Category Archives: Latest Security News

Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack

Riviera Beach paid bad actors approximately $600,000 in ransom to recover its information after it fell victim to a ransomware attack. On 17 June, the board of the Palm Beach County municipality voted unanimously to authorize that the city insurer pay 65 bitcoins (worth approximately $602,000 at the time of this writing) to those responsible […]… Read More

The post Riviera Beach Pays Nearly $600K to Recover Data after Ransomware Attack appeared first on The State of Security.

Cybersecurity: What We Think We Know Is Too Little

Let’s justify the heading with this example. In the world of technology, floppy disks, beta max, and portable PDAs we have bid goodbye to them. Remember at one time it was an innovative technology, and today it is replaced by something better: the place of diskettes was taken by hard drives, external drives, USB drives and then into cloud services. The Betamax hit DVD, then DVR and Netflix. And the handheld PDAs were surpassed by cell phones. Game over.

Your corporate network could be following next, but why?

Why are cybersecurity solutions like floppy disks?

It’s very likely that your organization uses a standard cybersecurity approach that allows unknown files and applications to access your corporate networks. It seems like a good idea, but allowing them has its terrible side effects, including cyber hackers quickly and easily invading corporate networks and stealing corporate secrets. Retaining the standard setting can cost you to lose your company’s data, a massive breach that costs millions, or even the total elimination of your network and business in the event of a zero-day or a major ransomware attack.

And just like the floppy, the ‘Standard Allow’ has already been replaced by something better in the market, the Zero Trust architecture. You can make the decision to move forward today. Here’s why you should

What Is a Zero Trust Architecture?

A zero trust architecture is a set of systems to arm the cyber defences. As a mindset, your IT team decides that no file or application is safe until it’s reviewed. As a set of IT systems, Zero Trust transmits security only from the perimeter of the entire network, including endpoints, LAN, web, and cloud.

Zero Trust Architecture- How it Works?

With a zero trust architecture, you should always check them to avoid violations.

The market’s leading endpoint protection platform help companies achieve a zero-trust architecture by always checking 100% of the unknown files. When an unknown file is executed on an endpoint, the files are immediately placed in a container while users experience uninterrupted productivity. While the unknown file is included, the file is statically and dynamically analyzed in the cloud and by human experts, with 95% of thorough checking in less than 45 seconds and the remaining 5% in less than 4 hours. No harm can be done while the file is in the containment. Once verdicted, the file is treated accordingly. The process is unrecognizable to your workforce because users can run files and applications immediately while they are in the cloud and analyzed. Therefore, there is no loss of productivity or a change in the user experience.

If the cloud analysis is not 100% sure about the file; if it is safe or harmful in 45 seconds, it is immediately sent to a human analyst to quickly review and determine.

Why is a zero-trust architecture important?

You simply cannot count on your staff to avoid phishing emails or your IT teams to spot threats. They cannot compete if they are bombarded with attacks, nor should they have to.

You can empower your network, your IT team, and your workforce with a “zero-trust” mentality and the architecture that supports them.

Your business is too critical to break down due to ransomware, data theft, or other forms of network exploitation that are enabled by ‘default allow’.

It’s time for Default Allow to go extinct like the floppy disks.

Learn now how to use Advanced Endpoint Protection and to create a zero trust architecture.

The post Cybersecurity: What We Think We Know Is Too Little appeared first on .

Modular Plurox Backdoor Comes with Cryptomining, Worm-Like Plugins

A new modular backdoor detected as “Plurox” comes with multiple plugins that expand its capabilities to include cryptomining and worm-like behavior. In February 2019, Kaspersky Lab’s researchers first detected the backdoor. Their analysis revealed that the backdoor, written in C, arrived with debug lines. This suggests that the malware was still in testing at the […]… Read More

The post Modular Plurox Backdoor Comes with Cryptomining, Worm-Like Plugins appeared first on The State of Security.

Malicious Apps Uses App Permission to Retrieve information

If you remember in September 2018, we came across a report from Nightwatch Cybersecurity regarding a security vulnerability in Android that allowed malicious apps to bypass permissions checks, and as a result, gain access to reading the information, including the location of the device.

According to Nightwatch Cybersecurity, the vulnerability affects all versions of Android except for the recently-released Pie. The security hole is detailed in CVE-2018-9489 and is unlikely to get any fix, according to the advisory.

That time the vendor solved these issues in Android P / 9. Since this would be a last-minute API change, the vendor did not to fix the flaw in the previous versions of Android, and encouraged the users to upgrade to Android P / 9.

Studies have shown that malicious applications can listen to system transmissions to avoid authorization checks and access device-specific information

Today, in June 2019, we have a similar story. ESET security researchers discovered many malicious applications that used Google’s permissions on Android devices to read app notifications. These applications request the login credentials used for BtcTurk, a Turkish cryptocurrency exchange, and were then able to read notifications from other applications.

The researchers discovered that these malicious applications captured information such as the OTP protocol and could control the notifications displayed on the device. When reporting to Google, all three apps were removed from Google Play.

How it works

ESET researchers discovered three apps, which were developed by attackers who used different aliases, namely “BTCTurk Pro Beta”, “BtcTurk Pro Beta” and “BTCTURK PRO”.

All these applications supplanted the Turkish cryptographic exchange BtcTurk and behaved the same way after the installation. Once installed, applications require the “Access to Notifications” permission. Enabling this permission allowed them to read notifications from other apps on the device, ignore them, or even click the buttons on the notifications. As a result, a fake connection is displayed when you request the user’s BtcTurk credentials. The introduction of the credentials generated a false error message. The researchers suggest that credentials, as well as information about upcoming notifications, be sent to the attacker’s server via this action.

These applications specifically targeted data from other applications using two-factor authentication (2FA) and were looking for keywords such as “gm”, “Yandex”, “mail”, “k9″, ” outlook’ ‘SMS’, ‘messages’, as pointed out in their blog.

The names of the specific applications tell us that the SMS and 2FA emails are of interest to the attackers behind this malware.” In SMS 2FA, the messages are usually short and the OTPs are likely to be integrated into the message. However, in the 2FA email, the length and format of the message are much more varied, which could affect the attacker’s access to the OTP.

Related Resources:

Malicious Apps And Malware Bounce Back Into Google Play

The post Malicious Apps Uses App Permission to Retrieve information appeared first on .

The Role of a vCISO in Enterprise Security

Cybercriminals try to find all ways to circumvent security solutions and the defensive measures adopted by organizations, and hence it is always important that business organizations have dedicated professionals to take care of cybersecurity.

It’s often the CISO (Chief Information Security Officer) who is in charge of cybersecurity for most organizations. But in today’s context, there is a dearth of talents in the field. Skilled and experienced security professionals who could work as good CISOs are hard to find. Moreover, for smaller businesses, there would be budget constraints that might make it difficult for them to employ an experienced professional as CISO.

Companies that find it difficult to get professionals with good expertise or companies that don’t have the resources to employ a full-time CISO can think of other alternatives, most effective among which is hiring a vCISO, or Virtual Chief Information Security Officer. This plays a very important role as regards maintaining a company’s cybersecurity posture and in helping the IT guys streamline and implement effectively the company’s IT policies. Hiring a vCISO definitely is much more cost-effective compared to having a full-time expert on board. All the same, a vCISO would bestow upon any organizations all those benefits that a dedicated, full-time CISO would provide. Ensuring better cybersecurity, supervising the implementation of IT policies and security policies, securing sensitive data, making assessments of the company’s security posture, dealing with compliance-related matters and such things are taken care of by the vCISO as well.

In the present context, when business organizations have to make the most of all available opportunities and emerging technologies, including the IoT, the cloud, mobile technology, etc, the role of a vCISO is critically important. On the one hand, if they work towards ensuring better cybersecurity for a company, on the other hand, they’d also double up as strategists who could help companies take care of clients’ needs and customers’ interests as well. vCISOs can play a very important role in the growth and success of SMEs (Small and Medium-Sized Enterprises) and they could even prove to be of great help to bigger organizations that fail to find experts for full-time engagement.

Qualities that a vCISO must have

There are certain qualities that an efficient vCISO should have. Let’s take a look at some of them-

  • Should be a student at heart. Should be eager to learn about emerging technologies and the ever-evolving cybersecurity techniques and thus be a complete expert.
  • Should have the ability to understand an organization’s inherent risks. Should also be able to communicate the same to the management and also suggest solutions for issues, if any.
  • Should be diligent and intelligent as well. A vCISO should have thorough knowledge regarding the basics of cybersecurity and related matters.
  • Should have strong communication skills. Should also have the capability to collaborate with all levels of the management and discuss different aspects of cybersecurity and also about the company’s IT policies.
  • Should have the capabilities to communicate and collaborate with local law enforcement especially as regards reporting breach incidents.
  • Should have sufficient knowledge to contribute to formulating and improving the organization’s IT policies.
  • Should be able to play a key role in training employees about cybersecurity.
  • Should also have a clear idea about the correlation between cybersecurity and sales.
  • Should know how to plan cybersecurity policies in accordance with the kind of budget that the company can afford.

The post The Role of a vCISO in Enterprise Security appeared first on .

Why API Security is Important for Organizations Today

This is the era of digital business, and companies all across the world seem to be vying with one another to make the most of digital technology. Small companies also are eager to be part of this trend, since it’s the need of the hour. In this context, every single aspect of digital security or cybersecurity is of critical importance for any business organization. Today we discuss one of the very relevant aspects of digital security, namely API security.

API (Application Programming Interface) is something that is intimately connected with the development and deploying of applications. In fact, the API is central to the new development model in which it has become very inexpensive and easy for enterprises to develop or buy applications that earlier would take them months or millions to develop or acquire.

The API works as an intermediary or a digital gateway that enables systems as well as applications to communicate and share data in a simple and easy manner. This is why APIs are central to the development and deployment of applications. But then, in the cyber world, everything that we use -every device, every application, every technology- would come its share of security risks. This applies to APIs also. They provide cybercriminals an easy entry into enterprise networks and systems. In recent times, there have been many reports of API-related vulnerabilities being exploited by cybercriminals to launch massive cyberattacks. Many big companies and many established digital platforms were successfully targeted by cybercriminals who were looking to exploit API vulnerabilities.

Unsecured APIs have led to cyberattacks that have impacted many big business enterprises in a big way in the last few years. Big names like Facebook and SnapChat feature in the list of such firms. Hackers used Facebook’s developer APIs to breach personal data of around 50 million users in 2018 while the SnapChat attack in 2014 was also on account of unsecured APIs. Enterprises all over the world have suffered on account of attacks executed by exploiting API vulnerabilities. The attacks have caused financial loss plus reputation damages and have even had a direct impact on the shares, even for many big companies.

What’s to be done?

API vulnerabilities are thus proving to be security headaches for companies big and small. So, then what’s to be done? How to reduce the number of API-based attacks and save businesses from financial and reputation-based damages?

Well, for any kind of cybersecurity strategy to work out, it’s important for a company to have a clear understanding of the size and nature of the risk involved. This applies to the case of attacks via API as well. A company should have a clear understanding of the nature and size of attacks that could happen via APIs.

To reduce the chances of API-based attacks from happening, to ensure minimal damages due to such attacks, companies must keep track of each and every API across their networks. This, of course, is no small thing; there would be lots of APIs to take care of and hence it is definitely a challenge to any enterprise. Many companies today don’t have clarity regarding the number of APIs in their network.

Regular penetration testing also helps detect and identify vulnerabilities, if any, in the APIs. Another very effective protection technique is having secure authentication and authorization controls as regards APIs. It has to be ensured that only legitimate users access APIs in an enterprise network. API compromise can be prevented to a great extent by ensuring rotation of API keys and getting users to regenerate the keys regularly. Proper encryption of all data using SSL/TLS, using machine learning for automated meta data scanning, user profiling using machine learning, proper detection and flagging of anomalies, effective system and network monitoring etc are effective techniques to ensure maximum protection from API-based threats and attacks. Using advanced cybersecurity solutions and applying them to the API layer could be very helpful.

Related Resources:

The Importance of Application Security Approach in Today’s Computing

The post Why API Security is Important for Organizations Today appeared first on .

Researchers Release Decryptor that Works against GandCrab Version 5.2

Security researchers have released a decryptor that works against the latest variants of GandCrab ransomware, including version 5.2. On 17 June, Bitdefender announced that users can download the tool from the No More Ransom Project’s website. They can then use the utility to freely decrypt any and all files which samples of GandCrab through version […]… Read More

The post Researchers Release Decryptor that Works against GandCrab Version 5.2 appeared first on The State of Security.

Oregon State University (OSU) Discloses Data Breach

Oregon State University (OSU) has disclosed a security incident that potentially affected the personally identifiable information of some students and their families. On 14 June, OSU announced that the security incident occurred back in May when external actors hacked a university employee’s email account. At the time of compromise, the email account contained the personal […]… Read More

The post Oregon State University (OSU) Discloses Data Breach appeared first on The State of Security.

Instagram Tests Changes to Help Users Recover Hacked Accounts

Following an innumerable number of complaints, Instagram has started testing new methods to recover hacked accounts.

Hackers have been targeting many high-profiled Instagram accounts and there was a wave of complaints related to such incidents. High-profile accounts, like those of lifestyle and fitness influencers, were hacked. The hackers would execute the attack via phishing emails supposedly coming from brands that would want to sponsor the target. Once they get access to targets’ accounts, they would change passwords and then demand a payment in Bitcoin to get the account recovered. Following these attacks, users had flooded Instagram with complaints and they were even blaming the company of not giving proper customer support. Users were so frustrated with Instagram’s cumbersome account recovery process that they turned to other experts for help.

Now Instagram has announced the testing of changes that could make it easier for users to recover hacked accounts. Instagram also introduces some security features that would make it harder for cybercriminals to steal Instagram usernames. Thus, it’s a two-pronged approach with the focus on adopting measures to prevent instagram account hacking and also on introducing measures to help users recover hacked accounts.

Instagram begins testing the first change on Monday, June 17, 2019. As per this change, users, if they find it difficult to sign in with Instagram telling them that the password they are entering is incorrect (as a result of hackers changing the password), could click the ‘Need more help’ option on the login page and get a six-digit code sent to their email address or phone number. This code would allow them to regain access to their accounts.

However, there are possibilities that hackers sometimes have access to the victims’ email accounts or even their phone numbers. Hence, to solve this issue, Instagram has taken additional measures to ensure that the codes sent to a user’s email address or phone number cannot be used to access the account from a different device. This new process that’s being tested would make it possible for a hacking victim to recover instagram account even if the hacker has changed the account’s username. This is significant since hackers had been targeting users with sought-after handles, including first names, single words etc. The new change that Instagram is testing would also reportedly ensure that a person’s username remains safe for a period of time after any kind of account changes, thus making it impossible for someone else to claim the username even if the original user loses access to the Instagram account following a hack. This feature, currently available on Android, will now be available to iOS users as well.

Experts are of the opinion that the new changes that are being tested would have a great impact on Instagram account takeovers by cybercriminals and would be of great help to users. Instances of hackers trying to claim usernames for accounts that are hacked and instances of hackers using other devices to access targeted accounts would definitely go down, say the experts.

Related Resources:

Instagram Accidentally Exposed Some User Passwords

Instagram New Feature to Share Location Data with Facebook

The post Instagram Tests Changes to Help Users Recover Hacked Accounts appeared first on .

New Hybrid Computing, Same Security Concerns

Pulse Secure, with the cooperation of IDG Connect has released its 2019 State of Enterprise Secure Access research paper, detailing how cloud computing has influenced companies’ daily operations and how secure the vendor platforms are. The business world is moving to the new platform, the cloud, slowly migrating from the decade-old “internally-located” servers for their applications and day-to-day activities. That ultimately means the Internet, which was considered as an “external network” is now actually the direct computing platform for storing files and host desktop applications.

In the report, Pulse Secure has highlighted the importance for companies, large and small to implement “ZeroTrust” across the board. It is a policy model where everything needs to be verified before permissions can be delegated. This is with strong compliance with the goal of any company to have effective identity management, device management, and secure protocols. The report also recognizes that mobile computing workforce is here to stay, but through various technologies including VPN (Virtual Private Network) are highly utilized to provide some level of privacy and security for the corporate mobile users.

The study conducted by the IDG Connect and Pulse Secure partnership covers 300 carefully selected Senior IT Leaders from Germany, Switzerland, United States Austria and UK in order to measure their IT security challenges in their company’s respective daily operations, deployment of software/hardware strategies, degree of confidence of the organization that risks can be mitigated on time and the methodology used in order to arrive at a decision on what products and services to sign-up for to “fortify corporate security”.

Years ago, many organizations are highly dependent on their company’s local data center for their storage, while applications were still often used and loaded from the local PC hard disks. More and more organizations depend on public and private cloud services in order to simplify deployment of critical applications to the organizations.

Planned IT delivery investment

Secure Pulse accounted that a whopping 63% of IT professionals and leaders surveyed shows the tremendous growth of dependence with Public and Private cloud infrastructure which started last year and continuing this year, 2019. Organizations are moving away to purely desktop-based applications and local hosting of files but started strong adoption of cloud-storage and cloud-based apps similar to what used to do with a desktop version of the software.

Top 5 access security incidents with significant to high impact

The report also featured how the 300 IT security leaders view the problems surrounding corporate IT. The top IT security and privacy concerns raised by them are:

  1. Malware
  2. Unauthorized/vulnerable endpoint use
  3. Mobile or web app exposure
  4. Unauthorized data and rouse access by insecure endpoint or privileged users
  5. Unauthorized app/resource access including lax authentication or encryption

High Impact gaps are also presented by Secure Pulse which make organizations becoming desperate with a quick solution, something that can never be achieved in the real world:

  • Poor user, device discovery and mobile computing exposure
  • Application availability
  • Uncoordinated authorization
  • Inconsistent, incomplete enforcement, week device access and configuration compliance
  • Security gateway sprawl, inconsistent/incomplete remediation

Our survey suggests that the majority of respondents are experiencing issues in application availability (81%) in terms of ensuring responsiveness and reliable access for users. This may suggest a need to improve application usage analytics and load balancing automation,” the report summarized.

Also Read:

The 5 Steps to Ensure Cloud Security

Cloud Storage Security Strategy And Risks

The post New Hybrid Computing, Same Security Concerns appeared first on .

“Human Error” Is The Biggest Corporate IT Issue

Here in hackercombat.com, we feature stories of virus infection, phishing incidents and other issues involving private and public sectors because of external risks. However, IT troubles in companies are not really made by outsiders, but human error inside the organization. It is necessary to think about how employees really think about the notion of “do not leak information”, “don’t do this”, “don’t do that”. Too many rules to a point that people in the organization forget some of them, potentially doing something with the nasty result. It is not a walk-in-the-park for any company can recover from a very bad “human error”.

Below are types of human errors:

1. Human Error in Management

It may be difficult to understand what it means to say “management error”, examples are:

  • Lost of personal information after moving.
  • The confirmation of delivery of personal information is insufficient, and the personal information that should have been received is lost
  • Disclosure of information, management rules have not been clarified and have been disclosed by mistake

Even though there are information management rules and security policies in a company, management has not been done according to those rules. Or there is a possibility that such a rule has not been decided at all. This indicates that it is important for employees to undergo security education etc. thoroughly, and that management procedures regarding company information including personal information are important.

2. Misoperation

This is true for both emails and faxes. Entering wrong addresses, wrong content, wrong attachment, etc. This is one of the most common of all human errors. It is necessary to thoroughly educate employees on security so as not to make such mistakes.

3. Unauthorized access

Although the rate is low compared to mismanagement and mis-operation, external unauthorized access via the Internet is continuously performed, and its attack methods are also evolving. Since this is often accompanied by attacks such as malware, it is important to be careful as it leads to the stealing of a lot of personal information if it is damaged. Basic security measures such as install anti-virus software are important but not absolute measures against unauthorized access.

4. Lost and misplaced

It is a case that brings out information equipment such as a personal computer outside the work area, including the data it contains or it is lost/misplaced. Nowadays, tablet PCs and smartphones contain a lot of information, so it requires careful handling. It seems that it is frequent to get drunk and to leave it, but it is the worst thing. Because this lost/forgotten occurs at a high rate, it is necessary to take measures such as establishing strict rules for taking out data.

5. Unauthorized takeout and theft

To raise awareness for those who handle information. Implement a mechanism that can not be easily taken out by the information system, and that it can not be used even when taken out. This is based on the idea that access to information and security precautions should be addressed by both the person who uses it, the system that handles it, both are usually not enough in a typical organization.

Practical ways to prevent IT issues caused by “human errors”:

  • Information learned from the firm, should remain in the firm.Do not bring out information assets of companies or organizations outside. Specifically, take your laptop computer, USB memory, etc. home without permission. If permission is provided, make sure the storage devices are encrypted. This will prevent information leakage in the event that the laptop or storage device is lost.
  • Do not leave important documents on the desk, likewise never write critical information on post-it notes and never paste it on the monitor.
  • Do not leave the computer without locking the screen
  • Do not discard information assets easily without measures. Be sure to erase etc. Specifically, when discarding a PC, be sure to delete the data on the hard disk if not physically destroy the disk.
  • Do not inadvertently bring private equipment (PCs etc.) into the company, unless BYOD is allowed.
  • Lock and No Loan – Do not lend or transfer the rights given to an individual to others without permission
  • Prohibition of information – Do not profess the information you have learned on business without permission.

The post “Human Error” Is The Biggest Corporate IT Issue appeared first on .

S&P Cautioned The US, Huawei Ban Bad For US Firms

In the ongoing trade war between the United States and China, embattled electronics firm Huawei found an ally from no other than Standard and Poors (S&P), a credit rating agency. S&P cautioned the United States of its strong Anti-Huawei stance, as it will likely have bad effects on the profitability of electronic component suppliers where Huawei buys from to build its fleet of smartphones and networking equipment. The Huawei ban as imposed by US companies in compliance with the President’s Executive Order may also motivate China to develop their internal industries, especially in the areas of supply chain and producing electronic spare parts.

“In turn, this could heighten competition in the technology sector and potentially lower the long-term growth prospects of US technology firms. In the next one to two years, we believe US semiconductor firms will take the biggest hit because many of them count Huawei as a key customer,” explained S&P Global Ratings credit analyst Mark Habib.

The United States government is pushing to cripple Huawei, which it believes to be under the direct supervision of the Beijing government. S&P believes that Huawei, though one of the vendors of 5G equipment is not the end all and be all of the 5G technology. The rating agency underscored that other vendors are equally capable of supplying the market with 5G-ready radios for smartphones and other devices.

“The ban adds a headwind to an industry in the middle of a correction due to weak demand after a strong 2018, above-average inventories both at manufacturers and in the supply chain, and elevated tariffs on Chinese imports under the current US-China trade dispute,” added Mark Habib.

Theoretically, the lost of Huawei means a gap with the availability of 5G radios will affect the global market. There is no assurance that the rest of the market can fill the void once Huawei officially releases their 5G products but are banned from entering the US market. S&P believes that both Europe and Asia will pick-up and fill the gap where Huawei used to be, especially in the US.

“If reports of a 5G gap are true, operators in markets facing Huawei restrictions could theoretically see higher equipment spending or delays in 5G implementation. But given the lack of value-added, 5G-ready use case applications, our forecast for 5G investment and customer appetite is bearish, so any incremental increase cost or delay should be nonmaterial to the ratings,” emphasized Mark Habib.

S&P believes that there is no immediate pressure for the world to immediately embrace 5G technology. It is normal for current mobile technology (LTE) to mature long enough. Though the credit rating agency also recognizes that when it comes to 5G roll-out Europe surely will be a laggard compared to the United States and the Asia-Pacific region.

Apple is a huge company that is largely dependent on the supply of Chinese-labor in order to manufacture iOS devices both on time and enough yields. S&P strongly disagrees that Apple can move-out of China for its manufacturing soon enough in full compliance with the President’s EO.

“The consequences for telecom are likely to vary from country to country and largely relate to longer-term 5G investment decisions, which give operators more time and options for managing the fallout,“ concluded Mark Habib.

Also Read:

Australia Doesn’t Want Huawei And Zte For Their 5G Networks

Huawei a Threat to Australia’s Infrastructure, Says Spy Chief

Huawei Roots for Cloud Computing to Ensure Data Protection

The post S&P Cautioned The US, Huawei Ban Bad For US Firms appeared first on .

Tips to Fix Pname Com Facebook Orca Error on Android

Android users sometimes receive pop-up messages on their screen, on Facebook, saying that Pname Com Facebook Orca has stopped, and this naturally makes them confused. When the pop-ups appear repeatedly, the users wouldn’t know what to do. Today, we discuss in detail this rather common issue, which is known as the Pname Com Facebook Orca error. We would also suggest some very easy tips to fix Pname Com Facebook Orca error.
Well, let’s begin by discussing what Pname Com Facebook Orca is. It’s actually the name of a smartphone Facebook messenger app. The Orca folder on an Android phone serves to store all the cache, plugins, videos audios, images, and files from this messenger app.

Next, let’s discuss the commonly noticed Facebook Orca Katana folder as well. This folder, which is one like the Orca folder, is for the Facebook app and is automatically created during the installation of the Facebook app. There’s, in fact, nothing to worry about the folder. This folder too, like the Orca folder, serves some purpose, discussing which is not of much relevance here.

Now, let’s get back to our topic, the Facebook Orca folder and go a bit more in-depth. Let us tell you, at the outset itself, that Pname Com Facebook Orca, though it seems like an issue for many users, is not a malware or anything that would cause you damage. Though the repeated appearance of the pop-up message could irritate you, Pname Com Facebook Orca, as we have already said, is just a folder that’s automatically created and serves some purpose as well.

The use of Pname Com Facebook Orca…

Pname Com Facebook Orca helps users retrieve messages or conversations that they had deleted from their Facebook messenger app. This is possible since the Pname Com Facebook Orca folder stores all files of Facebook messenger conversations. Well, that’s the reason why the Orca folder takes up so much of space on the phone as well.

Pname Com Facebook Orca Stopped!- What does it mean?

It’s really irritating when a user gets a pop-up message again and again saying that Pname Com Facebook Orca has stopped. While most people ignore the pop-ups, some tend to delete Pname Com Facebook Orca. Neither of these is the right solution. Ignoring won’t solve the issue. Deleting too wouldn’t solve it as it will be automatically regenerated and the pop-ups will start coming again. It’s a permanent solution that’s needed.

How to fix Pname Com Facebook Orca error permanently

Follow these steps to fix Pname Com Facebook Orca error permanently:

  • Go to ‘Settings’ on your Android device.
  • Next, go to the “Application” option, look for “All Apps” and click on it.
  • Select “Facebook App”
  • Clear all data
  • Restart Facebook app.

Following these steps would help fix Pname Com Facebook Orca error permanently. Once you reset your app, you won’t get the error message any longer.

But, in case the issue still persists, you need to uninstall the Facebook app on your device, restart the device and re-install Facebook app from Google Play Store. That would hopefully solve the issue.

Retrieving deleted messages from the Orca folder

If you want to see the Facebook Messenger messages that you have deleted, the “com.facebook.orca” folder helps you retrieve them. Here’s what you need to do to retrieve such deleted conversations:

  • Go to File Explorer or File Manager on your device. If you can’t find it on your phone, download and install from the Google Play store.
  • Open File Explorer and go to SD/Storage card. Open and look for the Android folder.
  • Open Android folder.
  • Open Data folder inside the Android folder.
  • Find the “com.facebook.orca” folder that is part of Facebook Messenger, click on it.
  • Go to the “Cache” folder.
  • Look for the “fb_temp” folder inside the Cache folder.
  • You can retrieve information on group and individual conversations from the backup copies for Facebook Messenger that would be there in the “fb_temp” folder.

Another method of retrieving messages from the “com.facebook.orca” folder is by connecting your phone to a computer using a USB cable and then locating the “com.facebook.orca” folder. From there you could go to “Cache”, then to “fb_temp” and finally get back your deleted messages.

The post Tips to Fix Pname Com Facebook Orca Error on Android appeared first on .

French Ministry of Interior Releases Decryptor for PyLocky Versions 1 & 2

The French Ministry of Interior has released a decryption utility for versions 1 and 2 of PyLocky ransomware to the public. On 11 June, the ministry of the French government unveiled the tool as the product of collaboration between its various agencies, including the Brigade d’enquêtes sur les fraudes aux technologies de l’information (BEFTI) of […]… Read More

The post French Ministry of Interior Releases Decryptor for PyLocky Versions 1 & 2 appeared first on The State of Security.

Aircraft Parts Manufacturer Halts Operations After Ransomware Attack

Aircraft parts manufacturer ASCO has temporarily suspended operations worldwide after falling victim to a ransomware attack. As reported by Data News, ASCO decided that it would shut down its headquarters in Zaventem, a Belgian municipality situated within the province of Flemish Brabant, as a result of the attack. This suspension is expected to place approximately […]… Read More

The post Aircraft Parts Manufacturer Halts Operations After Ransomware Attack appeared first on The State of Security.

Facebook Offers to Pay Users for Sharing Information

Facebook invited lots of criticism earlier this year for having paid users in the 13 to 35 age group for permission to install a “Facebook Research” VPN on their phones. The users were paid up to $20 a month. Upon being widely criticized for accessing data of such users, Facebook had to defend its stand. The project, however, ended and that put an end to the issue for the time being.

Now, Facebook is back with another similar venture. The company has introduced a new app- the Study app, which is reportedly going to be used for “studying” users. The users, in exchange, would get paid.

In an official blog post dated June 11, 2019, Facebook Product Manager Sagee Ben-Zedeff says, “Earlier this year, we announced that we’d be shifting our focus to reward-based market research programs, which means that all research participants are compensated. Today we are launching a new market research app called Study from Facebook.”

He further explains, “We’ve learned that what people expect when they sign up to participate in market research has changed, and we’ve built this app to match those expectations. We’re offering transparency, compensating all participants, and keeping people’s information safe and secure.”

User sign-up and participation

The Facebook blog post explains that ads would be run to encourage people to participate in the Study market research program. People who click on the ad would find the option to register for the program. Once they qualify, they would be invited to download the app. They can download the Study from Facebook app from the Google Play Store and then sign up. Upon signing up, users would be able to see a description of how the app works and what information they would be sharing with Facebook. This helps them confirm if they want to participate or not.

Facebook would also notify users, on the Study from Facebook website as well as through the Play Store description as to what information would be collected and also as to how the information would be used. This would be available for participants to access before they start providing market research information to Facebook via the Study app. The users who contribute to the research program would be compensated and participants would be able to opt out at any time. They can do this by uninstalling the Study app and notifying the vendor about their intention to end the participation.

The Study app would only be available to users in the U.S and India in the first phase. Later, the app would be improved and expanded to other countries as well. As of now, users who are 18 and older would be eligible to participate in the research program.

Facebook collaborates with long-time partner Applause as regards managing the logistics of the market research program. Applause, which collaborates with many companies and is experienced in managing similar kinds of market researches, would manage the registration process, all compensation to participants, and customer support.

How the information is collected

Facebook promises, through the official blog post, that it would be collecting only the minimum amount of information needed to help build better products. The company reassures users that it has a responsibility to keep people’s information safe and secure.

Facebook intends to remind participants periodically that they are part of the research program. The users would also have the option to review the information that they would be sharing with Facebook. The information that’s collected and analyzed as part of the research program includes information pertaining to apps installed on the user’s device, the amount of time spent using the apps, app activity names (which might include the names of app features used by the participants), plus details regarding the participant’s country, device and network type.

Facebook assures participants that it wouldn’t collect user IDs, passwords or any other content added by the participant, including messages, photos and videos. Facebook wouldn’t sell the information collected as part of the research program to third parties or use it for targeting ads. It’s also stated that the information wouldn’t be added to the participant’s Facebook account.

Facebook would, however, be referencing other information that the company has about participants, such as their age, gender and how they use Facebook Company products when analyzing data from the Study app. This, according to the company, would help learn more about how participants use different services.

Product Manager Sagee Ben-Zedeff’s concluding remarks are notable; he says, “Approaching market research in a responsible way is really important. Transparency and handling people’s information responsibly have guided how we’ve built Study from Facebook. We plan to take this same approach going forward with other market research projects that help us understand how people use different products and services.”

Related Resources:

5 Suggestion To Facebook To Gain Users’ Confidence

Facebook Stored User Passwords in Plain Text for Years!

The post Facebook Offers to Pay Users for Sharing Information appeared first on .

Lake City Reveals It Suffered a ‘Triple Threat’ Ransomware Attack

The City of Lake City has confirmed that a “Triple Threat” ransomware attack affected the functionality of several of its computer systems. According to its Facebook statement, the Floridian municipality became the target of a ransomware program known as “Triple Threat” on 10 June 2019. This malware allegedly combined three different attack vectors to target […]… Read More

The post Lake City Reveals It Suffered a ‘Triple Threat’ Ransomware Attack appeared first on The State of Security.

How Machine Learning Helps Improve Cybersecurity

Cyberattacks have increased on an unprecedented scale. Reasons are many. The main reason obviously is our increasing dependence on computing devices (computers, smartphones etc) and the internet for our day-to-day needs. It’s today a world of quickly evolving technologies. The technology that we depend on today has interconnectedness as one of its salient features. This, plus our habit of using unsecured networks and devices (like, for example, public Wi-Fi) for convenience’s sake, too has proven to be the cause for an unprecedented increase in cyberattacks.

Of the various technologies that we use today to prevent cyberattacks and to ensure cybersecurity, machine learning deserves special mention. Machine learning definitely is a great technology that offers some highly efficient security solutions and thus helps prevent cybercrime.

Today, we discuss how machine learning helps improve and ensure cybersecurity in today’s world…

Today, we have many machine learning apps that are used for enhancing cybersecurity. There are many such apps that help monitor networks for cybersecurity issues and to detect vulnerabilities or breaches. Such apps also help enterprises generate automated responses whenever there are cyberattacks. Let’s take a look at how these apps work and how they can be used for security purposes like spam detection, risk detection, detection of phishing attacks and malware detection.

Machine learning apps and spam detection

Machine learning apps play a very important role when it comes to performing spam detection. Different reports suggest that more than half of all email today is spam, and hence there’s an increasing need for spam filters which could effectively block such spam from reaching inboxes and causing trouble. It’s among such spam that malware-laden phishing emails too feature. Today we have robust machine learning-powered spam filters, which work based on different sets of rules to identify and filter spam and which are also cost-effective. That these machine learning-powered spam filters are highly flexible and efficient compared to other knowledge-based methods makes them more suited for combating cybercrime in today’s context. Such machine-learning spam filtering tools work based on entirely dynamic kinds of algorithms, which are based on pre-classified datasets that classify emails as spam or not spam based on many features, including the hyperlinks, the attachments, the word frequency count, the HTML tags, the length of the email, the IP address etc.

Machine learning apps and risk detection

Risk detection and responding to potential risks on a timely basis are all part of the very foundations of cybersecurity. Machine learning apps that are used for cybersecurity help monitor, analyze and respond to all kinds of threats and attacks that happen on the networks, the software and the applications, plus the hardware as well. It has to be remembered that infiltration or infection of a network happens much before detection; attackers could infiltrate systems or networks and remain there without doing anything for many months before launching an attack. It’s here that machine learning comes in handy. Machine learning plays a key role in identifying and detecting cybercrime, in protecting networks and their components from all kinds of risk, and in response and recovery as well.

Detection of phishing attacks using machine learning

Most research data show that cybercriminals are increasingly using phishing techniques to launch cyberattacks. In fact, phishing techniques are the most popular among all techniques used to launch attacks. All internet users get phishing emails delivered to their inboxes on a regular basis and hence detection of phishing attacks is important as regards preventing cybercrime. Phishing attacks could lead to the breach of sensitive personal data including credit card data, banking data, login credentials, intellectual property etc. Phishing attacks are widely used for launching ransomware strikes as well. There are different kinds of phishing attacks and hence anti-phishing methods basically fall under three main groups, namely detective methods, preventive methods and corrective methods. Machine learning algorithms are widely used to help detect phishing emails or websites. This is done by monitoring and analyzing data and related features like the number of links, IP addresses, IP-based URLs, JavaScript presence etc.

Machine learning and malware detection

For long we have had traditional malware detection methods which focused on identifying features like hashes, file properties, code fragments etc. But with the introduction of server-side polymorphism, such detection methods have become irrelevant and obsolete. Today, we have worked out a big shift from the former rule-based malware-detection methods and focus more on detecting malware by analyzing files during the pre-execution phase itself using machine learning. Detecting advanced malware attacks, including ransomware attacks, have thus become easier and more effective, thanks to machine learning. We also use deep learning algorithms to detect rare, high-profile targeted attacks. Thus, machine learning is helping us detect all kinds of malware including trojans, ransomware, adware, spyware etc.

Machine learning has its own limitations as well!

Machine learning, which has immense possibilities when it comes to preventing cybercrime, has its limitations as well. For example, there are ambiguities relating to the definitions of activities as ‘normal’ or ‘anomalous’. There are also issues pertaining to adaptability to new patterns and drastically changing methods of cyberattacks. Fake positives also pose a headache to machine learning methods.

Well, despite these limitations, it’s to be mentioned that machine learning is definitely helping us in ensuring improved cybersecurity. The limitations would in due course be overcome, and machine learning would definitely offer us more possibilities as regards cybercrime detection and prevention.

Related Blogs:

Man Vs. Machines: Employing Artificial Intelligence in Cybersecurity

Cyber security and strategy

Average Cost of Cyberattack Exceeds $1 Million

The post How Machine Learning Helps Improve Cybersecurity appeared first on .

Food Bank Needs Help Recovering from Ransomware Attack

A King County food bank said it will need help recovering from a ransomware infection that affected its computer network. At around 02:00 on 5 June, bad actors targeted the severs of Auburn Food Bank with ransomware. The crypto-malware, which according to Bleeping Computer was a variant of GlobeImposter 2.0, affected all of the food […]… Read More

The post Food Bank Needs Help Recovering from Ransomware Attack appeared first on The State of Security.

Super Smash Flash 2 Unblocked: Gets Great Feedback

Super Smash Flash 2 Unblocked

Super Smash Flash 2, the second in the highly impressive Super Smash Flash series (a fighting browser games series based on the Super Smash Bros series), is going great and getting great feedback from all over.

Designed by the operator of McLeodGaming, Super Smash Flash 2 comes with improvements, updates and attractive features and offers a totally different kind of gaming experience. The game can be played in full-screen mode and allows gamers to fight opponents online by simply using McLeodGaming’s proprietary network system.

Touted as one of the best online flash games, Super Smash Flash 2 managed to reach 400,000 plays in just a day post its release and still soars high on the popularity scale. The first version of the game was no doubt brilliant, but this second edition is simply awesome.

Super Smash Flash 2 unblocked version offers two different modes of play. In the single player mode, using the classic and adventure modes, you can join campaigns and also defeat your rivals all controlled by the PC. Similarly, there is a multiplayer mode in which you can play the game affiliating on the same device with multiple players and defeating the PC-controlled rivals at difficult levels. A wide range of play characters- Mario, Pikachu, Zelda, Sonic, Link, Ichigo Naruto, Goku etc- are offered; you could choose to play your favorite roles. The rules are easy to grab and keyboard control also is smooth.

The most notable thing about Super Smash Flash 2 is that it offers a very different and thrilling experience with the main characters of the game- Marth, Zero Suit Samus and Chibi-Robo. The gamer would, while playing with these characters, have to achieve the fastest speed. Though the Super Smash Flash 2 mission is similar to the Super Smash Bros. and the Super Smash Flash, it requires the gamer to use many special skills.

Super Smash Flash 2 has some incomplete points, but all the same, there’s no denying that it’s a wonderful game and would definitely earn more fans in the months to come. By having Nintendo 3ds Emulator you can play your lovable classic games such as Super Mario, Top Gun, Base Wars and more.

The post Super Smash Flash 2 Unblocked: Gets Great Feedback appeared first on .

Microsoft Warns of Malspam Campaign Abusing Office Vulnerability to Distribute Backdoor

Microsoft is warning users to be on the lookout for a malspam campaign that’s abusing an Office vulnerability in order to distribute a backdoor. On 7 June, Microsoft Security Intelligence took to Twitter to raise awareness of the operation. The campaign, which remains active as of this writing, begins when users receive a malspam email […]… Read More

The post Microsoft Warns of Malspam Campaign Abusing Office Vulnerability to Distribute Backdoor appeared first on The State of Security.

Microsoft Warns Users About Ongoing Email Spam Campaign

Microsoft warns users about an ongoing email spam campaign that abuses an Office vulnerability and seems to target European users. The malware, it is reported, is spread through infected RTF documents attached to emails.

ZDNet reports, “Microsoft’s security researchers have issued a warning on Friday afternoon about an ongoing spam wave that is spreading emails carrying malicious RTF documents that infect users with malware without user interaction, once users open the RTF documents.”

The spam emails appear to target European users as they are sent in different European languages.

When the RTF document attached to an email is downloaded, it runs multiple scripts of different types, like PowerShell, PHP, VBScript etc, to download the final payload, which is a backdoor trojan.

However, it seems that after Microsoft issued its alert, the C&C server of the backdoor trojan is down. The ZDNet report, dated June 9, 2019, says, “Fortunately, the trojan’s command and control server appears to have gone down by Friday, when Microsoft issued its security alert.”

The report, however, reminds us that there could be such other future campaigns; it says, “However, there is always the danger of future campaigns that may exploit the same tactic to spread a new version of the backdoor trojan that connects to a working server, allowing crooks direct access to infected computers.”

The vulnerability that hackers have exploited to execute this campaign is an old Office vulnerability- CVE-2017-11882, which was patched by Microsoft in an update issued in November 2017. Thus, users who had applied the patch are safe from the current campaign.

CVE-2017-11882, which has been used many times by cybercriminals since the end of 2017, is, according to ZDNet security reporter Catalin Cimpanu, “…a codename for a vulnerability in an older version of the Equation Editor component that ships with Office installs, and used for compatibility purposes in addition to Microsoft’s newer Equation Editor module.”

He explains, “Back in 2017, security researchers from Embedi discovered a bug in this older component that allowed threat actors to execute code on users’ device without any user interaction whenever a user would open a weaponized Office file that contained a special exploit… Because Microsoft appeared to have lost the source code for this old component, and after the discovery of a second Equation Editor bug in 2018, Microsoft decided to remove the older Equation Editor component altogether from the Office pack in January 2018.”

Despite the vulnerability being detected and patched, hackers, as we have already mentioned, went on exploiting it again and again as many companies and users are known to have the habit of forgetting to install security updates on time.

ZDNet points out that while most other Office exploits require that users enable macros or disable various security features via popups, this exploit doesn’t need any kind of user interaction. Hence, this exploit is being used for mass-spam campaigns and continues to be popular among many hacker groups engaged in highly targeted attacks.

Related Resources:

Microsoft Releases First Preview Builds of Edge Browser

Top 6 Email Spam Blocker Tips | How to Avoid Email Spam Filters?

The post Microsoft Warns Users About Ongoing Email Spam Campaign appeared first on .

IT Security Sensitivity In The Financial Sector

IT Security’s importance is absolute, regardless of whether the corporate decision makers agree or not. It is the foundation where company’s survivability stands on. If a major failure occurs in the infrastructure or network that supports these IT services, it will be difficult to continue operations of any company worth its salt, and in an extreme case, the business itself may be brought to a standstill.

In addition, we are in the early days of IoT (Internet-of-Things) proliferation in the offices. In such an environment, many of the devices related to operations and services are always connected on the Internet and are exposed to external risks. One of the most exposed sectors that will negatively impact everyone if a successful infiltration cyber attack happens is the financial sector. Whether you are a student, a private sector employee, a public sector worker, an investor and banker, we are all dependent with our financial infrastructure: the banks, the lending institutions, stock brokerage companies, insurance firms they are all the foundation of our modern-day financial lives.

Unfortunately, many BCPs (Business Continuity Planning) in companies seem to be formulated on the assumption of large-scale natural disasters such as earthquakes and medical pandemics. Considering the magnitude of business impact, in addition to the current BCP that assumes large-scale natural disasters, there is also a need to formulate BCPs that assume major IT security issues that are likely to occur anytime of the day. Do we really want our financial systems getting into trouble, for the lack of IT-specific BCPs in-place?

When a company is targeted for cyber attack, the company’s brand and reputation are heavily damaged, some even went out of business, fully losing customer confidence with their products and services. We may lose the trust of society, the very fabric of our daily lives once the financial systems are subjected to disastrous levels of cyber attacks.

Here in this article we will focus on discussing DDoS attack, the targeted email attack, and the ransomware attacks against companies in general, financial firms in particular:

  • IT security issues carry the risk of compensation and social sanctions

There have been cases in which DDoS (Denial-of-Service) attacks were launched against a company providing an online service, and the service could not be provided for about six days after the server was shut down. Imagine it being your bank; no financial transactions are possible for such a length of time. Damage occurs every minute of downtime for lost productivity, lost investment opportunities, lost sales, and lost time to service bank customers.

In such a company, because the service is premised to be connected to the Internet, a temporary stop of service can lead to a decline in customer trust. Even more than a week of service outages can be fatal. It can be imagined that during the suspension period, there are quite a few customers who can not return as they are using other services. Depression to a victim company, fraudulent act example

In DDoS attacks, in addition to being forced to stop services, there are cases of panic that directly requests money, and while attackers start the DDoS attacks themselves. In some cases the fraudulent acts that require compensation for customers that may cost the financial firm a lot of money. This can even escalate to a point that the firm has to file bankruptcy as they can no longer monetarily recover.

  • Financial institutions forced to stop all ATMs

There is a possibility that a cyber attack originated a seemingly innocent-looking email and financial institutions and television stations were seriously damaged due to one of their employees opened the malicious attachment it contains. At financial institutions, ATMs installed at computers and sales offices were shut down at the same time, most common reason being a “security precaution.” Time and transaction opportunities lost from its customers can no longer be recovered, as it leaves a permanent mark of shame against the financial institution.

  • Ransom demand (due to Ransomware infections) are damaging

Globally speaking there have been case reports of intrusion into various networks caused by malware which encrypts the hard disk of a PC and the need for ransom in order to recover the encrypted files. At the same facility, the PCs infected are rendered unusable, with employees downgrading to the use of telephone, fax, and manual documentation procedures until all the computers involved are cleanly reformatted.

If only security measures are taken in advance against these cyber attacks, it may be thought that business impact may be reduced. It goes without saying that if thorough countermeasures are taken, the possibility of bouncing back from a huge controversy such as malware infection is possible, given enough time to recover.

  • Mass disinformation against a corporate target

We have all witness every day the harmful effects of fake news, and the people behind them causes terrible damage against their target entities. Financial services companies cannot possibly defend itself against all possible defamation acts of fake news makers. Given that financial entities are also public companies by nature, the stockholders’ confidence may slip, if the fake news claims “sounds correct.” Not all jurisdictions provide an anti fake news law, that is unfortunate. Hence, we can only watch this space hoping for a good development on this issue.

In addition to taking thorough defense measures, it is necessary to formulate and embody a business continuity plan that assumes “disasters” in the unlikely IT event of continual review. From the attack method and the damage case mentioned above, we at hackercombat.com think that it is possible to know how important it is to firmly build a BCP plan that can withstand even the most challenging IT security challenges. Continue reading our articles here at hackercombat.com to broaden your view of the cybersecurity world and all the IT challenges everyone faces everyday.

Related Blogs:

IT Security Culture Evolution of Businesses Exposed

How Financial Apps Could Render You Vulnerable to Attacks

IoT Devices and a More Secure Future

The post IT Security Sensitivity In The Financial Sector appeared first on .

Apple’s New ‘Find My’ Can Find Your Devices Even When They’re Offline

Rumor has it that Apple has merged its Find My Friends and Find My iPhone applications into a new application called ‘Find My’. Apple explained to Wire how the application works and how it is monitored by implementing efficient cryptography, even if they are offline. The new Find My app uses Bluetooth signals from nearby Apple devices to keep track of your device without a mobile connection.

When Craig Federighi described the application and how it works in WWDC 2019, he stated that the application uses an “end-to-end encrypted and anonymous” mechanism that ensures that only you can track your device and even Apple cannot identify your location.

It’s noteworthy that iOS 13 ‘Find My’ offline mode requires two Apple devices. The second device has the key that decrypts the key to track the location of your lost device.

How does Offline tracking work?

Apple also explained how the application implements a complex cryptographic process that will receive a steady Bluetooth signal from both devices. These signals contain a constantly evolving key that is recognized by nearby Apple devices to encrypt and load their geolocation on Apple servers.

Nevertheless, the location data can only be decrypted by its second device because it only has keys to decrypt.

Since the public key is usually “dynamic and moving round”, it is almost impossible for someone to intercept Bluetooth signals and track their location.

For example, if your iPhone is stolen and put in airplane mode. The iOS device will keep on sending a public key via Bluetooth till some nearby iOS or MacOS device detects this signal, it will then encrypt its location data with the public key that is emitted in Bluetooth signals. The public key cannot be used to track the owner of the device, since it does not contain any personal identifiers.

The nearby iPhone or MacOS device downloads the encrypted location and hash of the lost public key from the iPhone. Since only your second device has the private key to decrypt the location, no one can access it, not even Apple.

However, the second device’s public key does not match the public key on your iPhone because it is always running. Apple has not explained how this works, but it is possible that all previous public keys will be released and Apple can then apply an algorithm to extract the previous location of the lost device.

This is a complex mechanism. However, if Apple does, it may be an excellent way to track the location of offline devices and ensure that users’ privacy is not compromised.

Also, Read:

Apple’s Secure iOS Enclave, Too Secure To Secure

Apple’s iOS 12 is all about Security

 

The post Apple’s New ‘Find My’ Can Find Your Devices Even When They’re Offline appeared first on .

Facebook vs Huawei: Next Stage In The Trade War?

Seems like Huawie’s nightmare in the U.S. market is not ending anytime soon. Now the social media giant, Facebook is banning Huawei from pre-installing their apps to future devices to be released by the Chinese Electronic giant. Huawei’s woes started with U.S. President Donald Trump’s Executive Order mandating U.S. companies to cease doing business with Huawei, which is accused of being a dummy of Beijing with its industrial espionage against western nations. The EO compelled Google, headquartered in Mountain View to cancel Google Play Services license of Huawei. Other Tech News sites wrongly reported that Google disqualified Huawei’s Android license, which is not true given that Android is an open-source project.

With the cancellation of Google Play Services, future Huawei devices may lack installation of Google Play Store, Gmail, Youtube and other Google apps. This was then followed with cancellation of license to use ARM SOCs to build Huawei’s future devices. With the Facebook ban, all future Huawei devices will not have a bundled Facebook, Instagram, WhatsApp and Messenger. Current devices from Huawei currently in the market still have guaranteed Google Play Services access, Facebook also made it clear that the ban does not cover Huawei devices that are currently being sold in the market.

Huawei P30 Pro, P30 and the rest of the line-up being sold by Huawei from the factory lack any pre-installed Facebook-owned apps. But the customers can download any app available through the installed Google Play Store. Alphabet, Google’s mother company has clarified earlier that there is a 90-days grace period provided by the U.S. before the Executive Order will be fully enforced. This means until the end of August, Huawei can still release new devices without the penalty imposed by the EO.

Although the EO only covers U.S. states and territories, the other markets where Huawei operates are now receiving lower mindshare for its devices. European and Asian people looking for replacement phones are steering from purchasing Huawei devices, for the fear that it will stop Google support, unable to update their phone apps as wrongly reported by some media outlets.

Huawei since 2018 is considered as the 2nd largest smartphone manufacturer in the world just behind Samsung and slightly ahead of Apple. It is the largest smartphone and one of the mainstream telecommunication device vendors in China. The company gained a lot of market share when it expanded its business outside of China, more particularly in Asia and Europe. The company’s smartphone has a very small market share in North America, before the U.S. started its trade war against China.

The company for years have denied links with the Beijing government, stressing that they are a for profit private firm which just happened to be headquartered in China. Huawei also hinted of releasing their future devices with the Android AOSP (Android Open Source Project) with a custom non-google app store for downloading apps. The company also plans to build an AOSP backend to perform On-the-Air infrastructure in anticipation with Google’s action.

Huawei at the time of this writing has declined to comment about Facebook’s announcement.

Related Blogs:

Free Open-Source Solution for Firewall

Android Users Spammed With Fake Missed Call Alerts

The post Facebook vs Huawei: Next Stage In The Trade War? appeared first on .

Fortune 500 Company Addresses Weakness Behind 264GB Data Leak

A Fortune 500 company has addressed a security weakness responsible for a data leak that exposed 264GB worth of information. On 2 June, vpnMentor security researchers Noam Rotem and Ran Locar discovered that a log management server owned by global technology distributor Tech Data Corporation did not require any authentication. This made it possible for […]… Read More

The post Fortune 500 Company Addresses Weakness Behind 264GB Data Leak appeared first on The State of Security.

PCASTLE Malware Attacks Targeting China-Based Systems with XMRig

A new wave of attacks involving PCASTLE malware are targeting systems located in China with the XMRig cryptocurrency miner. On 17 May, Trend Micro first observed a series of attacks that use PCASTLE, an obfuscated PowerShell script, to target mainly China-based systems with XMRig, cryptomining malware was involved in numerous attacks in 2018. The security […]… Read More

The post PCASTLE Malware Attacks Targeting China-Based Systems with XMRig appeared first on The State of Security.

Norsk Hydro Q1 2019 Profits Sank Following Ransomware Attack

The first quarter profits for Norsk Hydro sank after the Norwegian aluminum and renewable energy company fell victim to a ransomware attack. According to Reuters, Norsk Hydro’s gains fell to 559 million Norwegian crowns (approximately $64.3 million at the time of reporting) in the first quarter of 2019. That number is down from 3.15 billion […]… Read More

The post Norsk Hydro Q1 2019 Profits Sank Following Ransomware Attack appeared first on The State of Security.

SaaS From The Lens Of Microsoft

When Windows 10 was released in 2015, critics deliberately accused of Microsoft of drastically changing the way people use computers, for-profit purposes and not for the benefit of the end-users. This is because Windows 10 is not only two whole numbers compared to Windows 8 that it replaced, but a dramatic shift of the mainstream operating system from a “product” to a “service”. The marketing term is Windows-as-a-Service, but for the tech industry, the general term used is Software-as-a-Service (SaaS).

What is Saas?

Software since the days of the punch-card and eventually towards the magnetic storage age heralded by floppy disk describes software no similar than a physical product. Both the industry and people using the software are paying for the “bits and bytes” comprising the application software stored in the disk. A program is a product, which can be sold or given away, depending on the desire of its developers. SaaS is a hugely different paradigm since the software is considered a “service” instead of a “product”. Yes, it involves cost, but not just a 1-time sale just like a physical product, but rather like paying rent.

What is SaaS anything to do with a Microsoft Product such as Windows?

Microsoft has long been “lending” software to corporate and end-users, its details are laid-out in the End User Licensing Agreement (EULA). Of course, since the EULA is written by a lawyer and not by a regular Joe, it is fairly long, loaded with many law jargons and the language used is very formal which takes out the interest of an ordinary person from reading it in full. The reality is Microsoft never sold Windows software to its clients, it is only “licensed” to use it indefinitely, the customer will just have to pay a 1-time fee to receive a copy of the program on diskettes (Windows 95 and older), CD (Windows 95, 98, NT4, 2000, Me, XP) or DVD (Windows Vista and newer). The reality is Windows itself is rented by users indefinitely from Microsoft for a 1-time fee. The buyer of the Windows media does not own the bits that are stored in it, also based on the type of licensed bought, the users may also be restricted from installing it to multiple computers they own.

When did Microsoft strongly enforced SaaS?

The reality is Windows (and in some sense also Office) is rented to users through a license. The users are “licensed” to use the software only in full accordance with the EULA. However, since users install the same Windows media across multiple computers they own, Microsoft implemented Windows Activation procedure starting with the “XP” version of both Windows and Office in 2001. This helped remind users through software that Windows (and Office) are not their property, and they cannot install multiple copies of it in different computers, as that breaks the EULA. We go back in Windows history where Microsoft strongly enforced their EULA with a software barrier, that the users are just renting the program.

If Windows (and Office) are already Saas, what is the point of converting Windows to Saas beginning with Windows 10?

Windows 10 marks the age when Microsoft started offering “Windows for rent, for a limited period”. As we all know, starting with Windows 10, there is no newer naming scheme for Windows. From 2015 moving forward, Microsoft will call all Windows they release as Windows 10. The very evidence of this is Windows is now a bi-yearly release. Every six months, Microsoft will release a newer build of Windows 10 which include not only the bug fixes and security patches, but also new features. This is similar to the Service Pack systems of from the past Windows versions, but all future Windows 10 versions will still carry the Windows 10 as the marketing name. With this approach, the users receive the newest version every 6 months, and non-update means that the “license” is automatically revoked (the old Windows 10 build will be considered unsupported, no longer updated with bug fixes).

What are SaaS advantages over traditional “product” software?

The real advantage is a quick and smooth transition from the old version of the software to the newest one. In our Windows analogy, the Windows 10 released in 2015 is very much different from Windows 10 build 1903 released last May 2019. In fact, the 2017 version of Windows 10 or older no longer receive automatic bug fixes from Microsoft during Patch Tuesday (every second Tuesday of the month). Second is the software people will be using are exactly the same, across multiple markets and geographical locations. That means hardware manufacturers only need to write their device drivers only once, expecting the same driver will work on all computers running Windows 10. Previously, manufacturers need to ship a CD and maintain a website containing their device drivers for Windows 10, Windows 8, Windows 7, Windows Vista, etc. all at the same time. This is to cover all their customers, regardless of what version of Windows they run. With Windows 10, they only need to write their drivers in full accordance with Windows 10 protocols, and their hardware is guaranteed to run – since everyone runs Windows 10.

Is SaaS now the future of Software?

Not really, it heavily depends on the developer. Only since 2015 that Microsoft is fully embracing SaaS for their business. Microsoft heavily transitioned from being a software developer giant to a software-service giant, as they reached $1 billion stock value.

Related Blogs:

An Introduction to Cloud Technology and Cloud Security

Microsoft Wants AI to Predict Which PC Gets Hacked Next

The post SaaS From The Lens Of Microsoft appeared first on .

Australia National University Reveals Data Breach Involving 19 Years of Info

Australia National University (ANU) has disclosed a data breach that affected some information of its community members dating back 19 years. On 4 June, ANU Vice-Chancellor Brian Schmidt revealed that the school had discovered a data breach in May. An analysis of the event uncovered that someone had accessed the school’s systems illegally back in […]… Read More

The post Australia National University Reveals Data Breach Involving 19 Years of Info appeared first on The State of Security.

Ghidra, A Powerful Cybersecurity Tool By NSA

And while NSA cybersecurity adviser Rob Joyce called the tool a “contribution to the nation’s cybersecurity community” in announcing it at RSA, it will no doubt be used far beyond the United States.

Ghidra is not a tool that facilitates you to hack a device. It is a reverse engineering platform that is used to “compile,” implement, and decompile. In other words, it converts one and zero into a human-readable format and makes it easy for you to know what the software is up to and impact it carries. Reverse engineering is an important process for malware analysts and threat intelligence researchers because they can work with the software they find in around, such as malware used to carry out attacks. to understand how it works, what skills it has and who wrote it or where it came from. Reverse engineering is also an important way for supporters to check their code for vulnerabilities and ensure the function as intended.

“If you’ve done software reverse engineering, what you’ve found out is it’s both art and science; there’s not a hard path from the beginning to the end,” Joyce said. “Ghidra is a software reverse-engineering tool built for our internal use at NSA. We’re not claiming that this is the one that’s going to be replacing everything out there—it’s not. But it helped us address some things in our workflow.”

Having said that reverse engineering products were already there in the market, including the famous IDA disassembler and debugger. However, Joyce shows that the NSA has been developing Ghidra for years, taking into account priorities and real needs, and making it a powerful and very useful tool. Even products like IDA need costs and make Ghidra Open Source the first tool available for free. This is an important contribution to the formation of the next generation of cybersecurity advocates. (As with other open source codes, we expect some errors). Joyce also noted that the NSA saw the introduction of Ghidra as a recruitment strategy that facilitated the entry of new employees to the NSA or allowed authorized employers to share their experiences without having to know the tool.

The NSA announced Joyce’s speech at the upcoming RSA and Ghidra release in early January. However, knowledge of this tool is publicly available thanks to the release of “Vault 7” by WikiLeaks in March 2017, which analyzed a number of hacking tools used by the CIA, and repeatedly referenced Ghidra as a reverse engineering tool made by the NSA. The code itself, with 1.2 million channels just coming into effect on Tuesday. Ghidra runs on Windows, MacOS, and Linux and includes all the security components provided by researchers. Joyce, however, has focused on adjusting tools. It was also developed to facilitate collaboration between different people involved in the same reverse project, a concept that is not so common on other platforms.

Ghidra also has a user interface and features to make an investment as easy as possible given the complexity and time. As Joyce put it as his favorite feature, the undo/redo mechanism that allows users to test theories about the function of the code being analyzed. If the idea doesn’t work, you can easily go back a few steps.

Over the years, NSA has developed other open source code, such as Security-Enhanced Linux and Security-Enhanced Android initiative. But Ghidra seems to speak more directly about discourse and tension at the heart of cybersecurity now. Available for free, it may spread and inform defense and offensive unexpectedly. If it seems that launching the tool can give hackers an edge over so they can find out how to evade NSA, even Dave Aitel, a former NSA researcher who is now the director of Cyxtera security infrastructure security technology, said that this was not the case of concern.

“Malware authors already know how to make it annoying to reverse their code,” Aitel said. “There’s really no downside” to releasing Ghidra.

Joyce emphasized on Tuesday that “No matter what comes next for the NSA’s powerful reversing tool, it is an earnest contribution to the community of cybersecurity defenders—and that conspiracy theorists can rest easy. “There’s no backdoor in Ghidra,” he said. “

Also, Read:

Zero Trust Architecture and its Relevance in Cybersecurity

UK’s FOI Request Exposes British Government Cybersecurity Weaknesses

Essential Cybersecurity Tools for Business Organizations

Ireland And Its Evolving Cybersecurity Issues

Simple Changes To Address SMB’s Cybersecurity Challenges

 

The post Ghidra, A Powerful Cybersecurity Tool By NSA appeared first on .

Eurofins Scientific Says Ransomware Attack Disrupted Some IT Systems

Eurofins Scientific, an international group of laboratories headquartered in Brussels, revealed that a ransomware attack disrupted some of its IT systems. On 3 June, the food, pharmaceutical and environmental laboratory testing provider revealed that its IT security monitoring teams had discovered a ransomware attack over the weekend that had affected several of its IT systems. […]… Read More

The post Eurofins Scientific Says Ransomware Attack Disrupted Some IT Systems appeared first on The State of Security.

Zero Trust Architecture and its Relevance in Cybersecurity

In the world of technology, just as in any other sphere of life, things that were once in vogue have become outdated, and things that are the trend today would soon go out of use. This naturally applies to cybersecurity as well.

Cybersecurity is an area that evolves much faster than many other domains in the world of technology. This is partly because existing technologies are constantly being updated with new versions or replaced with newer ones. This is also partly because cybersecurity firms and experts have to stay ahead of the cybercriminals who are constantly coming up newer and sophisticated kinds of threats and attacks.

Today let’s discuss a rather new technology that has replaced the widely used and much popular Default Allow approach to cybersecurity. The new technology, the Zero Trust architecture is now turning quite popular among modern day enterprises. Let’s examine different aspects of this development and also discuss the relevance of the rapidly evolving Zero Trust architecture.

What’s the issue with Default Allow?

The Default Allow approach to cybersecurity, which was deemed highly effective, works by allowing unknown files and apps to access enterprise networks. The negative aspect of Default Allow is that cybercriminals could exploit it as a fast, easy way to penetrate enterprise networks and then execute malware attacks and data breaches. They could go for Zero Day attacks or ransomware attacks and cause enterprises huge losses. It’s here that Zero Trust architecture gains relevance.

Zero Trust architecture- What’s it?

Zero Trust architecture is, as the name itself suggests, all about not trusting anything that comes into a network. Thus, the IT team works with the supposition that all files and apps are dangerous as long as they are not verified. Hence, they’d employ a set of security systems and software throughout the network, spanning the web, the cloud, the LAN, the endpoints etc to ensure that every single file or application is safe.

How it works?

As already mentioned, the basic underlying principle here is that of zero trust. Everything needs to be verified before being allowed to execute in a network…

Thus, today we have a wide range of Endpoint Protection platforms that help enterprises achieve a Zero Trust architecture by not trusting and always verifying all unknown files. All unknown files that are executed on an endpoint are instantly placed in a container, thereby ensuring uninterrupted service and zero damage to the user. The unknown files in the containment are all analyzed statically and dynamically, in the cloud as well as by human experts. Post analysis, the verdicts are given. 95 percent of verdicts are returned in under 45 seconds while for 5 percent, it might take up to 4 hours. Then, the files are handled accordingly. Those that are found to be safe and let in and those that are unsafe are blocked. To be noted is the fact that those files for which a 100 percent safe verdict cannot be given from a cloud analysis in 45 seconds are immediately escalated to a human analyst, who does a review to determine if the files are safe or malicious. The highlight is that neither productivity nor user experience is impacted as the analysis process happens without being perceived and the users can immediately run files and applications as they are contained and analyzed in the cloud.

The relevance of a Zero Trust architecture

We have always maintained that the human element is of utmost importance in cybersecurity. Every single employee who is part of a corporate network is responsible for the overall security of the network. Still, errors are bound to happen. One or the other employee might by chance click on a link or download an attachment in a phishing email and that one click or one stray download might pave the way for a devastating cyberattack, sometimes a ransomware strike that could cripple the entire network. This, we’d like to mention, is not underestimating the importance of the human element in cybersecurity. It’s just that it’s only human to err, but one single error that’s thus committed could cost dear for a business organization. To err is human, but then, as regards cybersecurity, there’s no point in consoling ourselves by stating that to forgive is divine, because sometimes, the damages done to businesses as a result of small human errors are irreversible.

Similarly, it wouldn’t be proper to trust the IT teams to detect every threat. Their systems too could sometimes fail. We do point out time and again that all security systems have or develop flaws that could be exploited before they are found and fixed.

Thus, it’s important, not just important but highly relevant, that business enterprises seek to empower their workforces, their networks and their IT teams with the Zero Trust mindsets and the architecture that’s needed to support it. The cyberattacks that could happen as a result of depending wholly on Default Allow could have disastrous consequences and hence we need to go for the Zero Trust architecture, for better protection and data security.

Also, Read

Penetration Testing The Most Visible Component of Cyber Security

Importance of Employee Awareness and Training For Cyber Security

Cyber security and strategy

 

The post Zero Trust Architecture and its Relevance in Cybersecurity appeared first on .

Corporate IT Security Starts With Simple Policies

Frequent readers of hackercombat.com should be fully aware by now that cybercriminals of all sizes mean serious business. The old days of script kiddies vandalizing a website or pulling off a publicity stunt for their 15-minute of fame online are a rare occurrence these days. Cybercriminals are enticed by the real plausibility of profiting from their operations, there is money from data stored in a database of any company. Cybercrime tends to increase intensity and sophistication, especially if the victim is an actual prime target. Spear phishing, deliberate virus infections, infiltration, and corporate/industrial espionage are regular campaigns, most especially if the cybercriminals are funded by a nation-state, as we sometimes report here in hackercombat.com

So what can a company do to mitigate the risks? To formulate mitigations without causing the ban of BYOD (Bring Your Own Device) which is highly productive for employees nor disabling the Internet connection for IoT (Internet-of-Things) devices. For any network administrator worth his salt will tell you, the more uniform the devices connected to the corporate network, the lesser the attack surface. Of course, it is no longer possible to ban personal smartphones in the workplace, given that leaders and the management team of companies use their personal devices for business use as well. IT team just have to find an alternative way to secure the enterprise network without enforcing cut-throat restrictions all over the place in the name of security.

There is no 100% security, and even us here at hackercombat.com can never claim that 100% security is achievable. In this article, we provide you a list of tips on how to increase corporate security without the company breaking the bank and easy to implement:

Define computers that do not require an Internet connection

Not all computers in the enterprise require an Internet connection, in fact, some computers that perform critical 24/7 task do not require a network connection. These machines run specific applications, produce a specific deliverable critical for the organization. There should be regular audit what are the computers that fall in this category, determine if they require connection or remain air-gapped for the rest of the cycle.

Build and keep an updated inventory

Having the updated inventory provides a good baseline in determining the best IT policy, what restrictions can be enforced which will be acceptable for everyone. With a good knowledge of the inventory, problematic equipment can easily be identified, quarantined and if necessary removed from the network (in case of malware infection).

Empower the leadership team with cybersecurity awareness

The leadership team, including the company’s board of directors and the rest of the staff members below them, should all be aware of cybersecurity risks. As the leadership team formulates corporate-level decisions, one wrong decision may cause a troubled brand and long term damaged customer confidence.

Be transparent with IT security policy

All policies that will be enforced need to be written, making it part of the employee’s handbook is even an advantage. The moment a newly hired employee steps into the organization, IT policies are made known. This prevents a gap between the employee and the employer when it comes to standard policies governing the office.

Keep software updated across the organization

This takes a lot of effort for the IT team to implement but must be done without any compromise. The company may allow a certain level of deferred updates in a small-scale for those that critically needs to finish a certain project or task, but that should not be an exemption for non-installation of software updates.

Use Open Source software as much as possible

Unlike the proprietary software, open source software is quickly patched with new updates as soon as a version with a fixed known issue is released. In the open source world, there is no need to wait for a “Patch Tuesday” in order to receive a fixed version of the buggy software. Patches are released as soon as the developers implemented the solution to the bug, security or feature-wise.

Also, Read:

IT Security Procedures You Should Not Forget After Electronic Gadget Shopping

Women Empowerment in Technology and IT Security Pushed

IT Security Culture Evolution of Businesses Exposed

Worldwide IT Security Spending to Hit $114bn This Year: Gartner Forecast

IT Security Pros Are Sure Feeling The Heat Of Modern Attacks

The post Corporate IT Security Starts With Simple Policies appeared first on .

Rally’s and Checkers’ POS Infection Since 2015 Exposed

Did you patronize one of the Rally’s food joints and Checkers Drive-In restaurants since December 2015? Then this news is for you: The two drive-through food chains with 100+ branches in the United States had 15% of their cash registers infected by POS malware since late 2015. Customer information was harvested by the malware, with the latest data showed that retail transactions till April 30, 2019, were affected. Rally’s and Checkers operate stores in the states of Virginia, Tennessee, Pennsylvania, Ohio, North Carolina, New York, New Jersey, Nevada, Michigan, Louisiana, Kentucky, Indiana, Illinois, Georgia, Florida, Delaware, California, Arizona and Alabama.

One of the worst hit with malware was Rally’s food joint in Los Angeles, where the infection period of the Point-of-Sales Terminal started December 17, 2015 with the store technicians only able to clean the machine on March 28, 2018. “After becoming aware of a potential issue, we retained data security experts to understand its nature and scope. Based on the investigation, we determined that malware was installed on certain point-of-sale systems at some Checkers and Rally’s locations, which appears to have enabled an unauthorized party to obtain the payment card data of some guests,” explained Kim Francis, Media coordinator for Magpie, LLC, the umbrella entity that owns both Checkers and Rally’s.

In the name of transparency Magpie posted in its website a list of all its branches with customer exposed data and the period of infection. We in hackercombat.com highly recommend customers of the two food chains to check-out the list, in order to narrow down the possibility of their personal information being part of the leak. Kim Francis also disclosed that the customer data that the POS held came from the magnetic-stripe debit/credit card that their clients used to pay for the food purchases. In the United States, the use of magnetic-stripe cards for payment are still prevalent compared to the more secure EMV (Europay Mastercard Visa) chip-based cards. The likely information exposed are the card holder’s full name, card number, verification code and expiration dates of the card.

“After identifying the incident, we promptly launched an extensive investigation and took steps to contain the issue. We also are working with federal law enforcement authorities and coordinating with the payment card companies in their efforts to protect cardholders. We continue to take steps to enhance the security of Checkers and Rally’s systems and prevent this type of issue from happening again,” added Francis.

Magpie recommends affected customers to apply for a free credit report monitoring from annualcreditreport.com, alternatively their clients can also call 1-877-322-8228. Additionally, being extra vigilant when reading account statements, as discrepancies and fraudulent transactions with the credit charges can be reversed by the card issuing bank. At the same time, Magpie has opened a special hotline for their customers that have specific queries regarding the incident, 1-844-386-9554. The company also opens their main office for walk-in queries: Monday through Friday from 8:00 a.m. to 10:00 p.m. CST and Saturday and Sunday from 10:00 a.m. to 7:00 p.m. CST.

Also, Read:

Huddle House Restaurant Chain’s POS System Breached

Magstripe Credit/Debit Cards & Magstripe-only POS: A Security Nightmare

Recipe for disaster: Bluetooth-enabled POS Terminals + MagStripe-based Cards

The post Rally’s and Checkers’ POS Infection Since 2015 Exposed appeared first on .

Apple Releases Firmware Security Updates for AirPort Base Stations

Apple recently released a series of updates that address several firmware security issues affecting its AirPort base stations. Released on 30 May, the changes fix eight vulnerabilities that apply to the AirPort Extreme and AirPort Time Capsule base stations with 802.11ac. Almost half of these bugs concerned denial-of-service (DoS) attacks. Apple fixed one of these […]… Read More

The post Apple Releases Firmware Security Updates for AirPort Base Stations appeared first on The State of Security.

Gmail’s Confidential Mode for All G Suite Users from June 25

Gmail’s confidential mode would be available for all G Suite users from June 25.

Google had launched Gmail’s confidential mode in beta earlier in August 2018. Now, Google has announced its plans to launch the confidential mode for all G Suite users. This will happen on June 25.

Google has clarified that once the Gmail confidential mode becomes generally available for all G Suite users, it would be set to default ON for all domains with Gmail enabled, unless the user chooses to disable the feature.

Gmail Confidential Mode: What’s it?

The Gmail confidential mode makes it possible for the sender of an email to revoke a sent email or even add expiration dates to it. It will also be possible to block printing and forwarding of emails.

A blog post from the G Suite team explains it in detail; it says- “Confidential mode provides built-in information rights management controls in your emails by allowing senders to create expiration dates and revoke previously sent messages. Because a sender can require additional authentication via text message to view an email, it’s also possible to protect data even if a recipient’s email account has been hijacked while the message is active. Additionally, with confidential mode, recipients don’t have the option to forward, copy, print, or download their content or attachments.”

Thus, the sender of an email in confidential mode can configure various options including setting a date for expiration or self-destruction (as regards setting expiration, it can be configured from 1 day to 5 years), demanding password entry for the mail to open etc.

The confidential mode works with all email providers because these emails wouldn’t be containing the actual email. The recipient would be getting an email that contains a link to the Google servers that hosts the email. When the recipient clicks on the link, Google would demand a login to confirm that it’s the intended recipient. Once the recipient logs in, the email would be made available. In case the sender realizes that the email was sent by mistake or if the sender wishes to withdraw access, opening the email and clicking on the Remove access button in the Sent folder would do the job.

While using the confidential mode, since the sender can require additional authentication (via text message) from the recipient to view an email, it becomes possible to protect data even if the recipient’s email account is hacked when the message is active.

When the Gmail confidential mode was launched in beta in August 2018, experts pointed out that though recipients cannot save or print the mail as such, it’s not possible to stop the recipient from taking a screenshot. Similarly, experts also pointed out that this feature could be used in future for launching phishing attacks, especially since there is a link that necessitates login from the part of the recipient.

How to use Gmail confidential mode

Users can at present go to Apps> G Suite > Settings for Gmail > User settings and choose either the “Disable” or the “Enable now (beta)” option. Once the feature is launched for general use, users can choose the “Enable when the feature is in general availability” option. Google provides users with details instructions about protecting emails using the confidential mode and also regarding how to send and read confidential messages, how to work with Gmail confidential mode messages in vault etc.

So now, it’s going to be a wait till June 25, when the Gmail confidential mode will be made available on all G Suite editions, with one to three days for feature visibility on both the rapid and scheduled release domains.

Related Resources:

Google Helps Identify Crime Suspects Using Location History

Google Still Going Strong Even After 3rd Antitrust Fine

Google Photos Vulnerability that Lets Retrieve Image Metadata

 

The post Gmail’s Confidential Mode for All G Suite Users from June 25 appeared first on .

Checkers Says Data Breach Affected 100+ Locations

Checkers Drive-In Restaurants, Inc. revealed that a data breach possibly affected customers at more than 100 of its Checkers and Rally’s locations. Adam Noyes, chief administrative officer and executive vice president at Checkers Drive-In Restaurants, Inc., wrote in a statement that the double drive-thru restaurant chain recently learned of a malware infection involving some of […]… Read More

The post Checkers Says Data Breach Affected 100+ Locations appeared first on The State of Security.

Flipboard Resets Users’ Passwords after Discovering Security Incident

News and social media aggregator Flipboard reset all users’ passwords after discovering a security incident that might have affected some of their data. On 28 May, the company revealed that its engineering team had recently detected suspicious activity in the network environment where its databases reside. Flipboard responded by launching an investigation and engaging an […]… Read More

The post Flipboard Resets Users’ Passwords after Discovering Security Incident appeared first on The State of Security.

Digital Criminals Abusing Secure Tunneling Service to Deliver Lokibot

Digital criminals have begun abusing a secure tunneling service to deliver samples of the Lokibot banking malware family. My Online Security came across an instance of this campaign when they received an email pretending to originate come from BBVA Banco Continental, a Spanish bank. The email leveraged the lure of a fake payment transfer to […]… Read More

The post Digital Criminals Abusing Secure Tunneling Service to Deliver Lokibot appeared first on The State of Security.

U.S. Navy to Build 350 Billion Record Social Media Archive

The U.S Navy proposes to come up with a global social media archive of a totally unprecedented scale.

The social media archive that the U.S Navy researchers plan to create would comprise 350 billion of digital data records and would be part of the ongoing research efforts conducted through the Department of Defense and Analysis at the Naval Postgraduate School, Monterey, CA.

The research project’s synopsis states, “This project is part of ongoing research efforts conducted through the Department of Defense and Analysis at the Naval Postgraduate School. Our research aims to provide enhanced understanding of fundamental social dynamics, to model the evolution of linguistic communities, and emerging modes of collective expression, over time and across countries.”

The synopsis further explains, “As a central requirement for this research, we seek to acquire a large-scale global historical archive of social media data, providing the full text of all public social media posts, across all countries and languages covered by the social media platform.”

It’s also clarified that the aim is to use the research to advance knowledge through scientific publications and to use the data for pedagogical purposes in the classroom. Students would thus get new opportunities for thesis research and for developing analytical skills as well.

The intention is to go through social media records spanning a period of two-and-a-half years- from 7/1/2014 to 12/31/2016. The data would be collected from a single social media platform and would comprise ” all publically available messages, comments, or posts transmitted on the platform over the specified time period.”

The synopsis also explains that the data “…includes messages from at least 200 million unique users in at least 100 countries, with no single country accounting for more than 30% of users”, and also that the data collected “…must include messages written in at least 60 languages, with at least 50% of the messages written in non-English languages.”

It has been clarified that the collected data must include only “publically available information” and that no private communications or private user data should be included.

Detailing the minimum requirements for the 350 billion records, the synopsis document states, “Each record in the archive must provide the full text of a social media post, unaltered from its original content and formatting, with all publicly available meta-data, including country, language, hashtags, location, handle, timestamp, and URLs, that were associated with the original posting.”

It also states that all records collected should comprise the data and time of sending of each message plus the public handle user that’s associated with it. Similarly, it should also include, for at least 20 percent of the records, the “approximate location information, providing self-reported user hometowns, or other publically available geo-location information”.

It has been reported that this research and the data would be used to study things like communication, the change in patterns of discourse, the evolution of slang etc.

Also, Read:

Data Loss Prevention for Social Media Channels in Enterprises

Free Facial Recognition Tool to Track People on Social Media Sites

Online Security and Social Media

The post U.S. Navy to Build 350 Billion Record Social Media Archive appeared first on .

Equifax’s Nightmare Continues, Credit Rating “Negative”

Since 2017, Hackercombat.com covered the data breach incident of Equifax and all its relevant angles. The latest was just last March 9, 2019, when the U.S. Senate’s Committee on Homeland Security and Governmental Affairs released their committee report about the result of its probe of the incident. The report included not only the embarrassing situation of Equifax before and after the cyber attack, but also included proposals through legislation on helping companies not to become the next victim of a similar incident.

However, that was not the last episode in this long-running Equifax-drama series, the nightmare for Equifax is not yet ending as Moody’s, one of the global credit rating agencies has slapped the data analytics firm with a drastic credit rating downgrade. Moody’s downgrade is highlighted with the demotion of Equifax’s credit outlook from “stable” to “negative”, which will be felt by the company in the current year.

“We are treating this with more significance because it is the first time that cyber has been a named factor in an outlook change. This is the first time the fallout from a breach has moved the needle enough to contribute to the change,” explained Joe Mielenhausen, Moody’s Spokesperson.

With the downgrade, Equifax will have a hard time paying for their current loans, including the tougher time of persuading financial institutions for any future creditors. Moody’s blamed the $690 million after data breach expenses that Equifax had to absorb as the justification for the credit rating downgrade. The mentioned about was the closest estimate of all the expenses that Equifax incurred just to settle the class action lawsuits and all the state and federal fines facing the company after the incident.

“We estimate Equifax’s cybersecurity expenses and capital investments will total about $400 million in both 2019 and 2020 before declining to about $250 million in 2021. Beyond 2020, infrastructure investments are likely to remain higher than they had been before the 2017 breach. The heightened emphasis on cybersecurity for all data oriented companies, which is especially acute for Equifax, leads us to expect that higher cybersecurity costs will continue to hurt the company’s profit and free cash flow for the foreseeable future,” said Moody’s in a Press Release.

In November 2018, Moody’s made a change with their rating system adding cybersecurity risks handling and cases as a proportionate basis for judging the credit rating for an entity. It is a huge reform being implemented by Moody’s given that cybersecurity issues had not affected the credit rating of companies before.

“For us, it’s not something we view as a totally new idea. We’ve been in the risk management business for a very long time. This is to enhance our thinking about credit as cyber becomes more and more important. We haven’t yet moved a credit rating due to cyber risk or a cyber event, but we see the likelihood of credit-rating impact as steadily increasing. Different sectors have different levels of credit sensitivity to cyber risk. For those higher-risk sectors, there will be impact down to the individual issuer-level over time,” added Derek Vadala, Moody’s Lead for Investors Services Cyber Risk Group.

Related Resources:

Equifax’s Senate Investigation: What Went Wrong?

ICO Slaps Equifax with Maximum Fine for the 2017 Data Breach

Yet Another Equifax Employee Accused Of Insider Trading

Equifax Hack Again, Now a Redirect to a Fake Flash Update…

The post Equifax’s Nightmare Continues, Credit Rating “Negative” appeared first on .

Mobile Browsers’ Google Safe Browsing Flaw In 2018 Revealed

Google Safe Browsing system has been implemented by the Google search engine for more than a decade now, designed to block known websites harboring malware or phishing attempts against visitors. It is very efficient, given that Google has the most advanced web crawlers that index the web, marking as websites with harmful contents with a nag screen, stopping the user from ever visiting the malicious websites in the process.

Unfortunately, browser makers such as Mozilla, Apple and even Google failed to check browser’s iOS and Android variants for Safe Browsing compatibility, which was broken for mobile browsers at least a year from July 2017 to the last Quarter of 2018. The shocking revelation was the result of the research conducted by Paypal in partnership with Arizona State University’s academic researchers. This means that the Firefox, Safari and Chrome/Chromium browsers for Android/iOS for more than a year inadvertently exposed users to some malicious sites, as the Google Safe Browsing was broken under the mobile browser variants.

The research team from Arizona State University and Paypal used an internal project in prototype form from 2017-2018 timeframe to detect the effectiveness of automation with securing Internet users. The project was dubbed PhishFarm, under the project, a controlled environment where the research team deliberately established 2,380 genuine-looking PayPal website and allowed a certain number of “test victims” visit these websites for their “busy workloads”.

The normal behavior for a Google Safe Browsing-aware browser to check Google if the website has no known malicious elements, however, this only works on desktop-based browsers not with their mobile counterparts. That means that mobile users are exposed to malicious websites that are actually blocked by Google Safe Browsing system during the above mentioned time frame.

“We found that simple cloaking techniques representative of real-world attacks- including those based on geolocation, device type, or JavaScript- were effective in reducing the likelihood of blacklisting by over 55% on average,” explains the research team.

With the rapid growth of web browsing through mobile devices, the propensity of users to use the default web browsers installed in their mobile devices greatly increases the risks of users encountering malicious executables and phishing websites. Microsoft’s SmartScreen, a competing service works on all variants of Microsoft Edge browser, both for the desktop operating systems and with Android.

“Following disclosure of our findings, anti-phishing entities are now better able to detect and mitigate several cloaking techniques (including those that target mobile users), and blacklisting has also become more consistent between desktop and mobile platforms— but work remains to be done by anti-phishing entities to ensure users are adequately protected,” added the research team.

In 2019, new versions of mobile Firefox, Safari and Chrome/Chromium has a working Google Safe Browsing system. The browser vendors were able to make the necessary adjustments on how to implement the safe browsing system within their products on the mobile platform. Unfortunately, the statistics of how many mobile users were bitten by a phishing page or received malware due to non-working safe browsing system from last year was not disclosed by any of the browser vendors.

Also, Read:

Google to Block Sign-ins from Embedded Browser Frameworks

Migrate to Tor Browser 8.0, Version 7.x Has Zero-Day Exploit

Microsoft Releases First Preview Builds of Edge Browser

All Browser Vendors Unite: Goodbye to TLS 1.0 and 1.1 on 2020

The post Mobile Browsers’ Google Safe Browsing Flaw In 2018 Revealed appeared first on .

Adding a Recovery Phone Number Blocks 100% of Automated Bot Attacks, Finds Google

Google found that users who add a recovery phone number to their accounts effectively block 100 percent of automated bot attacks by doing so. The tech giant arrived at this finding after teaming up with New York University and the University of California, San Diego to investigate the efficacy of basic account hygiene in preventing […]… Read More

The post Adding a Recovery Phone Number Blocks 100% of Automated Bot Attacks, Finds Google appeared first on The State of Security.

TalkTalk’s Databreach Made Secret, Exposed In A Google Search

Having the Google search engine is a blessing for many people who are searching for answers to whatever questions they may have. However, for the telecommunication conglomerate TalkTalk, having Google is a nightmare, as their data breach that they kept secret from their customers was inadvertently exposed by just a simple Google Search. An estimated 4,545 customer records were discovered by just a Google Search, which TalkTalk tried to hide from the public.

Styling itself as: “We do what’s right. We’re also passionate about keeping our teams engaged, happy and proud to work here. It’s all about empowering customers through great TalkTalk technology, and great TalkTalk people.” With leaving the customers in the dark, the company may be subjected to a penalty by the United Kingdom.

The data breach issue was not disclosed by the conglomerate, and it was also unreported to the ICO (UK”s Information Commissioner’s Office), which according to law should receive all reports of data breaches in accordance to the Data Protection Act of 1998. It was later found out through a Google search that the data leak includes personally identifiable information like customer full name, birthdate, address, account numbers, financial information, and contact information. Due to the news blackout fiasco, TalkTalk was forced to issue letters of apology to the affected customers of the 2015 data breach, the origin of the data came from the conglomerate’s own database.

“The 2015 incident impacted 4% of TalkTalk customers and at the time, we wrote to all those impacted. In addition, we wrote to our entire base to inform them about the breach, advise them about the risk of scam calls and offer free credit monitoring to protect against fraud. A recent investigation has shown that 4,545 customers may have received the wrong notification regarding this incident. This was a genuine error and we have since written to all those impacted to apologize. 99.9 percent of customers received the correct notification in 2015. On their own, none of the details accessed in the 2015 incident could lead to any direct financial loss,” explained a TalkTalk representative.

Security experts expressed their concern of companies not being honest when it comes to the welfare of their customers. Even though bad for the reputation of the company at first, customers will appreciate if companies that encounter trouble can face the music by being honest with their customers.

Related Resources:

Ways to Prevent Healthcare Data Breaches

Human Error: The Reason behind 88% of all UK Data Breaches

The Top 10 Worst Data Breaches of all Time

Six Critical Mistakes That Could Lead to Data Security Breaches

The post TalkTalk’s Databreach Made Secret, Exposed In A Google Search appeared first on .

Free Decryptor Released for GetCrypt Ransomware

Security researchers have released a tool that enables victims of GetCrypt ransomware to recover their affected files for free. On 23 May, web security and antivirus software provider Emsisoft announced the release of its GetCrypt decrypter. This utility asks victims of the ransomware to supply both an encrypted copy and the original version of a […]… Read More

The post Free Decryptor Released for GetCrypt Ransomware appeared first on The State of Security.

Six Best CRM Software for Business for 2019

CRM (Customer Relationship Management) software helps easily manage prospects, leads and customers for any business. By using CRM software, a business could store data (contact information and the like), send emails, make calls, add notes, schedule appointments, create reports and do many such other things.

Here’s a look at the six best CRM software for businesses that are available in the market today-

HubSpot

HubSpot CRM is ideal for beginners and start-ups since it’s basically simple and easy to use. Using this web-based CRM solution, businesses can manage contacts and recent contact activity with ease. The clean visual dashboard of HubSpot helps organize and sort contacts based on deals won or lost, appointment scheduled etc. Customized filters could help sort contacts to suit the needs of any particular business. The dashboard also helps obtain an up-to-the-minute of the entire sales funnel for any business. The tool offers great features like team email, live chat, email scheduling, tasks, deals, ticketing etc. The paid version comes with advanced features like calling, meetings, email tracking notifications, contact activity, and conversational bots. You can log all activities by linking HubSpot CRM to Gmail or Outlook.

PipeDrive

PipeDrive CRM software, which is easy to use, simplifies the sales pipeline process, thereby helping in identifying actions that could get you more sales. It has some interesting features including a clear visual interface, email integration, sales reporting, sales forecasting, the setting of activities and goals, mobile apps that help access CRM from anywhere etc. There are three different pricing plans, namely Silver, Gold and Platinum. While the Silver plan has basic features like drag and drop calendar view, chat and email support, goals, smart email BBC, customizable dashboard etc, the Gold plan comes with more advanced features like workflow automation, smart contact data, and scheduler. The Platinum plan comes with multiple dashboards, teams, and revenue forecast reports. There is also a free trial offer available.

Constant Contact

Constant Contact CRM, which offers different pricing plans depending on the number of email subscribers as well as on the features needed, helps manage contacts, easily upload current contacts list, categorize contacts using tags and send email campaigns to subscribers. The features also include segmentation tools, email list building tools, list cleaning and easy integration with other CRM software.

GreenRope

Some experts call GreenRope the complete CRM solution as it brings together marketing automation, sales pipelines and customer service. There are three sections namely sales, marketing and operations. While the sales part includes a complete CRM, workflow manager, booking calendar system, predictive analytics, lead scoring tool etc, the marketing suite includes features like email marketing software, email tracker, customer journey mapping, landing page builder etc. The operations part includes features like ticketing system, live chat, project management, contact management, event management etc. GreenRope CRM software, which offers 7 different pricing plans, can be used by businesses to manage social media, email marketing, sales, events, project management etc.

SalesForce

An immensely popular CRM software, SalesForce has many advanced features that help manage almost all things pertaining to customer service, sales and marketing, commerce, productivity etc. SalesForce offers 4 different pricing plans and comes with notable features like account management, contact management, opportunity management, lead management, sales data etc. The tool, which offers advanced features depending on the plan chosen, helps businesses grow faster by expanding their customer base and closing deals very fast.

Freshsales

Freshsales CRM, which is mainly for small businesses, is easy-to-use and offers a 360-degree customer view, which provides access to customer’s social profiles, helps identify customer touch points etc, all from a single dashboard. The tool also allows automatic capture of website visitors and also helps group these visitors based on the way they engage with the websites. Freshsales has four different pricing plans and offers features like auto lead assignment, appointment booking, auto profile enrichment, lead scoring, smartforms etc. It also helps understand and manage customers using the tracking features, email features and built-in phone features that it offers. A free plan called Sprout supports users with contacts, leads, deals, email, integrations, mobile apps etc.

The post Six Best CRM Software for Business for 2019 appeared first on .

Computer Infected with 6 High-Profile Viruses Surpasses $1M in Auction

A Windows laptop infected with six high-profile computer viruses has surpassed a value of one million dollars in public auction bids. For a project called “The Persistence of Chaos,” contemporary internet artist Guo O. Dong and security firm Deep Instinct infected a Samsung NC10-14GB 10.2-Inch Blue Netbook (2008) running Windows XP SP3 with six pieces […]… Read More

The post Computer Infected with 6 High-Profile Viruses Surpasses $1M in Auction appeared first on The State of Security.

Google Stored G Suite Customers Passwords in Plain Text

In a blog published yesterday, Google revealed that it had discovered a bug that allowed some G Suite users to have their passwords saved in text format.

The bug has been in circulation since 2005, although Google claims to find no evidence of incorrect access to someone’s password.

It’s resetting any passwords that might be affected and allow G Suite, administrators to know about the problem.

G Suite is the business version of Gmail and other Google apps. Apparently, the bug in this product was generated because of a feature specifically designed for businesses.

Initially, your G Suite application manager could set user passwords manually, before a new employee is on board. If this was the case, the administrator’s console would store the passwords in plain text instead of hashing them. Since then, Google has removed this option for administrators.

Google’s blog aims to explain how the cryptographic hashing works, probably to ensure that the nuances surrounding this violation are clear.

“We recently notified a subset of our enterprise G Suite customers that some passwords were stored in our encrypted internal systems unhashed,” Suzanne Frey, Google Cloud VP of Engineering wrote.

Although passwords are stored in plain text, they are at least plain text on Google’s servers. It would be more difficult to reach them if they had just arrived on the open Internet.

Although Google did not say explicitly, it also seems to prevent people from placing this bug in the same category as other common password problems in which these passwords were leaked. Google has already led users to reset their passwords.

In turn, Google has identified not only the number of users likely to be affected by this bug, but also the fact that it affects “a subset of our G Suite business customers” – probably anyone who used G Suite in 2005.

And while Google has found no evidence that anyone has used this access for malicious purposes, it is unclear who has access to those files containing only text.

Anyway the issue is fixed now, and Google has conveyed in its post how it is appropriately sorry about the whole issue:

We take the security of our enterprise customers extremely seriously and pride ourselves in advancing the industry’s best practices for account security. Here we did not live up to our own standards, nor those of our customers. We apologize to our users and will do better.

Related Resources:

Google Removes 85 Adware-Infected Android Apps

Google Helps Identify Crime Suspects Using Location History

 

The post Google Stored G Suite Customers Passwords in Plain Text appeared first on .

HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider

A recent attack wave involving HawkEye malware sends data stolen from its victims to another keylogger provider’s website. On 21 May, My Online Security came across a new sample of HawkEye. The actual delivery mechanism itself wasn’t unique compared to previous attacks involving the malware. In this particular instance, the attack email used the lure […]… Read More

The post HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider appeared first on The State of Security.

Company Behind LeakedSource Pleads Guilty after RCMP Investigation

A company responsible for helping to operate LeakedSource.com has submitted a guilty plea following an investigation by the Royal Canadian Mounted Police (RCMP). On 17 May, Defiant Tech Inc. pleaded guilty to the charge of “trafficking in identity information and possession of property obtained by crime” in association with an investigation surrounding LeakedSource. RCMP initiated […]… Read More

The post Company Behind LeakedSource Pleads Guilty after RCMP Investigation appeared first on The State of Security.

Our Long Collective Struggle To Secure Enterprise Email

Email is the oldest service on the Internet, launched in the 1970’s, it is older than the WWW or the World Wide Web itself for more than three decades. However, the fundamentals of sending and receiving email have not fundamentally changed, in fact, all the weaknesses of the email systems of the 70s are still hounding us today. In 1978, we witnessed the first spam email sent to thousands of corporate email users. The other threats such as malware and phishing through email followed soon after.

These threats take advantage of the basic foundation of email, which is accessibility and open-ended approach to transferring information. Security is never the foundation of email when it was first conceptualized by the fathers of the Internet. It is a direct product of the TCP/IP (Transmission Control Protocol/Internet Protocol), where scientists are able to communicate with one another the results of their experiments and research.

When email and the rest of the Internet became a “public sphere” as opposed to the initial “for military use only”, opportunity seekers look at it and found a new home when it comes to exploiting the weaknesses at the expense of unsuspecting users. The number of cyber attacks targeting countries and companies is increasing, and information security measures are now a matter of life and death for companies. At the same time, however, the combination of business and IT has progressed, and while numerous IT investments are required, the amount of investment in security is a reality. Similarly, many IT personnel are busy with various tasks, making it difficult to specialize in security measures.

Under such circumstances, effective use of security solutions is essential to obtain a safe and secure environment including business partners and customers. Above all, the most important point is how to secure the security of “mail” which is said to occupy 80 to 90% of the attack path. It goes without saying that even among the damage caused by cyber attacks, it is information leakage that brings fatal damage to companies. Targeted attack emails and emails such as phishing emails often use messages that spoof legitimate senders, such as business partners, financial institutions, and public organizations. And the reason why the damage globally has been increasing in the last two decades is that the methods for infecting the sentences and malware described in such malicious emails have been refined.

Is there a permanent solution?
As an attack method by email, attachment files of malware such as ransomware and URL spoofing (redirection) are often used. In the latter case, if you click on the URL link in the mail, you will be diverted to a falsified website, etc. and you will be forced to download malware, etc. And please be aware that in such email-based attacks, the pattern of spam emails, which was previously thought to cause no direct harm to the system, is rapidly increasing.

Spam email is an advertising email sent indiscriminately to an unspecified number of people, often referred to as “spam”. In the past, the damage caused by spam emails was such that sending many unnecessary emails interfered with business operations, and the effort for deletion would be unrelentingly costly. However, recently, in addition to these, as mentioned above, it has become a trigger for malware infection or is being used for phishing scams. Also, there are more cases where Botnet, which sends large-scale spam emails, is the source of ransomware.

There is no other defense but for users to develop a sense of doubt when receiving emails. A reasonable level of suspicion does not hurt, in fact, it is even safer to actually call the sender of the email to verify if that person actually sent an email. There is no system that can 100% prevent email risks, but there will always be a human standing in the way. The point of getting a network infected or a company falling for spear phishing is the human user of the system representing the company. All employees are the frontliners in all corporate IT security arrangement.

Also, Read:

Avoid These Mistakes, Ensure Better Enterprise Security

Is It Possible To Have Email Security Without OpenPGP/S-MIME?

Mimecast Quarterly Report: 25% Of Spam and Malicious Emails Bypass Security Systems

How Enterprises Can Combat Cybersecurity Challenges On The Cloud

Can Artificial Intelligence Boost Future Email Security?

The post Our Long Collective Struggle To Secure Enterprise Email appeared first on .

WhatsApp Will Never be Safe, Says Telegram Founder

In a direct attack on WhatsApp, Telegram founder Pavel Durov has stated that the Facebook-owned WhatsApp would never be safe.

In a statement that he had written on Telegraph Pavel Durov points out that hackers could access anything- photos, emails, texts etc- on any phone that had WhatsApp installed on it. He even discusses the security issue that WhatsApp recently faced- that of a high severity bug that could allow hackers to inject spyware remotely into a phone simply by making a WhatsApp call.

Durov writes, “Every time WhatsApp has to fix a critical vulnerability in their app, a new one seems to appear in its place. All of their security issues are conveniently suitable for surveillance, and look and work a lot like backdoors.”

He points out that unlike Telegram, WhatsApp is not an open source platform and hence it never allows security researchers to easily check if there are backdoors in its code. Instead of publishing its code, WhatsApp deliberately obfuscates their apps’ binaries so that no one is able to study them thoroughly, he adds.

Durov explains that back in 2012, when he was working to develop Telegram, WhatsApp was still transferring messages in plain-text in transit and not just governments or hackers, but mobile providers and even Wi-Fi admins had access to all WhatsApp texts.

WhatsApp later added some encryption, but the key to decrypt messages was available with several governments, who could thus decrypt conversations on WhatsApp very easily. Durov says, “Then, as Telegram started to gain popularity, WhatsApp founders sold their company to Facebook and declared that “Privacy was in their DNA”. If true, it must have been a dormant or a recessive gene.”

Discussing how the end-to-end encryption introduced in 2016 by WhatsApp works, Pavel Durov says, “3 years ago WhatsApp announced they implemented end-to-end encryption so “no third party can access messages“. It coincided with an aggressive push for all of its users to back up their chats in the cloud. When making this push, WhatsApp didn’t tell its users that when backed up, messages are no longer protected by end-to-end encryption and can be accessed by hackers and law enforcement. Brilliant marketing, and some naive people are serving their time in jail as a result.”

Durov also explains that those who don’t go for the backup thing could also be traced in many ways. He says that the metadata generated by WhatsApp users is leaked to different agencies in large volumes by WhatsApp’s mother company. Added to all this, there are critical vulnerabilities coming one after the other.

He writes, “WhatsApp has a consistent history – from zero encryption at its inception to a succession of security issues strangely suitable for surveillance purposes. Looking back, there hasn’t been a single day in WhatsApp’s 10 year journey when this service was secure. That’s why I don’t think that just updating WhatsApp’s mobile app will make it secure for anyone.”

In his statement, Durov explains why people can’t stop using WhatsApp all of a sudden. He says that a lot of people can’t do this because their friends and families still continue to use WhatsApp. He writes, “It means we at Telegram did a bad job of persuading people to switch over. While we did attract hundreds of millions of users in the last five years, this wasn’t enough. The majority of internet users are still held hostage by the Facebook/WhatsApp/Instagram empire. Many of those who use Telegram are also on WhatsApp, meaning their phones are still vulnerable.”

Durov says this about Telegram- “In almost 6 years of its existence, Telegram hasn’t had any major data leak or security flaw of the kind WhatsApp demonstrates every few months. In the same 6 years, we disclosed exactly zero bytes of data to third-parties, while Facebook/WhatsApp has been sharing pretty much everything with everybody who claimed they worked for a government.”

He explains that unlike Facebook, which has a huge marketing department, Telegram does zero marketing and wouldn’t want to pay journalists and researchers to write about it. It instead relies on its users.

Well, that’s the gist of what the Telegram founder has to say. Let’s wait for the other side of the story. Let’s wait and see if WhatsApp comes up with its own statements defending itself, in response to what all Pavel Durov had written.

Source: https://gbhackers.com/whatsapp-will-never-be-secure/

 

Related Resources:

A Quick Glimpse On The WhatsApp “Spyware” Issue

The WhatsApp Gold Scam is Back, in a New Form!

WhatsApp Launches Service to Fight Fake News in India

SpyDealer Android Malware Steals Data from WhatsApp and Facebook

The post WhatsApp Will Never be Safe, Says Telegram Founder appeared first on .

Stack Overflow Discloses Digital Attack against Production Systems

Stack Overflow, a popular question and answer site for programmers, disclosed a digital attack in which bad actors accessed its production systems. Mary Ferguson, VP of Engineering at the company, publicly revealed the incident on 16 May. In a statement posted to Stack Overflow’s website, she explained that someone had obtained production-level access to the […]… Read More

The post Stack Overflow Discloses Digital Attack against Production Systems appeared first on The State of Security.

Stack Overflow’s Production Systems Accessed by Hackers

In a brief announcement yesterday, Stack Overflow reports that it was the target of an attack that led hackers to access its production systems.

The website is currently online and the few public details provided in a short message indicate that a survey revealed that a “level of production access was obtained on May 11”.

User data are safe

It is not clear how the intruders were able to access the internal Stack Overflow network, but the actions taken as a result of the violation includes the patching all known vulnerabilities. The incident was discovered internally and the initial assessment is that no customer or user data has been affected.

“Our customers’ and users’ security is of the utmost importance to us. After we conclude our investigation cycle, we will provide more information,” says Mary Ferguson, VP of Engineering at Stack Overflow.

Stack Overflow was launched in 2008 as a website for questions and answers about programming themes. As part of the Stack Exchange Network, it is a community of more than 10 million as on January 2019.

Stack Overflow is available in several languages (English, Spanish, Russian, Portuguese and Japanese). According to the website, more than 50 million visitors access it every month, looking for ways to solve their problems, develop their skills or find work.

The platform is considered as a reliable source for an overview of accurate trends in the developer community, as well as pay package information based on experience, location, training, and technology.

Source: https://www.zdnet.com/article/stack-overflow-says-hackers-breached-production-systems/

 

Related Resources:

Hackers Steal Around $41 Million in Bitcoin from Binance

Yet Another WordPress Hack Exploiting Plugin Vulnerabilities

The post Stack Overflow’s Production Systems Accessed by Hackers appeared first on .

Microsoft Warns WannaCry-like Windows Attack

Microsoft warns users of older versions of Windows of installing Windows Update immediately to protect against potential, widespread attacks. The software giant has fixed vulnerabilities in Remote Desktop Services running on Windows XP, Windows 7, and server versions such as Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008. Microsoft is taking this unusual approach of releasing patches for Windows XP and Windows Server 2003, although both operating systems do not support it. Windows XP users must manually download updates from the Microsoft Update Catalog.

“This vulnerability is pre-authentication and requires no user interaction,” explains Simon Pope, director of incident response at Microsoft’s Security Response Center. “In other words, the vulnerability is ‘virus’, meaning that any future malware that exploits this vulnerability could propagate from the vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.”

Microsoft said it had not observed the exploitation of this vulnerability. However, after the patch is released, it is only a matter of time before the attacker selects Microsoft patches and creates malware. Fortunately, Windows 8 and Windows 10 computers are not affected by this vulnerability. Although Windows 10 is now more popular than Windows 7, there are still millions of computers running Windows 7 that can make potential attacks very problematic.

Microsoft breaks the tradition of not patching, Windows operating systems that are not supported when thousands of computers in more than 100 countries are affected by the malware known as WannaCry. The malware uses a bug in the old version of Windows to encrypt the computer and asks for a $ 300 ransom before opening it. Microsoft is keen to avoid other WannaCry programs, even though it states that “the best way to resolve this vulnerability is to upgrade to the latest version of Windows.”

Source: https://www.theverge.com/2019/5/14/18623565/microsoft-windows-xp-remote-desktop-services-worm-security-patches

Related Resources:

Microsoft’s Windows 7, 8.1 To Have Defender Advanced Threat Protection

Windows-based Forensic Tools Available for Everyone

145 Windows-malware loaded Play Store Apps, deleted by Google

Latest Windows 10 Comes With Malware Protection

 

 

The post Microsoft Warns WannaCry-like Windows Attack appeared first on .

Magecart Used Same Skimmer against Two Web-Based Suppliers

Magecart threat actors used the same skimmer against two web-based suppliers to try to steal users’ payment card information. As discovered by security researcher Willem de Groot, the first attack occurred at 15:56:42 GMT on 10 May when bad actors injected the skimmer into the bottom of a script used by enterprise content management system […]… Read More

The post Magecart Used Same Skimmer against Two Web-Based Suppliers appeared first on The State of Security.

A Quick Glimpse On The WhatsApp “Spyware” Issue

The embattled Facebook is facing another huge setback this week, as their acquired iOS/Android app, WhatsApp is affected by a spy-like trojan on some version of the app available for download. The social media giant categorizes the issue as a “spyware” that was embedded to some variants of WhatsApp inserted by threat actors as they exploit a major vulnerability in the app. The alleged embedded “spyware” was planted by an alleged Spyware firm named NSO Group, which is based in Israel. The extent of its access to the mobile device-wide, from it, serving as a RAT (Remote Access Trojan), activation of front/back cameras, read emails/SMS/MMS and capability to access user’s contacts.

The trouble is cross-platform, as infected versions of WhatsApp for iOS and Android were seen in the wild. Even small players such as the already deprecated Windows Phone 10 platform and Samsung’s Tizen version of WhatsApp are also affected. The only visible indication that the user is “targeted” is frequent instances of dropped calls from the app. The spyware is said to have the capability to perform cyber espionage on the phone, making it unsafe for anyone to use WhatsApp as an instant messaging and voice call service.

Meanwhile, NSO Group is strongly denying the allegations, as its spokesperson went public saying: “Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies.“ With the incident, Facebook is critically recommending all their 1.5 billion WhatsApp users to uninstall their current WhatsApp installed on their devices, redownload a fresh version of WhatsApp (clean version available for download) in the Google Play Store, log in to their account and specifically perform a password reset procedure. The United States law enforcement agencies are already in the case, as they try to help Facebook uncover more details of the spyware infection of WhatsApp.

The innocence of NSO Group is being challenged by Amnesty Tech, expressing concerns about this new type of attack vector that harms mobile users. “NSO Group sells its products to governments who are known for outrageous human rights abuses, giving them the tools to track activists and critics. The attack on Amnesty International was the final straw,” emphasized Danna Ingleton, Amnesty Tech’s Deputy Director.

This WhatsApp trouble is happening on the wake of Facebook proudly announcing the “privacy first” end-to-end encryption initiative for their other instant messaging Facebook Messaging. The social media giant also recently announced the eventual infrastructure merger of WhatsApp, Instagram, and Facebook, which basically creates just 1-product for the entire organization.

Apple’s iOS and Google’s Android both have a default configuration to automatically download app updates from their respective app stores the moment the app publisher posted a new version of the app. This feature is usually only disabled by advanced users through the settings page of their respective app stores. Hackercombat.com strongly recommends the resetting for user password for all users of WhatsApp, and if convenient to the users, also the password for their Facebook and Instagram accounts. Though the merger of infrastructure is not yet complete, as the plan for it is still in the pipeline, it is better to be safe than sorry.

Source: https://gbhackers.com/whatsapp-hacked-iphone-or-android/

Also, Read:

WhatsApp Launches Service to Fight Fake News in India

The WhatsApp Gold Scam is Back, in a New Form!

All WhatsApp Users Must Update: Zero Day Bug Found in WhatsApp

WhatsApp’s Founder Accused Facebook of “Sold My Users’ Privacy”

Checkpoint Research Released Video Demo of a Nasty WhatsApp flaw

 

 

The post A Quick Glimpse On The WhatsApp “Spyware” Issue appeared first on .

Bad Actors Using MitM Attacks against ASUS to Distribute Plead Backdoor

Researchers believe bad actors are using man-in-the-middle (MitM) attacks against ASUS software to distribute the Plead backdoor. Near the end of April 2019, researchers at ESET observed several attack attempts that both created and executed the Plead backdoor using “AsusWSPanel.exe,” a legitimate process which belongs to the Windows client for the cloud-based storage service ASUS […]… Read More

The post Bad Actors Using MitM Attacks against ASUS to Distribute Plead Backdoor appeared first on The State of Security.

Twitter Bug Carelessly Shared Location Data of Some iOS Users

According to Twitter, a bug that revealed the user’s location information, and shared it with an unnamed Twitter partner has been fixed.

“We have discovered that we inadvertently collect and shared iOS location data with one of our trusted partners in certain circumstances,” the company said.

According to the blog posts, the bug only affects iOS users who are using the Twitter app who had a second account on their phone. If a user allows Twitter to access the accurate location information for an account, the settings will automatically be applied to other account, even if they do not share location data

Twitter also finds that the information collected is passed on to trusted partners to serve ads through a process known as real-time bidding. However, privacy issues have been resolved by stating that site data is “fuzzed” to reduce accuracy to the nearest zip code or city.

“We have confirmed with our partner that the location data has not been retained and that it only existed in their systems for a short time, and was then deleted as part of their normal process,” it stated on the help site.

Although Twitter did not announce when the data exchange took place, the social media company said it had notified affected users and asked users to review their privacy settings in the face of security incidents.

It should also be noted that this security issue is Twitter’s fourth mistake in the past year.

Last September, a bug in the Twitter API accidentally published a private message and protected tweets for developers who were not allowed to read.

In December, it was said that government-sponsored actors could have exploited the vulnerability in an online support form to retrieve the user’s country code and determine whether the Twitter account was suspended or not.

In January this year, Twitter found a security flaw in its Android app causing private tweets of an unspecified number of users to be publicly available since 2014.

In January of this year, Twitter experienced a vulnerability in its Android application that caused personal tweets to be publicly available to a number of unspecified users since 2014.

Source: https://www.zdnet.com/article/twitter-bug-shared-location-data-for-some-ios-users/

Related Resources:

Twitter Rolls Out Key Cybersecurity Improvement Vs. Hacking

Twitter to Stop Hackers from Spreading Secrets of 9/11 Attacks

Twitter’s Mobile Phone Integration Is Insecure

The post Twitter Bug Carelessly Shared Location Data of Some iOS Users appeared first on .

Microsoft SharePoint Servers Actively Targeted By Hackers

Hackers are actively exploiting recent patched remote code execution vulnerabilities in the Microsoft SharePoint Servers version to inject the China Chopper web shell, which allows hackers to inject various commands.

Canadian and Saudi Arabian cybersecurity raised awareness about the ongoing attack targeting the outdated systems.

The vulnerability affects all versions of SharePoint Server 2010 to SharePoint Server 2019, and vulnerabilities can be tracked as CVE-2019-0604, it was patched by Microsoft in February, releasing security updates on March 12 and again April 25.

“An attacker who exploits the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. The exploitation of this vulnerability requires a specially crafted SharePoint application package.”

In this case, the attackers used the China Chopper web shell to access the compromised servers remotely and issue commands and manage files on the victim server.

The web shell allows an attacker to upload and download any files from the compromised server and to edit, delete, copy, rename and even to change the timestamp of existing files.

Alien vault security researcher Chris doman tweeted about the ongoing campaign and published some additional IoCs.

SharePoint CVE-2019-0604 now being exploited in the wild – reports by Saudi (https://t.co/m6VmF7n2Js) and Canadian (https://t.co/yhzY8qgxi8) National Cyber-Security Centres. Some additional IOCs @ https://t.co/gsGOoh6h9r pic.twitter.com/70LQCOmuTn

— chris doman (@chrisdoman) May 9, 2019
According to cybersecurity agencies, the targeted industries are academic, utility, heavy industry, manufacturing and technology sectors.

Mitigations

The organization running share point servers recommended updating the servers to addresses the vulnerability.

Indicators of compromise

SHA256 Hash
05108ac3c3d708977f2d679bfa6d2eaf63b371e66428018a68efce4b6a45b4b4
b560c3b9b672f42a005bdeae79eb91dfb0dec8dc04bea51f38731692bc995688
7d6812947e7eafa8a4cce84b531f8077f7434dbed4ccdaca64225d1b6a0e8604
2e4b7c022329e5c21e47d55e8916f6af852aabbbd1798f9e16985f22a8056646
c63f425d96365d906604b1529611eefe5524432545a7977ebe2ac8c79f90ad7e

SHA1 Hash
f0fb0f7553390f203669e53abc16b15e729e5c6f
ee583451c832b07d8f2b4d6b8dd36ccb280ff421
dc8e7b7de41cac9ded920c41b272c885e1aec279
4c3b262b4134366ad0a67b1a2d6378da428d712b

MD5 Hash
0eebeef32a8f676a1717f134f114c8bd
198ee041e8f3eb12a19bc321f86ccb88
708544104809ef2776ddc56e04d27ab1
b814532d73c7e5ffd1a2533adc6cfcf8

Filename
pay[.]aspx
stylecss[.]aspx
IP Address
114.25.219.100

Source: https://gbhackers.com/hackers-microsoft-sharepoint-servers/

Related Resources:

Unpatched Remote Code Execution in Ghostscript Revealed by Google

Git Repository Vulnerability Causes Remote Code Execution Attacks

The post Microsoft SharePoint Servers Actively Targeted By Hackers appeared first on .

Global Information Services Company Discloses Malware Attack

A global information services company has disclosed a malware attack that affected several of its applications and platforms. On 6 May, global solutions provider Wolters Kluwer published a statement in which it confirmed that it was suffering network issues: We are experiencing network and service interruptions affecting certain Wolters Kluwer platforms and applications. Out of […]… Read More

The post Global Information Services Company Discloses Malware Attack appeared first on The State of Security.

Online Tutoring Program Reveals Customer Data Breach

An online tutoring program has revealed that it suffered a data breach in which an unauthorized individual might have compromised customers’ information. The Hacker News received a copy of a notice sent out by Wyzant to its customers informing them about the data breach. According to this letter, the online tutoring program detected the security […]… Read More

The post Online Tutoring Program Reveals Customer Data Breach appeared first on The State of Security.

Fraudsters Targeting Consumers with One-Ring Phone Scams

Fraudsters are targeting consumers with one-ring phone scams that exploit people’s curiosity so as to trick them into paying exorbitant fees. According to the U.S. Federal Communications Commission (FCC), this scam oftentimes begins when a fraudster contacts an unsuspecting consumer using a one-ring phone call. Many of these calls appear to originate from phone numbers […]… Read More

The post Fraudsters Targeting Consumers with One-Ring Phone Scams appeared first on The State of Security.

President Trump Signs EO to Bolster Federal Digital Security Workforce

President Trump has signed an executive order (EO) that seeks to bolster the U.S. federal government’s digital security workforce. On 2 May, President Trump authorized the “Executive Order on America’s Cybersecurity Workforce.” This directive sets out various actions designed to strengthen the federal digital security workforce. For instance, it requires the Secretary of Homeland Security […]… Read More

The post President Trump Signs EO to Bolster Federal Digital Security Workforce appeared first on The State of Security.

Unprotected Database Exposed 13.7M Users’ Employment Information

An unprotected database made it possible for anyone on the web to view the personal and employment information of 13.7 million users. Security researcher and GDI Foundation member Sanyam Jain discovered the database and determined that it belonged to Ladders, a New York-based job recruitment site which specializes in high-end jobs. Jain then shared his […]… Read More

The post Unprotected Database Exposed 13.7M Users’ Employment Information appeared first on The State of Security.

$9.8M Settlement to Eddie Bauer Data Breach Filed in Federal Court

A Washington federal court has received a $9.8 million settlement that would resolve a data breach class-action lawsuit filed against Eddie Bauer. Filed on 26 April, the proposed settlement is the product of two years of litigation between Eddie Bauer and Veridian Credit Union, a process which included an in-person mediation meeting held in February, […]… Read More

The post $9.8M Settlement to Eddie Bauer Data Breach Filed in Federal Court appeared first on The State of Security.

Implementing Operational Security, The Process and Best Practices

procedural security is what we call operational security (OPSEC), it is kind of risk management process that encourages admin to monitor operations from the perspective of an adversary, and draw conclusions to protect sensitive information from falling into the wrong hands.

OPSEC is becoming popular in the private sector though it was used by the military initially. Things that fall under the OPSEC include monitoring behaviors on social media sites as well as discouraging employees from sharing login credentials via email or text message.

The Process to implement Operational Security can be neatly categorized into five steps:

1. Identify your sensitive data,

The data includes customer information, employee information, product research, financial statements, and intellectual property. This will be the data you will need to on protecting.

2. For each category of information that you deem sensitive identify the kind of possible threats. While you should be cautious of third parties stealing your sensitive information,  you should also keep an eye on the insider threats, such as disgruntled employees and other similar actors.

3. Analyze vulnerabilities and security holes and. Assess your safeguards and determine if any vulnerability exists that may be exploited to gain access to your data.

4. Make a chart of the findings

Flag the risk, associated with each vulnerability. Rank your vulnerabilities in the order to the extent of damage it can do, and the amount of time you would need to recover. The more likely and damaging an attack is, the more you prioritize mitigating the associated risk.

5. Countermeasures in place

The last step of operational security is to create a plan to eliminate threats and mitigate risks. This means updating your hardware/software, putting in place new policies with regards to sensitive data. Countermeasures should be simple, so the employees should be able to practice it without any formal training.

Best Practices for comprehensive operational security program:

  • Change management processes should be Implement in such a way that employees understand when network changes are performed. All changes should be monitored and audited.
  • Use the AAA authentication device to restrict access to network devices.
  • Give minimum access to your employees to perform their jobs, let there be the least privilege in place.
  • Make sure you Implement dual control so that the person working on the network is not the in-charge of the security.
  • Automate the tasks to minimize human intervention. This will help in reduced errors and bypass procedures

Have a plan to identify risks because Incident response and disaster recovery planning are crucial components of a sound security posture. This helps you to respond fast and mitigate potential damages.

Operational security forces enable you to dive deeply into operations and figure out places where a breach can take place. The admin can have a good look at the operations from a malicious third-party’s perspective to spot vulnerabilities they may have otherwise missed.

The post Implementing Operational Security, The Process and Best Practices appeared first on .