (BYOIoT). The solution includes Cradlepoint’s new NetCloud Edge Connector for Azure IoT Central to help simplify and accelerate the process of building and deploying IoT applications and devices. According to a recent study by Cisco, 74 percent of IoT initiatives fell short of achieving success with 54 percent citing the lack of … More

The post Cradlepoint and Microsoft create integrated solution to simplify and accelerate enterprise IoT projects appeared first on Help Net Security.

Check Point and Ericom Software join forces to tackle browser-based attacks

Ericom Software unveiled the integration of Ericom Shield Remote Browser Isolation (RBI) solution with Check Point Software Technologies Advanced Network Threat Prevention. Combining Ericom Shield remote browsing technology with Check Point threat intelligence and edge security protection generates a defense that enables organizations to stay ahead of attackers, while maintaining user access to browser-based services and assets. As a defense against threats, Check Point leverages HTTPS inspection, sandboxing, threat extraction, application control, URL filtering and … More

The post Check Point and Ericom Software join forces to tackle browser-based attacks appeared first on Help Net Security.

Syncurity partners with SentinelOne to accelerate alert triage and orchestrate incident response

Syncurity and SentinelOne formed a strategic partnership and technology integration of the SentinelOne autonomous endpoint protection console with the Syncurity IR-Flow SOAR Platform. The joint solution will enable customers to accelerate alert triage and orchestrate response to threats across all endpoints. SentinelOne is the only next-gen solution that defends every endpoint against any type of attack, at all stages in the threat lifecycle. Through this integration, customers will be able to ingest threat and incident … More

The post Syncurity partners with SentinelOne to accelerate alert triage and orchestrate incident response appeared first on Help Net Security.

QuantLR partners with PacketLight Networks to secure next-generation networks

QuantLR LTD and PacketLight Networks will work together to form a more secure optical network by jointly developing an integrated QKD solution. The partnership came following the recent signing of a Letter of Intent between the two companies, where they will cooperate and share information required for the development of the QKD solution as part of Layer 1 encryption of fiber optic link. The intention is to demonstrate the solution at the site of one … More

The post QuantLR partners with PacketLight Networks to secure next-generation networks appeared first on Help Net Security.

Ixia launches new software for management of visibility solutions

Ixia has launched a new software solution for management of a wired, wireless, and/or virtual visibility solutions. The new Ixia Fabric Controller (IFC) Centralized Manager supports network packet brokers, taps, bypass switches, and cloud visibility solutions via a single graphical user interface (GUI). Today’s network infrastructure features on-premise, cloud and private data center devices faced with increasing traffic volumes and escalating security threats. According to Cisco, annual global IP traffic will reach 4.8 ZB per … More

The post Ixia launches new software for management of visibility solutions appeared first on Help Net Security.

XebiaLabs drives DevOps innovation following 2018 $100M+ strategic capital investment

XebiaLabs, since receiving a $100M+ strategic capital investment in early 2018, has added a range of new product enhancements that address enterprise DevOps challenges. These innovations further improve an organization’s ability to migrate to the cloud, connect Continuous Integration and DevOps pipelines, manage DevOps as code, tie IT service management (ITSM) tools into the DevOps process, and meet governance requirements while accelerating software delivery. DevOps enables many paths to customer value Software development may occur … More

The post XebiaLabs drives DevOps innovation following 2018 $100M+ strategic capital investment appeared first on Help Net Security.

Baffin Bay Networks expands into the US with acquisition of Loryka

Baffin Bay Networks revealed the acquisition of Loryka. Baffin Bay Networks, its team launched its cloud-based threat prevention service in 2017. This acquisition is the latest milestone following the company’s $6.4m Series A investment last year, led by EQT Ventures, accelerating its global expansion. The company will become the first Baffin Bay affiliate in the United States. The Threat Research centre will be based in Portland, Oregon with additional operations in Virginia, Maryland and Tulsa, … More

The post Baffin Bay Networks expands into the US with acquisition of Loryka appeared first on Help Net Security.

HOTforSecurity: Hackers hit Airbus, steal personal details of employees

Aircraft manufacturer Airbus is investigating a security breach that has seen hackers steal personal information from its systems.

In a statement published on its website, Airbus admitted that systems used by its commercial aircraft business had been accessed by an unauthorised party, and personal data related to European employees had been stolen.

According to the manufacturer of the A380, no customer data was accessed by the hackers, and production has not been affected.

What isn’t at all clear at the moment is whether Airbus was specifically targeted, or whether the breach was more the work of an opportunistic hacker.

However, the fact that information about employees was accessed is definitely a cause of concern. Malicious hackers and fraudsters might seek to weaponise such information by targeting particular individuals or assembling convincing emails that target individuals that pretend to come from colleagues.

Airbus says that it is continuing to investigate whether any specific data was targeted.

Airbus’s statement makes no mention of precisely what types of data were accessed by the intruders, but if – for instance – password credentials were included in the haul then that would be of serious concern.

If that were the case, not only might the accounts of Airbus workers be potentially at threat of compromise by the intruders, but there would also be the risk that workers had reused the same passwords at different places online – opening opportunities for other breaches.

It is a sad truth that many people make the mistake of using work credentials for non-work-related services. If you feel it’s something you might be guilty of, take the sensible step of investing in a decent password manager.

Not only will it help store your passwords securely, but it will also reduce the likelihood of you making poor password choices by offering you an easy way to generate a complex, unique password for every online service you require.

Airbus says it is strengthening its existing cybersecurity measures, and taking action to mitigate the incident’s potential impact.

The company says that it has notified affected employees and data protection authorities about the incident, something it is required to do within 72 hours of becoming aware of a data breach under European GDPR regulations.

Other members of the airline industry who have found themselves having to admit in the last year that they have have suffered at the hands of cybercriminals include Boeing, Cathay Pacific and British Airways.



HOTforSecurity

Keysight Technologies introduces solution for PCI Express 5.0 technology

Keysight Technologies released transmitter (Tx) and receiver (Rx) testing solution providing the speed and margins needed to meet the Peripheral Component Interconnect or PCI Express 5.0 Technology (PCIe Gen5) standard. With many 5G wireless devices reported to launch in 2019, the computer/server industry is working to upgrade and enhance network speed with technologies such as 400G Ethernet. PCI Express 5.0 technology is required for computer servers to support the bandwidth of 400G networks, as it … More

The post Keysight Technologies introduces solution for PCI Express 5.0 technology appeared first on Help Net Security.

Fortanix raises $23M to meet the demand for runtime encryption solutions

Fortanix has closed a $23 million Series B round of funding led by Intel Capital. Round participants included existing investors Foundation Capital and Neotribe. In addition, Sunil Kurkure, Director, Intel Capital, will join the Fortanix Board of Directors. The funding brings the company’s total funding to $31 million. Fortanix is executing on its bold vision of helping solve today’s cloud security and data privacy problems. By helping to protect data in systems that might otherwise … More

The post Fortanix raises $23M to meet the demand for runtime encryption solutions appeared first on Help Net Security.

Lance Spitzner joins the Attivo Networks advisory board

Attivo Networks welcomes Lance Spitzner, a pioneer for deception and cyber intelligence and advocate for cybersecurity awareness, as the newest member of its Advisory Board. He will accompany current board members, Marshall Heilman and Bill Ender in further enhancing Attivo Networks deep expertise in addressing ever-evolving cyberthreat challenges. Spitzner is currently the Director of Security Awareness at SANS Institute and brings over 20 years of expertise in cyberthreat research as well as security architecture awareness … More

The post Lance Spitzner joins the Attivo Networks advisory board appeared first on Help Net Security.

AI-platform Mimiro raises $30 million to tackle terrorist funding, money-laundering and fraud

Mimiro (formerly ComplyAdvantage) has raised USD $30 million from investors to accelerate the global expansion of its machine-learning platform for analysing the risk of financial crime. By verifying parties and transactions, Mimiro changes how companies assess who they’re doing business with – offering organisations confidence in their own operations, attacking financial crime and reducing laborious manual checks. Mimiro has a growing list of 350 clients in 45 countries across the US, Europe and Asia, including … More

The post AI-platform Mimiro raises $30 million to tackle terrorist funding, money-laundering and fraud appeared first on Help Net Security.

Thieves stole $1.7 billion in cryptocurrency in 2018 as mining gives way to stealing in crypto space

Bitcoin’s legendary ascension to the $20,000 mark a little more than a year ago inspired legions of fast-buck makers to hop on the bandwagon and invest in this intriguing yet volatile asset.

Mining cryptocurrency worked for a while, but it is no longer feasible because of the increasing complexity behind the algorithms, especially in the case of Bitcoin. So players in the cryptocurrency market are now (loosely) divided into two categories: those who trade it and those who steal it.

And the line between the ICOs and exchanges in the former group and the thieves, scammers and hackers of the second group is blurring by the day. Some exchanges and initial coin offerings are now entirely set up to perform an exit scam.

Playing with digital currency today is like playing with fire, as the risks now outweigh the benefits. New research reveals that thieves and scammers stole $1.7 billion in cryptocurrency in 2018. Theft from cryptocurrency exchanges accounted for most of the criminal activity: more than $950 million was stolen by hackers in 2018 – 3.6 times more than in 2017. Investors and exchange users lost at least $725 million in cryptocurrency in 2018 to exit scams, phony exchange hacks, and Ponzi schemes, according to CipherTrace.

Criminals now need to launder all these funds to cash out before a wave of crypto-centric regulations go into effect this year.


3.6x More Cryptocurrency Stolen in 2018 Versus 2017 According to CipherTrace (Graphic: Business Wire)

CipherTrace has also identified the top 10 trending crypto threats (below) in an effort to provide “actionable threat intelligence for anyone dealing with cryptocurrency.” From the report:

  • SIM swapping: An identity theft technique that takes over a victim’s mobile device to steal credentials and break into wallets or exchange accounts to steal cryptocurrency.
  • Crypto dusting: A new form of blockchain spam that erodes the recipient’s reputation by sending cryptocurrency from known money mixers.
  • Sanction evasion: Nation states that use cryptocurrencies promoted by the Iranian and Venezuelan governments to circumvent sanctions.
  • Next-generation crypto mixers: Money laundering services that promise to exchange tainted tokens for freshly mined crypto, but in reality cleanse cryptocurrency through exchanges.
  • Shadow money service businesses (MSBs): Unlicensed MSBs that bank cryptocurrency without the knowledge of host financial institutions, exposing banks to unknown risk.
  • Datacenter-scale cryptojacking: Takeover attacks that mine for cryptocurrency at a massive scale and that have been discovered in datacenters, including AWS.
  • Lightning Network transactions: Enabling anonymous bitcoin transactions by going “off-chain” and now scaling to $2,150,000.
  • Decentralized stable coins: Stabilized tokens that can be designed for use as hard-to-trace private coins.
  • Email extortion and bomb threats: Mass-customized phishing email campaigns by cyber-extortionists using old passwords and spouse names to demand bitcoin. Bomb threat extortion scams spiked in December.
  • Crypto-robbing ransomware: New malware distributed by cyber-extortionists that empties cryptocurrency wallets and steals private keys while holding user data hostage.

In the wake of numerous such incidents, countries around the world are accelerating the adoption of anti-money-laundering regulations and cryptocurrency forensics. However, as in the classical monetary system, some countries are lagging behind in regulating cryptocurrency, serving as potential havens for money laundering, fraud, and tax evasion.

NZ Police issues update on suspicious Cryptopia hack, says “significant amount” stolen

Authorities in New Zealand are not ruling out the possibility of an exit scam during their investigation into a crypto exchange hack that occurred earlier this month. According to an update by the NZ Police Media Center, the amount of stolen funds is “significant.”

Between January 14 and January 15, NZ-based crypto exchange Cryptopia allegedly learned that it got breached, with the hackers stealing digital currency from its customers. A backlash quickly ensued, with many users believing the exchange had faked its own data breach to perform an exit scam (some users claimed their Ethereum wallets were drained right before the shutdown). Cryptopia then notified the appropriate authorities and started an investigation into the breach.

The New Zealand police has since issued two separate updates on the hack. Some highlights from the first update:

  • Police are not yet in a position to say how much cryptocurrency is involved, other than it is “a significant amount”
  • There has been “a visible police presence” at the company’s headquarters as police take the steps needed to progress the investigation
  • The operation includes both a forensic digital investigation of the company, and a physical scene examination at the building
  • Police is aware of the exit scam speculation. Their official stance is: “It is too early for us to draw any conclusions and Police will keep an open mind on all possibilities while we gather the information we need.”
  • Police has made it a priority to identify and recover missing funds, but suggests those affected should not get their hopes up as “there are likely to be many challenges to achieving this.”
  • Cryptopia are cooperating “fully” with the investigation team

In a second notice issued by the Police Media Center, investigators say “good progress is being made and positive lines of enquiry are being developed to identify the source of the transfer, and to identify where the crypto-currencies have been sent.”

Members in the investigation include both local and foreign digital forensic investigators, as well as overseas authorities. The Police again underscores Cryptopia’s assistance in the investigation, perhaps in an effort to dispel any negative speculation surrounding the breach. Authorities expect the investigation to take some time to complete, the notice also said.

It is not uncommon for a cryptocurrency exchange to fall victim to a targeted attack. Cryptocurrency transfers are hard to trace while stolen funds are even harder to recover, making crypto exchanges a lucrative target for hackers.

HOTforSecurity: NZ Police issues update on suspicious Cryptopia hack, says “significant amount” stolen

Authorities in New Zealand are not ruling out the possibility of an exit scam during their investigation into a crypto exchange hack that occurred earlier this month. According to an update by the NZ Police Media Center, the amount of stolen funds is “significant.”

Between January 14 and January 15, NZ-based crypto exchange Cryptopia allegedly learned that it got breached, with the hackers stealing digital currency from its customers. A backlash quickly ensued, with many users believing the exchange had faked its own data breach to perform an exit scam (some users claimed their Ethereum wallets were drained right before the shutdown). Cryptopia then notified the appropriate authorities and started an investigation into the breach.

The New Zealand police has since issued two separate updates on the hack. Some highlights from the first update:

  • Police are not yet in a position to say how much cryptocurrency is involved, other than it is “a significant amount”
  • There has been “a visible police presence” at the company’s headquarters as police take the steps needed to progress the investigation
  • The operation includes both a forensic digital investigation of the company, and a physical scene examination at the building
  • Police is aware of the exit scam speculation. Their official stance is: “It is too early for us to draw any conclusions and Police will keep an open mind on all possibilities while we gather the information we need.”
  • Police has made it a priority to identify and recover missing funds, but suggests those affected should not get their hopes up as “there are likely to be many challenges to achieving this.”
  • Cryptopia are cooperating “fully” with the investigation team

In a second notice issued by the Police Media Center, investigators say “good progress is being made and positive lines of enquiry are being developed to identify the source of the transfer, and to identify where the crypto-currencies have been sent.”

Members in the investigation include both local and foreign digital forensic investigators, as well as overseas authorities. The Police again underscores Cryptopia’s assistance in the investigation, perhaps in an effort to dispel any negative speculation surrounding the breach. Authorities expect the investigation to take some time to complete, the notice also said.

It is not uncommon for a cryptocurrency exchange to fall victim to a targeted attack. Cryptocurrency transfers are hard to trace while stolen funds are even harder to recover, making crypto exchanges a lucrative target for hackers.



HOTforSecurity

Exploring opportunities for infosec pros to use their skills to fight for social change

RSA Conference has teamed up with cybersecurity expert Bruce Schneier and the Ford Foundation to host the first full-day Public Interest Technologist Track, Bridging the Gap: Cybersecurity + Public Interest Tech, during RSA Conference 2019 in San Francisco. Set to take place March 7, 2019, the event consists of six sessions highlighting public interest technologists inside governments, as part of civil society, at universities, and in corporate environments. “All security policy issues have strong technology … More

The post Exploring opportunities for infosec pros to use their skills to fight for social change appeared first on Help Net Security.

Symantec introduces EDR tools and fully-managed service to stop cyber threats

Symantec released a new Managed Endpoint Detection and Response (MEDR) service and enhanced EDR 4.0 technology. These advancements improve attack discovery and incident response using AI-driven analytics and automation to discover and stop cyber attacks. Enterprise IT and Security Ops teams are challenged to investigate and respond to advanced and emerging threats with available resources and staff. Symantec’s MEDR service harnesses the power of EDR 4.0 to improve incident response, threat hunting and forensics, fortifying … More

The post Symantec introduces EDR tools and fully-managed service to stop cyber threats appeared first on Help Net Security.

Dragos updates its asset identification, threat detection, and response platform

Dragos released version 1.4 of its Dragos Platform, industrial cybersecurity software that codifies threat analytics to provide operational technology (OT) and information technology (IT) practitioners visibility of ICS assets and prescriptive procedures to respond to adversaries. The latest release of the Dragos platform incorporates customer feedback from existing deployments, as well as input from Dragos’ Threat Operations Center, which regularly uses the Platform to assess and detect cybersecurity threats in industrial organizations across electric, oil … More

The post Dragos updates its asset identification, threat detection, and response platform appeared first on Help Net Security.

SyncDog enables mobile workforce productivity through data loss prevention application

SyncDog provides the mobile workforce with an integrated, brand agnostic platform that supports and expands productivity so employees may work from wherever they are. SyncDog’s SaaS platform, Secure.Systems, supports data loss prevention (DLP) by putting protections in place that trap and protect data as it moves throughout an organization’s network. Administrators now have control over which applications reside in the containerized platform, regardless of the product’s brand affiliation. Secure.Systems provides a secure DLP application workspace … More

The post SyncDog enables mobile workforce productivity through data loss prevention application appeared first on Help Net Security.

Accenture launches SynOps to help enterprises achieve competitive advantage

Accenture has launched SynOps, an operating “engine” that optimizes the synergy of data, applied intelligence, digital technologies and talent to help organizations transform business operations, create user experiences and deliver results. SynOps is an assembly of talent, capabilities and technologies, including artificial intelligence (AI) and analytics, that gives organizations a roadmap for achieving higher levels of efficiencies across the enterprise. SynOps enables companies to make their organizations more flexible, agile and responsive, helping them generate … More

The post Accenture launches SynOps to help enterprises achieve competitive advantage appeared first on Help Net Security.

Dynatrace opens its AIOps solution to third parties for smart autonomous cloud management

Dynatrace, released the next generation of its Artificial Intelligence, Davis, now powered by new and enhanced algorithms, and an ability to ingest data and events from third-party solutions. “Four years ago, we pioneered, and continually improve, a unique, deterministic approach to AI that enabled customers to simplify enterprise cloud environments and focus more time on innovation. Because Dynatrace auto-discovers and maps dependencies across the enterprise cloud and analyzes all transactions, our Davis AI engine can … More

The post Dynatrace opens its AIOps solution to third parties for smart autonomous cloud management appeared first on Help Net Security.

VIAVI reinvents performance management and network security with enriched data flow records

Viavi Solutions launched Observer GigaFlow, a solution that delivers enriched flow records to stitch together user, network, and infrastructure data into a single record. GigaFlow is the latest enhancement to VIAVI Observer, the platform recognized as a Network Performance Management and Diagnostics (NPMD) solution by Gartner’s Magic Quadrant. The growing number and variety of devices and applications across today’s hybrid IT environment are becoming difficult to manage — whether related to IoT, SD-WAN, cloud migrations … More

The post VIAVI reinvents performance management and network security with enriched data flow records appeared first on Help Net Security.

Kudelski Security launches new Blockchain Security Center

Kudelski Security launched its Blockchain Security Center (BSC), making available its cryptography expertise into the evolving blockchain developer community. Expanding upon the company’s security services, the BSC will provide new offerings and has a roadmap to develop technologies that help integrate security into and around blockchain solutions for enterprises and within public/private sectors. Blockchain has the potential to revolutionize business capabilities, creating new avenues of efficiency and supercharge technology applications across all industries and sectors. … More

The post Kudelski Security launches new Blockchain Security Center appeared first on Help Net Security.

Norton LifeLock develops new app to help consumers begin to take control of their online privacy

Symantec’s Norton LifeLock brand introduced Norton Privacy Manager, a new app that marks a first step in the cyber security company’s movement to help consumers begin to understand and take control of their privacy and protect themselves online. The app is part of a new project by Norton Labs aimed at gathering customer input and key learnings to help evolve online privacy technologies. Norton Privacy Manager is available now in the Apple app store in … More

The post Norton LifeLock develops new app to help consumers begin to take control of their online privacy appeared first on Help Net Security.

Bluetooth enhances support for location services with new direction finding feature

The Bluetooth Special Interest Group (SIG) revealed a new direction finding feature that holds the potential to enhance the performance of Bluetooth location services solutions. The new feature allows devices to determine the direction of a Bluetooth signal, thereby enabling the development of Bluetooth proximity solutions that can understand device direction as well as Bluetooth positioning systems that can achieve location accuracy. Bluetooth location services solutions fall into two categories; proximity solutions and positioning systems. … More

The post Bluetooth enhances support for location services with new direction finding feature appeared first on Help Net Security.

CrowdStrike revamps the Elevate Partner Program to accelerate resell opportunities

CrowdStrike revealed a new tiered program for reseller partners to further accelerate sales and offer partners additional revenue streams through partner-provided services, solutions, and other opportunities. The Elevate Partner Program is a unified partner program that incorporates all security solutions, partners and their go-to-market models. It encompasses a “whole-ecosystem” approach based on six paths to partner engagement and profitability — Channel, Technology Alliances, MSSPs, OEMs, CrowdStrike Platform, and Cloud Procurements. With this announcement, CrowdStrike continues … More

The post CrowdStrike revamps the Elevate Partner Program to accelerate resell opportunities appeared first on Help Net Security.

NICE Actimize announces IFM-X platform powered by augmented intelligence

NICE Actimize released IFM-X, its next-generation Integrated Fraud Management (IFM) platform that leverages automation and machine learning to optimize effectiveness while reducing the total cost of implementing and operating an enterprise fraud risk management system. By utilizing NICE Actimize’s IFM-X, financial institutions will be able to integrate data into their fraud detection systems and utilize analytics, while optimizing fraud operations efficiency. Leveraging NICE Actimize’s experience in fraud management, the IFM-X platform marks another advancement in … More

The post NICE Actimize announces IFM-X platform powered by augmented intelligence appeared first on Help Net Security.

Secure Code Warrior to lead Secure Coding Champion Learning Lab at RSA Conference 2019

Secure Code Warrior (SCW) unveiled that co-founder and CEO Pieter Danhieux and co-founder and CTO Matias Madou have been selected by conference organizers to lead an “Are You a Secure Coding Champion” Learning Lab at the upcoming RSA Conference 2019, taking place March 4-8 in San Francisco. They will also be attending as part of the Australian Cyber Security Mission to the USA 2019, a group of companies selected by the Australian Trade and Investment … More

The post Secure Code Warrior to lead Secure Coding Champion Learning Lab at RSA Conference 2019 appeared first on Help Net Security.

At least six accounts robbed in hack of Bitcoin exchange LocalBitcoins

A breach of peer-to-peer exchange trading platform LocalBitcoins led to a series of unauthorized transactions from a number of accounts.

The exchange, which covers more than 16,000 cities around the globe, lets traders buy and sell Bitcoin in their vicinity. Its tagline, “Instant. Secure. Private” should no longer hold water following Saturday’s incident, which allowed hackers to steal funds from at least six of its users.

As per the official announcement, on Jan. 26 at around 10 AM (UTC), LocalBitcoins detected an “unauthorised source” accessing and sending transactions from a number of affected accounts. The exchange immediately disabled outgoing transactions. Still, admins later determined that at least six accounts had been affected.

“We were able to identify the problem, which was related to a feature powered by a third party software, and stop the attack,” reads the announcement. “At the moment, we are determining the correct number of users affected – so far six cases have been confirmed. For security reasons, the forum feature has been disabled until further notice.”

Outgoing transactions have since been re-enabled. The exchange claims to have set up a number of roadblocks to prevent further unauthorized access. It also advises its customers to use the two-factor-authentication mechanism available with the LocalBitcoins service. According to the company, LocalBitcoins accounts are currently safe to log into and use.

Apparently, the vulnerability that led to the breach was in the forums page software. The forum is currently down for maintenance as the team continues to work towards remediation.

Two weeks ago, a similar incident was reported in New Zealand where local cryptocurrency exchange Cryptopia suffered a breach that culminated in a lot of empty crypto wallets. The news led some users to speculate that the exchange itself faked the breach as part of an “exit scam.” Local police are investigating the breach, saying that “Cryptopia management and staff have been co-operating with Police and providing considerable assistance in the investigation.”

According to a notice by the New Zealand Police Media Centre, “Good progress is being made and positive lines of enquiry are being developed to identify the source of the transfer, and to identify where the crypto-currencies have been sent.”

User of the world’s biggest DDoS-for-hire website? Police say they’re coming after you

When police shut down the notorious website webstresser.org last year and arrested its administrators, a clear message was sent to the site’s 151,000 users: you’re next.

Until its takedown, webstresser.org was believed to the world’s biggest marketplace for the hiring of distributed denial-of-service (DDoS) attacks.

For as little as 15 euros a month, Webstresser’s customers could pay for DDoS attacks to be launched against websites – swamping them with traffic, and knocking them offline.

The site made it possible for individuals with little or no knowledge to launch crippling DDoS attacks. In all, it’s said that cybercriminals used Webstresser to launch over four million attacks, including major DDoS attacks targeting gambling sites, gaming sites, police forces, and top banks.

Thankfully, international law enforcement’s “Operation Power Off” put an end to Webstresser’s activities in April 2018, arresting the site’s administrators and commandeering its infrastructure.

That action by police didn’t just see the website replaced with a seizure notice, but also the confiscation of a treasure trove of information about the site’s 151,000 registered users.

Today Europol announced that police forces around the world are actively tracking down the site’s users.

In the UK, for instance, a number of Webstressers users have recently been visited by police, and over 60 personal electronic devices have been seized for analysis. There are also said to be live operations against other DDoS criminals – with over 250 users of webstresser.org and other booter services soon facing action.

In the Netherlands meanwhile, an initiative known as “Hack_Right” has been launched which aims to tackle the problem of young first-time offenders who naively engage in cybercrime without recognising the seriousness of what they were doing.

The initiative, which is aimed at young offenders between the ages of 12 and 23, attempts to change the perpetrators’ behaviour, help them avoid a criminal record, and perhaps turn them towards a career as an ethical hacker instead.

One Dutch user of webstresser.org has already gone through the “Hack_Right” process.

If you have hacking skills and you use those skills to do harm, there’s a chance that you will be caught and that could have repercussions for the rest of your life.

Don’t direct your computer knowledge towards committing crime. Instead, use your skills to do something positive – develop a cool app, write a helpful code library, publish some research, create a popular website, help mitigate against security threats.

You may not be lucky enough to be offered a place on a “Hack_Right” course. You may end up going to prison. If you’re clever enough to commit a cybercrime, you should be clever enough to recognise that what you are doing could result in your losing your liberty, and causing unnecessary distress and heartbreak to your friends and family.

HOTforSecurity: Facebook to Merge WhatsApp, Instagram, Facebook Messenger by 2020

Looking to gain more control over the company’s communication platforms and prevent users from switching to competitors, Facebook CEO Mark Zuckerberg will merge WhatsApp, Instagram and Facebook Messenger, writes The New York Times. The integration is expected to be complete by 2020 and will serve over 2.6 billion users.

“The services will continue to operate as stand-alone apps, but their underlying technical infrastructure will be unified,” the newspaper reported, citing four people involved in the effort, whom it didn’t name.

The merger, part of the tech company’s larger plan to increase revenue and advertising opportunities, raises security and privacy concerns regarding user data and how the cross-platform communication will further handle data sharing.

“This is why there should have been far more scrutiny during Facebook’s acquisitions of Instagram and WhatsApp, which now clearly seem like horizontal mergers that should have triggered antitrust scrutiny,” Representative Ro Khanna, Democrat of California, said on Twitter. “Imagine how different the world would be if Facebook had to compete with Instagram and WhatsApp.”

According to Facebook, the apps will benefit from end-to-end encryption because they want to “build the best messaging experiences we can; and people want messaging to be fast, simple, reliable and private. We’re working on making more of our messaging products end-to-end encrypted and considering ways to make it easier to reach friends and family across networks.”

However, the merger and possible lack of autonomy raise trust issues and internal conflicts, following the departure of WhatsApp and Instagram founders. Inside sources who spoke with The New York Times say the reconfiguration of all three services will be the work of thousands but the company is still figuring out all the details.  



HOTforSecurity

Facebook to Merge WhatsApp, Instagram, Facebook Messenger by 2020

Looking to gain more control over the company’s communication platforms and prevent users from switching to competitors, Facebook CEO Mark Zuckerberg will merge WhatsApp, Instagram and Facebook Messenger, writes The New York Times. The integration is expected to be complete by 2020 and will serve over 2.6 billion users.

“The services will continue to operate as stand-alone apps, but their underlying technical infrastructure will be unified,” the newspaper reported, citing four people involved in the effort, whom it didn’t name.

The merger, part of the tech company’s larger plan to increase revenue and advertising opportunities, raises security and privacy concerns regarding user data and how the cross-platform communication will further handle data sharing.

“This is why there should have been far more scrutiny during Facebook’s acquisitions of Instagram and WhatsApp, which now clearly seem like horizontal mergers that should have triggered antitrust scrutiny,” Representative Ro Khanna, Democrat of California, said on Twitter. “Imagine how different the world would be if Facebook had to compete with Instagram and WhatsApp.”

According to Facebook, the apps will benefit from end-to-end encryption because they want to “build the best messaging experiences we can; and people want messaging to be fast, simple, reliable and private. We’re working on making more of our messaging products end-to-end encrypted and considering ways to make it easier to reach friends and family across networks.”

However, the merger and possible lack of autonomy raise trust issues and internal conflicts, following the departure of WhatsApp and Instagram founders. Inside sources who spoke with The New York Times say the reconfiguration of all three services will be the work of thousands but the company is still figuring out all the details.  

Researcher Releases Jailbreak PoC for iOS 12 on iPhone X

After tinkering with the latest iteration of Apple’s mobile operating system, a Chinese researcher has published a proof-of-concept of what he claims is a working exploit that can jailbreak iOS 12 on an iPhone X – and remotely, at that.

Critical vulnerabilities in Apple’s Safari browser, as well as in the iPhone’s operating system itself, enabled Qixun Zhao to create a “jailbreak” of the iPhone X’s A12 chip, opening the hardware to unauthorized apps and settings.

Dubbed “Chaos,” the jailbreak is not yet available to the public. Zhao details the hack in this elaborate blog post, but refrains from releasing the actual jailbreak code publicly. He explains:

“In this article, I will release the PoC of Chaos and will elaborate in details (for beginners) how to get the tfp0 exploit details on A12,” Zhao wrote.

“However, I will not release the exploit code, if you want to jailbreak, you will need to complete the exploit code yourself or wait for the jailbreak community’s release,” he said. “I will not mention the exploit details of the post exploit, as this is handled by the jailbreak community.”

The hack works on iOS 12.1.2 which, until a few days ago, was the latest version of the iPhone’s operating system. Apple immediately made a patch available, bringing iOS to version 12.1.3. The update, however, was not dedicated to patching the jailbreak. iOS 12.1.3 brings several fixes and improvements for owners of iDevices.

Threat Stack announces new API for streamlined DevOps and security workflows

Threat Stack released a new API that will give customers the ability to create, deploy, augment, and tune security rules directly within their existing DevOps and security tools. Threat Stack customers will now be able to manage and configure the Threat Stack Cloud Security Platform without a separate interface, reducing context switching within workflow tools, while leading to more actionable alerts and reducing alert fatigue. The new API will allow for the suppression and dismissal … More

The post Threat Stack announces new API for streamlined DevOps and security workflows appeared first on Help Net Security.

SIOS Protection Suite for SAP optimized on AWS available in AWS Solution Space

SIOS Technology unveiled that its SIOS Protection Suite for SAP optimized on AWS is now available in AWS Solution Space. SIOS Protection Suite for SAP optimized on AWS provides availability, data replication, and disaster recovery in a solution on AWS. SIOS is also offering a special consultancy service. “Businesses must ensure that the SAP applications that power their data and systems provide the same service levels that are achieved in their on-premises data,” said Jerry … More

The post SIOS Protection Suite for SAP optimized on AWS available in AWS Solution Space appeared first on Help Net Security.

Cisco and AppDynamics unveil vision for the Central Nervous System for IT

AppDynamics, a Cisco company, unveiled its vision for the Central Nervous System for IT, igniting a new era of AIOps. The Central Nervous System for IT will give businesses visibility, insights, and automated actions across all technology domains that run modern companies: the application, infrastructure, and network. We live in a time of change. Technology’s prevalence in the way we work, live, and learn has resulted in businesses doubling down on making digital experiences better, … More

The post Cisco and AppDynamics unveil vision for the Central Nervous System for IT appeared first on Help Net Security.

nCipher Security delivers trust, integrity and control to business critical information

nCipher Security launched creating a new organization in the general purpose hardware security module (HSM) marketplace. Today’s fast moving digital environment offers opportunities to enhance customer satisfaction, improve operational efficiency and gain competitive advantage, but in doing so also raises new security challenges. nCipher’s solutions and services allow organizations to keep pace with innovation while protecting their business critical assets from security breaches. The world’s leading organizations have depended on nCipher nShield HSMs for more … More

The post nCipher Security delivers trust, integrity and control to business critical information appeared first on Help Net Security.

Cohesity backup solution prevents, detects, and responds to ransomware attacks

Cohesity released the Cohesity Anti-Ransomware Solution, a series of new capabilities available for the latest version of Cohesity DataPlatform that combats ransomware attacks, one of the greatest enterprise security threats today. This solution offers the set of capabilities of any modern-day backup vendor with a multi-layered approach that can prevent, detect, and if necessary respond to attacks – helping ensure business continuity while keeping cybercriminals in their place. Ransomware attacks have become increasingly complex, targeted, … More

The post Cohesity backup solution prevents, detects, and responds to ransomware attacks appeared first on Help Net Security.

ThrottleNet’s new managed IT+Security services deliver business continuity

ThrottleNet launched IT+Security – a new service designed to keep business networks operational and secure 24/7/365. According to the Better Business Bureau’s State of Cybersecurity report, 32 percent of all businesses with 11 to 49 employees have reported a cyber-attack within the last 12 months. “ThrottleNet’s IT+Security services reflect our continued focus on delivering business continuity for companies in a world filled with disruptive and costly security threats,” said Mike Heil, CEO, ThrottleNet. “While our … More

The post ThrottleNet’s new managed IT+Security services deliver business continuity appeared first on Help Net Security.

API cybersecurity solution from Ping Identity protects organizations against API threats

Ping Identity has made several updates to PingIntelligence for APIs, its AI-powered API cybersecurity solution. These latest enhancements include an AI-based cloud trial, the ability to detect new types of attacks, support for Splunk environments, and additional integration with API gateways. The lack of visibility into how APIs are consumed is becoming commonplace in todays enterprise environment. In fact, a recent Ping Identity survey conducted among security and IT professionals reveals that 45% of respondents … More

The post API cybersecurity solution from Ping Identity protects organizations against API threats appeared first on Help Net Security.

Veeam expands leadership in cloud data management

Veeam Software releases new cloud data management capabilities as part of Veeam Availability Suite 9.5 update 4, as well as the upcoming Veeam Availability for AWS and Veeam Availability Console v3. The new capabilities deliver cost effective data retention, easy cloud migration and data mobility, cloud-native backup and protection for Amazon Web Services (AWS), portable cloud-ready licensing, increased security and data governance, and solutions to make it easier than ever for service providers to deliver … More

The post Veeam expands leadership in cloud data management appeared first on Help Net Security.

Attivo Networks names Chris Roberts as chief security strategist

Attivo Networks named Chris Roberts, one of the world’s experts on counter threat intelligence within the cybersecurity industry, to the new role of chief security strategist. Previously a member of the Attivo Networks Advisory Board, Roberts will use his more than 20 years’ security experience to further develop and define strategy and processes for the company’s government and industry customers on issues related to cybersecurity strategy, policy, risk threat assessments, and incident response. Roberts will … More

The post Attivo Networks names Chris Roberts as chief security strategist appeared first on Help Net Security.

DFLabs CDI Program extends open approach to security orchestration and automation

DFLabs unveiled its Community Development Incentive (CDI) Program which rewards and encourages the sharing of innovations for the DFLabs IncMan SOAR platform. The DFLabs CDI Program extends the company’s recent initiatives to foster an open approach to security orchestration, including an Open Integration Framework for linking third party security tools and actions, a free IncMan SOAR (CE) Community Edition and a Community Portal with developer resources and a forum. DFLabs also announced 100% growth in … More

The post DFLabs CDI Program extends open approach to security orchestration and automation appeared first on Help Net Security.

eSentire partners with Carbon Black to deliver an endpoint defense security solution

eSentire released Managed Endpoint Defense, powered by Carbon Black. Managed Endpoint Defense will be powered by Carbon Black’s CB Defense, a cloud-delivered endpoint security solution that allows organizations to predict and prevent threats using predictive models, blocking even attacks that other solutions might overlook. The combination of Managed Endpoint Defense and CB Defense provides organizations the ability to accelerate time-to-value, enabling them to deploy, operationalize and harden NGAV protection to prevent attackers from executing payloads … More

The post eSentire partners with Carbon Black to deliver an endpoint defense security solution appeared first on Help Net Security.

WhiteHat Security launches Essentials product line for security testing with code coverage

WhiteHat Security released its new ‘Essentials’ product line, with the launch of two solutions: Sentinel Source Essentials Edition and Sentinel SCA Essentials Edition. The streamlined ‘Essentials’ products have been created to help organizations meet the needs of the DevOps build/test phase by offering security testing with code coverage. The ‘Essentials’ solutions cut down scan times, helping developers get the vulnerability assessment results they need faster. The ‘Essentials’ product line currently includes: 1) Sentinel SCA Essentials … More

The post WhiteHat Security launches Essentials product line for security testing with code coverage appeared first on Help Net Security.

Varonis Data Security Platform 7.0 released

Varonis Systems releases new features in version 7.0 of the Varonis Data Security Platform to help organizations protect their enterprise data from insider threats and cyberattacks. Version 7.0 of the Varonis Data Security Platform features new cloud and threat detection and response capabilities: new event sources and enrichment; threat intelligence to Varonis security insights; and playbooks that arm customers with incident response plans right in the web UI – making it easier for customers to … More

The post Varonis Data Security Platform 7.0 released appeared first on Help Net Security.

BioCatch launches new behavioural biometrics offering to combat vishing

BioCatch has introduced a new offering to help protect consumers from phone scams known as vishing, a type of Authorised Push Payment (APP) fraud, in response to the growing vishing epidemic. Vishing, which involves fraudsters impersonating bank or other officials such as the police to trick victims into transferring funds, has become the fastest growing social engineering scam in the United Kingdom. UK Finance reported that in the first half of 2018, nearly 4,000 UK … More

The post BioCatch launches new behavioural biometrics offering to combat vishing appeared first on Help Net Security.

HITRUST expands to deliver ‘One framework, one assessment approach’ globally

HITRUST unveiled that it is expanding its engagement in Europe and Asia to aid organizations in addressing their global information risk management and compliance priorities, including General Data Protection Regulation (GDPR) and the Singapore Personal Data Protection Act (PDPA) requirements by providing a ‘one framework, one assessment’ approach globally. Standards and regulations around the world are constantly being created and updated to protect data, particularly personal data with multiple domestic and cross-border requirements and reporting … More

The post HITRUST expands to deliver ‘One framework, one assessment approach’ globally appeared first on Help Net Security.

Mitsubishi Electric develops cyber defense technology for connected cars

Mitsubishi Electric has developed a multi-layered defense technology that protects connected vehicles from cyber attacks by strengthening their head unit’s defense capabilities. The technology will help realize more secure vehicle systems in line with the increasing popularity of vehicles that are equipped for connection to external networks. Vehicles with communication functions provide connections to the internet and/or mobile devices such as smartphones. The importance of cyber security is increasing because these vehicles are vulnerable to … More

The post Mitsubishi Electric develops cyber defense technology for connected cars appeared first on Help Net Security.

Cequence Security awarded patent for detecting bot attacks

Cequence Security has been awarded a patent for its ability to passively detect malicious bot attacks targeting web, mobile, and API applications, US Patent 10,135,904 for Network Attack Detection on a Mobile API of a Web Service. Malicious bots now account for nearly 1/3 of all traffic on the Internet, which makes it the new #1 cyber threat facing today’s hyper-connected organizations that rely on these applications to connect customers, partners, and suppliers. The technology … More

The post Cequence Security awarded patent for detecting bot attacks appeared first on Help Net Security.

Google Fined 50 Million EUR for Violating GDPR Rules

Tech giants Amazon, Apple, Google, Netflix and Spotify have all been accused of not complying with GDPR, Europe’s data privacy regulations, and could face hefty fines for continuous violations. Things have now escalated, as Google has to pay a fine of 50 million euros for an ongoing violation after French data regulator CNIL accused the company of “lack of transparency, inadequate information and lack of valid consent regarding ads personalization,” writes the BBC.

“The user gives his or her consent in full, for all the processing operations purposes carried out by Google based on this consent (ads personalization, speech recognition etc.),” CNIL said. “However, the GDPR provides that the consent is ‘specific’ only if it is given distinctly for each purpose.”

The regulator says Google’s consent policies are neither transparent enough nor “easily accessible,” which kept users in the dark about how their personal data was used in personalizing ads and other services. Also, the information was “disseminated across several documents” making it difficult for users to review.

“The relevant information is accessible after several steps only, implying sometimes up to five or six actions,” the regulator said. “Users are not able to fully understand the extent of the processing operations carried out by Google.”

CNIL acted upon complaints filed in May by privacy advocates noyb and La Quadrature du Net (LQDN) as soon as legislation went into effect.

“People expect high standards of transparency and control from us. We’re deeply committed to meeting those expectations and the consent requirements of the GDPR,” a Google spokesperson said in a statement to a local publication. “We’re studying the decision to determine our next steps.”

VDOO releases runtime protection agent for connected devices

VDOO released its ERA – Embedded Runtime Agent for ongoing connected device security. The VDOO agent is tailored for each device based on an analysis of its firmware binary by Vision – VDOO’s analysis platform, focusing on the device’s threat landscape and resources, while avoiding any performance or functionality impact to the device. “While the VDOO analysis solution, Vision, provides the ultimate tools to properly implement security building blocks and mitigate threats on connected devices, … More

The post VDOO releases runtime protection agent for connected devices appeared first on Help Net Security.

HID Global launches cloud platform to help create connected workplace experiences

HID Global launched its HID Origo cloud platform that opens opportunities for partners to create workplace experiences that are built on HID’s access control infrastructure. The platform combines HID’s technologies for mobile IDs (and location services in the future) with its access control architecture to bring together physical security and a range of building applications, services and IoT use cases via a unified cloud experience. “HID Origo lays the foundation for a broad ecosystem of … More

The post HID Global launches cloud platform to help create connected workplace experiences appeared first on Help Net Security.

Angry ex-employee blamed for hack of WordPress plugin developer, and email to customers warning of security hole

This weekend, users of the popular WordPress translation plugin WPML (also known as WordPress MultiLingual) received an email from a hacker claiming to expose serious security vulnerabilities in the software that allegedly put the customers’ own websites at risk.

In the mass email, sent from WPML’s own servers, the hacker claimed that two of his own websites had been breached due to “a bunch of ridiculous security holes” in WPML’s code. He went on to warn recipients that their own websites could be at risk.

I’m able to write this here because of the very same WPML flaws as this plugin is used on wpml.org too.

Please take this with the warm recommendation of triple-enforcing your security on websites where you use WPML if you must use it. Make frequent backups and monitor your websites closely. Do not leave sensible information laying around in the database or on the server. Use only WPML components and features that you really need. Or ask for your money back.

In a statement on its website, WPML acknowledged that it had been hacked and that it believed the perpetrator to be a former employee.

However, the company disputed the hacker’s claim that there were security holes in the WPML WordPress plugin, and instead claimed that the attacker had accessed its infrastructure by using an old SSH password and backdoor that he had left for himself whilst he worked for the firm.

Even if that’s true, there’s still cause for some concern. After all, if a hacker was able to mass-mail up to 600,000 customers from WPML’s own systems, it’s easy to imagine how a more maliciously-minded attacker might use the same capabilities to send out a phishing campaign or malicious links designed to infect users’ computers.

Another nightmare scenario would be if the widely-used plugin’s code was tampered with by an attacker, potentially putting thousands of other websites at risk of exploitation. WPML says that it has verified its plugin’s code has not been compromised.

However, WPML does admit that the alleged ex-employee did manage to steal the names and email addresses of customers, send an unauthorised email on WPML’s behalf, deface WPML’s online store, and publish a bogus blog post containing the same content as the email.

The company says that in response to the attack it has rebuilt its website and ensured that access to administrator accounts is now controlled by two-factor authentication (2FA). Furthermore, WPML says that it has “minimized the access that the web server has to the file system.”

WPML further underlined in its advisory that no payment information had been compromised, and that the popular WordPress plugin does not contain a vulnerability. Customers have been advised to reset their passwords.

From the sound of things, WPML may have a pretty strong idea of the identity of its hacker. One would anticipate, therefore, it is going to share their information with law enforcement so a proper investigation into the data breach can take place.

Facebook to finally answer for Cambridge Analytica scandal; record fine expected

After scandalizing the world with the Cambridge Analytics affair, Facebook is finally coming under legal fire for letting the political consultancy access personal information on 87 million users without their knowledge.

The U.S. Federal Trade Commission (FTC) seeks to slap the social network with a record fine, likely much larger than the current record — a $22.5 million fine the FTC imposed on Google in 2012 for privacy-related violations, reports the New Hampshire Union Leader.

The investigation into the scandal is not finished, but staff has been briefed about the probe and plan to issue a formal recommendation for a fine. The commissioners will then vote on it to reach a final penalty.

Facebook itself has been in talks with the FTC regarding its imminent punishment, suggesting that it has been cooperative in the process.

“The key question for the FTC is if Facebook’s business practices — and the protections and privacy controls it afforded consumers — violated requirements spelled out in a consent decree brokered by the agency the last time the tech giant deceived consumers about its practices. Only through such a finding could the FTC levy a fine,” the report notes.

Cambridge Analytica, as readers will remember, had ties to Donald Trump’s U.S. presidential campaign and is believed to have helped him beat adversary Hilary Clinton by using harvested Facebook data to better target voters with political messages.

Since the scandal, Facebook has stumbled a few more times, and will likely incur several more penalties under different legislations.

New research by Accenture indicates that cybercrime will cost businesses around 5 trillion dollars over the next five years.

74% of Americans Are Clueless about Facebook’s Data Collection Algorithm, Survey Says

Americans don’t know much about Facebook and how its algorithm works, according to a survey from Pew Research Center conducted on 963 US Facebook users. The new study found that 74 percent of Facebook users in the US did not know that Facebook collects their traits and interests to help advertisers target ads. Users were also unaware that they could access this information in account settings.

Facebook doesn’t do this for free but for the hefty profit that comes from playing with big data, a common practice in the industry. Companies collect tons of online data about user behavior. They use it to improve their business models, to increase revenue, improve user experience through personalized content, as well as to sell to third parties. Even companies that offer their services for free such as social networks.

Asked to give their opinion on how Facebook profiles them, many respondents disagreed with the algorithm’s conclusions. The numbers show that almost half (51%) are “not comfortable” with the method used to create personalized lists and 27 percent say they don’t fit the descriptions because they are inaccurate. However, 59 percent do identity with Facebook’s categorization and interest list.

Facebook was also interested in collecting data about political affiliations, propaganda and racial and ethnic “affinities,” with a separate “multicultural affinity” category. A quarter of users showed up in this category, meaning their behavior shows an affinity for multiple racial and ethnic groups.

“37% of Facebook users are both assigned a political affinity and say that affinity describes them well, while 14% are both assigned a category and say it does not represent them accurately,” says the report.

“We want people to understand how our ad settings and controls work,” reads Facebook’s statement to The Verge. “That means better ads for people. While we and the rest of the online ad industry need to do more to educate people on how interest-based advertising works and how we protect people’s information, we welcome conversations about transparency and control.”

Amazon Web Services announces AWS Backup

Amazon Web Services released AWS Backup, a backup service that makes it faster and simpler for customers to back up their data across AWS services and on-premises, helping customers meet their business and regulatory backup compliance requirements. AWS Backup makes protecting storage volumes, databases, and file systems easier by giving customers a single service to configure and audit the AWS resources they backup, automate backup scheduling, set retention policies, and monitor recent backups and restores … More

The post Amazon Web Services announces AWS Backup appeared first on Help Net Security.

Immuta expands GRC expertise to help enterprises build data science programs

Immuta revealed that financial services industry veteran Richard Geering has joined as the company’s Vice President of Governance, Risk, and Compliance (GRC), reporting to CEO Matthew Carroll. Richard joins Immuta from the Royal Bank of Canada (RBC), where he served as Chief Operational Risk Officer for Investor and Treasury Services. He brings 25 years of experience in financial services and risk management, with broad domain knowledge in data analytics. Working alongside Immuta’s product and sales … More

The post Immuta expands GRC expertise to help enterprises build data science programs appeared first on Help Net Security.

Advanced Fraud Solutions partners with Q6 Cyber to fight card fraud

Advanced Fraud Solutions and Q6 Cyber unveiled that they have partnered to integrate Q6 data feeds directly into the TrueCards fraud prevention software platform. TrueCards is a tool allowing financial institutions’ fraud teams to monitor card holder transactions for test sites, breaches, and common points of compromise (CPC). Q6 Cyber employs an approach to monitoring the “Digital Underground,” including the DarkWeb and DeepWeb. Leveraging years of law enforcement and intelligence experience in the dark corners … More

The post Advanced Fraud Solutions partners with Q6 Cyber to fight card fraud appeared first on Help Net Security.

Onapsis signs agreement to acquire ERP cybersecurity company Virtual Forge

Onapsis has entered into a definitive agreement to acquire privately-held Virtual Forge, headquartered in Heidelberg, Germany. Onapsis’s platform is the cybersecurity solution that protects the ERP systems and business-critical applications of the world’s largest organizations. Founded in 2006, Virtual Forge is the provider of solutions to prevent, detect and remediate cybersecurity and compliance risks in customizations and extensions of SAP applications. The combination of Onapsis and Virtual Forge will empower customers to have visibility, incident … More

The post Onapsis signs agreement to acquire ERP cybersecurity company Virtual Forge appeared first on Help Net Security.

SEC brings charges in EDGAR trade hacking case

The US Securities and Exchange Commission (SEC) has charged nine defendants in connection with a scheme to hack into SEC systems and profit from corporate information not yet released to the public.

The defendants, a Ukrainian hacker, six traders in California, Ukraine and Russia, and two entities, allegedly participated in a scheme to hack into the SEC’s EDGAR system and extract non-public information to trade stocks ahead of public announcements that would affect share prices.

The key figure in this case is 27-year-old Ukrainian hacker Oleksandr Ieremenko, who had earlier allegedly hacked newswire services seeking insider information. The SEC says, after the newswire hack, Ieremenko turned his attention to the SEC’s Electronic Data Gathering, Analysis, and Retrieval (EDGAR), an online system used by companies listed on stock exchanges to submit quarterly and annual financial results. The filings also include sensitive corporate information on subjects like mergers and acquisitions, which heavily affect a company’s share price.

“The information was passed to individuals who used it to trade in the narrow window between when the files were extracted from SEC systems and when the companies released the information to the public,” the press release states. “In total, the traders traded before at least 157 earnings releases from May to October 2016 and generated at least $4.1 million in illegal profits.”

The SEC says Ieremenko circumvented EDGAR controls that require user authentication, then navigated within the EDGAR system to obtain quarterly earnings not yet public. He allegedly passed the information to different groups of traders which paid him either through regular fees or “by kicking back a portion of their trading profits,” according to the indictment (PDF). The document also says that the hacker’s main attack vector was phishing emails.

According to the complaint, the traders on the receiving end of the hacked EDGAR information are:

• Sungjin Cho, Los Angeles, California

• David Kwon, Los Angeles, California

• Igor Sabodakha, Ukraine

• Victoria Vorochek, Ukraine

• Ivan Olefir, Ukraine

• Andrey Sarafanov, Russia

• Capyield Systems, Ltd. (owned by Olefir)

• Spirit Trade Ltd.

Ieremenko has yet to be detained, according to the documents. He is currently charged with 16 counts of hacking and fraud. The SEC’s investigation is ongoing.

Ethereum holders suspect Cryptopia exchange faked breach in exit scam

A cryptocurrency exchange in New Zealand is suspected of having performed an exit scam after bluntly announcing an immediate halt due to an alleged hack.

The first signs of trouble emerged on the afternoon of January 14, when Cryptopia announced on its Twitter page that the exchange was going through unscheduled maintenance.

“We are currently experiencing an unscheduled maintenance, we are working to resume services as soon as possible. We will keep you updated,” the exchange said.

The exchange later announced it was hacked, generating an immediate wave of speculation (mostly from its own customers) that it was, in fact, an exit scam. The fears wouldn’t be entirely unfounded, given the numerous precedents involving other exchanges and the lack of details about the situation. The full notice is here:

As reported by blockt.com, some users claim their Ethereum wallets were drained right before the shutdown.

Cryptopia has not disclosed the amount of digital currency stolen, nor if it will use its own funds (if any remain) to reimburse customers affected by the hack. We’ll update this story with any new developments.

Authorities Can’t Force Suspects to Unlock Phones with Biometrics, Rules California Court

A California court has ruled that government agencies can’t compel suspects to unlock their smart devices with biometric authentication because it violates the self-incrimination clause in the Fifth Amendment, writes Forbes. This applies even if a warrant has been granted to search the person’s residence.

The decision was made after law enforcement filed for a search warrant while investigating two suspects in Oakland, California, allegedly involved in a Facebook extortion case. The men were accused of using Facebook Messenger to harass and threaten another man with publishing a humiliating video online.

While searching the suspects’ house, federal authorities wanted to also investigate the contents of all mobile devices on premises but, to be unlocked, the individuals would have to use biometric features such as fingerprint of facial recognition to unlock them. Their warrant request was denied.

“The Government cannot be permitted to search and seize a mobile phone or other device that is on a non-suspect’s person simply because they are present during an otherwise lawful search,” reads the ruling.

Courts in the US earlier ruled that “a passcode cannot be compelled under the Fifth Amendment, because the act of communicating the passcode is testimonial,” but didn’t include biometrics. Judge Kandis Westmore now ruled that biometric features are innovative passcodes and should benefit from the same protection, so police can no longer force suspects to unlock their devices.

“While the judge agreed that investigators had shown probable cause to search the property, they didn’t have the right to open all devices inside by forcing unlocks with biometric features,” says Forbes.

“If a person cannot be compelled to provide a passcode because it is a testimonial communication, a person cannot be compelled to provide one’s finger, thumb, iris, face, or other biometric feature to unlock that same device,” the judge wrote.

“The undersigned finds that a biometric feature is analogous to the 20 nonverbal, physiological responses elicited during a polygraph test, which are used to determine guilt or innocence, and are considered testimonial.”

Huge prizes up for grabs for anyone who can hack a Tesla

If you’re going to the CanSecWest conference in Vancouver this March you’ll have the chance to participate in the Pwn2Own ethical hacking contest. As usual hackers will be working hard to crack the security of browsers and operating systems from Apple, Microsoft, Google, Mozilla, Oracle and VMware.

But this things are a little different. Because this year, for the first time ever, a popular car will be amongst the products hackers will be trying to exploit.

A sacrificial Tesla Model 3 will be on-site, inviting hackers to win big in Pwn2Own’s new automotive category.

The top Tesla-hacking prize up for grabs is $250,000 for anyone who finds a way to run unauthorised code on three of the high-tech car’s critical components: the gateway, the autopilot, or the VCSEC.

As Thomas Brewster at Forbes explains, the gateway is a key piece of hardware in the Tesla through which data communications flow.

The VCSEC, meanwhile, controls security features such as the alarm, and access to the charge port and trunk.

And autopilot? Well, you know what the Tesla’s autopilot is. And just how important it is that that particular famous part of the vehicle’s infrastructure is not vulnerable to compromise.

If that’s too tricky, then there is still a handsome $100,000 waiting for anyone who can subvert Tesla’s key fob (or phone used as a key) to run unauthorised code, unlock the vehicle, or start its engine.

Smaller prizes are on offer for researchers who discover a way to run code on the Tesla’s modem, tuner, WiFi, Bluetooth, or infotainment systems.

According to the Pwn2Own competition organisers, participants eager to win the “Modem or Tuner”, “Wi-Fi or Bluetooth”, and “Gateway, Autopilot, or VCSEC” prizes must achieve code execution “by communicating with a rogue base station or other malicious entity.”

Meanwhile, attacks on the infotainment system need to be launched from the on-site Tesla, and must achieve code execution by browsing to malicious content.

Oh, and did I mention the first successful researcher will have the opportunity to drive a brand new Tesla Model 3 away at the end of the competition?

Truth be told, you’ll most likely already have access to a Tesla to experiment on if you’re going to be in with any chance of successfully hacking the one at Pwn2Own.

The good news is that if you are thinking of hacking your Tesla, as of last year you no longer have to worry about voiding your warranty if you accidentally brick your vehicle. In September 2018, the company confirmed it was supporting “safe harbor” which legitimises good-faith security research, and allows owners to hack their own cars provided they remain within its bug bounty rules.

Other companies have in the past attempted to censor the publication of security research using legal threats.

Fuller details of the Pwn2Own competition, and add-on prizes for achieving persistence after a reboot, can be found in the Pwn2Own blog post.

British Hacker-for-Hire Goes to Prison for Liberian Telecom, Deutsche Telekom Mirai Attack

The British professional hacker behind the 2016 Mirai attack on Lonestar, Liberia’s largest telecom company, was sentenced to two years and eight months in prison, announced the UK National Crime Agency. Daniel Kaye, also known as “BestBuy” and “Spiderman,” was arrested in 2017 in the UK on a European Arrest Warrant, and confessed in December 2018.

Kaye, a 30-year-old hacker-for-hire, launched a wave of DDoS attacks while living in Cyprus. The NCA found he was on a month-to-month contract with an official at Cellcom, a Lonestar competitor. He allegedly received $100,000 for his efforts.

The first series of attacks on Liberia’s Lonestar MTN began in October 2015 through rented botnet and stressor services. As of September 2016, he used a Mirai botnet he created by taking advantage of poor security configurations to corrupt Dahua security cameras. The final attack, in November 2016 at 500 Gbps, took down Liberia’s entire internet network nationwide, leaving the company to struggle for days with mitigation and recovery.

Following the attack, Lonestar lost customers, dealt with tens of millions of US dollars in losses and spent some 600,000 USD on attack prevention and mitigation.

The Mirai DDoS botnet attack also crippled DYN’s DNS and Deutsche Telekom. Kaye also pleaded guilty to the attack on Deutsche Telekom, after he was extradited to Germany, according to British authorities.

“Daniel Kaye was operating as a highly skilled and capable hacker-for-hire,” said Mike Hulett, Head of Operations at the NCCU. “His activities inflicted substantial damage on numerous businesses in countries around the world, demonstrating the borderless nature of cybercrime. The victims in this instance suffered losses of tens of millions of dollars and had to spend a large amount on mitigating action. Working in collaboration with international law enforcement partners played a key role in bringing Daniel Kaye to justice.”

Fraudsters increasingly turning to Fuze cards to evade police

Street thieves who specialize in cashing out stolen credit and debit cards are increasingly using Fuze cards to conduct fraud and theft, the U.S. Secret Service has warned in a memo to companies in the financial sector.

Fraud rings use Fuze cards to avoid suspicions that could arise by carrying dozens of cards when attempting to draw cash or conduct purchases. Fuze cards allow them to store information for up to 30 stolen cards. The thief can simply use the controls on the Fuze card to swap through the card numbers.

Brian Krebs, a cybersecurity expert and investigative reporter, received a copy of the memo, which said that, “The transaction may also appear as a declined transaction but the fraudster, with the push of a button, is changing the card numbers being used,” the memo notes.

“Fraud rings often will purchase data on thousands of credit and debit cards stolen from hacked point-of-sale devices or obtained via physical card skimmers,” Krebs explains. “The data can be encoded onto any card with a magnetic stripe, and then used to buy high-priced items at retail outlets — or to withdrawn [sic] funds from ATMs (if the fraudsters also have the cardholder’s PIN).”

The Secret Service memo underscores that, “while this smart card technology makes up a small portion of fraudulent credit cards currently, investigators should be aware of the potential for significant increases in fraud loss amounts with the emergence of this smart card technology.”

Fuze Card, the company behind the technology, plans to extend Fuze functionality to include transactions with virtual currencies, like Bitcoin. When that happens, fraudsters might further increase their reliance on Fuze to conduct illicit transactions.

Last year, two independent security researchers discovered a grave flaw in the Fuze Bluetooth-pairing functionality which allowed anyone with brief physical access to tamper with the data stored “securely” on the cards. The researchers disclosed the flaw to Fuze Cards responsibly, holding off a public announcement until the company patched the bugs – which it did, in a timely fashion.

The DDoS attacker rescued by a Disney cruise ship is sentenced to over 10 years in prison

A 34-year old man has been sentenced to more than 10 years in prison, after being found guilty of launching a massive denial-of-service attack against Boston Children’s Hospital.

The sentencing of Martin Gottesfeld, from Somerville, Massachusetts, comes almost three years after he attempted to escape to Cuba – a plan that failed after his speedboat broke down in the choppy sea, and he was picked up by a Disney cruise liner.

Gottesfeld’s troubles began when he heard about the case of Connecticut teenager Justina Pelletier, who was admitted to Boston Children’s Hospital in 2013. The hospital and Pelletier’s parents disagreed about how she should be treated, and eventually she was removed from her parents’ custody.

The case received widespread attention in the media and online, as the teenage girl’s parents argued that she had been “medically kidnapped”.

Publicity about the case spurred an internet campaign under the banner of #FreeJustina, and Gottesfeld, in the name of the Anonymous hacking collective, posted a YouTube video in March 2014 calling for action against the hospital.

That video, in turn, shared links to a Pastebin account – doxing the home address and phone numbers of a judge and doctor involved in Pelletier’s case, and making a clear threat:

“This will be your first and final warning. Failure to comply will result in retaliation which you will not be able to withstand. Free Justina and return her home to her family. The voice of the people will be heard.”

Gottesfeld linked to the information from his Twitter account, where he frequently posted about the #FreeJustina campaign.

At the same time, Gottesfeld launched a distributed denial-of-service (DDoS) attack against Wayside Youth & Family Support Network, a facility offering children mental health counselling. Pelletier was a resident of the facility having been by then discharged from hospital, but still not released into the care of her parents.

The following month Gottesfeld launched another DDoS attack, this time crippling the systems of Boston Children’s Hospital. Prosecutors claimed that the attack knocked the hospital’s internet systems offline for two weeks, disrupting fundraising campaigns and communication between patients and medical staff.

Perhaps unsurprisingly, FBI investigators were able to link Gottesfeld to the YouTube account. For his part, Gottesfeld claims he deliberately didn’t bother covering his tracks as he didn’t believe he had done anything wrong.

In the early morning of October 1, 2014, FBI investigators searched Gottesfeld’s home, seizing computer equipment.

As the investigation into the DDoS attacks proceeded over the coming months, Gottesfeld realised the seriousness of the case against him – and in February 2016 fled with his wife Dana to Miami. Their plan? To buy a boat off Craigslist, and sail it to Cuba where they would be beyond the reach of US authorities.

The couple purchased a speedboat for US $5000, abandoned their car, and immediately set off across the ocean for what they believed to be the sanctuary of Cuba. But after hours of battling rough waves, their boat broke down. They were stranded, with no boats or land in sight. And they had told no-one of their plan.

Attempts to restart the boat failed, and eventually Gottesfeld admitted defeat – putting a distress call out on the radio which was thankfully heard by “The Disney Wonder”, an 11-deck cruise ship carrying hundreds of tourists.

In terrible weather conditions, Martin and Dana Gottesfeld were brought safely onboard where they were held in a cabin, with guards stationed outside.

Authorities in the Bahamas contacted the FBI office in Boston, and when the cruise ship returned to the US mainland, Gottesfeld and his wife were arrested and handcuffed.

The hacker’s dream of escape to Cuba was in tatters.

On Thursday, Gottesfeld was sentenced to 121 months in prison, and ordered to pay nearly US $443,000 in restitution.

“Make no mistake, your crime was contemptible, invidious and loathsome,” said US District Judge Nathaniel Gorton.

To reads more about the case, and Gottesfeld’s background, I strongly recommend reading this article in Rolling Stone.

There’s no doubt that Gottesfeld did many foolish things, but when you read more about the case (Check out this excellent article in Rolling Stone which explores his background) you can’t help but conclude that he had ultimately good intentions that were catastrophically misdirected.

A prison sentence of over 10 years for the DDoS attacks that Martin Gottesfeld perpetrated feels very harsh to me.

Gottesfeld says he plans to appeal his sentence. I can’t condone what he did, but I wish him well for the future.

How to secure your cloud file storage with 5 simple tricks

File hosting / cloud storage services today are a dime a dozen. Players in this vertical constantly top each other with free storage offerings, business features, and custom plans, all designed to cater to every possible audience. But they all have one thing in common: the cloud.

Cloud storage is somewhat of a double-edged sword: it’s a convenient way to keep your entire fleet of devices in sync, but it can also spell disaster if someone finds the keys to your vault. Remember the celebrity nudes leak a few years ago? Yeah. You don’t want that ‘fappening’ to you. So it’s a good idea to remind ourselves that cloud storage services like iCloud, Dropbox and Google Drive are not impenetrable. Your vendor can only do so much to protect you. ‘The Fappening’ was mostly the result of those celebrities falling victim to phishing emails. So it’s important to enable extra safeguards to avoid falling victim to scams that steal your password. In this guide, we’ll look at five practices to secure your cloud content and keep your digital life away from prying eyes.

Step 1 – Verify your email and/or phone number

This may draw a resounding “d’oooh” from power users, but you’d be surprised how many people forget their login credentials, especially those who aren’t online 24/7. Checking and confirming your email address with your vendor also helps you recover a forgotten password, so consider this simple step a double-whammy. Most cloud services also let you change the email associated with your account so, if you want to start anew, look for the module that lets you tweak this setting. It’s typically located under “account settings” or “security.”

Dropbox offers the option to quickly change the email associated with your account

If you have a phone number associated with your account, verify that one as well, and remember to update it if you end up changing your number for any reason. It ensures you’re always reachable on another device for two-factor authentication, important notifications that may involve security matters, and other exceptional situations.

Step 2 – Review, add, or remove devices, browsers and linked apps

Most cloud services offer a handy list of all devices linked to your account. If you’re a longtime user, chances are you’ve swapped devices a few times over the years. So, don’t be surprised if the list names a Windows Vista machine, or your old BlackBerry Bold. While vendors do their best to monitor your account for suspicious activity, it’s a good idea to unlink any old devices you no longer use. The same goes for different web browsers associated with your account, or linked apps that integrate with the service. If you no longer use those apps, there’s no reason for your account to keep ties with them. Who’s to say they don’t suffer a breach one day and leak your credentials?

Devices associated with a Google Drive account
This is how iCloud displays your devices. Simply click on the device’s name for more options to manage them, including to disassociate one or more with your account (for example, if you’ve sold your phone to someone).
An example of linked apps in Dropbox

Step 3 – enable two-factor-authentication (2FA)

Two-factor-authentication, typically abbreviated as 2FA, adds another layer of security to your online accounts. It allows the service to verify that the person logging in is really you by asking you to confirm a code on another device that you own. Wonder when this comes in handy? The 2014 iCloud hack could have been almost entirely avoided had those celebs used 2FA.

So be sure to flip this switch on for every online service you have an account with, especially your cloud storage services. Most vendors today offer this option, and some even have it on by default. But for those services that don’t have 2FA enabled from the start, be sure to dig through the settings and turn it on. It’s a life saver!

iCloud asks to check your phone for a six-digit passcode

Step 4 – have good password hygiene

Yes, it’s a drag, but you should still do it. Data breaches are so common these days that it’s become a matter of when, not if, one of your online accounts gets compromised. And cloud accounts are easily the most sensitive ones. It’s also wise to use a strong password when you decide to change it. Use a combination of upper- and lower-case letters, numbers, as well as special characters (#$%*). And remember, eight characters is the absolute minimum by today’s standards.

If you don’t trust your memory with such a complex string of characters, perhaps it’s time you considered using a password manager. There’s no shortage of options out there. Plus, it’s advisable to use different passwords with different online accounts, in case your credentials end up for sale on the dark web following a breach.

Microsoft even offers a way to go password-less with its OneDrive file-hosting service. All you need to do is download the Authenticator app for iOS or Android. “It’s more convenient and more secure,” according to the software giant. OneDrive users can also tick a box and have Microsoft remind them to change their password once every 72 days.

Changing a password in OneDrive. Microsoft offers tips on how to set a strong password, as well as the option to get nagged from time to time to change it.

Step 5 – Always sign out!

The exclamation mark above is easily justified. ALWAYS sign out of your account when you access your file storage service in a web browser, especially on an external device. For instance, Dropbox stays logged in forever, even after you close the tab in your browser – a big oversight on behalf of a service with more than 500 million users. Nevertheless, end-users shoulder the responsibility of keeping their accounts secure. If someone else has access to your computer, whether at home or at work, they can easily peek into your private life with a few keystrokes and clicks. Maybe you have nothing to hide, but why would want someone peeking at your photos without you knowing? So remember to always hit that “sign out” button when you’re done.

Stay safe

These are just a few simple tricks to help you keep your digital life safe. We could mention other things as well, like choosing security questions and answers that can’t be easily guessed (for password recovery), or keeping an eye out for phishing scams that impersonate your cloud vendor. But as a rule of thumb, these five tips are all you need to stay on the safe side.

The folks at Apple prefer to keep iCloud users away from the technicalities and randomly trigger two-factor-authentication every now and then to verify that no one has hijacked your account. They even show you how to avoid phishing emails and other scams so you don’t mistakenly give someone the keys to your iCloud. Dropbox has a comprehensive security checkup module that lets you do most of the above in one shot. And Google and Microsoft offer handy “Authenticator” apps with their respective services (Google Drive and One Drive).

While businesses may be reluctant to store their intellectual property on remote servers, public clouds are nonetheless a decent option for regular users. So go ahead and apply these five tricks to your preferred cloud storage app or service. You’ll be glad you did. Stay safe out there!

Facebook Accused of Violating Vietnam’s Cyber Law

Vietnam’s controversial cybersecurity law that tightens government control of the online environment just came into effect on Jan. 1 and it’s already claiming its first victim, writes the Financial Times.

On Tuesday, the communist country accused Facebook of not complying with its new law by refusing to immediately delete fan pages with content the government considers defamatory. According to Vietnam’s Authority of Broadcasting and Electronic Information (ABEI), Vietnamese account holders freely published “slanderous content, anti-government sentiment and libel and defamation of individuals, organizations and state agencies.”

The cybersecurity law, passed in June 2018, forms part of Vietnam’s strategy to tighten media control and restrict free speech online.

“This decision has potentially devastating consequences for freedom of expression in Vietnam,” Amnesty International stated at the time. “In the country’s deeply repressive climate, the online space was a relative refuge where people could go to share ideas and opinions with less fear of censure by the authorities.”

Citing a Vietnamese market research report, the government body accuses Facebook of allowing advertising for scams and fake or illegal products. “The Vietnamese report claimed some $235 million was spent on Facebook ads in 2018, with $152.1 million going to Google,” writes TechCrunch.

As a result, Vietnam wants to penalize Facebook by taxing advertising revenue.

“We have a clear process for governments to report illegal content to us, and we review all these requests against our terms of service and local law,” Facebook responded. “We are transparent about the content restrictions we make in accordance with local law in our Transparency Report.”

Vietnamese authorities requested information on suspicious accounts, but Facebook refused to hand over user data, as it would violate community standards.

Canadian Telecom Firm Wants Permission to Collect, Monetize Customer Data, Online Activity

The largest telecom company in Canada wants to monetize its customers’ personal data, but not without getting their consent first, as required by Canadian privacy law, writes the CBC. Will users give in to the demand? Do they simply no longer care about online privacy?

In December 2018, Bell Canada started reaching out to customers to get their permission to track their personal data and digital activity patterns on all services they use through the provider. Think smartphone, TV and internet activity, online purchases, transactions, downloads and social media activity, besides the usual personal information such as age, gender and address: all the information needed and much more to create customer patterns.

The company claims it wants to follow in the footsteps of Google and Facebook, and use the information to enhance user experience, and for tailored marketing and advertising campaigns.

“Tailored marketing means Bell will be able to customize advertising based on participant account information and service usage patterns, similar to the ways that companies like Google and others have been doing for some time,” reads the notice Bell customers received.

Bell will also gather the “number of messages sent and received, voice minutes, user data consumption and type of connectivity when downloading or streaming.”

While some might hope consumers will get something out of this, chances are little to none. So far, Bell hasn’t clearly explained its plan to strengthen security or fend off threats now that it expects to store such large amounts of valuable information, leaving consumers’ privacy and security at risk.

US Health Insurer Humana Announces Third Data Breach after Third-Party Hack

Kentucky-based health insurance provider Humana fell victim to a third data breach from December 2018, this time caused by a third-party vulnerability.

According to a detailed notice to the California Attorney General’s Office and affected customers, Humana was informed on Oct. 28 that its business partner, Bankers Life, had suffered an intrusion that allowed unauthorized access to select employee system credentials between May 30 and Sept. 13.

The intruder used employee credentials to hijack company websites used to apply for Humana insurance. An investigation determined that this may have given the intruder access to personal information of some policy holders. While data such as name, address, date of birth, last four digits of the Social Security number, and some information about policy type may have been compromised, critical information such as full Social Security number, banking and card information and details about medical care were not affected.

Bankers Life detected the breach on Aug. 7 and started an investigation. They informed law enforcement and contacted an external forensics team to help. Since then, they organized additional trainings for employees and implemented extra monitoring and security procedures.

While customers who may have been affected will received one year of identity repair and credit monitoring on behalf of Bankers Life, all are advised to keep a close eye on their account statements and insurance transactions to prevent fraud and identity theft attempts.

German Teen Confesses to Data Breach Affecting 1,000 Politicians, Journalists

2019 kicked off with a major security breach in Germany that compromised the personal data of some 1,000 politicians, journalists and celebrities, including Angela Merkel, Green party leader Robert Habeck, TV personality Jan Böhmermann and many others, including rappers and members of the German parliament, writes the BBC. For now, there is no evidence suggesting far-right party AfD members were also targeted.

While authorities initially had no idea who was behind the cyberattack, they brought in a 20-year-old German man for questioning, says The Guardian. At first he denied accusations but confirmed he knew who was behind the Twitter account that caused the breach: @_0rbit located in Hamburg, Germany.

In December, the Twitter account @_0rbit published the stolen data online disguised in a daily advent calendar. The compromised data includes telephone numbers, credit card information, photos, addresses, private conversations and contacts, reported BKA – the German federal criminal police. The account, which had over 17,000 followers, has been suspended.

Shortly after interrogation, the man, identified as Jan S., confessed to the attack, which he claims he carried out “alone and out of annoyance at statements made by the public figures he attacked.” On Twitter he also used the account name “G0d.” BKA says so far there is no evidence that a third-party was involved.

Interior Minister Seehofer told the BBC at the time that the data was accessed through “wrongful use of log-in information for cloud services, email accounts or social networks.” There is no evidence that government systems were hacked.

German newspaper Bild claims the data compromised is as old as October 2018, possibly even older.

Jan S. was released on Monday “due to a lack of grounds for detention.”

Thieves make off with shoppers’ credit card numbers after hacking apparel site for four months

Shoppers who placed an order with discountmugs.com during a four-month period last year are receiving a worrying notification from the online apparel store. Apparently, hackers injected card skimming code into the company’s website, then stole enough customer data to conduct fraud.

In a letter to the state attorney general, the company explains what happened, what information the hackers took, and what the company is doing to remedy this embarrassing situation. From the letter:

“On November 16, 2018, we discovered that an unauthorized change had been made to our DiscountMugs.com website. We immediately initiated an investigation and learned that unauthorized code was inserted into our shopping cart page designed to collect information customers entered on that page. We immediately removed the unauthorized code and reported the matter to law enforcement and to the payment card companies.

By Dec. 20, the company said, its investigation found that “orders placed by credit or debit cards between August 5, 2018 and November 16, 2018, may have been impacted by the unauthorized code. We are providing you with this notice because our records indicate that you placed an order between August 5, 2018 and November 16, 2018.”

This email would undoubtedly alarm any recipient, but the paragraph that follows is even more chilling. It shows the malware siphoned off exactly the data hackers needed to conduct fraud:

“… name, address, phone number, email address, the credit card or debit card number used to place the order, the expiration date, and card security code (CVV2) for that card.”

The paragraph ends by offering some comfort to victims: “Since we do not request PINs when debit cards are used, PINs were not subject to collection.”

But not every card emitter offers the 3D Secure mechanism, and not every e-commerce website uses two-factor-authentication for transactions. Moreover, verifiability of site identity is not 100% bulletproof, because the system involves a pop-up window or inline frame requiring cardholders to enter the one-time password to verify their legitimacy. However, a hacked website might display a fraudulent pop-up designed to harvest passwords.

After learning of the breach, DiscountMugs launched an investigation and, with the help of an unnamed cybersecurity firm, removed the malicious code. It is now helping police and card issuers with their investigations into the breach. Affected customers are offered a reassuring “we do not have any evidence that your information has been misused,” but the company still advises them to review an enclosed document with further information and steps they can take to prevent any harm done. The shop is also offering a complementary year of identity monitoring through AllClear ID.

DiscountMugs fails to mention how many customers were impacted. According to TechCrunch, the shop ranks in the top 10,000 sites in the U.S., with a daily customer count in the thousands.

Marriott lowers estimate of customers affected by breach to 383 million, says 8.6 million encrypted payment cards involved

Following last year’s disclosure that hackers breached its systems, Marriot has released an update on the number of affected customers, the type of data that was leaked, as well as some changes to its practices and policies.

On Nov. 30, 2018, the world’s largest hotel chain issued an embarrassing notice that its servers were breached, leaving 500 million guest records in criminal wrong hands. With the help of internal and external forensics and analytics teams, Marriot now knows that the number of affected customers is lower – albeit still high, by any standards.

“Working closely with its internal and external forensics and analytics investigation team, Marriott determined that the total number of guest records involved in this incident is less than the initial disclosure,” Marriot says in the update, posted to its news center Friday. “Also, the number of payment cards and passport numbers involved is a relatively small percentage of the overall total records involved,” the hotel chain said.

According to the updated news release, Marriott now believes 383 million guests may have been affected, a number it refers to as “the upper limit” for the number of guest records involved in the incident. The number could be lower, Marriot says, considering that many guests have multiple records.

“The company has concluded with a fair degree of certainty that information for fewer than 383 million unique guests was involved, although the company is not able to quantify that lower number because of the nature of the data in the database,” it clarifies.

The investigation has brought to light several other details as well. For example, approximately 5.25 million unencrypted passport numbers and 20.3 million encrypted passport numbers were among the records accessed by the intruder. Investigators found no evidence that the master encryption key was accessed, but they haven’t ruled it out either. Guests can contact Marriott’s call center and ask reps to look up their passport number to see if and how they are affected.

Around 8.6 million encrypted payment cards were involved in the incident, including 354,000 that were unexpired as of September 2018. Again, Marriot believes hackers have not accessed either of the components needed to decrypt the encrypted payment card numbers, but investigators are not ruling out this scenario either. Notably, a small number of customers may be more affected than others because of the way Marriot encrypted some form fields while others were not subject to encryption. According to the notice:

“While the payment card field in the data involved was encrypted, Marriott is undertaking additional analysis to see if payment card data was inadvertently entered into other fields and was therefore not encrypted. Marriott believes that there may be a small number (fewer than 2,000) of 15-digit and 16-digit numbers in other fields in the data involved that might be unencrypted payment card numbers. The company is continuing to analyze these numbers to better understand if they are payment card numbers and, if they are payment card numbers, the process it will put in place to assist guests.”

Lastly, Marriot has discontinued the Starwood reservations database, and is now taking registrations solely through its own system. The breach, as readers might remember, occurred via Starwood’s servers, following Marriott’s acquisition of the leisure company in 2015.

Some say Chinese spies could be behind the Marriott breach, as part of a larger intelligence-gathering campaign targeting the U.S. and operated from Beijing.

Town of Salem hack exposes details of 7.6 million gamers

Just before Christmas, hackers managed to break into a database belonging to a popular online game and steal the details of over seven million players.

BlankMediaGames, makers of the browser-based game “Town of Salem”, has sent an email to players warning that personal information stolen by the hackers may include email addresses, full names, postal addresses, usernames, encrypted passwords, forum activity, IP address, and game activity.

Fortunately, BlankMediaGames uses a third-party to handle payments and so does not have access to payment information, ridding the hackers of their ability to directly monetise the hack.

Nonetheless, there’s plenty of opportunity for the hackers to still exploit the stolen data. For instance, phishing campaigns could be sent out to players pretending to come from the game, using gamers’ names and email address to make the message look more convincing.

And you shouldn’t think that just because your “Town of Salem” was “encrypted” that it hasn’t been compromised. In a forum post, BlankMediaGames reveals that the passwords “were stored as a salted MD5 hash”.

MD5 is considered to be a relatively weak algorithm for hashing passwords, and the lack of stronger protection may open easy opportunities for hackers to crack some of the passwords.

In short, you would be wise to reset your Town of Salem password *and* also ensure that you are not reusing the same password anywhere else on the internet.

BlankMediaGames says it has removed three suspicious PHP files from its server that allowed the hackers to gain access, and has asked its hosting provider to run a malware check across all of its servers.

Furthermore, it says it has put in place additional security measures to protect players better in future, and is liaising with law enforcement.

Whether that will be enough to ally the fears of gamers remains to be seen.

One clear lesson that all companies could learn from this incident is the need to recognise that a security breach can happen at any time.

It appears that despite emails and calls to BlankMediaGames between Christmas and New Year from individuals who knew about the breach, nothing has been said publicly until now.

BlankMediaGames is, of course, a small company. But online firms cannot afford to rest when it comes to security issues. There’s a reason why hackers often like to strike during the holidays or at the weekend.

Skype flaw grants access to the photos on your Android phone without a passcode

A design flaw in Microsoft’s Skype app can be exploited to grant access to the data on your Android phone without passcode authentication, a researcher has shown.

Kosovo-based bug-hunter Florian Kunushevci demonstrates in the YouTube video below how Skype can be manipulated into accessing private data, including photos on the phone, without unlocking the handset. All one has to do is gain physical access to the phone and answer a Skype call on it. From there, the user can access contact information, as well as the photo gallery through the app’s file sharing function.

“One day I got a feeling while using the app that there should be a need to check a part which seems to give me other options than it should,” he explained to The Register. “Then I had to change the way of thinking as a regular user into something that I can use for exploitation.”

While the flaw could tempt a suspicious spouse to look through their partner’s phone, it is more of a design oversight than anything. Kunushevci himself tells the publication, “For the specific bug that I have found on Skype, it is more of a bad design and also a bug in coding. I think to put it all together, humans make mistakes.”

A responsible bug-hunter, Kunushevci alerted Microsoft to the bug and waited for the company to patch the bug before he disclosed it. That doesn’t mean it can’t still be exploited. Anyone who hasn’t updated their Android Skype app in over a month is at risk. Only the latest versions of Skype, issued December 23, are safe to use. And because Skype versioning differs between Android versions, everyone must be sure to be on a version number above over 8.15.0.416.

BevMo leaks credit card data (including CVVs) of 15,000 customers

American alcohol retailer BevMo has suffered a breach that leaked credit card data, including security codes, belonging to 15,000 customers.

A privately-held corporation based in Concord, California, BevMo sells mostly alcoholic beverages. The company was founded in January 1994 as Beverages & More and was re-branded as BevMo in January 2001. As of 2013, the company operates 148 stores.

California attorney general’s office received a notice from BevMo this week that someone planted malware on its checkout page, the Associated Press reports. The code was designed to steal customers’ names, credit and debit card numbers, expiration dates, CVV codes (the three-digit security code used to confirm transactions), billing addresses, shipping addresses and phone numbers.

NCR Corporation, the service provider that operates BevMo’s website, removed the malware soon after it learned of the breach. However, the personal and financial information of some 15,000 customers is reportedly already in the wrong hands. NCR is now collaborating with a third-party forensic firm to assist in further investigation. BevMo, for its part, has been in contact with law enforcement and credit card companies, and is conducting its own investigation into the breach.

According to Tamara Pattison, BevMo’s Chief Marketing and Information Officer, if you’ve placed an order with BevMo between August 2 and September 26 you might be one of the 15,000 customers whose data was stolen by hackers. In such a case, you can contact a company official at (877) 565-6276.