Category Archives: Industry News

DFLabs Community Edition enables organizations to test drive SOAR platform

DFLabs released IncMan SOAR Community Edition (IncMan CE), a free version of its SOAR platform that allows organizations to test and experience the benefits of automated incident response in pre-production environments. IncMan CE is a full featured version that provides integration with third-party security tools and access to DFLabs patent-pending R3 Rapid Response Runbooks for automation of security alert processing and assessment tasks. “The Marriott data breach is the latest example of the direct correlation … More

The post DFLabs Community Edition enables organizations to test drive SOAR platform appeared first on Help Net Security.

Sharp introduces multifunction printers that include firmware attack prevention

Sharp Imaging and Information Company of America (SIICA), a division of Sharp Electronics Corporation (SEC), introduced a new line of Advanced and Essentials Series color document systems for the technology-driven workplace. The eleven new models include seven that are available now, and four models that will be available in early summer 2019. All the new models offer Sharp’s touchscreen display, which is common across 30+ models in Sharp’s multifunction printer lineup, and add new features … More

The post Sharp introduces multifunction printers that include firmware attack prevention appeared first on Help Net Security.

Threat Stack announces contextualized data export to Amazon S3 for cloud security observability

Threat Stack unveiled its plan to export cloud infrastructure security telemetry directly to its customers’ Amazon S3 accounts in order to enhance security observability. With access to contextualized runtime and behavioral analysis data from the Threat Stack Cloud Security Platform through Amazon S3, Threat Stack customers will be able to achieve full stack security observability of their cloud infrastructure. With a direct data export to Amazon S3, Threat Stack helps customers unlock the true value … More

The post Threat Stack announces contextualized data export to Amazon S3 for cloud security observability appeared first on Help Net Security.

Cylance narrows the cybersecurity skills gap with virtual CISO

Cylance released its virtual chief information security officer (vCISO) service, a program designed to provide organizations with technology and security resources that support next-generation security architectures and offer staff augmentation. Cylance vCISO enables customers at organizations large and small tackle the cybersecurity skills shortage that has long been a problem for CISOs. In fact, a recent study notes that the skills gap—up by more than 50% in the last three years—is expected to grow by … More

The post Cylance narrows the cybersecurity skills gap with virtual CISO appeared first on Help Net Security.

Bitcoin Scammers Launch International Bomb Threat Hoax across US, Canada, Australia, New Zealand

An emailed bomb threat hoax sent Thursday afternoon has terrorized businesses and organizations across the US, Canada, Australia and New Zealand.

Claiming to have planted bombs all over the building, the email demands ransom in bitcoin or the bombs will be detonated. The email extortion scam, which states “I advise you not to call the police,” appears to be getting out of hand after a number of institutions took it as credible and evacuated the area. Each email comes with a different bitcoin address, writes Brian Krebs.

Source: KrebsonSecurity.com

The scam has so far been sent to financial institutions, banks, school districts, universities, newspapers and courthouses.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Agency, is aware of the global campaign and advises recipients to not contact the sender, not pay the ransom and immediately inform the FBI about the bomb threat email.

Australia and New Zealand, who are also investigating bomb threat emails, are telling residents that it may only be “an opportunistic scam,” Reuters reports.

“Given the widespread nature of these malicious emails, we have reason to believe this to be a scam,” the Australian Cyber Security Centre said in an email to Reuters. “As a precaution, state policing agencies are treating these emails as a legitimate threat until confirmed otherwise.”

The Cedar Rapids Police Department appears to agree: “The Police Department has found NO CREDIBLE EVIDENCE that these emails are authentic. It appears to be a robo-email that has been sent throughout the area hoping to scam businesses out of money. We have also received information that businesses in surrounding counties may have also received this email,” writes CNN.

“As always, we encourage the public to remain vigilant and to promptly report suspicious activities which could represent a threat to public safety,” said the FBI.

Third-Party Breach Affects Credit Card Info of 47,000 Patients

Weak security in third-party vendors strike again in the medical world. Baylor Scott & White Medical Center – Frisco hospital in North Texas announced payment information, including partial credit card info, of some 47,000 patients or guarantors maybe have been compromised following a security incident with the third-party’s credit card processing system. The data breach was detected on September 29.

The hospital immediately canceled credit card processing through the compromised vendor and started an investigation. Critical information such as names, mailing addresses, birth dates, telephone numbers, date of birth, medical record numbers, insurance provider data, dates of service, account numbers, credit card types, last four digits of the credit cards, CCV numbers, recurring payment dates, account balances and invoice numbers may have been compromised between Sept. 22 and 29, but there’s no evidence the data has been used in illegal activities. As a safety procedure, patients or guarantors will receive one year of free credit monitoring services.

The security incident was limited to the third-party vendor’s network and didn’t affect the hospital’s systems.

“It is important to note that the hospital’s information and clinical systems were not affected, and medical information was not compromised. Social Security numbers and medical record information were not accessed,” reads the hospital’s alert.

Failure to manage third-party vendors exposes healthcare organizations to countless risks, especially because they don’t usually stick to a sole vendor. Attacks and credit-card hacks are growing in frequency in healthcare because hackers can use the information for their own advantage or sell it on the dark web to the highest bidder.

RiskSense platform addresses security and IT operations gaps

RiskSense released a new version of the RiskSense platform that closes the gap between security and IT that prevents vulnerabilities from being remediated in a timely fashion. New collaboration options include automated vulnerability updates and findings, support for workflows, and ease of communicating and validating IT remediation priorities for fighting cyber risk. According to Gartner, “Successful realization of standard SOC capabilities is just not possible without certain inputs from the IT organization. A collaborative relationship … More

The post RiskSense platform addresses security and IT operations gaps appeared first on Help Net Security.

Cymulate and Symantec announce shared research of email-based attacks

Cymulate partnered with Symantec to provide an Attacker-Defender collaboration to share the research into the latest email-based threats. Cymulate’s Breach & Attack Simulation (BAS) platform enables organizations to launch simulations of multi-vector cyberattacks against their networks, exposing vulnerabilities and providing mitigation suggestions to close each found gap. One of the attack vectors is email, which is one of the most common attack vectors. The partnership allows Cymulate and Symantec to share the information of how … More

The post Cymulate and Symantec announce shared research of email-based attacks appeared first on Help Net Security.

Pulse Secure and BNT Pro sign Technical Alliance Partnership to deliver identity control

Pulse Secure revealed a Technical Alliance Partnership with BNT Pro to jointly sell and support a solution that offers SecTrail, an Identity Control and Management Platform developed by BNT Pro, as part of an integrated solution with Pulse Secure Connect Secure VPN appliances. The agreement will ensure that joint customers benefit from compatibility, enhanced features and simplified support and upgrades. The SecTrail suite includes a One-Time-Password (OTP) and Two-Factor-Authentication (2FA) solution with support for mobile … More

The post Pulse Secure and BNT Pro sign Technical Alliance Partnership to deliver identity control appeared first on Help Net Security.

Arctic Wolf acquires RootSecure

Arctic Wolf Networks acquired RootSecure. RootSecure provides risk-based vulnerability assessment solutions that probe networks, discover connected devices, and test an organization’s social engineering resilience. The acquisition enables enterprises to assess and manage their cybersecurity risk in addition to leveraging Arctic Wolf’s AWN CyberSOC service to detect and respond to cyber threats. “As customers embrace SOC-as-a-service, they also want to understand their vulnerabilities,” said Brian NeSmith, CEO and co-founder of Arctic Wolf. “This acquisition augments our … More

The post Arctic Wolf acquires RootSecure appeared first on Help Net Security.

Webroot strengthens leadership in security and data protection with ISO 27001 certification

Webroot received ISO 27001 certification, one of the highest internationally recognized standards for information security management systems. This achievement highlights Webroot’s ongoing commitment to providing the highest standard in security protection. Established by the International Organization for Standardization (ISO), this process-based standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of … More

The post Webroot strengthens leadership in security and data protection with ISO 27001 certification appeared first on Help Net Security.

Entersekt gains certification for e-commerce authentication solution

Entersekt has gained EMVCo certification for its 3-D Secure 2 access control server. EMVCo is a payments industry consortium managing global specifications for secure card-based e-commerce transactions. Entersekt has offered a 3-D Secure access control server (ACS) for many years. Its mobile-optimized solution was accredited by Visa, Mastercard, and American Express. It has proved popular among consumers in Europe and South Africa, who continue to enjoy the password-free, one-touch experience it makes possible. “Several years … More

The post Entersekt gains certification for e-commerce authentication solution appeared first on Help Net Security.

OPAQ awarded patent for software-defined network segmentation

OPAQ has received a patent from the United States Patent & Trademark Office for its software-defined network segmentation technology that monitors connection requests on endpoint devices and enforces security policies to prevent lateral attacks on corporate networks (Patent # 10,122,760). The patented approach is part of the OPAQ Cloud, a platform-as-a-service that enables managed service providers to deliver Fortune 100-grade security to midsize enterprises. With this technology, OPAQ can offer enforcement of security policies at … More

The post OPAQ awarded patent for software-defined network segmentation appeared first on Help Net Security.

Pivot3 delivers policy-based security for hybrid cloud solutions

Pivot3 revealed new policy-based security management capabilities in its Intelligence Engine. These expanded capabilities allow organizations to automate and simplify the process of protecting sensitive data with security for encryption and key management. Pivot3’s new platform enhancements also facilitate regulatory compliance as customers acquire and manage data across the edge, core and cloud. “With security threats on the rise and regulations around data security increasing, CIOs and CISOs face new challenges as they seek to … More

The post Pivot3 delivers policy-based security for hybrid cloud solutions appeared first on Help Net Security.

Sysdig introduces new capabilities to secure Kubernetes-based applications

Sysdig released new features for Sysdig Secure, part of the Sysdig Cloud-Native Intelligence Platform. The Sysdig platform is the unified platform that provides cloud-native security, monitoring, and forensics. These enhancements add Kubernetes auditing and vulnerability management, service-based access control, and security analytics, along with simplified compliance to give users a view of the health and risk profiles of their container environments. With the introduction of Sysdig Secure 2.2, Sysdig continues to provide enterprise customers, like … More

The post Sysdig introduces new capabilities to secure Kubernetes-based applications appeared first on Help Net Security.

CISO’s mission resonates with healthcare peers

The vision of a standardized method to assess the risk management posture of third party suppliers to healthcare firms envisioned by the recently-formed Provider Third Party Risk Management Council is gaining momentum and support throughout the industry as security leaders from both healthcare providers and their suppliers embrace the unified approach. Led by governing members consisting of Chief Information Security Officers (CISOs) throughout the healthcare sector, the Council and its growing number of participants are … More

The post CISO’s mission resonates with healthcare peers appeared first on Help Net Security.

RSA Conference announces initial 2019 keynote speakers

RSA Conference announced its initial line-up of keynote speakers for the 2019 Conference, which begins Monday, March 4 and runs through Friday, March 8 in San Francisco, CA. The keynote program will culminate with an entertaining close from actress, writer and producer Tina Fey. New this year, RSA Conference will have two keynote stages: West Stage keynotes will continue to feature sponsor keynotes, panels and esteemed guest speakers, and South Stage keynotes will utilize the … More

The post RSA Conference announces initial 2019 keynote speakers appeared first on Help Net Security.

New Relic introduces Kubernetes cluster explorer

New Relic introduced the Kubernetes cluster explorer, a new way for DevOps teams to understand the health and performance of their Kubernetes environments. Kubernetes cluster explorer allows teams to drill down into application and infrastructure metrics side-by-side in a UI that simplifies complex environments. As a result, teams can understand dependencies across their entire environment, make better-informed decisions, and resolve errors. The Kubernetes cluster explorer extends New Relic’s existing Kubernetes monitoring capabilities by offering a … More

The post New Relic introduces Kubernetes cluster explorer appeared first on Help Net Security.

NetSecOPEN announces cybersecurity founding members and appoints board of directors

NetSecOPEN revealed that 11 security vendors, test solutions and services vendors, and testing laboratories have joined the organization as founding members. The organization also appointed its board of directors, who will guide NetSecOPEN toward its goal: making open network security testing standards a reality. These developments momentum for the organization, which formed in 2017 to close the gap between proprietary performance metrics and the observed real-world performance of security solutions. Certification of security product performance … More

The post NetSecOPEN announces cybersecurity founding members and appoints board of directors appeared first on Help Net Security.

NICE announces Engage 6.12 providing capabilities for compliance and privacy

NICE released its Engage platform version 6.12, comprising features to investigate and prevent violations of privacy related regulations. The latest version focuses on boosting the efficiency of IT teams in charge of compliance and offers multiple benefits to business users, enabling them to gain further visibility into their recording activities. The NICE Engage platform version 6.12, along with its Compliance Center, further asserts the company’s strategy to provide the data processing practices in the contact … More

The post NICE announces Engage 6.12 providing capabilities for compliance and privacy appeared first on Help Net Security.

Password-less security arrives on macOS with HYPR

HYPR released its Employee Access solution for macOS. The addition of macOS marks a milestone in expanding enterprise-wide coverage of HYPR’s Decentralized Authentication Platform, enabling businesses to secure password-less access to corporate resources, eliminate credential reuse and stop phishing attacks while improving workforce productivity on a global scale. With existing support for Windows 7, 8 and 10, the launch of MacOS rounds off the HYPR Employee Access offering and accelerates HYPR’s continued transformation of enterprise … More

The post Password-less security arrives on macOS with HYPR appeared first on Help Net Security.

ELASTX deploys Fortanix SDKMS runtime encryption key management to protect customers’ cloud data

Fortanix unveiled that ELASTX has deployed its Self-Defending Key Management Service (SDKMS) to protect customers’ data as they migrate to the cloud. Now ELASTX customers can utilize its platforms that now offer security of their private data moving to the cloud, powered by Fortanix. Founded in 2012, ELASTX delivers automated cloud services via its platforms Jelastic PaaS (Platform as a Service) and OpenStack IaaS (Infrastructure as a Service). Its CloudOps Engineers help businesses automate the … More

The post ELASTX deploys Fortanix SDKMS runtime encryption key management to protect customers’ cloud data appeared first on Help Net Security.

Netwrix completes acquisition of Concept Searching

Concept Searching has been acquired by Netwrix Corporation. Concept Searching will remain active in the metadata management, classification, and insight engine market, continuing to provide a range of solutions to clients. The terms of the transaction were not disclosed. The relationship between the two companies developed in 2017, with Netwrix integrating a portion of Concept Searching’s technology into its Netwrix Auditor product. The technology integration and partnership were successful. As a result, Netwrix acquired Concept … More

The post Netwrix completes acquisition of Concept Searching appeared first on Help Net Security.

A10 Networks introduces secure service mesh solution for applications deployed in Kubernetes

A10 Networks released the A10 Secure Service Mesh solution for applications deployed in open-source Kubernetes container environments. The solution provides teams deploying microservices applications with a way to integrate enterprise-grade security and load-balancing with application visibility and analytics. A10’s Secure Service Mesh solution protects east-west traffic and transparently encrypts traffic between microservices without requiring changes to those applications. The result is a higher level of security and performance for microservices-based applications. “With the Secure Service … More

The post A10 Networks introduces secure service mesh solution for applications deployed in Kubernetes appeared first on Help Net Security.

New Comodo Cybersecurity services address mounting SMB cyberattacks

Comodo Cybersecurity, a global leader in threat intelligence and malware cyberdefense, today introduced new managed security services in response to mounting cyberattacks on small and medium-sized businesses (SMBs) as well as state and local government and education organizations (SLEDs). cWatch MDR SOCaaS is a platform for the future, built the SOC using NIST and CSF with remote access for your security to benefit without the huge costs A staggering 58 percent of all malware attack … More

The post New Comodo Cybersecurity services address mounting SMB cyberattacks appeared first on Help Net Security.

HOTforSecurity: Star WannaCry victim NHS to ban fax machines by 2020

The UK’s National Health Service, one of the highest-profile victims of last year’s devastating WannaCry ransomware attack, has pledged to phase out fax machines from its trusts by 2020.

NHS made headlines in 2017 when its entire fleet of healthcare institutions fell victim to WannaCry, the world’s virulent ransomware outbreak. Like many other victims of the WannaCry wrath, NHS had poor security practices in place and extremely outdated software on its systems (i.e. Windows XP).

In a bid to prevent history from repeating itself, NHS is now pledging to do away with one of the oldest technologies still in its IT infrastructure: fax machines. The plans were announced by Secretary of State for Health and Social Care Matt Hancock, who mandated the use of modern communication methods, like secure email.

According to The Independent, Richard Kerr, chair of the Royal College of Surgeons Commission on the Future of Surgery, said it was “absurd” that NHS still used fax machines.

“Most other organisations scrapped fax machines in the early 2000s and it is high time the NHS caught up,” he said. “The RCS supports the ban on fax machines that will come into place in March 2020.

“As these digital technologies begin to play a bigger part in how we deliver healthcare it is crucial that we invest in better ways of communicating the vast amount of patient information that is going to be generated,” Kerr added.



HOTforSecurity

Star WannaCry victim NHS to ban fax machines by 2020

The UK’s National Health Service, one of the highest-profile victims of last year’s devastating WannaCry ransomware attack, has pledged to phase out fax machines from its trusts by 2020.

NHS made headlines in 2017 when its entire fleet of healthcare institutions fell victim to WannaCry, the world’s virulent ransomware outbreak. Like many other victims of the WannaCry wrath, NHS had poor security practices in place and extremely outdated software on its systems (i.e. Windows XP).

In a bid to prevent history from repeating itself, NHS is now pledging to do away with one of the oldest technologies still in its IT infrastructure: fax machines. The plans were announced by Secretary of State for Health and Social Care Matt Hancock, who mandated the use of modern communication methods, like secure email.

According to The Independent, Richard Kerr, chair of the Royal College of Surgeons Commission on the Future of Surgery, said it was “absurd” that NHS still used fax machines.

“Most other organisations scrapped fax machines in the early 2000s and it is high time the NHS caught up,” he said. “The RCS supports the ban on fax machines that will come into place in March 2020.

“As these digital technologies begin to play a bigger part in how we deliver healthcare it is crucial that we invest in better ways of communicating the vast amount of patient information that is going to be generated,” Kerr added.

HOTforSecurity: Third-Party Ransomware Attack Compromises Data of 16,000 Redwood Eye Care Center Patients

Ransomware has struck again in the medical sector, this time affecting ophthalmology practice Redwood Eye Care Center in California through a security incident at a third party, its EMR hosting vendor. Personal data of as many as 16,055 California residents may have been exposed.

According to a breach notice sent by Redwood Eye Care Center to the Attorney General, IT Lighthouse, the vendor responsible for keeping the entire patient medical database on their servers, including names, addresses, medical treatment, health insurance details and dates of birth, fell victim to a ransomware attack in September. The residents affected were immediately notified of the privacy breach, and Redwood has switched vendors and taken the appropriate steps to strengthen security and ensure prevent future incidents.

“On September 20, 2018, Redwood learned that on September 19, 2018, the third-party vendor that hosts and stores Redwood’s electronic medical records experienced a data security incident which affected records pertaining to Redwood patients,” reads the notification. “Upon learning of the incident, Redwood worked with the third-party vendor to investigate the incident, which in turn consulted a digital forensic firm. Redwood also consulted with a specialized medical software vendor. Redwood’s investigation determined that the incident may have involved patient information, including patient names, addresses, dates of birth, health insurance information, and medical treatment information.”

The healthcare sector has actively been targeted by phishing and ransomware attacks, jeopardizing patient safety and privacy. Medical institutions and facilities are a preferred target for hackers because they are not properly equipped to fend off cyberattacks, they maintain a high volume of valuable data and are prone to third-party vulnerabilities due to the high number of vendors they work with.

Recent notable phishing breaches, for example, include the Cancer Treatment Centers of America at Western Regional Medical Center in Phoenix that affected 42,000 patients and Georgia Spine and Orthopedics of Atlanta that compromised the data of 7,000 patients.



HOTforSecurity

Third-Party Ransomware Attack Compromises Data of 16,000 Redwood Eye Care Center Patients

Ransomware has struck again in the medical sector, this time affecting ophthalmology practice Redwood Eye Care Center in California through a security incident at a third party, its EMR hosting vendor. Personal data of as many as 16,055 California residents may have been exposed.

According to a breach notice sent by Redwood Eye Care Center to the Attorney General, IT Lighthouse, the vendor responsible for keeping the entire patient medical database on their servers, including names, addresses, medical treatment, health insurance details and dates of birth, fell victim to a ransomware attack in September. The residents affected were immediately notified of the privacy breach, and Redwood has switched vendors and taken the appropriate steps to strengthen security and ensure prevent future incidents.

“On September 20, 2018, Redwood learned that on September 19, 2018, the third-party vendor that hosts and stores Redwood’s electronic medical records experienced a data security incident which affected records pertaining to Redwood patients,” reads the notification. “Upon learning of the incident, Redwood worked with the third-party vendor to investigate the incident, which in turn consulted a digital forensic firm. Redwood also consulted with a specialized medical software vendor. Redwood’s investigation determined that the incident may have involved patient information, including patient names, addresses, dates of birth, health insurance information, and medical treatment information.”

The healthcare sector has actively been targeted by phishing and ransomware attacks, jeopardizing patient safety and privacy. Medical institutions and facilities are a preferred target for hackers because they are not properly equipped to fend off cyberattacks, they maintain a high volume of valuable data and are prone to third-party vulnerabilities due to the high number of vendors they work with.

Recent notable phishing breaches, for example, include the Cancer Treatment Centers of America at Western Regional Medical Center in Phoenix that affected 42,000 patients and Georgia Spine and Orthopedics of Atlanta that compromised the data of 7,000 patients.

Major Privacy Issues in Google+ Force Its Shutdown Earlier than Planned

Google+ and its APIs are shutting down sooner than announced after a new privacy glitch that exposed the data of more than 52 million users was detected in November, Google announced on Monday.

Personal information such as age, name and email address was available online for six days before the bug was fixed, but there’s no evidence that developers misused the data. The company assures users that their passwords, financial information and any data that could be used for fraud or identity theft was not compromised.

“We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced,” Google said. “No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.”

The company had already detected a bug in October that leaked personal information of 500,000 users including names, emails and jobs. That first security incident led to a decision to close the network by August 2019, and the software vulnerability found in November rushed the process. As a result, all Google+ APIs will shut down in the coming 90 days, while the consumer version of Google+ will close earlier in April 2019 “to ensure the protection of our users.”

Following these major security breaches, Google will most likely struggle to regain consumer trust, as its entire business model is based on applications that collect personal information. As reported by the Wall Street Journal, lawmakers will probably also step in following allegations that Google chose to hide the original breach for months fearing regulatory scrutiny and reputational damage.

HOTforSecurity: Major Privacy Issues in Google+ Force Its Shutdown Earlier than Planned

Google+ and its APIs are shutting down sooner than announced after a new privacy glitch that exposed the data of more than 52 million users was detected in November, Google announced on Monday.

Personal information such as age, name and email address was available online for six days before the bug was fixed, but there’s no evidence that developers misused the data. The company assures users that their passwords, financial information and any data that could be used for fraud or identity theft was not compromised.

“We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced,” Google said. “No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.”

The company had already detected a bug in October that leaked personal information of 500,000 users including names, emails and jobs. That first security incident led to a decision to close the network by August 2019, and the software vulnerability found in November rushed the process. As a result, all Google+ APIs will shut down in the coming 90 days, while the consumer version of Google+ will close earlier in April 2019 “to ensure the protection of our users.”

Following these major security breaches, Google will most likely struggle to regain consumer trust, as its entire business model is based on applications that collect personal information. As reported by the Wall Street Journal, lawmakers will probably also step in following allegations that Google chose to hide the original breach for months fearing regulatory scrutiny and reputational damage.



HOTforSecurity

TP-Link introduces next-generation WiFi routers that support Wi-Fi 6 wireless standard

TP-Link unveiled two new WiFi routers—the Archer AX6000 and the Archer AX11000. Both routers support the new 802.11ax wireless standard, also known as Wi-Fi 6. The 802.11ax standard features technologies such as OFDMA, AX MU-MIMO, 160MHz channel and 1024 QAM to improve network capacity and efficiency, aiming to support more devices with faster speed. Archer AX6000: Router for the smart home The Archer AX6000 is TP-Link’s first 802.11ax WiFi router. It is designed to speed … More

The post TP-Link introduces next-generation WiFi routers that support Wi-Fi 6 wireless standard appeared first on Help Net Security.

Asavie joins MaaS360 Community on IBM Security App Exchange

Asavie has joined IBM’s MaaS360 App Exchange ecosystem of partners. Asavie complements IBM MaaS360 to provide enterprises with a defense-in-depth approach to managing their mobile fleet of devices as they seek protection against the increasing variety of mobile threats. Asavie Moda extends the UEM features of IBM MaaS360 with Watson by bringing the security policies into the network, providing real-time visibility, control and security for all data in transit to and from the mobile devices … More

The post Asavie joins MaaS360 Community on IBM Security App Exchange appeared first on Help Net Security.

Ayla Networks adds new cellular IoT capabilities to its IoT platform

Ayla Networks released a new set of capabilities for its IoT platform that makes it easier and more affordable to build IoT solutions that run over any cellular protocol, including low-power wide-area networks (LPWANs) such as Cat-M1 and NB-IoT. Ayla Networks is launching: Four new device agents and modules for embedding cellular connectivity into edge devices: a Linux cellular agent; a cellular portable agent; cellular LPWAN production modules using SimCom and Quectel hardware; and a … More

The post Ayla Networks adds new cellular IoT capabilities to its IoT platform appeared first on Help Net Security.

Aspen Mesh beta now available for microservice infrastructures

As companies move to a model where applications are continuously developed and deployed, they are leveraging microservices to build and manage them. However, this often adds complexity and de-centralizes ownership and control, so companies are employing service mesh technology to ensure resiliency and uptime. Many companies are adopting Istio as their service mesh of choice as it provides a toolbox of different features with a range of microservices capabilities. But some enterprise challenges remain, especially … More

The post Aspen Mesh beta now available for microservice infrastructures appeared first on Help Net Security.

Wipro and Alfresco expand partnership to offer open source based digital transformation capabilities

Wipro Digital and Alfresco expanded global partnership to create, build and run open source based digital transformation programs for its clients, across the globe. The partnership will bring together Wipro’s expertise in digital transformation and Alfresco’s Digital Business Platform. As a part of this alliance, the two companies will launch a series of go-to-market (GTM) initiatives, that includes a joint Predictive Service Automation solution using Artificial Intelligence, Machine learning and a microservices based framework, that … More

The post Wipro and Alfresco expand partnership to offer open source based digital transformation capabilities appeared first on Help Net Security.

Venafi and DigiCert machine identity protection partnership delivers new solution for enterprise PKI

Venafi and DigiCert unveiled a new integration that simplifies and automates complex machine identity programs for the demanding, security-conscious organizations. The combined solution enables organizations to customize and orchestrate public key infrastructure (PKI) and machine identity protection at machine speed and scale. “The rapid adoption of DevOps, microservices, cloud, and IoT requires a new level of technical sophistication and innovation to deliver protection for all machine identities,” said Kevin Bocek, vice president of security strategy … More

The post Venafi and DigiCert machine identity protection partnership delivers new solution for enterprise PKI appeared first on Help Net Security.

Karamba Security collaborates with Ficosa to secure smart mobility against cyberattacks

Karamba Security revealed that Ficosa is partnering with Karamba Security to harden its Telematics Control Unit (TCU) and keep vehicles protected from cyberattacks when communicating with the internet. Ficosa, through Onboard Ventures, its Open Innovation initiative, has identified Karamba Security’s Carwall solution as a hardening software that is integrated into the vehicle Electronic Control Units (ECU’s), without disrupting the development process or delay the vehicle’s time to market. Karamba Security’s software prevents in-memory cyberattacks, by … More

The post Karamba Security collaborates with Ficosa to secure smart mobility against cyberattacks appeared first on Help Net Security.

Asia’s digital ID technology developments gain pace

The recent spate of data breaches—including a flaw in Google+ that led to its shutdown and the reported hacking of 120 million Facebook users’ data—have highlighted the abuse of digital identity. While having a digital identity brings convenience, the challenge is to ensure that individuals have full control and protection of their data. Technologies for safeguarding digital identities have emerged in the U.S. and Europe, but developments have been slow in Asia due to its … More

The post Asia’s digital ID technology developments gain pace appeared first on Help Net Security.

Trade war tensions with China rise following arrest of Huawei CFO in Canada

Wanzhou Meng, Huawei’s CFO and the daughter of the company’s founder, was arrested at the Vancouver airport on Dec. 1 and is awaiting extradition to the US to face trial on accusations that the US export sanctions against Iran were breached, writes the Globe and Mail. Her bail hearing is on Dec. 7.

Further details were not provided due to Meng’s request for a publication ban.

“She is sought for extradition by the United States, and a bail hearing has been set for Friday,” Justice Department spokesman Ian McLeod said in a statement to the Toronto-based newspaper on Wednesday. “As there is a publication ban in effect, we cannot provide any further detail at this time. The ban was sought by Ms. Meng.”

The US government released several warnings advising consumers to not purchase Huawei smartphones as it considers them a threat to national security. In April it was announced that the company was already under investigation for illegal sales violating US sanctions against Iran, following similar allegations against Chinese company ZTE. The use of Huawei devices has been banned in the US government, which has also sought to persuade other countries to ban the Chinese manufacturer.

“After the Trump Administration imposed a ban on the sale of American technologies to ZTE last week for similar export violations, this latest development feels like deja vu all over again and could cast a serious shadow over the business of the $92.5 billion Chinese company,” wrote Forbes at the time.

In 2016, the US government issued a subpoena to investigate Huawei’s export of US technology over the previous five years to advocates of international terrorism or nations under US trade sanctions and economic embargo such as North Korea, Iran, Cuba, Sudan and Syria.

Regarding Meng’s arrest, Canadian Prime Minister Justin Trudeau said the Canadian government is not involved, and the arrest happening following an extradition request from the US government.

Calling it a human rights violation, the Chinese embassy in Ottawa demanded her immediate release because she did not break the laws of the US and Canada.

“The detention without giving any reason violates a person’s human rights,” responded a Chinese foreign ministry spokesperson. “We have made solemn representations to Canada and the US, demanding that both parties immediately clarify the reasons for the detention, and immediately release the detainee to protect the person’s legal rights.”

Source: Twitter

According to Reuters, Meng has been associated with Skycom Tech and a 2010 deal, which was not finalized, to sell HP equipment to Iran with the approval of Huawei. This may or may not have a connection with the charges brought against her now, details have not been released.

Symantec unveils neural network to protect critical infrastructure from cyber warfare

Symantec introduced Industrial Control System Protection (ICSP) Neural, the neural network-integrated USB scanning station that helps organizations protect infrastructure by preventing the physical consequences of cyber-attacks on operational technology (OT). OT is mission-critical in industries such as energy, oil and gas, manufacturing, and transportation, but legacy systems are often outdated and nearly impossible to secure with traditional endpoint security. Companies have relied on unscanned USB devices to update these systems, increasing the potential for malware … More

The post Symantec unveils neural network to protect critical infrastructure from cyber warfare appeared first on Help Net Security.

Mastercard and Microsoft join forces to advance digital identity innovations

Currently, verifying your identity online is still dependent on physical or digital proof managed by a central party, whether it’s your passport number, your proof of address, driver’s license, user credentials or other means. This dependence places a burden on individuals, who have to remember hundreds of passwords for various identities and are being subjected to complexity in proving their identity and managing their data. Working together, Mastercard and Microsoft aim to give people a … More

The post Mastercard and Microsoft join forces to advance digital identity innovations appeared first on Help Net Security.

DataStax announces DataStax Enterprise 6.7

DataStax released DataStax Enterprise 6.7 (DSE 6.7). DSE 6.7 delivers the distribution of Apache Cassandra with multi-workload support for operational analytics, geospatial search, data protection in the cloud, performance insights, Docker production support, and connectivity to Apache Kafka. “We’re excited to release version 6.7 of DSE and offer our enterprise customers five key new feature upgrades, including: improved analytics, geospatial search, improved data protection in the cloud, enhanced performance insights and new developer integration tools … More

The post DataStax announces DataStax Enterprise 6.7 appeared first on Help Net Security.

Oculeus launches new real-time telecoms fraud protection service

Oculeus revealed that the company has launched Oculeus-Protect, a new real-time telecoms fraud protection service for enterprises. Oculeus-Protect is a cloud-based service that protects enterprise PBXs and voice telephony networks from hacking and fraud risks. According to the Communications Fraud Control Association, telecoms fraud caused approximately $29.2 billion in fraudulent charges last year alone of which over $3.8 billion in financial losses was attributed to various types of PBX hacking and toll fraud on enterprise … More

The post Oculeus launches new real-time telecoms fraud protection service appeared first on Help Net Security.

Immuta accelerates enterprise cloud data science adoption, reduces risk, and can lower costs

Immuta unveiled new features that can reduce the cost and risk of running data science programs in the cloud. The company also announced the creation of a new business unit dedicated to building managed cloud-services for its customers. According to 451 Research’s Voice of the Enterprise AI/ML survey, over 50% of all organizations developing or deploying machine learning software highlighted public cloud as the favored development environment. However, as organizations move data science programs to … More

The post Immuta accelerates enterprise cloud data science adoption, reduces risk, and can lower costs appeared first on Help Net Security.

Vereign offers the blockchain-powered solution for email security

Vereign is launching its beta. Vereign’s browser plugin enables a security overlay in email clients, office programs, chat apps, and more, that brings confidentiality and authenticity to online communication without interrupting workflows. With 3.8 billion users worldwide, email is the most important means of communication today. It’s influential – and vulnerable to abuse. Malware and scams have caused billions of dollars in damage, and over 90% of these scams initially travelled through email. Vereign meets … More

The post Vereign offers the blockchain-powered solution for email security appeared first on Help Net Security.

HackerOne expands Hacker101 web training platform with HackEDU partnership

HackerOne has expanded its online hacker training program, Hacker101 through a partnership with cybersecurity training company HackEDU. Hacker101 is giving away the sandboxed training environments, modeled after five real-world vulnerability reports. HackerOne and HackEDU are committed to empowering the hacker community by providing access to training materials. The new HackEDU-developed vulnerability sandboxes are the latest in their interactive coursework available to hackers and join existing Hacker101 interactive content, coursework and capture the flag (CTF) challenges. … More

The post HackerOne expands Hacker101 web training platform with HackEDU partnership appeared first on Help Net Security.

Eclypsium raises $8.75M in Series A funding

Eclypsium has raised $8.75M in Series A funding. The new investment comes on the heels of demand for Eclypsium’s platform that protects organizations from the foundation of their computing infrastructure upward, controlling the risk and stopping threats inside firmware of laptops, servers, and networking infrastructure. The round was led by Madrona Venture Group, with participation from existing investors Andreessen Horowitz, Intel Capital and Ubiquity Ventures. With the investment, Tim Porter, Managing Director at Madrona Venture … More

The post Eclypsium raises $8.75M in Series A funding appeared first on Help Net Security.

WatchGuard Technologies expands SD-WAN capabilities to its security platform

WatchGuard Technologies released version 12.3 of its Fireware operating system for its Firebox Unified Security Platform appliances. Key to this update are added path selection capabilities that allow organizations to optimize WAN resources across networks while securing branch locations with a UTM platform focused on defense in depth. SD-WAN implementations are RapidDeploy, WatchGuard’s centralized deployment solution. Businesses and Managed Service Providers (MSPs) can utilize this new SD-WAN functionality to upgrade site-based security, improve network efficiency, … More

The post WatchGuard Technologies expands SD-WAN capabilities to its security platform appeared first on Help Net Security.

Apricorn introduces its USB drive: the next-generation Aegis Fortress L3

Apricorn released the Aegis Fortress L3, which brings security validation to a high capacity storage system. The new range includes FIPS validated USB 3.0, 3.1 and 3.2 drives, with military grade encryption that meets the requirements of regulated sectors including defence, finance, government, power and energy, legal and healthcare. The new device meets the need to store and move larger amounts of sensitive data offline. It features Apricorn’s latest chipset, which delivers higher processing speeds … More

The post Apricorn introduces its USB drive: the next-generation Aegis Fortress L3 appeared first on Help Net Security.

Tanium launches Reveal to allow organizations to identify, monitor and protect sensitive data

Tanium revealed an addition to its product portfolio with the launch of Tanium Reveal. The new module builds on the foundation of the Tanium platform and helps organizations identify sensitive data across endpoints and determine if that data has been exposed. In this era of digital transformation, organizations are collecting and processing more data than ever before, on an ever-increasing number of devices. Business Resilience requires an understanding of where sensitive data resides, the context … More

The post Tanium launches Reveal to allow organizations to identify, monitor and protect sensitive data appeared first on Help Net Security.

Docker announces Docker Desktop Enterprise for building and deploying container-based solutions

Docker unveiled Docker Desktop Enterprise, a new desktop product that is the way to deliver enterprise production-ready containerized applications. With Docker Desktop Enterprise for Windows and Mac, developers can work with frameworks and languages of choice while IT can configure, deploy and manage developer environments that align to corporate standards and practices. This enables organizations to deliver containerized applications from development to production. As businesses drive digital transformation and cloud initiatives, they are turning to … More

The post Docker announces Docker Desktop Enterprise for building and deploying container-based solutions appeared first on Help Net Security.

Agari introduces phishing incident response solution for cloud office suites

Agari Incident Response is the purpose-built phishing incident response solution for post-delivery remediation in Microsoft Office 365 environments. It eliminates error-prone and time-consuming reporting and response with automated investigation and remediation workflows that reduce phishing incident response time by up to 90 percent—enabling businesses to prevent and contain breaches before damage is done. In a survey of more than 300 security professionals, Agari determined that the average company responds to 23,053 phishing incident reports per … More

The post Agari introduces phishing incident response solution for cloud office suites appeared first on Help Net Security.

Juniper Networks updates JATP Appliances to prioritize cyber threats from any security source

Juniper Networks released new offerings as part of its Juniper Networks Advanced Threat Prevention (JATP) Appliances, enabling enterprises to detect malware, understand behavior and mitigate threats with just one touch. This solution leverages data from any third-party firewall or security data source, avoiding unnecessary vendor lock-in. Eliminating complex, time-consuming data collection configurations, Juniper is helping security teams improve their organization’s security posture by simplifying and accelerating security operations. Sixty-four percent of security teams surveyed said … More

The post Juniper Networks updates JATP Appliances to prioritize cyber threats from any security source appeared first on Help Net Security.

Avi Networks takes service mesh beyond containers with integrated Istio

Service mesh is more than just a technology for microservices and containers. Avi Networks sees it as the future of application delivery, security, and visibility, with the potential to reshape the nearly $12B market for application services (load balancing, security, and monitoring). Avi Networks unveiled Universal Service Mesh, adding two enhancements to the Avi Vantage Platform. Avi is delivering ingress and gateway services to Istio to facilitate secure connectivity for Kubernetes applications across multiple clusters, … More

The post Avi Networks takes service mesh beyond containers with integrated Istio appeared first on Help Net Security.

Rigado Gateway to use new AWS IoT Greengrass features enabling Bluetooth to cloud integration

Internet of Things (IoT) applications and solutions using Bluetooth sensors now have a path from device to the cloud with little to no coding required. Rigado’s Cascade IoT Gateway has integrated with the newly released Amazon Web Services (AWS) IoT Greengrass features to give teams a mechanism to get Bluetooth-based data to their cloud applications. This new functionality combines the scalability of AWS IoT Greengrass edge computing with the flexibility of Bluetooth connectivity, and is … More

The post Rigado Gateway to use new AWS IoT Greengrass features enabling Bluetooth to cloud integration appeared first on Help Net Security.

The National Cyber Security Alliance appoints Kelvin Coleman as executive director

The National Cyber Security Alliance (NCSA) revealed that former government cybersecurity expert Kelvin Coleman has been appointed as executive director. A veteran of cybersecurity posts at the White House and the U.S. Department of Homeland Security (DHS), Coleman has excelled in public and private sector leadership roles throughout his career of more than 20 years. Coleman assumes the position currently held by interim executive director Russ Schrader. “NCSA would like to thank Russ Schrader, whose … More

The post The National Cyber Security Alliance appoints Kelvin Coleman as executive director appeared first on Help Net Security.

Digital Matrix Systems partners with PointPredictive to combat growing fraud types

PointPredictive partners with Digital Matrix Systems (DMS) to integrate its suite of misrepresentation and fraud scoring solutions into the DMS platform including Auto Fraud Manager, Synthetic ID Alert and Income Validation Alert. The integration provides access to over 1,200 clients on the platform, and helps them better identify misrepresentation and fraud at new account opening or during an application process. “Our clients are looking for ways to better identify the emerging fraud types that PointPredictive … More

The post Digital Matrix Systems partners with PointPredictive to combat growing fraud types appeared first on Help Net Security.

Yubico integrates YubiHSM 2 with AWS IoT Greengrass to deliver private key and secrets storage

Yubico unveiled that the YubiHSM 2 (hardware security module) is qualified for Amazon Web Services (AWS) Internet of Things (IoT) Greengrass Hardware Security Integration. AWS IoT Greengrass introduced a new feature that will utilize a subset of the YubiHSM 2 PKCS#11 library, allowing the YubiHSM 2 to perform the crypto operations for AWS IoT Greengrass to use secure hardware to store private keys. AWS IoT Greengrass allows users to run compute, messaging, data caching, sync, … More

The post Yubico integrates YubiHSM 2 with AWS IoT Greengrass to deliver private key and secrets storage appeared first on Help Net Security.

Dell detects data breach, informs customers after a month

It took Dell almost a full month to inform its customers that their information was stolen following a security incident which occurred on November 9, 2018, reads a notice on the computer company’s website. The company reset customer passwords without informing them early on that their data may have been compromised.

According to their statement, unauthorized activity was detected on its infrastructure with clear intent to steal customer data. The data breach may have affected some data on the company’s network such as names, emails and hashed passwords of online customer accounts, but no strong evidence confirms that malicious actors actually obtained the desired data. Dell assures customers that credit card and sensitive customer information was not leaked and their products and services were not affected.

Dell immediately tried to contain the incident and reduce exposure by hashing customer passwords and resetting passwords.

“Upon detection of the attempted extraction, Dell immediately implemented countermeasures and initiated an investigation. Dell also retained a digital forensics firm to conduct an independent investigation and has engaged law enforcement.”

An independent investigation was started and law enforcement was informed about the breach. All Dell customers are strongly encouraged to urgently change their passwords and, in case they have a universal password they reuse, immediately change it for all accounts in question.

Ping Identity announces new customer Identity-as-a-Service solution for application developers

Ping Identity released for the public preview PingOne for Customers. The cloud-based Identity as a Service (IDaaS) offering is built for the developer community, and provides API-based identity services for customer-facing applications. It can help enterprises launch apps faster, replace custom identity services that are difficult to maintain, and facilitate the transition from on-premises deployments to cloud-hosted services. By making it easy to authenticate end users, PingOne for Customers frees up developers’ time to focus … More

The post Ping Identity announces new customer Identity-as-a-Service solution for application developers appeared first on Help Net Security.

ZeroStack delivers AI-as-a-Service

ZeroStack unveiled that administrators of its Self-Driving Cloud platform can provide single-click deployment of GPU resources and deep learning frameworks like TensorFlow, PyTorch, and MXNet, taking care of all the OS and CUDA library dependencies so users can focus on AI development. Furthermore, users can enable GPU acceleration with dedicated access to multiple GPU resources for a faster inference latency and user responsiveness. GPUs within hosts can be shared across users in a multi-tenant manner. … More

The post ZeroStack delivers AI-as-a-Service appeared first on Help Net Security.

Nutanix and Intel partner to enable systems integrators and resellers to deliver infrastructure solutions

Nutanix is partnering with Intel to enable systems integrators (SIs) and value-added resellers (VARs) to deliver Nutanix-qualified Intel Data Center Block hardware platforms under the Nutanix Elevate Technology Alliance Partner Program. With this new solution, IT leaders can deploy and operate Nutanix’s leading enterprise cloud OS software running on Intel Data Center Block configure-to-order servers. As part of this technology partnership, VARs and SIs who are Authorized Nutanix Channel Partners, will now be able to … More

The post Nutanix and Intel partner to enable systems integrators and resellers to deliver infrastructure solutions appeared first on Help Net Security.

NTT Communications expands its DDoS Protection Services with DPS Max

NTT Communications expanded its DDoS Protection Services (DPS) with the addition of DPS Max. The new solution is the service for Global IP Network (GIN) customers that require protection from DDoS attacks, including attack detection and auto-mitigation capabilities. DDoS attacks can strike at any time, potentially crippling network infrastructure and degrading the performance and reachability of a website or other IP-accessible system. Depending upon the type and severity of an attack, the impact can result … More

The post NTT Communications expands its DDoS Protection Services with DPS Max appeared first on Help Net Security.

(ISC)2 appoints Mary-Jo de Leeuw as director of cybersecurity advocacy for EMEA

(ISC)2 appoints Mary-Jo de Leeuw as director of cybersecurity advocacy for the EMEA region. In this role, de Leeuw will work to encourage corporations, governments, academic institutions and others to collaborate on cybersecurity policies, legislation and education throughout EMEA in order to drive recruitment and professional development for the next generation of cybersecurity leaders and help promote a safe and secure cyber world. “As our recent research shows, our industry has a long way to … More

The post (ISC)2 appoints Mary-Jo de Leeuw as director of cybersecurity advocacy for EMEA appeared first on Help Net Security.

ForgeRock and Socure partner to secure the customer identity lifecycle

Socure and ForgeRock partner to enable companies to deliver a user experience for customers from initial onboarding through the lifecycle of their digital relationship with a brand. The combination of Socure’s AI-based risk scoring and ForgeRock’s identity and access management platform enables businesses to make real-time digital identity verification, access and authorization decisions with speed and accuracy. The joint solution combines ForgeRock’s Identity Platform with Socure’s digital identity verification service for day zero customer on … More

The post ForgeRock and Socure partner to secure the customer identity lifecycle appeared first on Help Net Security.

RiskSense adds two Silicon Valley and cyber security insiders to its Board of Directors

RiskSense added two growth builders to its Board of Directors. Skip Glass, Former Operating Partner at Foundation Capital and Eric McAlpine, Managing Partner of Momentum Cyber bring decades of operations, growth and software industry management expertise to the newly created board seats. “RiskSense is experiencing rapid growth as a result of accelerating market demand and emerging business opportunities,” said Srinivas Mukkamala, CEO of RiskSense. “The addition of Skip and Eric to our Board will help … More

The post RiskSense adds two Silicon Valley and cyber security insiders to its Board of Directors appeared first on Help Net Security.

CyberSaint Security enhances its CyberStrong Platform

CyberSaint Security released new product enhancements to the company’s CyberStrong integrated risk management software platform that allows CISOs and executive management to align on enterprise-wide cybersecurity objectives. The new capabilities include automated executive risk, compliance, and data privacy and protection reports that allow CISOs to enhance their communication and decision making at the Board and C-Suite level, and take zero manual effort to prepare. According to Gartner, by 2020 all large enterprises will be asked … More

The post CyberSaint Security enhances its CyberStrong Platform appeared first on Help Net Security.

Code Dx Enterprise offers new dashboard providing AppSec visualization

Code Dx released the newest version of its Code Dx Enterprise. Code Dx 3.5 now offers a new dashboard with metric visualization, providing AppSec professionals with information about all of their application testing activities—all in one place, to provide an understanding of their application’s security status. “We partnered with leading cybersecurity visualization experts to conduct research to determine what information AppSec practitioners really need to see and how that data should be shown,” said Ken … More

The post Code Dx Enterprise offers new dashboard providing AppSec visualization appeared first on Help Net Security.

IBM QRadar Advisor with Watson expands knowledge of cybercriminal techniques

IBM Security unveiled new capabilities for the company’s AI-based security platform, QRadar Advisor with Watson, which expand the platform’s knowledge of cybercriminal behavior and allow it to learn from security response activities within an organization. IBM Security also is embracing the open-source MITRE ATT&CK framework, a playbook to help analysts understand how an attack has evolved and what might happen next based on real-world observations from the security community. With some estimates predicting as many … More

The post IBM QRadar Advisor with Watson expands knowledge of cybercriminal techniques appeared first on Help Net Security.

Gemalto unveils cloud access management enhanced for smart card users

Gemalto launched a solution that will enable organisations which have invested in Public Key Infrastructure (PKI) security applications to leverage their investment without compromise on security or user experience when moving to the cloud. Through SafeNet Trusted Access, organisations whose employees log into enterprise resources with smart cards can use those same credentials to access cloud and web-based apps and benefit from single sign on (SSO). PKI hardware’s limitations meant companies could not adopt cloud … More

The post Gemalto unveils cloud access management enhanced for smart card users appeared first on Help Net Security.

Exabeam announces Smart Timelines and a single user interface to end ‘swivel chair’ incident response

Exabeam released two new features: Exabeam Smart Timelines and a single user interface (UI), as part of its ongoing mission to improve security analyst productivity. The additions to the Exabeam security information and event management (SIEM) platform will offer detection, investigation and response to threats. The company also announced the general availability (GA) of its Threat Intelligence Service to its customer base. Smart Timelines incorporate indicators of compromise (IOCs) from the Exabeam Threat Intelligence Service, … More

The post Exabeam announces Smart Timelines and a single user interface to end ‘swivel chair’ incident response appeared first on Help Net Security.

HID Global releases Crescendo Mobile smart card

HID Global released the Crescendo Mobile smart card to bring convenience to security for accessing computer, network or cloud applications. The new HID mobile smart card utilizes digital certificates on users’ mobile devices for client authentication. HID Crescendo Mobile provides organizations seeking to eliminate passwords with a solution that combines the security of physical authenticators with the usability of a mobile solution. Crescendo Mobile works similarly to, and is compatible with, secure Crescendo smart cards; … More

The post HID Global releases Crescendo Mobile smart card appeared first on Help Net Security.

Qualys integrates with Amazon Web Services Security Hub

AWS Security Hub is designed to provide users with a view of their security alerts and compliance status by aggregating, organizing, and prioritizing alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie as well as from other AWS Partner Network (APN) security solutions. The findings are then summarized on integrated dashboards with actionable graphs and tables. Vulnerability and configuration assessments are key to any security program. By integrating … More

The post Qualys integrates with Amazon Web Services Security Hub appeared first on Help Net Security.

Unbound releases open source blockchain-crypto-mpc library for blockchain developers

Unbound brings to the blockchain community a security solution via open source. The company’s blockchain-crypto-mpc library is available for free on Git Hub. It’s an open source library for blockchain and crypto assets that protects cryptographic keys using the company’s MPC-based technology used by the Fortune 500. A long-needed answer Today, crypto assets valued in billions are compromised and lost, and existing approaches for dealing with protection of crypto assets keys and secrets are proven … More

The post Unbound releases open source blockchain-crypto-mpc library for blockchain developers appeared first on Help Net Security.

CyberGRX raises $30 million in Series C funding round

CyberGRX has raised $30 million in Series C funding led by Scale Venture Partners. Existing investors Aetna Ventures, Allegis Group, Bessemer Venture Partners, The Blackstone Group, ClearSky, GV, MassMutual Ventures, and TenEleven Ventures also participated in the round. In the last 12 months, CyberGRX has seen over 1,000 percent growth in both annual revenue, and in companies on the Exchange. The company will deploy the secured capital to support this user growth, further extend augmentation … More

The post CyberGRX raises $30 million in Series C funding round appeared first on Help Net Security.

Nutanix introduces Xi Cloud Services for the multicloud era

Nutanix launched Xi Cloud Services, a new suite of offerings designed to create a unified fabric across different cloud environments, that gives IT teams the freedom to run their applications on the optimal platform, not restricted by technology limitations. Xi Cloud Services is comprised of five distinct offerings at launch, including Xi Leap, a native extension of the Nutanix Enterprise Cloud Platform providing disaster recovery as a service. A hybrid cloud that allows IT to … More

The post Nutanix introduces Xi Cloud Services for the multicloud era appeared first on Help Net Security.

SCADAfence partners with Demisto to extend automated incident response to OT networks

SCADAfence is partnering with Demisto to enable industrial organizations to respond to the threats that spread from IT to OT networks. With the integration of SCADAfence’s Continuous Network Monitoring (CNM) solution with Demisto’s Enterprise platform, security managers can assess their exposure to cyberattacks that move laterally from IT to OT. As a result, they can respond and mitigate ongoing incidents that threaten their operational availability. For example, if a ransomware attack, such as the infamous … More

The post SCADAfence partners with Demisto to extend automated incident response to OT networks appeared first on Help Net Security.

Aporeto’s Zero Trust now available on AWS Marketplace for Containers

Aporeto released the Zero Trust security solution on Amazon Web Services (AWS) Marketplace for Containers. AWS customers can now use the Amazon Elastic Container Service (Amazon ECS) console and AWS Marketplace for Containers website to discover, produce and deploy container solutions – including the Aporeto Zero Trust security solution. With this release, AWS Marketplace has extended its existing benefits and features to container products, with a discovery and search experience offering access to a curated … More

The post Aporeto’s Zero Trust now available on AWS Marketplace for Containers appeared first on Help Net Security.

DriveSavers introduces the Passcode Lockout Data Recovery service for consumers

DriveSavers unveiled it is utilizing new technology to recover data from password-locked smart devices with any length passcode. The service is being offered to consumers who have forgotten device passwords, been locked out after too many incorrect attempts, and for those who need access to data stored on the device of a deceased family member. Other companies offer a similar service only to law enforcement. DriveSavers offers a Passcode Lockout Data Recovery service to consumers. … More

The post DriveSavers introduces the Passcode Lockout Data Recovery service for consumers appeared first on Help Net Security.

Software AG Cloud offers open suite of cloud services

Software AG unveiled its next-generation Software AG Cloud, an open, enterprise-grade cloud platform for building, testing, deploying and managing everything from simple apps to complex, cloud-enabled enterprise and IoT applications. Software AG Cloud is a one-stop shop for “all things cloud” and provides customers and partners with subscription-based access to Software AG’s enterprise applications and middleware technology. Dr. Wolfram Jost, Chief Technology Officer, Software AG noted: “Software AG Cloud is a reliable and scalable cloud … More

The post Software AG Cloud offers open suite of cloud services appeared first on Help Net Security.

Offensive Security redesigns Exploit Database, its archive of public exploits

Offensive Security released an update to Exploit Database (EDB), its archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers worldwide. Offensive Security’s Exploit Database is the collection of exploits on the Internet. Exploits are gathered through direct submissions, mailing lists and other public sources – and are presented in a CVE-compliant database. EDB is a repository for exploits and proof-of-concepts, rather than advisories, making it a valuable … More

The post Offensive Security redesigns Exploit Database, its archive of public exploits appeared first on Help Net Security.

Fugue Risk Manager protects against data breaches with self-healing cloud infrastructure

A Software-as-a-Service (SaaS) offering, Fugue Risk Manager can identify compliance violations in cloud environments and remediate unauthorized infrastructure changes. Enterprise cloud teams can use Fugue Risk Manager to scan cloud infrastructure to identify policy violations for a number of compliance regimes, including Amazon Web Services (AWS) Center for Internet Security (CIS) Benchmarks, National Institute of Standards and Technology (NIST) 800-53 Rev. 4, General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and … More

The post Fugue Risk Manager protects against data breaches with self-healing cloud infrastructure appeared first on Help Net Security.

Silverfort’s Risk Engine secures corporate identities without impacting usability

Silverfort launched AI-based risk engine that analyzes activities across all on-premises and cloud environments, to calculate risk score per user, device and resource, and apply authentication policies. Most Multi-Factor Authentication (MFA) solutions were designed as point solutions for specific systems or for certain types of assets (e.g., web applications). As such, the risk analysis and adaptive policies they can offer are limited to the specific systems they protect. They are incapable of protecting the variety … More

The post Silverfort’s Risk Engine secures corporate identities without impacting usability appeared first on Help Net Security.

Cylance introduces AI-powered cloud security solution for AWS

Cylance released support for Amazon Web Services (AWS) with CylancePROTECT for the cloud. Cylance develops artificial intelligence capabilities to detect and prevent malware from executing. CylancePROTECT now supports AWS Linux to protect application instances running on cloud services infrastructure from cyber threats, and its AI techniques further extend to the Cylance AI-powered endpoint detection and response (EDR) solution CylanceOPTICS to provide insight and threat hunting capabilities against those threats. “We are excited to make our … More

The post Cylance introduces AI-powered cloud security solution for AWS appeared first on Help Net Security.

YubiHSM SDK secures infrastructures and cryptographic key material

Yubico released a new open source YubiHSM 2 (hardware security module) software development kit (SDK) available for developers and engineers to implement the YubiHSM 2 for an unlimited amount of use cases. The YubiHSM 2 delivers security for cryptographic digital key generation, storage, and management, supporting a range of enterprise environments and applications, in a cost effective and minimalistic form factor. With the introduction of the open source YubiHSM 2 SDK, developers can build apps, … More

The post YubiHSM SDK secures infrastructures and cryptographic key material appeared first on Help Net Security.

Tenable.io available on AWS Marketplace

Tenable unveiled that Tenable.io, for vulnerability management in the cloud, is available for purchase on Amazon Web Services (AWS) Marketplace. This allows customers to build vulnerability management, including the automated discovery and assessment of cloud infrastructure assets, to manage, measure and reduce cyber risk across cloud environments. “Tenable is a cloud-first company. Tenable.io doesn’t just help to secure the cloud, it’s also built on the cloud for the cloud. Now with our inclusion of Tenable.io … More

The post Tenable.io available on AWS Marketplace appeared first on Help Net Security.

Synthetic identity fraud to drive $48 billion in annual losses by 2023 – Juniper Research

Online payment fraud losses will reach $48 billion annually by 2023, up from the $22 billion in losses projected for 2018, a new study from Juniper Research has found.

Juniper’s new research claims that a critical driver behind losses from eCommerce, airline ticketing, money transfer and banking services will be “the continued high level of data breaches resulting in the theft of sensitive personal information.”

Synthetic identity fraud is on the rise, researchers found. Fraudsters are using fragments of real data gleaned from breaches to create new, synthetic identities, as they slowly move away from pure identity theft. Synthetic-identity fraud is one the fastest-growing forms of identity theft in the United States, according to the Department of Justice. R. Sean McCleskey, a retired United States Secret Service agent who supervised an identity-theft task force for more than a decade explains to the CNBC why synthetic identity fraud is so prolific:

“When criminals use a blend of different people’s data, as well as some entirely made up information, it becomes harder for law-enforcement officials to both realize the crime and then locate the culprit,” he is quoted as saying.

Juniper forecasts that money transfer will be a particularly vulnerable area, with the global rise in instant payment schemes and a focus on transactional rather than behavioral risk. Fraud losses are projected to increase by over 20% per annum to $10 billion in 2023.

“Synthetic identity is currently the low-hanging fruit because, even though it takes time for fraudsters to establish, many of their targets are not set up to detect the behavioral giveaways that indicate this type of fraud,” said research author Steffen Sorrell.

Techniques practiced by the Magecart and Fin7 groups will become more common as fraudsters seek to create products from their knowledge, Juniper predicts, The two gangs typically use a combination of malware and cross-channel approaches to facilitate their criminal gain, resulting in more common instances of complex fraud as the a ‘fraud-as-a-service’ economy emerges.

The report recommends a holistic approach to fraud prevention, one that includes a strategy to assess and mititgate risk from a cybersecurity perspective.

Janrain unveils next-gen customer identity management as a service (IDaaS) offering

Janrain released Janrain Identity Central, which allows companies to provide customer registration, authentication, single sign-on, preference and consent management, as well as self-service account recovery while accommodating the use cases within Global 1,000 enterprises. Janrain Identity Central allows: Developers to add Janrain’s full suite of identity services to their applications in just minutes–new identity features can be activated centrally without any application code changes API-first, rapid development supporting Continuous Integration and Continuous Delivery (CI/CD) Consistent, … More

The post Janrain unveils next-gen customer identity management as a service (IDaaS) offering appeared first on Help Net Security.

FileShadow releases macOS desktop app, archiving local files to its cloud file assurance service

FileShadow released the FileShadow Desktop App. The app aggregates files stored in Apple iCloud with other cloud storage systems, along with local and direct attached storage (DAS), including Drobo direct attached appliances with support for the newly announced Drobo 8D. With this addition, FileShadow now connects the majority of all cloud and macOS storage options into one secure cloud vault, delivering a single consolidated catalog of files. With the FileShadow Desktop App, files and photos … More

The post FileShadow releases macOS desktop app, archiving local files to its cloud file assurance service appeared first on Help Net Security.

Ericom’s managed access solution accelerates cloud transition for enterprises and service providers

Ericom Software released Ericom Connect 9.0. This latest release of the company’s remote application and desktop access solution extends its capabilities and further solidifies Ericom’s position as an innovator in application delivery and cloud enablement. Ericom Connect 9.0 empowers organizations, independent software vendors (ISVs) and service providers to connect end-users to hosted applications. Now with built-in single sign-on (SSO) capabilities, Ericom Connect further streamlines Windows application access via the web, and reinforces its position for … More

The post Ericom’s managed access solution accelerates cloud transition for enterprises and service providers appeared first on Help Net Security.

Awake Security uncovers malicious intent across on-premise, IoT and cloud infrastructure

Awake Security unveiled the Fall release of its Awake Security Platform, a network traffic analysis (NTA) solution designed to help organizations combat cyber threats and improve visibility. Awake’s intelligence is built on visibility and an understanding of the business entities in the organization—whether those are traditional IT assets, Internet of things (IoT) devices, or cloud workloads. Through analysis of every communication between these entities, Awake’s network detection and response platform better detects mal-intent and attacks … More

The post Awake Security uncovers malicious intent across on-premise, IoT and cloud infrastructure appeared first on Help Net Security.

Avast launches mobile security app for iPhone users

Avast launched Avast Mobile Security for iOS users. Available in both a free and a premium version, Avast Mobile Security delivers all the protection iPhone and iPad users need, including guarding their identity, browsing safely and privately, connecting to secure networks, and protecting personal data such as photos. “Despite the perception that iPhone and iPad users are immune to security risks, this isn’t actually the case. Any device is at risk, no matter which operating … More

The post Avast launches mobile security app for iPhone users appeared first on Help Net Security.

Centreon releases Remote Server functionality for cross-domain monitoring of multi-site IT operations

Centreon released Centreon EMS 18.10, the new version of its IT monitoring software. The new release includes the Centreon Remote Server for streamlined operations of multiple sites and distributed IT assets, while empowering local remote office branch office (ROBO) transparency, agility and resilience. Providing business-aware and cross-domain monitoring of hybrid and converging IT infrastructures, Centreon EMS with the Centreon Remote Server cut cost and complexity for global decentralised IT operations management without compromising on the … More

The post Centreon releases Remote Server functionality for cross-domain monitoring of multi-site IT operations appeared first on Help Net Security.

Cloud Daddy launches data protection update 1.3 for Secure Backup Solution on AWS Marketplace

Cloud Daddy released version 1.3 of its software platform. The update incorporates Amazon GuardDuty intelligent threat detection capabilities and real-time cost estimation of backup jobs, as well as restore features for Instances, Volumes and AWS Databases. “Using Amazon GuardDuty on the CDSB platform underscores our commitment to providing modern-era data protection,” said Cloud Daddy CEO and Founder Joe Merces. “The ongoing barrage of cyber threats and ransomware attacks from malicious actors makes it essential for … More

The post Cloud Daddy launches data protection update 1.3 for Secure Backup Solution on AWS Marketplace appeared first on Help Net Security.

Alcide raises $7M to redefine cloud security

Alcide has raised $7M in Series A funding from new investor CE Ventures alongside existing investors Intel Capital and Elron.The funding, raised only seven months after the Alcide cloud-native security platform’s general availability and the company’s selection as a Gartner Cool Vendor, will be used to support a go-to-market strategy and an expansion into the US and EMEA markets. Ben Weiss, partner at CE Ventures, will join Alcide’s board as part of the round. The … More

The post Alcide raises $7M to redefine cloud security appeared first on Help Net Security.

Ivanka Trump used personal account for government business, posing security risk to White House

During the 2016 presidential election, US President Donald Trump aggressively went after Hilary Clinton for using her personal email account and server for official conversations during her time as US Secretary of State. Two years later, it is now Ivanka Trump’s turn to take the heat. Or not.

White House ethics officials confirmed she used a private email account to send official government-related emails last year, writes the Washington Post. Ivanka Trump exchanged hundreds of official emails with assistants, Cabinet officials and White House aides through a domain shared with her husband, Jared Kushner. The domain was created in December 2016, before she moved Washington. Because the domain was created through a Microsoft system, the emails are stored by the tech company.

Her actions could be in violation of the Presidential Records Act, which specifies that White House Communication must be secured and all data kept in a secure archive to prevent hacking and mishandling of data. Although her emails were mostly about personal travel dates and logistical data, some may still be in violation of federal records legislation, as they discussed official business and government policies.

When asked about the use of her personal email for official business, Ms. Trump allegedly said she had not been informed about email policies and didn’t know she was breaking White House rules, claim Trump administration officials.

“While transitioning into government, after she was given an official account but until the White House provided her the same guidance they had given others who started before she did, Ms. Trump sometimes used her personal account, almost always for logistics and scheduling concerning her family,” said Peter Mirijanian, a spokesman for Trump’s attorney.

The more you say you know about phishing, the more vulnerable you are … Until you’re hoodwinked

A study in which researchers sent phishing emails to 1,350 students has yielded a startling find: those who believe they know how to tell a phishing scam from a genuine email are actually more susceptible to the attack.

The study by the University of Maryland, Baltimore County (UMBC) involved various phishing tests to assess whether any demographic segments were more susceptible to phishing attacks.

Responses were gathered from students in disparate fields, from engineering and mathematics to arts and social sciences. Researchers demonstrated that phishing awareness, hours spent on the computer, cyber training, cyber club or cyber scholarship affiliation, age, academic year, and college affiliation significantly affected student susceptibility.

Some interesting findings emerged, including that older students were more able than their younger peers to spot a phishing email and avoid clicking on the links inside. Less surprising results were those by gender, described by the researchers as not statistically relevant, while engineering and IT majors had some of the lowest click rates.

What was not so anticipated, though, was that students who boasted about their knowledge of phishing and how to avoid it were actually more susceptible than those who were less confident in their ability to sniff out phishing.

As many as 59% of subjects who opened the phishing email also clicked on its phishing link, and approximately 70% of those subjects who participated in an additional demographic survey clicked on the bait links inside.

“Contrary to our expectations, we observed greater user susceptibility with greater phishing knowledge and awareness,” paper authors Alejandra Diaz, Alan T. Sherman, and Anupam Joshi said. “Students who identified themselves as understanding the definition of phishing had a higher susceptibility than did their peers who were merely aware of phishing attacks, with both groups having a higher susceptibility than those with no knowledge of phishing.”

 

UMBC researchers are the first to admit they have no convincing explanation for this surprising find, but they ventured a couple of guesses nevertheless:

For one, they theorize that falling victim to a phishing scheme in the past might increase a user’s awareness about phishing. In other words, those clumsy enough to fall for a phishing scheme may become proportionally more skeptical of the contents of their inbox overnight. The logic behind this assumption is sound from a psychological perspective, so it’s reasonable that previous experience indeed played an important factor in the results.

“In hindsight, it might have been wiser to have asked in the post-event survey what was the level of phishing awareness the user had when they opened the phishing email,” the researchers were careful to point out.

Their second hypothesis – likely also a correct scenario and a contributing factor to the finding – is that respondents who fell for the phish were simply over-confident in their knowledge about phishing.

“Typically, the most important and devastating vulnerability a company can have is its very own people,” the authors said, citing an IBM study. “The human factor, or error, is responsible for 95% of security incidents. Malicious actors aim to use social engineering to exploit users into giving up valuable and confidential information […] We hope our results will help businesses and colleges improve their cybersecurity practices,” they noted.

Fugue releases Risk Manager to ID cloud compliance violations

A new Software-as-a-Service (SaaS) solution, Fugue Risk Manager is designed to make it easier for enterprises to identify compliance issues in their cloud environments and prevent them from reoccurring. Fugue Risk Manager inspects cloud infrastructure environments and identifies resource configuration issues for common compliance regimes, including AWS CIS Benchmarks, NIST 800-53 Rev. 4, GDPR, HIPAA, and custom controls specified by the customer. Once violations are corrected and a known-good baseline is established, Fugue Risk Manager … More

The post Fugue releases Risk Manager to ID cloud compliance violations appeared first on Help Net Security.

HOTforSecurity: Fraud attempts to jump 14% during 2018 peak holiday shopping season, benchmark data indicates

Fraud attempts will likely increase 14% during the 2018 peak holiday season between Thanksgiving Day and Cyber Monday, according to new benchmark data from ACI Worldwide.

The banking solutions provider revealed its projected increase in fraud attempts based on hundreds of millions of merchant transactions, including from some the world’s leading global retail brands.

Fraud attempts are likely to peak on Thanksgiving Day as transaction volume surges 23% compared to the same day last year, according to the projections. The volume of transactions on Thanksgiving Day is expected to surge 23% compared to Thanksgiving 2017, while fraud attempts are expected to hit a high 1.80% of transactions.

Transaction volume on Black Friday will likely rise 19% in 2018 compared to 2017, with fraud attempts affecting 1.30%, according to the company.

“Buy online, pick up in-store” and call centers will be areas of focus for fraudsters as cross channel fraud also continues to grow, the data showed. And the attempted fraud average ticket price, or a merchant’s average size of individual sales by credit card, is expected to increase 3% from $236 to $243, ACI said.

“As more consumers purchase big ticket items like smartphones, TVs and other electronics, we expect the attempted fraud average ticket price to be higher this year than in previous years,” according to Erika Dietrich, global director, Payments Risk, ACI Worldwide.

“Fraudsters will keep an eye on items that have limited inventory as it gives them an additional opportunity to steal and sell those items on the black market for a higher price so consumers and merchants alike must be vigilant in such cases,” Dietrich added.

How to combat fraud this holiday shopping season

In addition to publishing the benchmark study ahead of Thanksgiving, ACI is serving tips and tricks on how to stay out of harm’s way, and that includes for businesses too.

Regular customers are advised to always shop at reputable websites, avoid public WI-Fi networks, use biometric authentication wherever possible, avoid using the same credentials with multiple merchants, and even refrain from using public wireless charging stations to avoid “juice jacking,” where fake kiosks are rigged to steal personal data from devices.

ACI tell businesses, meanwhile, to identify where fraud has previously been an issue, monitor for threats with solutions designed to detect abnormal behavior, communicate fraud-countering strategies well across teams, profile customers, and employ rapid access to fraud intelligence to inform tactics in real time.



HOTforSecurity

Fraud attempts to jump 14% during 2018 peak holiday shopping season, benchmark data indicates

Fraud attempts will likely increase 14% during the 2018 peak holiday season between Thanksgiving Day and Cyber Monday, according to new benchmark data from ACI Worldwide.

The banking solutions provider revealed its projected increase in fraud attempts based on hundreds of millions of merchant transactions, including from some the world’s leading global retail brands.

Fraud attempts are likely to peak on Thanksgiving Day as transaction volume surges 23% compared to the same day last year, according to the projections. The volume of transactions on Thanksgiving Day is expected to surge 23% compared to Thanksgiving 2017, while fraud attempts are expected to hit a high 1.80% of transactions.

Transaction volume on Black Friday will likely rise 19% in 2018 compared to 2017, with fraud attempts affecting 1.30%, according to the company.

“Buy online, pick up in-store” and call centers will be areas of focus for fraudsters as cross channel fraud also continues to grow, the data showed. And the attempted fraud average ticket price, or a merchant’s average size of individual sales by credit card, is expected to increase 3% from $236 to $243, ACI said.

“As more consumers purchase big ticket items like smartphones, TVs and other electronics, we expect the attempted fraud average ticket price to be higher this year than in previous years,” according to Erika Dietrich, global director, Payments Risk, ACI Worldwide.

“Fraudsters will keep an eye on items that have limited inventory as it gives them an additional opportunity to steal and sell those items on the black market for a higher price so consumers and merchants alike must be vigilant in such cases,” Dietrich added.

How to combat fraud this holiday shopping season

In addition to publishing the benchmark study ahead of Thanksgiving, ACI is serving tips and tricks on how to stay out of harm’s way, and that includes for businesses too.

Regular customers are advised to always shop at reputable websites, avoid public WI-Fi networks, use biometric authentication wherever possible, avoid using the same credentials with multiple merchants, and even refrain from using public wireless charging stations to avoid “juice jacking,” where fake kiosks are rigged to steal personal data from devices.

ACI tell businesses, meanwhile, to identify where fraud has previously been an issue, monitor for threats with solutions designed to detect abnormal behavior, communicate fraud-countering strategies well across teams, profile customers, and employ rapid access to fraud intelligence to inform tactics in real time.

Hackers infect Malaysia’s largest media company with ransomware, then demand $6.45 million

Media Prima Berhad, Malaysia’s leading media company, has been hit with a ransomware attack followed by a whopping $6.45 million demand for the decryption keys.

Anonymous sources from within the company told The Edge Financial Daily that the attack unfolded over four days, and that ransomware operators demanded the company pay 1,000 bitcoins in ransom – the equivalent of RM27,042.26, or US$6.45 million.

“The whole Media Prima group’s computer systems have been breached and infected with ransomware over the last four days,” said the source. “The attackers demanded 1,000 bitcoins from Media Prima in the ransomware attack.”

Asked to comment via email, Media Prima would neither confirm nor deny the breach, saying: “Thank you for the questions. It is with regret [we have] to inform you that we decline to comment on the questions.”

Another source, however, indicated that the attack was not very serious at all, and that Media Prima declined paying the ransom.

“Our office email was affected, but we have migrated to G Suite. They (the attackers) demanded bitcoins, but we are not paying,” this source said.

It is unclear what ransomware family was used in the attack. It is also unclear whether the operators had direct access to physical systems (an inside job would not be out of the question), or if they used social engineering schemes to make their way into Media Prima’s infrastructure and deploy the attack.

It is worth noting that ransomware operators typically use social engineering to trick victims into granting internal access. Whichever the case, going by the sum requested by the operators, the attack was very likely targeted.

Tripwire Enterprise now collects digital forensic data to support incident response

Tripwire Enterprise now features the ability to collect digital forensic data in the event of a data breach. “Tripwire Enterprise monitors systems in real-time for changes that could be indicative of a breach,” said Tim Erlin, vice president of product management and strategy at Tripwire. “When a security breach is suspected, Tripwire Enterprise’s new Incident Response Rules can be used to collect in-depth data on what happened on a system to speed and support incident … More

The post Tripwire Enterprise now collects digital forensic data to support incident response appeared first on Help Net Security.

Dragos Announces $37M in Series B funding for ICS cybersecurity threat detection and response

Dragos raised $37M in Series B funding. The new investment comes at a time of growth in the ICS cybersecurity market, and demand for Dragos’ asset identification and threat detection software. The round was led by Canaan, with participation from existing investors as well as Emerson, National Grid Partners and Schweitzer Engineering Laboratories (SEL). With the investment, Joydeep Bhattacharyya, Partner at Canaan, joins the company’s board of directors. “Industrial equipment is one of the last … More

The post Dragos Announces $37M in Series B funding for ICS cybersecurity threat detection and response appeared first on Help Net Security.

EZShield launches Mobile Defense Suite

EZShield protects Personally Identifiable Information (PII) through the Mobile Defense Suite. “Mobile devices positively influence and impact our personal and business lives, but they are also a gateway to identity theft and corporate data breaches,” said Rich Scott, Chief Commercial Officer at EZShield + IdentityForce. “Today, we are redefining how we all think about identity protection. And, how Information Technology (IT) and Information Security (InfoSec) stakeholders can further pave the way to drive and defend … More

The post EZShield launches Mobile Defense Suite appeared first on Help Net Security.

Sixgill backstops security with blockchain data integrity for IoE applications

Sixgill unveiled its blockchain or distributed ledger-based solution for sensor network data integrity. Sixgill Integrity is a ledger-agnostic solution and is designed from the ground up to solve the fundamental need for an end-to-end, real-time sensor data authenticity system. With Integrity, organizations are assured that their emitted data, transmitted data, ingested data, and acted-upon data are the same. Sixgill is taking a fresh approach to fundamental industry challenges of data security and authenticity: Cloud processing … More

The post Sixgill backstops security with blockchain data integrity for IoE applications appeared first on Help Net Security.

Eurofins Digital Testing launches Cyber Security Division

Eurofins Digital Testing launched a new Cyber Security Division to serve the media and entertainment industry, Internet of Things providers, and other key markets. Concurrently, the company announced the appointments of Marcel Mangel, Erik Rutkens, and Sean Walls as Managing Directors of Cyber Security, overseeing a team of nearly 100 security experts around the globe. Today, media and entertainment companies in particular face numerous security threats. These span their internal enterprise software applications and hardware, … More

The post Eurofins Digital Testing launches Cyber Security Division appeared first on Help Net Security.

ThreatConnect expands TIP capabilities with new automation

In an effort to address the growing threat intelligence market need for automation, ThreatConnect has extended its product offering to include Playbooks in its TC Analyze product. Built for analysts, by analysts, TC Analyze provides a place to see teams’ tasks, analyze data, and connect all available security tools. TC Analyze with the Playbooks feature increases threat intelligence platform (TIP) flexibility by adding automation to formerly disconnected security tools. Customers now have the ability to … More

The post ThreatConnect expands TIP capabilities with new automation appeared first on Help Net Security.

Vade Secure launches IsItPhishing Threat Detection to help SOCs identify phishing URLs

Vade Secure launched IsItPhishing Threat Detection, an anti-phishing solution that helps Security Operations Centers (SOCs) identify and block targeted phishing attacks. Easily integrating with existing SIEM and SOAR solutions through a lightweight API, IsItPhishing Threat Detection delivers a real-time verdict on whether a suspicious URL is phishing or not. These verdicts can be leveraged in SOC workflows to accelerate phishing detection, response and resolution. Real-time phishing detection powered by machine learning To detect unknown, targeted … More

The post Vade Secure launches IsItPhishing Threat Detection to help SOCs identify phishing URLs appeared first on Help Net Security.

OpenStack Foundation board expands mission to host new open source projects

The board of directors of the OpenStack Foundation (OSF) adopted a resolution advancing a new governance framework supporting the organization’s investment in emerging use cases for OpenStack and open infrastructure. These include continuous integration and continuous delivery (CI/CD), container infrastructure, edge computing, datacenter and, newly added, artificial intelligence/machine learning (AI/ML). The board resolution authorizes the officers of the OSF to select and incubate Pilot projects. This new governance framework broadens the OSF’s mission to serve … More

The post OpenStack Foundation board expands mission to host new open source projects appeared first on Help Net Security.

Cequence Security announces application security platform to stop bot attacks

Cequence Security released Cequence ASP, an application security platform that provides a scalable defense against the growing number of bot attacks affecting today’s hyper-connected organizations. These financially-motivated attacks target externally-facing web and mobile apps, as well as API services that provide connections to other applications across their digital ecosystem. Attack objectives can include account takeover, content scraping, distributed denial of service, and much more. “From a bad actor’s perspective, geo-distributed bot attacks are relatively easy … More

The post Cequence Security announces application security platform to stop bot attacks appeared first on Help Net Security.

Cryptowerk introduces blockchain-based technology to certify data integrity of digital assets

Cryptowerk introduced Cryptowerk Seal, a blockchain-as-a-service (BaaS) solution that creates a seal for any form of digital assets. The cloud service writes digital seals or “fingerprints” of the data to one or more blockchains at speeds of up to one million times per second, creating a tamper-proof chain of custody that can be used in large-scale enterprise applications. With the digital seal, every product, process and transaction can now be matched to its original to … More

The post Cryptowerk introduces blockchain-based technology to certify data integrity of digital assets appeared first on Help Net Security.

Apple says nothing as Apple ID accounts mysteriously locked down

Has someone been trying to hack into a large number of Apple ID accounts?

That’s one of the theories circulating after a significant number of iPhone owners woke up on Tuesday to discover that their handsets were displaying a message saying that their Apple ID had been locked.

All the indications are that Apple locked the accounts of an unknown number of customers, kicking them out of iCloud, iMessage, Apple Music, Apple TV and other services and – in some cases – demanding that they verify their identity to regain access.

As 9to5Mac reports, criticism has spilled out onto social media as frustrated users complained to Apple that their attempts to regain access resulted in failure.

Apple, typically, has been unforthcoming about why so many accounts appear to have been locked.

Of course, that hasn’t stopped people from speculating. Theories include that perhaps the problem lies at Apple’s end, and a bug in the code which decides if an account should be locked or not is triggering lockouts where they are not appropriate, or its systems are failing to correctly allow users to correctly verify their identity.

Another possibility is that the company has seen a spike in attempts to access accounts, perhaps using passwords gleaned from other online data breaches. Such leaks on other sites can pose a risk to Apple users if they had made the mistake of reusing passwords across multiple services.

Some locked out users, however, assert that the passwords they use to protect their iCloud accounts were not being used anywhere else on the net.

A further possibility is that Apple is simply proactively trying to protect users who it believes may be at risk of having their accounts breached. Apple, after all, does not know what password you have chosen to use on other websites (unless it also has access to a breached database), but if it is concerned that you *might* be amongst those who may have made a poor password choice, it’s not utterly impossible to imagine that they might take steps to ensure users have reset passwords rather than risk headlines of thousands of breached Apple accounts…

It should be noted that the risk associated with your Apple ID password falling into the wrong hands can be significantly reduced by adding the additional security layer of two-factor authentication (2FA) o your Apple ID account.

The nice thing about having 2FA protecting your Apple ID account, is not only that it may prevent an unauthorised party from gaining access but also that you will receive a warning of an attempt to break in.

For its part, in the immediate aftermath of the lockouts, Apple’s support team is pointing affected users to a knowledgebase article which describes actions users can take if they find their account is locked or disabled.

That won’t tell you why your account has been disabled, or what the security alert was about, but it does at least give you the steps you are normally required to take to regain access.

Meanwhile the rest of us will wait with interest to see if there is any official announcement from Apple – after all, we’re still in the dark as to whether there was a genuine security-related reason for users to have their accounts locked, or whether this was a problem with Apple’s systems.

Don’t fall for fake NEO, Tether and MetaMask cryptocurrency wallets on Google Play

Fake cryptocurrency wallets continue to creep their way into Google’s application store for Android aficionados, as one researcher has recently discovered.

Using his personal website, independent researcher Lukas Stefanko sounds the alarm over four new fake cryptocurrency wallets that trick users either into giving away their credentials, or impersonate legitimate cryptocurrency wallets.

“These threats imitate legitimate services for NEO, Tether and MetaMask. I reported these apps to Google security team and they were promptly removed,” writes Stefanko.

All four apps were built with the same ultimate purpose in mind, but they are of two distinct categories:

Phishing – where the malicious app requests the user’s private key and wallet password after launch (i.e the MetaMask app)

Fake wallets – Stefanko found two relatively identical NEO Wallet apps that fit into this category, as well as one Tether Wallet app

The post includes a detailed disclose of two of the fake wallets, a demonstration of the apps’ functionality, an example of legitimate VS fake wallets, a bit of code analysis and some tips on how to stay safe out there.

 

The more intriguing find, in Stefanko’s opinion, was the tool used to create these malicious applications.

“What concerns me the most is that these fake wallets were created using Drag-n-Drop app builder service without any coding knowledge required,” he writes, adding that “literally anyone can ‘develop’ [a] simple but effective malicious app either to steal credentials or impersonate [a] cryptocurrency wallet.”

The post also shows indicators of compromise (IoC) in the form of package names and hashes, as well as wallet addresses and the cryptocurrency associated with the respective address (Tether, NEO, NEO QR).

Third-party data breach exposes info of Alabama hospital job applicants

Huntsville Hospital in Alabama announced that the personal data of job applicants may have been compromised after a security incident at the recruitment platform they collaborate with. Social Security numbers of thousands of people may have been leaked online. Detailed information has not been released, but applicants that may have fallen victim are contacted and offered identity protection services.

Huntsville Hospital released a statement on Thursday reading:

“Regrettably, we’ve learned that Jobscience, Inc., the vendor which we’ve used for online employment application services since 2006, had a data breach which may have involved information from individuals who applied for jobs at Huntsville Hospital. Because of this, notification letters are being sent to the affected persons.

“Although we have no indication that any information has been misused in any way, out of an abundance of caution, we are offering identity theft protection to those job applicants whose Social Security Number may have been compromised.

The hospital no longer uses the services of Jobscience.”

2018 has seen some major breaches in the healthcare sector. Motivated by financial gain, hackers have so far launched aggressive attacks on three hospitals in Massachusetts, countless ransomware attacks, and they compromised patient records through phishing attacks. Third-party vendors, as in the case of Huntsville Hospital, are turning into a key challenge because third-party risks have been neglected for far too long, even though they come with many associated risks.

Steam bug exposes license keys for every game available on platform

An avid bug hunter has discovered a vulnerability in Valve’s Steam developer portal which, exploited properly, reveals every license key for every game available on the platform. Instead of selling the keys for illicit profit, he reported the flaw to Valve.

Artem Moskowsky discovered the bug in August, but Valve published the news only recently, taking enough time to patch the flaw and make sure it can never be exploited again.

Moskowsky reportedly stumbled across the bug by mistake, while taking an innocent stroll down Valve’s developer site, where game sellers can manage their titles.

The Register reports that the researcher “noticed it was fairly easy to change parameters in an API request, and get activation keys for a selected game in return. Those keys, also known as CD keys, can be used to activate and play games downloaded from Steam. The API is provided so developers and their partners can obtain license keys for their titles to pass onto gamers.”

“This bug was discovered randomly during the exploration of the functionality of a web application. It could have been used by any attacker who had access to the portal,” Moskowsky told the news site.

“To exploit the vulnerability, it was necessary to make only one request,” he added. “I managed to bypass the verification of ownership of the game by changing only one parameter. After that, I could enter any ID into another parameter and get any set of keys.”

In one case, Moskowsky says he obtained 36,000 license keys for the relatively old (but still relevant) Portal 2 game, developed by Valve itself. The game retails for $9.99, which (theoretically) would translate into around $359,640 in lost revenue for the developer, if the keys got sold on the black market.

The researcher reported the flaw via HackerOne, the bug bounty program that connects businesses with cybersecurity researchers in an effort to find and fix bugs before unethical hackers beat them to it.

Valve awarded Moskowsky the $15,000 bounty — plus an additional $5,000 because the company felt he deserved an extra bonus for the find. The Register notes that Moskowsky previously got a $25,000 reward for finding a vulnerability in the exact same platform. Looks like ethical hacking does pay!

Chinese headmaster fired after setting up his own secret cryptomining rig at school

A Chinese headmaster has lost his job after it was discovered he was stealing the school’s electricity to power a secret cryptocurrency-mining rig.

As the South China Morning Post reports, Lei Hua, the head teacher of a school in the central province of Hunan, built a stack of eight servers that run day and night, mining for the Ethereum cryptocurrency.

According to the report, Lei paid 10,000 yuan (approximately US $1400) in June 2017 to buy his first cryptomining machine, which he set up at his home.

However, the headmaster soon discovered that his activities were consuming a significant amount of electricity – 21 kWH per day – and in an attempt to save himself money, Lei is said to have relocated the machine to his school’s computer room, where it was soon joined by more mining machines.

Astonishingly, the school’s deputy headmaster is also said to have joined the scheme, buying a mining machine with Lei’s help that also gobbled up the school’s power supply.

In all, a total of eight cryptomining machines were installed in the school between mid-2017 and the summer of 2018.

After one year, an electricity bill of 14,700 yuan (US $2120) had been racked up, causing a school employee to raise a concern with the headmaster about why the school might be using so much electricity. Lei, however, dismissed the question and blamed the increased bill on the cost of air conditioning and heaters.

It was only when fellow teachers at the school became suspicious of the continual sound of whirring computers that the rig of eight cryptomining devices was identified.

Both Lei and his deputy headmaster have had their cryptocurrency earnings seized by the authorities, although it is not known how much they might have earnt through their clandestine operation. Lei was dismissed last month, according to reports, and his deputy given an official warning.

It’s an amusing story, but there are genuine concerns for other organisations here.

The cryptocurrency ‘gold rush’ has encouraged many people to break rules and even the law, motivated by the dream of earning themselves a fortune.

We’ve often seen this exhibited through the use of cryptomining malware impacting internet-connected PCs, but it’s equally an issue inside companies and organisations where staff might be tempted to sneak in a few computers to mine away under a desk, or in a seldom-visited server room.

Perhaps the most notorious example of this was the arrest earlier this year of a group of Russian nuclear scientists, who hijacked their own supercomputer at a top-secret nuclear weapon facility to allegedly mine for cryptocurrencies.

With the huge amount of energy and great computational power required to mine cryptocurrencies, having a supercomputer at your disposal gives you something of an advantage. Especially when someone else is paying for the electricity…

Organisations need to keep a close eye on what is happening on their network, and whether someone might have sneaked in additional computing equipment for their own purposes without permission.

After all, if you don’t have tight control over what is running in your organisation, you might have more problems than just a high electricity bill.

Canada Post leaks sensitive information of thousands of cannabis buyers

Any of the thousands of Canadians who bought legal cannabis in Ontario in the past two weeks may have been the victim of a personal data leak, thanks to weak security at Canada Post Corporation, Motherboard reported. Two weeks ago, Canada became the second country to legalize recreational cannabis, which naturally put a strain on postal services that had already been on a rotating strike for weeks.

The security incident was caused by an OCS customer who “used OCS reference numbers” and the Canada Post website to steal information. The person had access to the type of products delivered, name of person who signed for the package, postal code and delivery date. The exact address, payment information and buyer names were not compromised.

Ontario Cannabis Store (OCS) released a privacy update on Twitter on Wednesday reassuring users that privacy and security are top priorities.

OCS said it was informed on Nov. 1 that “limited delivery information of information of approximately 2 percent of OCS customer orders (approximately 4,500 orders) was accessed by an individual through the Canada Post delivery tracking tool. Delivery data shared with the OCS also included information relating to customers of other Canada Post clients.”

The Office of the Information and Privacy Commissioner (IPC) of Ontario was immediately informed of the security incident and worked with OCS to detect the cause of the breach and prevent similar issues in the future. According to OCS, even though Canada Post was urged to notify customers, at the time of the privacy update on November 7 they had not done so.

“Both [Canada Post and OCS] have been working closely together since that time to investigate and take immediate action,” said Canada Post for Motherboard. “As a result, important fixes have been put in place by both organizations to prevent any further unauthorized access to customer information. We have also shared with OCS that we are confident that the customer who accessed the information only shared it with Canada Post and deleted it without distributing further.”

VirtualBox zero-day flaw released on Github; working exploit available but no patch

An independent researcher has turned a bit rogue, disclosing a zero-day vulnerability in the popular VirtualBox virtualization software while expressing deep disagreement with the state of security research, and bug bounty standards in particular.

In a meticulously crafted post on Github, Sergey Zelenyuk uses a default VirtualBox configuration to demonstrate a previously-unknown vulnerability that occurs due to memory corruption issues in Intel PRO / 1000 MT Desktop (82540EM) network cards (E1000) when the network mode is set to NAT (Network Address Translation).

“The E1000 has a vulnerability allowing an attacker with root/administrator privileges in a guest to escape to a host ring3. Then the attacker can use existing techniques to escalate privileges to ring 0 via /dev/vboxdrv,” Zelenyuk explains.

Ring 0 refers to the host machine, where the malicious program would essentially “escape” to execute arbitrary code. The exploit is replicable on Windows too, albeit with a few configuration exceptions. The flaw affects all current versions of VirtualBox (up to 5.2.20).

Zelenyuk not only wrote out a complete guide on how to replicate the attack, he even posted a demonstration video of him exploiting the flaw.

VirtualBox E1000 Guest-to-Host Escape from Sergey Zelenyuk on Vimeo.

In spite of the unethical nature of his disclosure, Zelenyuk is thoughtful enough to include a fix with his post.

“Until the patched VirtualBox build is out you can change the network card of your virtual machines to PCnet (either of two) or to Paravirtualized Network. If you can’t, change the mode from NAT to another one. The former way is more secure,” he writes.

As for his reasons for disclosing a zero-day publicly before Oracle gets a chance to patch the bug, the researcher expressed dissatisfaction with the infosec community – in particular, the rules enforced by contemporary bug bounty programs. While some may resonate with Zelenyuk’s arguments, publishing a zero-day openly for the whole Internet before the vendor can release a patch is nonetheless considered irresponsible disclosure. However, in cases where the vendor has been notified of the flaw months in advance and has failed to deliver (for one reason or another), such disclosures can get the ball rolling sooner rather than later. Hopefully Oracle delivers before bad actors exploit the bug, now that a working exploit is available. But the fact that there is now a window of opportunity for hackers is still an issue.

DDoS attack on Cambodia’s top ISPs reached 150Gbps

A major DDoS attack hit Cambodia’s top ISPs, writes ZDNet. EZECOM, SINET, Telcotech and Digi have all confirmed the attack after users reported issues all last week when trying to use online applications.

The attack’s peak was on Nov. 5 and 6, when it almost reached 150Gbps, according to sources, causing at least half a day of downtime and disrupting internet access across the country. Local media reported this security incident as one of the biggest in the country.

“EZECOM has been hard at work with anti-DDoS specialists to deal with this issue, and we expect normalcy to return soon assuming no further large-scale attack,” reads the press release.

EZECOM also provides DDoS mitigation services, so its inability to secure its network against a DDoS attack may have hurt its credibility and reputation among customers.

“The first ISP, who received ISO certification and own the first submarine cable system in Cambodia, offers enterprises and businesses powerful tool to strengthen network security from the attacks known as distributed denial of service (DDoS),” local media wrote about EZECOM last year.

SINET ISP also confirmed the DDoS incident and apologized on Twitter.

No hacker group has claimed the attack. As there are no ransom demands and the culprits are unknown, motive remains a mystery.

DDoS attacks are on the rise. In 2018 they were more frequent than in the previous year, affecting business productivity and efficiency, and online operations.

Beware of scams! Elon Musk is not giving away bitcoin on Twitter

“Elon Musk” scams are invading people’s Twitter timelines again, Business Insider reports. Announcing he’s left his CEO position at Tesla, Musk is all of a sudden feeling generous enough to hand out digital currency to random people on Twitter. Better said, the fake accounts claim to be giving out “Bitcoic” by inviting followers to participate in a fake cryptocurrency giveaway.

Source: Cointelegraph.com

Cryptocurrency scams have gained popularity and show no sign of slowing down. Hackers are now even promoting them through Twitter’s ad service. How do they work?

Trying to make a quick buck off the cryptocurrency mania, hackers compromise legitimate accounts. Accounts known to have been hacked are Pantheon Books, film production company Pathe UK and US, and politician Frank Pallone Jr, for a few examples. Then the hackers change account names and pictures, and start tweeting their scams, sometimes by infiltrating Musk’s mentions. Now, thanks to the sponsored ads, they are visible on people’s timelines. And they must be working, as one account has allegedly raised some $170,000.

“Impersonating another individual to deceive users is a clear violation of the Twitter Rules,” said a company spokesperson. “Twitter has also substantially improved how we tackle cryptocurrency scams on the platform. In recent weeks, user impressions have fallen by a multiple of 10 in recent weeks as we continue to invest in more proactive tools to detect spammy and malicious activity. This is a significant improvement on previous action rates.”

Since these scams started, Twitter has been trying to take them down. The company has come up with strategies to prevent accounts from getting major changes, such as blocking name changes. Obviously, they have to keep working on it as it hasn’t proven very successful so far.

Equifax nemesis Apache Struts found vulnerable to 2-year old unpatched flaw; workaround available

Remember how an unpatched flaw in Apache Struts caused one of the biggest data breaches in history? It could happen again, if those using Apache Struts versions 2.3.x or lower fail to replace a file-upload component with a newer version.

Apache released an advisory this week urging users who run Apache Struts 2.3.x to update the commons-fileupload component, as bad actors could leverage a flaw to execute arbitrary code and deploy malware. The worrying part is that the flaw is two years old.

“Struts 2.3.x uses by default the old 1.3.2 version of commons-fileupload. In November of 2016, a deserialization vulnerability was disclosed and patched in commons-fileupload. The vulnerability can lead to arbitrary remote code execution,” writes Johannes Ullrich, a network security researcher focusing on IPv6 and web application security.

Users running Struts 2.3.x making use of the file upload mechanism built into Struts are vulnerable. Users of Struts 2.5.x, however, are not vulnerable, as this newer version of includes a patched commons-fileupload component.

Ullrich explains:

“There is no simple ‘new Struts version’ to fix this. You will have to swap out the commons-fileupload library manually. Download version 1.3.3 and place it inside WEB-INF/lib, replacing the old version. For Maven-based projects, you will also need to update your dependencies (see the advisory for details).”

Users are directed to this link for the latest version. After performing this workaround, users should also double check that they don’t have any other copies of the vulnerable library residing elsewhere on their systems, as Struts isn’t the only software that incorporates this component.

Iran says Stuxnet is back, claims Israel tried to hack Iranian infrastructure

Is Stuxnet back? Iran’s Telecommunications Minister Mohammad Javad Azari-Jahromi alleges that Israel attempted a cyberattack on Iran’s telecommunications infrastructure through a new version of Stuxnet, so Iran will take the matter to the International Court of Justice, Reuters writes.

Iran claims the malware is very similar to the notorious Stuxnet that was allegedly developed by US and Israeli intelligence and crippled Iran’s nuclear infrastructure more than 10 years ago.

“The Zionist regime, with its record of using cyber weapons such as Stuxnet computer virus, launched a cyberattack on Iran on Monday to harm Iran’s communication infrastructures,” said Mohammad Javad Azari-Jahromi.

“Thanks to our vigilant technical teams, it failed,” he tweeted.

Gholamreza Jalali, the head of the civil defense agency, said in an interview with the Iranian Students News Agency (ISNA) that Iran “recently discovered a new generation of Stuxnet which consisted of several parts … and was trying to enter our systems.”

According to the Times of Israel, Israeli TV station Hadashot said on Wednesday that Iranian strategic networks had been hacked. The news came after Israel said it foiled an Iranian murder plot in Denmark and the alleged phone tapping of Iranian President Hassan Rouhani.

Iran “has admitted in the past few days that it is again facing a similar attack, from a more violent, more advanced and more sophisticated virus than before, that has hit infrastructure and strategic networks” but they are “not admitting, of course, how much damage has been caused,” said the news report.

Israel has not released an official statement on the accusations.

Police crack encrypted chat service IronChat and read 258,000 messages from suspected criminals

Dutch police have revealed that they were able to spy on the communications of more than 100 suspected criminals, watching live as over a quarter of a million chat messages were exchanged.

The encrypted messages were sent using IronChat, a supposedly secure encrypted messaging service available on BlackBox IronPhones.

The website of Blackbox Security used to prominently boast a quote from a certain Edward Snowden:

“I use PGP to say hi and hello but use IronChat(OTR) to have a serious conversation”

You won’t see that quote on Blackbox Security’s website today, though, as its server has been seized by Dutch law enforcement.

Criminals were amongst those who purchased the IronPhones, and used the IronChat app to communicate openly about their activities, believing that they were safe as they paid up US $1500 for a six month subscription to the service. What they did not realise was that the app had been compromised by police.

Police haven’t described how they made the breakthrough of managing to crack the IronChat system, and snoop upon encrypted messages, but the suspicion will be that the encrypted chat app had a weakness – such as its reliance on a central server.

In a statement, police in the Netherlands explained that as a result of their surveillance, law enforcement agencies have seized automatic weapons, large quantities of hard drugs (MDMA and cocaine), 90,000 Euros in cash, and dismantled a drugs lab.

In addition, a number of suspects are also said to have already been arrested, with multiple searches taking place in various locations around the country.

“This operation has given us a unique insight into the criminal world in which people communicated openly about crimes,” said Aart Garssen, Head of the Regional Crime investigation Unit in the east of the Netherlands.

Police only decided to shut down the service after they became aware that criminals were beginning to suspect each other of leaking information to the police, introducing a very real risk that there could be a threat to individuals’ safety. For this same reason, Dutch authorities decided to go public about their access to the chat system at a press conference.

The owner of Blackbox Security, a 46-year-old man from Lingewaard, and his partner, a 52-year-old man from Boxtel, have been arrested on suspicion of money laundering and participation in a criminal organisation. Their homes and company premises have also been searched.

Researchers crack disk encryption in popular Samsung and Crucial SSDs

Researchers at Netherlands-based Radboud University, which is active in almost all scientific fields, have discovered grave security flaws in several popular solid-state drives (SSD) that promise full disk encryption. In a nutshell, they can be cracked.

Self-encrypting drives are regarded as very safe to use, and they are — unless those drives can be found in the list below:

  • Crucial (Micron) MX100, MX200 and MX300 internal hard disks
  • Samsung T3 and T5 USB external disks
  • Samsung 840 EVO and 850 EVO internal hard disks

The Radboud geeks found that the Windows BitLocker software encryption trusts the built-in hardware encryption in these babies a bit too much – BitLocker essentially trusts self-encrypted drives to do their job, and defaults to the drive’s hardware encryption.

This in itself wouldn’t be much of a problem if the self-encryption mechanism baked in Crucial’s and Samsung’s hardware was bulletproof. But it isn’t.

In one drive, researchers found that the master password responsible for decrypting the stored data was an empty string that could easily be exploited. In another case, they unlocked the drive by messing with its password validation checks.

Even though the flaws were disclosed responsibly – in accordance with the ethics of the white hat community – the drive models listed above remain affected. Researchers believe many other drives that use similar encryption schemes may be affected, and recommend that users employ third-party software encryption tools until patches arrive. Samsung itself now makes the same recommendation. Crucial’s parent company, Micron, promises to deliver a fix soon.

Researcher Bernard van Gastel said, “The affected manufacturers were informed six months ago, in line with common professional practices. The results are being made public today so that users of the affected SSDs can protect their data properly.”

Europe’s largest bank just got hacked

HSBC Bank, the seventh-largest banking and financial services organizations in the world and the largest in Europe, has been breached by hackers. The bank is now sending letters to an undisclosed number of customers notifying them that hackers have their data.

In a notification template submitted to the California Attorney General’s Office, HSBC said it became aware that online accounts were accessed by unauthorized parties sometime between October 4 and October 14, 2018.

“When HSBC discovered your online account was impacted, we suspended online access to prevent further unauthorized entry of your account,” the notice reads. “You may have received a call or email from us so we could help you change your online banking credentials and access your account. We apologize for this inconvenience. HSBC takes this very seriously and the security of your information is very important to us.”

HSBC adds (emphasis ours), “The information that may have been accessed includes your full name, mailing address, phone number, email address, date of birth, account numbers, account types, account balances, transaction history, payee account information, and statement history where available.”

The bank provides no details of the breach, such as how the attackers managed to infiltrate its systems and then exfiltrate customer data. It does say, however, that its first action after containing the breach was to enhance the authentication process for HSBC Personal Internet Banking. This suggests the breach may have involved credential stuffing (where large numbers of previously-breached credentials are “stuffed” into login forms until they are potentially matched to an existing account), or a vulnerability in the bank’s two-factor-authentication (2FA) process.

On a slightly more positive note, customers are told HSBC is offering a complementary year of credit card monitoring via Identity Guard, which monitors and protects credit data, but also alerts users to activities that could indicate identity theft. Customers must sign up for the freebie within 90 days, or they won’t be eligible after that window is closed.

According to Wikipedia, HSBC’s assets total US $2.374 trillion, as of December 2016, with annual revenue in the tens of billions. Last year alone, it raked in $51.445 billion, or 45.1 billion euros. Considering the sheer number of potential European clients and the amount of personally identifiable information compromised, HSBC stands to incur a stinging fine under the recently introduced General Data Protection Regulation. The GDPR’s penalties for such data breaches are calculated at up to 20 million euros, or 4% of the company’s annual turnover, whichever is greater. Needless to says, EU legislators won’t have too hard of a time making that calculation.

Hackers actively exploiting vulnerabilities in Cisco security appliances

Networking giant Cisco is warning customers that attackers are actively exploiting a vulnerability in the company’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software.

CVE-2018-15454 describes a vulnerability in the Session Initiation Protocol (SIP) inspection engine of ASA and FTD software. Exploited correctly, the flaw allows a remote attacker to deploy a denial of service (DoS) condition by reloading or triggering high CPU cycles.

Caused by improper handling of SIP traffic, the flaw could allow bad actors to send SIP requests designed to specifically trigger the issue at a high rate across an affected device.

While the vulnerability itself isn’t devastating, affected customers can nevertheless experience some downtime, with devices crashing and reloading.

The vulnerability is present in Cisco ASA Software Release 9.4 and later and Cisco FTD Software Release 6.0 and later. The following Cisco products running the software with SIP inspection enabled are confirmed as “affected:”

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4100 Series Security Appliance
  • Firepower 9300 ASA Security Module
  • FTD Virtual (FTDv)

Users will have to wait for Cisco to release patches for the affected hardware. More worryingly, the vulnerability is actively being exploited in the wild, Cisco says. The company’s advisory includes a few indicators of compromise, as well as some steps to mitigate risk. No true workarounds are currently available.

Russian hackers compromise 120 million Facebook accounts; private messages on sale online

Facebook has fallen victim to countless security breaches and November brings even more bad news for the social network. Russian hackers are selling private conversations of at least 81,000 Facebook accounts at 10 cents per account, writes the BBC.

According to the BBC Russian Service, which communicated with the hackers, the criminals claim to have the private conversations of 120 million accounts and, of course, they are willing to sell for the right price. Most of the accounts belong to users in Ukraine and Russia, but some come from other countries such as the UK, US and Brazil.

The data breach was detected in September when the hackers announced on a forum that “We sell personal information of Facebook users. Our database includes 120 million accounts.”

The IP address of the website has been linked to the dissemination of the LokiBot Trojan, malware that lets criminals steal user passwords.

Facebook claims the security of its messaging platform was not compromised, and blames malicious browser extensions such as games and bookmarking applications. If users didn’t hide their information, emails and phone numbers may have also been compromised.

“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores,” said Facebook executive Guy Rosen.

“We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”

The BBC Russian Service reached out to the hackers via the emails provided in the announcement, asking to buy the details of 2 million accounts. Following the email exchange, BBC says the hackers denied any relation to the Cambridge Analytica story or other hacks, and claimed they were not linked to the Russian government or Internet Research Agency.

Eurostar resets customer passwords after hack attack

European high-speed railway service Eurostar reset all user account passwords after a security incident, according to the Telegraph.

The rail company detected unauthorized attempts to access user accounts between October 15 and 19, and immediately sent a notification email to the customers affected. Hackers used legitimate email addresses and passwords on the Eurostar website.

The company says the attack did not compromise credit card and payment details, which are not stored on their systems. They blocked accounts to prevent things from getting out of hand.

The exact number of affected accounts was not mentioned, nor was the type of data leaked.

“We have taken this action as a precaution because we identified what we believe to be an unauthorized automated attempt to access eurostar.com accounts using your email address and password,” the company told customers.

“We’ve since carried out an investigation which shows that your account was logged into between the 15 and 19 October. If you didn’t log in during this period, there’s a possibility your account was accessed by this unauthorized attempt.”

The Information Commissioner’s Office was informed and is looking into the matter.

“We’ve received a data breach report from Eurostar and are making enquiries,” said a spokeswoman.

As per GDPR requirements, companies that detect breaches affecting personal data of EU citizens must inform their customers within 72 hours. If companies don’t comply with GDPR requirements, they face hefty fines.

A number of companies operating with customer data have been hacked in the past months, including Air Canada, British Airways and Cathay Pacific. There’s no evidence linking them to the Eurostar breach.

China accused of running industrial cyberespionage operation to steal US aviation and technological data

Between 2010 and 2015, Chinese operatives together with hackers and company insiders working at a facility in Jiangsu, China, allegedly engaged in a major industrial cyberespionage operation targeting a US – French manufacturing company developing a turbofan engine for commercial planes, the US Department of Justice announced this week.

“For the third time since only September, the National Security Division, with its US Attorney partners, has brought charges against Chinese intelligence officers from the JSSD and those working at their direction and control for stealing American intellectual property,” said John C. Demers, Assistant Attorney General for National Security.

Employees recruited into the state-sponsored hacking operation infected the computer with malware, but they tried to get rid of it and cover their tracks when it was detected, the Department of Justice said.

The two alleged Chinese operatives, Zha Rong and Chai Meng, were employees of a provincial agency part of China’s Ministry of State Security. Their first alleged hack, in 2010, targeted Capstone Turbine in Los Angeles. Hackers “used its website as a watering hole” and a similar move was made against an unnamed San Diego-based company from 2012 to 2015, writes the Department of Justice.

The goal of the operation was allegedly to steal proprietary and top secret information to pass on to the Chinese government. To achieve this they deployed a number of techniques such as spear phishing emails and domain hijacking to hack a variety of manufacturing and aerospace companies in Arizona, Oregon and Massachusetts, the department said.

This was an important espionage operation to “facilitate the theft of private data for China’s commercial gain,” as stated by U.S. Attorney Adam Braverman, because at the time China was also working on building a similar commercial airliner engine.

Employee used US government network for adult websites, infected infrastructure with Russian malware

An investigation into “suspicious internet traffic” conducted by the Office of Inspector General at the US Geological Survey’s Earth Resources Observation and Science (EROS) Center satellite imaging facility in Sioux Falls, SD, revealed an employees had used US government internet infrastructure to access some 9,000 adult websites, the agency announced in a report.

Some of the websites redirected to Russian pages infected with malware, compromising the agency’s computer system as the malware spread across the entire network, reads a Management Advisory report to USGS from Matthew T. Elliott, Assistant Inspector General for Investigations. Digital forensics found the employee downloaded images onto a USB device and a personal smart phone, then connected the compromised devices to his work computer.

Two vulnerabilities were identified in the system’s security that involved web-site access and open USB ports. To head off malware in the future, the US Department of the Interior made a number of recommendations, including employee training and blocking illegal activities on government networks, particularly adult content, and prohibiting the use of USBs.

“We recommend that the USGS enforce a strong blacklist policy of known rogue Uniform Resource Locators (more commonly known as a web addresses) or domains and regularly monitor employee web usage history,” Elliot said. “Since this incident, the EROS Center has deployed enhanced intrusion detection systems and firewall technology to assist in the prevention and detection of rogue websites trying to communicate with Government systems.”