Category Archives: News

Popular free Android VPN apps on Play Store contain malware

By Waqas

If you want to ensure optimal privacy while surfing the web, a VPN (virtual private network) is the only reliable option. In this regard, a majority of web and smartphone users rely upon free VPN services, which according to the latest research is a risky step. In 2017, researchers identified that 38% of Android VPN apps on […]

This is a post from HackRead.com Read the original post: Popular free Android VPN apps on Play Store contain malware

Apple delivers security patches, plugs an RCE achievable via FaceTime

Apple has released a new set of updates for its various products, plugging a wide variety of vulnerabilities. WatchOS, tvOS, Safari and iCloud Let’s start with “lightest” security updates: iCloud for Windows 7.10 brings fixes for memory corruption, logic and type confusion issues in the WebKit browser engine, all of which can be triggered via maliciously crafted web content and most of which may lead to arbitrary code execution. The update also carries patches for … More

The post Apple delivers security patches, plugs an RCE achievable via FaceTime appeared first on Help Net Security.

Adobe Released Another Patch – This Time For Adobe Experience Manager

This month, Adobe released patches for various products multiple times. However, it seems the vulnerabilities continue to appear in Adobe

Adobe Released Another Patch – This Time For Adobe Experience Manager on Latest Hacking News.

Most out of date applications exposed: Shockwave, VLC and Skype top the list

More than half (55%) of PC applications installed worldwide are out-of-date, making PC users and their personal data vulnerable to security risks. Avast’s PC Trends Report 2019 found that users are making themselves vulnerable by not implementing security patches and keeping outdated versions of popular applications on their PCs. The applications where updates are most frequently neglected include Adobe Shockwave (96%), VLC Media Player (94%) and Skype (94%). The report, which uses anonymized and aggregated … More

The post Most out of date applications exposed: Shockwave, VLC and Skype top the list appeared first on Help Net Security.

First Large GDPR Fine issued and its to Google for €50 million

Every member state, organisation and almost every individual have been watching supervisory authorities closely to see if and who will

First Large GDPR Fine issued and its to Google for €50 million on Latest Hacking News.

Online Casino Group Leaked Information of Over 108 Million Bets and User Data

Security researcher Justine Paine discovered a data leak this week from an ElasticSearch server. The leak involved over 108 million bets

Online Casino Group Leaked Information of Over 108 Million Bets and User Data on Latest Hacking News.

ThreadX WiFi Firmware Vulnerability Affects Smartphones, Laptops, Gaming Devices, and Routers

A researcher has found several security vulnerabilities in ThreadX WiFi firmware. He discovered these vulnerabilities in the firmware running on

ThreadX WiFi Firmware Vulnerability Affects Smartphones, Laptops, Gaming Devices, and Routers on Latest Hacking News.

Unauthorised Remote Access Vulnerability Discovered on Cisco Small Business Switches

Businesses using Cisco Small Business 200 Series Smart Switches; CSB 300 Series Managed Switches;  Cisco 250 Series Smart Switches; CSB

Unauthorised Remote Access Vulnerability Discovered on Cisco Small Business Switches on Latest Hacking News.

Ethereum Price Analysis: ETH/USD Sellers are Stepping Up Downside Pressure; Explosive Breakout is Imminent

ETH/USD is very much close to a breakout of the recent range-block formation. Diar reports that on-chain transaction value on the Ethereum network was seen at an all-time-high in December 2018. Over the past three sessions for ETH/USD, a pick-up in downside intensity has been demonstrated by the market bears. The price had been moving […]

The post Ethereum Price Analysis: ETH/USD Sellers are Stepping Up Downside Pressure; Explosive Breakout is Imminent appeared first on Hacked: Hacking Finance.

0patch releases micropatch for Windows Contacts RCE zero-day

ACROS Security, the creators of 0patch, have released a micropatch for a recently revealed zero-day RCE flaw affecting Windows. About the vulnerability and the micropatch Security researcher John Page (aka Hyp3rlinx) published the details about the vulnerability and PoC exploit code after Microsoft failed to fix the issue within 90 days of it being reported. “The issue was initially reported as related to VCF files (which are by default associated with the Windows Contacts application) … More

The post 0patch releases micropatch for Windows Contacts RCE zero-day appeared first on Help Net Security.

Vulnerability In Telegram Bot API Encryption Allows Access To Messages

Researchers have discovered a serious security vulnerability in the popular messaging Telegram. The vulnerability mainly exists in the Telegram Bot

Vulnerability In Telegram Bot API Encryption Allows Access To Messages on Latest Hacking News.

Panda Security is recognized as a 2019 Gartner Peer Insights Customers’ Choice for EDR Solutions.

The Gartner Peer Insights Customers’ Choice distinction is based on feedback and ratings from end-user professionals who have experience purchasing, implementing and/or using the product or service.

Gartner Peer Insights

Panda Security, a leading European multinational in advanced cybersecurity solutions and services, is delighted to announce that we have been named a January 2019 Gartner Peer Insights Customers’ Choice for Endpoint Detection and Response Solutions, thanks to our Panda Adaptive Defense.

 “Panda Security is honored to be recognized as a 2019 Gartner Peer Insights Customers’ Choice for Endpoint Detection and Response Solutions, as we strive to keep our customers protected against malware and non-malware attacks and turn endpoint activity data into insights and actionable intelligence.” Said Juan Santamaria Uriarte, CEO, Panda Security “We believe this recognition is a proof of our success in achieving our mission and we look forward to bringing new innovative solutions and services in the space of advanced threat prevention, detection, investigation and threat response to Panda Security’s and our Channel Partners’ portfolio.”

Being named a Customers’ Choice means that Panda Adaptive Defense is recognized on the powerful online platform, Gartner Peer Insights, on which reviews are written and read by IT professionals and technology decision makers within corporations.

As of January 17, 2019, Panda Security has received an overall rating of 4.6 out of 5 for the Endpoint Detection and Response Solutions market, based on 128 verified reviews. Some of the reviews that Panda Security has received include:

“By far the best, among all other EPP & EDR that I tested and can withstand direct or targeted attacks. No Antivirus or EDR and EPP solutions can offer 100% but, this is the closest.” – Infrastructure and Operations. Education. Gov’t/PS/ED <5,000 Employees. See the review here
“Quite Better Than Other EDRs. AD is a powerful tool and the advanced console integrated with ART is very useful. Panda is able to block and classify different malware and to make the user feel safe.” – Security and Risk Management. Communications. Gov’t/PS/ED 50,000 + Employees. See the review here
“We have now a lot of visibility related to the activity of the endpoints. We don’t have much noise from users by false positives being blocked. Furthermore, it has detected activity generated by red teams, giving us the availability to make threat hunting in the endpoints.” – Analyst. Construction Gov’t/PS/ED <5,000 Employees. Europe, Middle East and Africa. See the review here

Gartner defines Endpoint Detection and Response solutions as those that record and store endpoint-system-level behaviors, use various data analytics techniques to detect suspicious system behavior, provide contextual information, block malicious activity, and provide remediation suggestions to restore affected systems. According to Gartner, EDR solutions must provide the following four primary capabilities:

  • Detect security incidents.
  • Contain the incident at the endpoint.
  • Investigate security incidents.
  • Provide remediation guidance.

The concept of the distinctive security model offered by Panda Adaptive Defense is based on monitoring, classifying, and categorizing absolutely every running process (100%) on all endpoints on the corporate network. If anyone tries to perform any action, the Panda experts are aware of it immediately, and verify where it originated, how the attempt was made, and what its intentions were. As well as this, the response and remediation capabilities recognized by Gartner allow us to react even before any effects can occur.

And the fact is that Panda Adaptive Defense 360 is not a product; it is a cybersecurity suite that merges Endpoint Protection and Endpoint Detection and Response (EDR) solutions with 100% Attestation, and Threat Hunting and Investigation services, all provided with a single lightweight agent. The combination of these solutions and services provides a highly detailed visibility of all endpoint activity, an absolute control of all running processes, and the reduction of the attack surface.

Do you want to know how our cybersecurity solution works?

Live Demo

About Gartner Peer Insights:

Gartner Peer Insights transforms the way enterprise software is bought and sold by creating another source of trusted information in the software buying process.  Gartner’s review platform is a place for all IT buyers to find advice they can trust from fellow IT professionals.  Gartner Peer Insights includes more than 40,000 verified reviews in more than 190 markets.

For more information, please visit www.gartner.com/reviews/home

Required Disclaimer: Gartner Peer Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates. Reviews have been edited to account for errors and readability.

The post Panda Security is recognized as a 2019 Gartner Peer Insights Customers’ Choice for EDR Solutions. appeared first on Panda Security Mediacenter.

Industry reactions to Google’s €50 million GDPR violation fine

On 21 January 2019, the French National Data Protection Commission (CNIL) imposed a financial penalty of €50 million against Google, in accordance with the GDPR. This is the first time that the CNIL applies the new sanction limits provided by the GDPR. The amount decided and the publicity of the fine are justified by the severity of the infringements observed regarding the essential principles of the GDPR: transparency, information and consent. Here are some reactions … More

The post Industry reactions to Google’s €50 million GDPR violation fine appeared first on Help Net Security.

Business resilience should be a core company strategy, so why are businesses struggling to take action?

A recent survey showed that only 51% of U.S. business decision makers say their organization is definitely as resilient as it needs to be against disruptions such as cyber threats. In addition, the survey showed that 96% of U.S. business decision makers claim business resilience should be a core company strategy. If 96% of business decision makers realize this, why are organizations still struggling to protect themselves against cybercrime and technology-based disruption? IT teams face … More

The post Business resilience should be a core company strategy, so why are businesses struggling to take action? appeared first on Help Net Security.

Agents of disruption: Four testing topics argue the case for agentless security

Let me introduce myself. I’m a set of flaws in your otherwise perfect, agent-based security world. Like all disruptive agents, I derail your best-laid plans with expensive havoc; but in my case I create sticky situations inside your multi-cloud arrangement. You may be thinking that the premise of this article is bogus, because most cloud-based security systems automate the deployment and management of agents; and any one of those and their kid can microsegment and … More

The post Agents of disruption: Four testing topics argue the case for agentless security appeared first on Help Net Security.

SSDP amplification attacks rose 639%

The Nexusguard Q3 2018 Threat Report has revealed the emergence of an extremely stealthy DDoS attack pattern targeting communications service providers (CSPs). Comparison between normal attack traffic and attack traffic with legitimate traffic This new vector exploits the large attack surface of ASN-level (autonomous system number) CSPs by spreading tiny attack traffic across hundreds of IP addresses to evade detection. The ongoing evolution of DDoS methods suggests that CSPs need to enhance their network security … More

The post SSDP amplification attacks rose 639% appeared first on Help Net Security.

Latest Hacking News Podcast #206

Google fined $57 million by France for GDPR violations, WPML Wordpress Plug-in developer's site hacked by ex-employee, and a Windows Zero-Day gets a micropodcast on episode 206 of our daily cybersecurity podcast.

Latest Hacking News Podcast #206 on Latest Hacking News.

GBP/USD Price Prediction: Bulls Reclaim 1.2900, Eyes Locked on Another Retest of 1.3000

GBP/USD bulls pick up momentum to the upside, following generally positive tone to Theresa May’s Plan B statement. Next upside targets for the bulls should they firmly breakdown 1.2900 again, will be the psychological 1.3000 mark. GBP/USD throughout the session on Monday remained very much elevated. This came as market participants were somewhat maintaining an […]

The post GBP/USD Price Prediction: Bulls Reclaim 1.2900, Eyes Locked on Another Retest of 1.3000 appeared first on Hacked: Hacking Finance.

ES File Explorer Vulnerability Exposed Files Saved On a Victim Android Phone

Researchers have spotted a vulnerability in the popular file manager among Android users, ES File Explorer. The vulnerability could allow

ES File Explorer Vulnerability Exposed Files Saved On a Victim Android Phone on Latest Hacking News.

Ex-employee of WP MultiLingual’s (WPML) Leaks Customer Data Then Defaces Their Website

A former employee of WP MultiLingual’s (WPML) claimed he exploited vulnerabilities over the weekend. The ex-employee sent out mass emails to

Ex-employee of WP MultiLingual’s (WPML) Leaks Customer Data Then Defaces Their Website on Latest Hacking News.

Hacker Alexander Zhukov Extradited to US After Infecting Over 1.7 Million Computers

News disclosed on the Russian version of Facebook, VK, states that Bulgaria has extradited Russian hacker Alexander Zhukov to the US

Hacker Alexander Zhukov Extradited to US After Infecting Over 1.7 Million Computers on Latest Hacking News.

Active Exploits Of ThinkPHP Vulnerability Found Even After Patch

In December 2018, we witnessed active exploits of a ThinkPHP vulnerability. After the discoverers of this flaw posted its PoC,

Active Exploits Of ThinkPHP Vulnerability Found Even After Patch on Latest Hacking News.

Data breach following vulnerabilities in RupeeReedee’s data stack on Amazon

“A potential isolated vulnerability in one of our data storage block (Amazon) was brought to our attention by a data

Data breach following vulnerabilities in RupeeReedee’s data stack on Amazon on Latest Hacking News.

Bug in widespread Wi-Fi chipset firmware can lead to zero-click code execution

A vulnerability in the firmware of a Wi-Fi chipset that is widely used in laptops, streaming, gaming and a variety of “smart” devices can be exploited to compromise them without user interaction. The research and the discovered flaws The discovery was made by Embedi researcher Denis Selianin, who decided to first analyze the code of the Marvell Avastar Wi-Fi driver code, which loads firmware to Wi-Fi SoC (system on chip), and then to engage in … More

The post Bug in widespread Wi-Fi chipset firmware can lead to zero-click code execution appeared first on Help Net Security.

Beware the man in the cloud: How to protect against a new breed of cyberattack

One malicious tactic that has become quite prevalent in recent years is known as a ‘man in the cloud’ (MitC) attack. This attack aims to access victims’ accounts without the need to obtain compromised user credentials beforehand. Below, this article explains the anatomy of MitC attacks and offers practical advice about what can be done to defend against them. What is MitC attack? To gain access to cloud accounts, MitC attacks take advantage of the … More

The post Beware the man in the cloud: How to protect against a new breed of cyberattack appeared first on Help Net Security.

Machine learning trumps AI for security analysts

While machine learning is one of the biggest buzzwords in cybersecurity and the tech industry in general, the phrase itself is often overused and mis-applied, leaving many to have their own, incorrect definition of what machine learning actually is. So, how do you cut through all the noise to separate fact from fiction? And how can this tool be best applied to security operations? What is machine learning? Machine learning (ML) is an algorithm that … More

The post Machine learning trumps AI for security analysts appeared first on Help Net Security.

Cybercrime could cost companies trillions over the next five years

Companies globally could incur $5.2 trillion in additional costs and lost revenue over the next five years due to cyberattacks, as dependency on complex internet-enabled business models outpaces the ability to introduce adequate safeguards that protect critical assets, according to Accenture. Based on a survey of more than 1,700 CEOs and other C-suite executives around the globe, the report — Securing the Digital Economy: Reinventing the Internet for Trust — explores the complexities of the … More

The post Cybercrime could cost companies trillions over the next five years appeared first on Help Net Security.

Researchers analyze DDoS attacks as coordinated gang activities

In a new report, NSFOCUS introduced the IP Chain-Gang concept, in which each chain-gang is controlled by a single threat actor or a group of related threat actors and exhibit similar behavior among the various attacks conducted by the same gang. IP Gang attack-type classification against attack volume size Researchers analyzed attack types, volume, size of events, gang activities, and attack rates. By studying the historical behavior of the 80 gangs identified in the report, … More

The post Researchers analyze DDoS attacks as coordinated gang activities appeared first on Help Net Security.

Latest Hacking News Podcast #205: Interview with Noam Kehati of Sixgill

Noam Kehati, Cyber Intelligence Analyst at Sixgill, talks about interesting conversations she's had with cybercriminals on the dark web as well as Sixgills research into dark web criminal activity.

Latest Hacking News Podcast #205: Interview with Noam Kehati of Sixgill on Latest Hacking News.

Week in review: SD-WAN deployment, security DevOps, a new taxonomy for SCADA attacks

Here’s an overview of some of last week’s most interesting news and articles: Compromised ad company serves Magecart skimming code to hundreds of websites The attackers managed to compromise Adverline, a French online advertising company with a European-focused clientele, and inject payment card skimming code into one of its JavaScript libraries for retargeting advertising. Strategies for expertly protecting industrial control systems Andrew Ginter is the Vice President of Industrial Security at Waterfall Security Solutions. We … More

The post Week in review: SD-WAN deployment, security DevOps, a new taxonomy for SCADA attacks appeared first on Help Net Security.

Facebook is secretly working on a new meme hub app ‘LOL’ for teens

Facebook secretly testing a meme hub app called ‘LOL’ to win teens over

Facebook is trying every possible means to woo back its lost audience of teenage smartphone users from other social platforms such as Snapchat, Instagram, YouTube, and TikTok.

After working on dating app, the social media giant is now developing another app dubbed as ‘LOL’. This new platform is designed as a “special feed of funny videos and GIF-like clips” using content “pulled from News Feed posts by top meme Pages on Facebook,” according to a new report from TechCrunch.

“We are running a small scale test and the concept is in the early stages right now,” a Facebook spokesperson confirmed to TechCrunch.

The content will be divided into categories like “For You”, “Animals”, “Fails” and “Pranks”. Further, users will be able to choose from three reactions: “Funny,” “Alright,” or “Not Funny” that would appear under each meme.

Currently, around 100 high school students in the U.S. with their parents’ consent are testing the LOL app, and are apparently giving their feedback to Facebook engineers.

“‘LOL’ is currently in private beta with around 100 high school students who signed non-disclosure agreements with parental consent to do focus groups and one-on-one testing with Facebook staff,” said the report.

Those testing private beta say that LOL is slightly “cringey” and that it feels like Facebook is trying unsuccessfully to stay young.

According to TechCrunch, LOL is presently being tested as a replacement for Facebook Watch. It is currently unclear if “LOL” will become a standalone app or be available in the main Facebook app.

This is not the first time that Facebook has tried to lure the younger audience with its apps. In 2014, Facebook had launched a Snapchat clone app ‘Slingshot’, which was has since been abandoned. In late 2018, the company introduced ‘Lasso’, a stand-alone music app to rival popular short-video social network, TikTok, which is apparently still working.

The post Facebook is secretly working on a new meme hub app ‘LOL’ for teens appeared first on TechWorm.

Oklahoma Department of Securities Breached

The Oklahoma Department of Securities is the latest governmental body to report a breach. This time over a million files

Oklahoma Department of Securities Breached on Latest Hacking News.

Dash Price Analysis: DASH/USDT Downside Risks Linger Despite Trust Wallet Support Announcement

DASH/USDT price action is moving within a narrowing range formation, subject to further downside risks. Trust Wallet, Binance-owed crypto wallet provider, announces support of DASH. Price Behavior DASH/USDT has been trading within a $6 range for the tenth session in a row, at the time of writing. The upper part of this range should be noted […]

The post Dash Price Analysis: DASH/USDT Downside Risks Linger Despite Trust Wallet Support Announcement appeared first on Hacked: Hacking Finance.

Bank Bot Anubis Found Again in Google Play Store

The BankBot trojan, Anubis has once again affected users of the Google Play Store. This occurred when users downloaded a battery power saving app,

Bank Bot Anubis Found Again in Google Play Store on Latest Hacking News.

Litecoin Price Analysis: LTC/USD Bulls Enjoy Big Jump But Stubborn Resistance Capping Potential

Litecoin sees a relief rally on Friday, but is still stuck within stubborn range-block. LTC/USD price action has formed a bearish flag pattern structure, subject to a potential break lower. The Litecoin price on Saturday was seen holding decent gains of over 5%, as life is kicked back into the bulls. The LTC/USD pair has […]

The post Litecoin Price Analysis: LTC/USD Bulls Enjoy Big Jump But Stubborn Resistance Capping Potential appeared first on Hacked: Hacking Finance.

Microsoft India to set up 10 AI labs, train 5 lakh youths in the country

Microsoft to set up 10 AI labs, train 5 lakh youths and upskill 10,000 Indian developers

Microsoft India on Wednesday announced its plans to set up Artificial Intelligence labs (AI) in 10 universities in the country in the next three years. The company also plans to upskill over 10,000 developers to bridge the skills gap and enhance employability, and train 5 lakh youths across the country in disrupting technologies.

Microsoft has 715 partners who are working with the company in India to help customers design and implement a comprehensive AI strategy.

“The next wave of innovation for India is being driven by the tech intensity of companies – how you combine rapid adoption of cutting edge tech with your company’s own distinctive tech and business capabilities,” Anant Maheshwari, President of Microsoft India, said at the ‘Media and Analyst Days 2019’ held in Bengaluru.

“We believe AI will enable Indian businesses and more for India’s progress, especially in education, skilling, healthcare, and agriculture. Microsoft also believes that it is imperative to build higher awareness and capabilities on security, privacy, trust, and accountability. The power of AI is just beginning to be realized and can be a game-changer for India.”

According to Microsoft, the company’s AI and cloud technologies has today digitally transformed more than 700 customers, of which 60 percent customers are large manufacturing and financial services enterprises.

The Redmond giant has partnered with Indian government’s policy think tank, NITI Aayog, to “combine the cloud, AI, research and its vertical expertise for new initiatives and solutions across several core areas including agriculture and healthcare and the environment,” said Microsoft India in an official press release.

“We are also an active participant along with CII in looking at building solution frameworks for application in AI across areas such as Education, skills, health, and agriculture,” the company added.

In December last year, Microsoft had announced a three-year “Intelligent Cloud Hub” collaborative programme in India, which will “equip research and higher education institutions with AI infrastructure, build curriculum and help both faculty and students to build their skills and expertise in cloud computing, data sciences, AI and IoT.”

Source: Microsoft

The post Microsoft India to set up 10 AI labs, train 5 lakh youths in the country appeared first on TechWorm.

Foxconn cuts 50,000 contract workers early due to weaker iPhone demand

Foxconn hit by iPhone sales slowdown sheds 50,000 contract workers earlier than expected

Foxconn Technology Group, Apple’s biggest iPhone assembler, has cut around 50,000 of its contract jobs since October 2018 at its most important iPhone factory in Zhengzhou, China, reports Nikkei.

Foxconn generally hires thousands of temporary employees throughout the peak season to meet the seasonal demand of newly released iPhone models. The company typically renews workers’ contracts every month from August until January. The company then reduces the influx of temporary employees once the demand decreases. However, this time around, Foxconn has cut many of those contract jobs months earlier than expected. Weaker demand for the iPhone throughout late 2018 is believed to be the reason behind the cut.

While the size of the cuts is not an issue, it is simply significantly sooner than previous years, the report said, citing an industry source familiar with the situation.

“Normally, the contracts of these workers would be renewed every month from August until mid- to late January, when the workforce is traditionally scaled back for the slow iPhone production season,” the source told Nikkei. “It’s quite different this year to ask assembly line workers to leave before the year-end.” This year, those reductions came as much as three months early.

Foxconn isn’t the only Apple supplier making cuts. A similar story has been witnessed at Pegatron, which is Apple’s second largest iPhone assembler.

A source close to the company [Pegatron] said its normal practice was to reduce the 200,000-strong head count by tens of thousands every month until reaching about 100,000 – the minimum required for daily operation, according to one source familiar with the situation. “And for [2018], it just happened sooner than in the past because of poor demand.”

The story is no different in case of smaller suppliers either.

One key component supplier based in Shenzhen had asked 4,000 workers to take an extended “vacation” from October to March, a person with knowledge of the situation said. “The company has not actively laid off those workers yet. It will decide whether or not to lay them off after March 1,” the source said.

The slow iPhone production sales have come at a time when Foxconn is scaling down its costs by combining its Mac and iPad production lines with those of Dell and Acer. It is looking to cut 100,000 jobs out of a workforce of 1.1 million by the end of 2019 across its associates and subsidiaries.

The post Foxconn cuts 50,000 contract workers early due to weaker iPhone demand appeared first on TechWorm.

Troy Hunt: the largest data leak in history

The Details of at Least 773 Million People Surfaced on a Free Cloud Storage Service

The details of at least 773 million people surfaced on free cloud storage service last week, reported Troy Hunt, Australian web security expert, and administrator of Have I Been Pwned (HIBP) website. As you might already know, Troy has been collecting data from many data breaches over the last five years. He has been compiling it into a single database, so people have the opportunity to search across multiple data breaches and find out if their details have been compromised at some point in the past. The website allows searches by password and email.

When we heard the news about what Gizmodo calls the ‘mother of all breaches,’ we initially thought that Troy Hunt and his database had been hacked. However, this was quickly debunked as Troy himself confirmed that he is the one who actually found the pile of stolen data. He called the breach ‘Collection #1’ and highlighted that this is the ‘single largest breach ever to be loaded into HIBP.’

This incident shows that Troy Hunt was not the only one who has been piling up information from past data breaches. An anonymous hacker uploaded approximately 12,000 files containing 772,904,99 emails and 21,222,975 unique passwords into a single large database. Troy reported that the 87GB worth of stolen data was published on a free cloud service called MEGA. What makes this breach particularly interesting is that this is the first part of a much bigger database of stolen data. Troy Hunt reported that he is in possession of four more collections, and he is currently reviewing them. He will be making a call on what to do with them after investigating them further. MEGA has since deleted the database.

While most of the data included in ‘Collection #1’ was already in HIBP, the data in collections #2 through #5 may end up making this one of the biggest data breaches ever seen. It is currently unknown if collections #2 to #5 are as big as ‘Collection #1’. If the remaining four collections are as significant as the first one, this may end up exposing details of billions of people.

What should you do?

The database is compiled of old data breaches, so if the data comes from known breaches, you most likely have been notified either by the service or by HIBP to change your password a long time ago. However, quite often data breaches sometimes take years to be discovered, so regular password changes are strongly recommended. Avoid using the same password on multiple platforms. The cybersecurity budgets of some companies are significantly lower when compared to others – we are confident JP Morgan Chase spends more on developing stronger security when compared to a t-shirt store. But if the passwords you use at both organizations are the same, hackers can steal your details from the weak organization and use the login credentials to get unauthorized access to services such as your internet banking.

You can easily check if your passwords or email addresses have been part of ‘Collection #1’ or if they have been pwned in the pat. You can search if your emails have been pwned here https://haveibeenpwned.com/, and learn if your passwords are part of the breach by testing them here https://haveibeenpwned.com/Passwords.

Last but not least, have anti-virus software installed on all your connected devices. Most of the times high-quality anti-virus software comes with a password manager that will help you always know your password. Apart from the password management options, such software could also prevent hackers from stealing the missing piece from the puzzle that would allow them to make you a victim of cybercrime.

Download your Antivirus

The post Troy Hunt: the largest data leak in history appeared first on Panda Security Mediacenter.

Stocks Power Ahead as China Pledges to Eliminate U.S. Trade Deficit; Cryptocurrencies Stabilize

U.S. stocks surged on Friday, extending their winning streak to four days after China proposed new measures to help Washington eliminate its burgeoning trade deficit. Cryptocurrencies hovered near break-even for the week, as a lack of trading catalysts kept investors non-committal. Stocks Extend Rally All of Wall Street’s major indexes booked solid gains to close […]

The post Stocks Power Ahead as China Pledges to Eliminate U.S. Trade Deficit; Cryptocurrencies Stabilize appeared first on Hacked: Hacking Finance.

Twitter Android App Bug Revealed Private Tweets Spanning Five Years

Social media giant Twitter has just announced a bug fix that has been affecting users of its Android App. However,

Twitter Android App Bug Revealed Private Tweets Spanning Five Years on Latest Hacking News.

Weekly Recap: Crypto Volatility Declines as Bitcoin Shows Renewed Stability; U.S.-China Trade War Could Soon End

Cryptocurrencies remained under pressure this week, though newfound stability for bitcoin alleviated the risk of a new bearish breakdown. The leading digital currency has managed to hold above a critical long-term support line, which has had a stabilizing effect on the broader market. In traditional markets, signs of progress on U.S.-China trade talks pushed stock […]

The post Weekly Recap: Crypto Volatility Declines as Bitcoin Shows Renewed Stability; U.S.-China Trade War Could Soon End appeared first on Hacked: Hacking Finance.

Hackers Exploit Chile’s ATM Network Under The Guise of a Skype Job Interview

Lazarus, a network of hackers who target financial organizations, has recently been identified as the prime suspect with regards to

Hackers Exploit Chile’s ATM Network Under The Guise of a Skype Job Interview on Latest Hacking News.

Most Facebook users aren’t aware that Facebook tracks their interests

Too many Facebook users aren’t aware that the company uses the information provided by them and their actions on the platform and outside of it to create a list of their traits and interests, which is then used by to target them with relevant ads. The survey According to the results of a new Pew Research Center surveys, which polled a representative sample of US-based, adult Facebook users: 88% discovered that the site had generated … More

The post Most Facebook users aren’t aware that Facebook tracks their interests appeared first on Help Net Security.

Latest Hacking News Podcast #204

Twitter bug exposed protected tweets of some Android users, ES File Explorer potentially exposes data of 100 million users, and Microsoft launched Azure DevOps bug bounty program on episode 204 of our daily cybersecurity podcast.

Latest Hacking News Podcast #204 on Latest Hacking News.

New infosec products of the week: January 18, 2019

XebiaLabs launches new DevOps risk and compliance capability for software releases The XebiaLabs DevOps Platform provides a single pane of glass for technical and business stakeholders to track the release chain of custody across the end-to-end CI/CD toolchain, from code to production. And, with visibility into security and compliance issues, teams can take action to ensure that release failure risks, security vulnerabilities, and IT governance violations are resolved early in the software delivery cycle. ExtraHop … More

The post New infosec products of the week: January 18, 2019 appeared first on Help Net Security.

Protecting privileged access in DevOps and cloud environments

While security strategies should address privileged access and the risk of unsecured secrets and credentials, they should also closely align with DevOps culture and methods to avoid negatively impacting developer velocity and slowing the release of new services. Example of tools in the DevOps pipeline Despite this, 73 percent of organizations surveyed for the 2018 CyberArk Global Advanced Threat Landscape report have no strategy to address privileged access security for DevOps. Key recommendations The report … More

The post Protecting privileged access in DevOps and cloud environments appeared first on Help Net Security.

VOIPO Data Leak – Unprotected Server Left Calls Logs/SMS Exposed

Despite several incidents of data exposure from unprotected servers, many firms still seem complacent towards database protection. Once again, an

VOIPO Data Leak – Unprotected Server Left Calls Logs/SMS Exposed on Latest Hacking News.

NanoCore Trojan Malware Cannot be Killed By Users

Most people are now familiar with how destructive and damaging computer viruses such as a Trojan can be. Many are

NanoCore Trojan Malware Cannot be Killed By Users on Latest Hacking News.

Apple Sending Out Promotional iPhone XR Emails To Older iPhone Owners

Apple asking owners of older iPhones to upgrade to iPhone XR

Apple has chosen a unique way to market its new iPhone XR smartphones. Apparently, the tech giant is targeting owners of older iPhones with customized emails urging them to upgrade to an iPhone XR.

The emails that are specifically targeted to owners of particular iPhone models in the United States explains the advantages of upgrading to the iPhone XR. Apparently, Apple has been sending out these emails to owners of older iPhones since late last year.

According to a report from Reddit (via MacRumors), one iPhone 6 Plus owner mentioned how the email directly compared his device to the iPhone XR. The promotional email also pointed out the iPhone XR’s larger display, more durable glass, longer battery life, up to 3 times faster performance, and water resistance. It also says the iPhone XR has more storage for photos and apps, can take studio-quality photos and 4K video, and has a secure Face ID. It also included a $200 limited-time trade-in offer.

The iPhone 6 Plus owner said that he has not upgraded his iPhone model from the time it has been bought. He, however, did mention that he had opted for last year’s special $29 battery replacement offer ending December 31, which is why he could have received the email.

Apple had launched its 2018 line of iPhones – the iPhone XS, iPhone XS Max, and iPhone XR for $999, $1,099 and $750 respectively. However, the steep prices, particularly that of iPhone XS and XS Max, has resulted in weak sales of these smartphones. Also, the cheap battery replacement program running last year saw many customers opt for the offer, which also could have dampened the sales of the newer iPhones.

Now, with the battery replacement program ending on December 31, 2018, Apple is hoping to make some revenue from the sale of its iPhone XR units through trade-in offer and recover from the setback caused by poor sales of iPhone XS and XS Max.

The post Apple Sending Out Promotional iPhone XR Emails To Older iPhone Owners appeared first on TechWorm.

WhatsApp – Are You Getting Someone Elses Messages?

WhatsApp is one of the biggest message platforms in the world. It has always prided itself on being reliable and

WhatsApp – Are You Getting Someone Elses Messages? on Latest Hacking News.

Chinese man who sold kidney to buy iPhone now bedridden for life

Chinese man suffers organ failure after selling his kidney to buy an iPhone

We have heard crazy stories about Chinese people going to the extent of selling their sperms to kidneys to newborn kids to own Apple’s latest gadgets. Well, this obsession to own an iPad and iPhone has now rendered this Chinese man bedridden for life!

Wang Shangkun, now 25, had sold his right kidney as a teenager (17 years) in 2011 to the black-market organ harvesters to buy Apple’s latest devices, as his family was too poor to afford it. Back then, he received 22,000 yuan for his kidney, which he used to purchase an iPhone 4 and iPad 2, reports News.com.au.

“Why do I need a second kidney? One is enough,” he had asked at the time.

According to CNTV, Wang who dreamt of owning Apple’s iPad 2 was approached by human organ harvesters online, who offered him hard cash for his kidney.

“At the time, I wanted to buy an iPad2, but I didn’t have any money. When I was on the internet, I had a kidney agent send a message, saying that selling a kidney can give me 20,000,” he explained.

Without informing his family, Wang secretly traveled from his home in the eastern Anhui Province to the southern Hunan Province. After the operation was carried out, Wang was sent back home.

Wang’s health started deteriorating immediately after the operation. Unsanitary conditions at the time of surgery and lack of postoperative care are believed to be the reasons behind the development of infection that eventually led to renal failure in his second kidney. Wang’s health condition also forced him to give up on his studies.

According to local China media reports, Wang now spends his days in bed and depends on the dialysis machine to clear his blood of toxins to survive his kidney failure. He is now dependent on social benefits.

In 2012, nine individuals were arrested in connection with the sale, including five surgeons, and were jailed for their involvement. Wang’s family reportedly received $225,000 in compensation the same year.

The post Chinese man who sold kidney to buy iPhone now bedridden for life appeared first on TechWorm.

Research Suggests Older People More Likely to Share Fake News

When you think about fake news, it might conjure up images of the 2016 US Presidential campaign. It was thought

Research Suggests Older People More Likely to Share Fake News on Latest Hacking News.

The 10 year challenge is taking the Internet by storm

The first few days of the new 2019 started with a new social media craze that is making its way to the timelines of hundreds of millions of people across all major social media networks – the 10 year challenge. Unless you are one of the few people who does not use social media, you most likely have already noticed the new viral trend that consists of side-by-side memes of people from ten years ago and today. Millions of people have already participated, and a whole list of celebrities have shared their before-and-after memes with their followers. The challenge is about to blow out of proportion as more and more people are entering it by the second.

What exactly is the 10 year challenge?

The challenge consists of people posting then-and-now images of themselves. The old photos go as far as 2008 and are usually compared to recent photos uploaded to social media. The viral social media trend come in many forms. Some of the popular hashtags that reflect the hottest social media challenge are #10YearChallenge, #GlowUpChallenge, #2009vs2019, #HowHardDidAgingHitYou, and #agechallenge. The challenge is currently making its way through all major social media platforms including Facebook, Twitter, Instagram, etc.

Who is behind the challenge?

Currently, it is unknown if someone started the challenge intentionally. Multiple reporters have been speculating that this might be Facebook’s way to collect data that could be mined to train facial recognition algorithms on age progression and age recognition. Nicholas Thompson, the editor of Wired, succeeded in muddying the waters by tweeting “Let’s say you wanted to train a facial recognition algorithm on aging. What would do? Maybe start a meme like #10yearchallenge”. While this is a question that certainly gives you food for thought, it is still unknown if the challenge was ignited intentionally by a private company and if yes, what might have been its motives to do it.

Why did the 10 year challenge start now?

When Facebook was founded in 2004, the platform’s initial purpose was to be used as a networking tool for students in Ivy League universities. However, a few years after its launch, Facebook become open for everyone. Roughly 10 years ago, in 2009, Facebook started adding hundreds of millions of new users every day. Some say that the 10 year challenge is getting viral right now because of Facebook’s memories tool that brings images from the past to users’ timelines. Social media users are so fascinated by the difference between the 10 year old “memory” they see, and their current profile picture, that they decide to share it with friends and family.

Which celebrities have participated in the 10 year challenge?

The viral trend got popularized by some high profile celebrities such as Reese Witherspoon, Ellen DeGeneres, Nicki Minaj, Trevor Noah, Caitlyn Jenner, and Tyra Banks. Most of them jumped on the bandwagon to simply show how well they still look and how they haven’t aged at all.

How to enter the 10 year challenge?

If you want to enter the viral challenge all you have to do is dig out a 10 year old photo of yourself and splice it with a current one. The result should be a side-by-side photograph of yourself ten years apart similar to the before-after diet advertisements that we all see all the time on social media. If you want your side-by-side photo to get noticed, you can post it on any social media channels with the following hashtags #10YearChallenge, #GlowUpChallenge, #2009vs2019, #2008vs2018, #HowHardDidAgingHitYou, and #agechallenge.

Download Panda FREE VPN

The post The 10 year challenge is taking the Internet by storm appeared first on Panda Security Mediacenter.

Netflix Raises Price For Every Streaming Plan

Netflix is one of the most popular media consumption services that is used by millions of users. Recently, Netflix announced that it would raise prices across all of its plans. It is worth noting that, the increment in prices for every subscription plan will be only for the US residents.

So here’s everything you need to know about the increment in prices for every streaming plan on Netflix.

ALSO READ: 10 Best Horror Movies To Watch On Netflix Right Now

The New Prices-

Presently Netflix offers three different plans for streaming movies and TV shows on the platform. So, prices for all the three subscription plans will be increased. The first and the most basic Netflix plan that doesn’t offer HD content and is limited to one user only will be increased from $8 to $9.

While the price for the most popular plan that offers HD content will be increased from $11 to $13 per month. Lastly, the most premium plan that offers 4K quality content and allows up to four simultaneous streams on different devices, will increase from $14 to $16.

The hike in prices will impact on all of the new subscribers immediately. While the existing users will witness increment in prices by the next three months.


The Reason Behind Price Increase-

Netflix requires higher revenue to invest more money in original series. In addition to that, a majority of Netflix’s revenue goes into retaining the streaming rights for popular licensed content.

A Netflix spokesperson stated that “We change pricing from time to time as we continue investing in great entertainment and improving the overall Netflix experience for the benefit of our members.”

Do share your thoughts and opinions on the increment in pricing for every streaming plan on Netflix.

The post Netflix Raises Price For Every Streaming Plan appeared first on TechWorm.

AI: New Trends and Threats

Artificial Intelligence (AI) technology continues to evolve at an astounding pace. This year we will see a number of new developments which could have implications for home users like yourself.

Trend: AI-enabled chips

Although impressive, Artificial Intelligence systems are somewhat limited by the physical design of current computer chips. Processors like those found in your laptop at home are built for general workloads – playing games, surfing the web, writing emails etc.

The demands of AI applications are remarkably different however, so existing processors are unable to provide optimal performance. In 2019, manufacturers like Intel, NVIDIA, AMD, Qualcomm and ARM are set to release new chips that are optimised for AI. They will be focused on specific demands, like speech recognition and natural language processing.

What it means for you

As these new chips begin to appear in consumer electronics we should start to see features like voice assistants (Siri, Google Now, Amazon Alexa) become a lot more intelligent and effective. We should also see AI appearing in other technologies like cameras too.

Like every new technology, there is potential for hackers to exploit these chips to steal information or to break into networks. This is particularly true of cutting edge technology which may have bugs or security loopholes that are yet to be identified and fixed by the manufacturer.

Automated Machine Learning “let loose”

At the moment, AI takes a relatively long time to set up. This is because the system must first be taught how to work using a process called “Machine Learning” (ML). Usually this involves feeding large amounts of data into the system, then training it to understand what the information means.

Take Google’s Deep Learning system which can help to diagnose cancer for instance. Researchers fed thousands of breast scan images into the program, and then taught the application which pictures were positive for the presence of cancerous cells, and those which were clear. Eventually the system learned how to read the images automatically without needing guidance.

The problem is that this Machine Learning process can take a considerable amount of time to get right. Deep Mind has been years in the making.

2019 will see the release of a new development called AutoML, a technology designed to speed up and automate the training process. In future, developers will be able to define their application and expected outcomes, and AutoML will take care of the training and learning. This will make it much quicker and easier to build and release smart applications.

What does this mean for you?

Examples like Google Mind show how AI and Machine Learning can change the world. But at the same time, if AI is left to train itself without any safeguards in place, it is very difficult to predict potential outcomes. There is nothing to say that every decision or outcome made by the system will be positive or healthy.

Traditional coding errors create software bugs that can be exploited by cybercriminals. Similarly, misconfigured AutoML systems could create their own security weaknesses if not closely monitored by AI developers. If your data is held in one of these AI applications, there may be a risk of information being leaked, lost or stolen.

2019 – an exciting year

Artificial Intelligence systems are finally maturing and beginning to have an effect on day-to-day life. In most cases we will never see AI at work – but we should all begin to benefit in the near future.

The post AI: New Trends and Threats appeared first on Panda Security Mediacenter.

Offensive Security Appoints Ning Wang as CEO to Lead Organization’s Next Stage of Growth

Today we all constantly read about data breaches that could have been prevented if the impacted organization had just done what they were supposed to do. The unfortunate reality is that cyberattacks are now a matter of 'when' and not 'if' for the average enterprise. Yet the landscape is changing and protecting your environment is actually getting more challenging not less.

Cyber adversaries are more organized and talented than ever, so an effective cyber defense now requires more than just following the right processes. Today's enterprises need defenders who perform their jobs with an adversarial mindset. While this need is becoming more acute every day, we are also presently in the midst of an enormous cybersecurity skills shortage. These two forces are diametrically opposed and there is only one way toward resolution – practical security training.

This being the case, I couldn't be happier to join Offensive Security as the company's next CEO.

The Pirate Bay malware can empty your Cryptocurrency wallet

By Waqas

The malware was found hidden in the Windows shortcut file on The Pirate Bay. A new malware has been identified in popular torrent forum The Pirate Bay. The malware is discovered in a shortcut file for a movie and it has the capability to manipulate web pages along with changing the addresses for Bitcoin and […]

This is a post from HackRead.com Read the original post: The Pirate Bay malware can empty your Cryptocurrency wallet

Patches and data control: Keys to your organization’s security

emotet whitepaper patches

November 2018, Chile. The bank Consorcio de Chile discovers that it has become the victim of an advanced cyberattack, a dangerous and undesirable situation for any company. If we add to this the fact that the attack involved the Trojan known as the nightmare of global banking, and the fact that this particular nightmare managed to steal 2 million dollars from the bank’s funds, the outlook is extremely disheartening.

Download the Whitepaper

Analysis of EMOTET

The Trojan in question is called Emotet, and Chile is just the latest country on its list of victims—a list that already includes countries such as Germany, Switzerland and the United States. But what is Emotet, how does it spread, and what damage can it do?

Emotet is a polymorphic banking Trojan. Its main goal is to steal data such as user credentials, or to spy on network traffic. It is also frequently used to download other malware, including other banking Trojans.

The most common propagation method for this Trojan is email, whether via infected attachments or embedded URLs. One particularly dangerous feature of Emotet is that it takes over its victims’ email accounts. This helps to trick other users into downloading the Trojan onto their systems.

Emotet graphic

Once Emotet has infected a computer on a network, it uses the vulnerability EternalBlue to get to other endpoints on unpatched systems.

The most serious damage

The most serious consequences that an organization can experience as a result of an EMOTET attack include:

-Theft of personally identifiable information (PII).

-Leaking of financial and confidential information, which can be used for blackmail.

Theft of login credentials, making other accounts vulnerable

Long remediation periods for network administrators.

Loss of productivity of employees whose endpoints have to be isolated from the network

It is clear that this malware would be a serious danger for any company it managed to infiltrate. This is why at Panda Security, we recommend having the best preventative protection against any kind of malware, both known and unknown. This is what Panda Adaptive Defense does, since it stops all malware from running, as well as keeping endpoints updated.

In our whitepaper, Patches and data control: Keys to your organization’s security, you can find more information about the risks that this Trojan can entail, how it can get into your company, and how Panda can help you to avoid the most drastic damages.

Download the Whitepaper

The post Patches and data control: Keys to your organization’s security appeared first on Panda Security Mediacenter.

Security newsround: January 2019

We round up interesting research and reporting about security and privacy from around the web. This month: the security year in review, resilience on rails, incidents in depth, phishing hooks millennials, Internet of Threats, and CISOs climbing the corporate ladder.

A look back at cybercrime in 2018

It wouldn’t be a new year’s email without a retrospective on major security incidents over the previous 12 months. Credit to CSO Online for assembling a useful overview of some of last year’s most common risks and threats. To beef up this resource, it sourced external research and stats, while adding plenty of links for further reading. Some of the highlights include the massive rise in cryptocurrency mining. “Coin miners not only slow down devices but can overheat batteries and sometimes render a device useless,” it warned.

The article also advises against posting mobile numbers on the internet, because criminals are finding ways to harvest them for various scams. CSO also advises organisations about knowing the value of their data in order to protect it accordingly. Threatpost has a handy at-a-glance guide to some of the big security incidents from the past year. Meanwhile, kudos to Vice Motherboard for its excellent ‘jealousy list’ which rounds up great hacking and security stories from 2018 that first appeared in other media outlets.

Luas security derails tram website

The new year got off to a bad start for Dublin’s tram operator Luas, after an unknown attacker defaced its website in a security incident. On January 2nd, the Luas site had this message: “You are hacked… some time ago i wrote that you have serious security holes… you didn’t reply… the next time someone talks to you, press the reply button… you must pay 1 bitcoin in 5 days… otherwise I will publish all data and send emails to your users.”

The incident exposed 3,226 user records, and Luas said they belonged to customers who had subscribed to its newsletter. News of the incident spread widely, possibly due to Luas’ high profile as a victim, or because of the cryptocurrency angle.

The tram service itself was not affected, nor was the company’s online payments system. While the website was down, Luas used its Twitter feed to communicate travel updates to the public, and warned people not to visit the site. Interviewed by the Irish Times, Brian Honan said the incident showed that many organisations tend to forget website security after launch. As we’ve previously blogged, it’s worth carrying out periodic vulnerability assessments to spot gaps that an attacker could exploit. With the Luas site not fully back six days later, Brian noted on Twitter that it’s important to integrate incident response with business continuity management.

One hacked laptop and two hundred solemn faces

When an employee of a global apparel company clicked on a link in a phishing email while connected to a coffee shop wifi, they unwittingly let a cybercrime gang onto their corporate network. Once in, the attackers installed Framework POS malware on the company’s retail server to steal credit card details. It’s one real-life example from CrowdStrike’s Cyber Intrusion Casebook. The report details various incident response cases from 2018. It also gives recommendations for organisations on steps to take to protect their critical data better. In addition to coverage in online news reports, the document is available as a free PDF on CrowdStrike’s site.

Examples like these show the need for resilience, which we’ve blogged about before. No security is 100 per cent perfect. But it shouldn’t follow that one gap in the defences brings the entire wall crumbling down.

Digitally savvy, yes. Security savvy, not so much

Speaking of phishing, a new survey has found that digital natives are twice as likely to have fallen victim to a phishing scam than their older – sorry, we mean more experienced –  colleagues. Some 17 per cent in the 23-41 age group clicked on a phishing link, compared to 42-53 years old (6 per cent) or 54+ (7 per cent). The findings suggest a gap between perception and reality.

Out of all the age groups, digital natives were the most confident in their ability to spot a scam compared to their senior peers. Yet the 14 per cent of digital natives who weren’t as sure of their ability to spot a phish was strikingly close to the percentage in the same age bracket who had fallen for a phishing email. The survey by Censuswide for Datapac found that 14 per cent of Irish office workers – around 185,000 people – have been successfully phished at some stage.

OWASP’s IoT hit list

Is your organisation planning an Internet of Things project in 2019? Then you might want to send them in OWASP’s direction first. The group’s IoT project aims to improve understanding of the security issues around embedding sensors in, well, anything. To that end, the group has updated its top 10 list for IoT. The risks include old reliables like weak, guessable passwords, outdated components, insecure data transfer or storage, and lack of physical hardening. The full list is here.

The number’s up for CISO promotions

Why do relatively few security professionals ascend to the highest levels of business? That’s the provocative question from Raj Samani, chief scientist with McAfee. In an op-ed for Infosecurity Magazine, Samani argues that security hasn’t yet communicated its value to the business in an identifiable way. Proof of this is the fatigue or indifference over ever-mounting numbers of data breaches. Unlike a physical incident like a car accident where the impact is instantly visible, security incidents don’t have the same obvious cause and effect.

“The inability to determine quantifiable loss means that identifying measures to reduce risk are merely estimated at best. Moreover, if the loss is rarely felt, then the value of taking active steps to protect an asset can simply be overlooked,” Samani writes. “We can either bemoan the status quo or identify an approach that allows us to articulate our business value in a quantifiable way.”

The post Security newsround: January 2019 appeared first on BH Consulting.

OODA: Observe Orient Decide Act Faster Than Your Adversaries

OODA is the famous fast-paced decision-making model that emphasizes out-thinking your adversaries. First captured by Colonel John Boyd to articulate fighter pilot success models, it has been applied to international business, cyber security and just about any competitive environment.

Applying OODA methodologies to your business can help accelerate your products to market and help you beat the competition. This is especially important in the age of ubiquitous computing we all find ourselves in.

OODA is also the name of a new consultancy designed to optimize your actions.

The consultancy OODA helps clients identify, manage, and respond to global risks and uncertainties while exploring emerging opportunities and developing robust and adaptive strategies for the future.

OODA is comprised of a unique team of international experts lead by co-founders Matt Devost and Bob Gourley. Matt and Bob have been collaborating for two decades on advanced technology, intelligence, and security issues.  Our team is capable of providing advanced intelligence and analysis, strategy and planning support, investment and due diligence, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.

For more see: OODA.com

 

The post OODA: Observe Orient Decide Act Faster Than Your Adversaries appeared first on The Cyber Threat.

Win With The @Crucial Point and @CTOvision Product Lineup

For 10 years, Crucial Point and CTOvision have supported business and government decision-makers with action oriented research, consulting and advisory services. We have continually provided insights on our research via products under our CTOvision and ThreatBrief brands. The current newsletter lineup includes:
  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities. This is our largest distribution list with over 32000 members. As its name implies, it is published once a month.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

 

The post Win With The @Crucial Point and @CTOvision Product Lineup appeared first on The Cyber Threat.

Insurance Occurrence Assurance?

You may have seen my friend Brian Krebs’ post regarding the lawsuit filed last month in the Western District of Virginia after $2.4 million was stolen from The National Bank of Blacksburg from two separate breaches over an eight-month period. Though the breaches are concerning, the real story is that the financial institution suing its insurance provider for refusing to fully cover the losses.

From the article:

In its lawsuit (PDF), National Bank says it had an insurance policy with Everest National Insurance Company for two types of coverage or “riders” to protect it against cybercrime losses. The first was a “computer and electronic crime” (C&E) rider that had a single loss limit liability of $8 million, with a $125,000 deductible.

The second was a “debit card rider” which provided coverage for losses which result directly from the use of lost, stolen or altered debit cards or counterfeit cards. That policy has a single loss limit of liability of $50,000, with a $25,000 deductible and an aggregate limit of $250,000.

According to the lawsuit, in June 2018 Everest determined both the 2016 and 2017 breaches were covered exclusively by the debit card rider, and not the $8 million C&E rider. The insurance company said the bank could not recover lost funds under the C&E rider because of two “exclusions” in that rider which spell out circumstances under which the insurer will not provide reimbursement.

Cyber security insurance is still in its infancy and issues with claims that could potentially span multiple policies and riders will continue to happen – think of the stories of health insurance claims being denied for pre-existing conditions and other loopholes. This, unfortunately, is the nature of insurance. Legal precedent, litigation, and insurance claim issues aside, your organization needs to understand that cyber security insurance is but one tool to reduce the financial impact on your organization when faced with a breach.

Cyber security insurance cannot and should not, however, be viewed as your primary means of defending against an attack.

The best way to maintain a defensible security posture is to have an information security program that is current, robust, and measurable. An effective information security program will provide far more protection for the operational state of your organization than cyber security insurance alone. To put it another way, insurance is a reactive measure whereas an effective security program is a proactive measure.

If you were in a fight, would you want to wait and see what happens after a punch is thrown to the bridge of your nose? Perhaps you would like to train to dodge or block that punch instead? Something to think about.

Free SANS Webinar: I Before R Except After IOC

Join Andrew Hay on Wednesday, July 25th, 2018 at 10:30 AM EDT (14:30:00 UTC) for an exciting free SANS Institute Webinar entitled “I” Before “R” Except After IOC. Using actual investigations and research, this session will help attendees better understand the true value of an individual IOC, how to quantify and utilize your collected indicators, and what constitutes an actual incident.

Overview
Just because the security industry touts indicators of compromise (IOCs) as much needed intelligence in the war on attackers, the fact is that not every IOC is valuable enough to trigger an incident response (IR) activity. All too often our provided indicators contain information of varying quality including expired attribution, dubious origin, and incomplete details. So how many IOCs are needed before you can confidently declare an incident? After this session, the attendee will:

  • Know how to quickly determine the value of an IOC,
  • Understand when more information is needed (and from what source), and
  • Make intelligent decisions on whether or not an incident should be declared.

Register to attend the webinar here: https://www.sans.org/webcasts/108100.

The Daily Threat Brief: The President Gets A Daily Brief, Shouldn’t You?

The Daily Threat Brief is our version of the President’s Daily Brief (PDB),  focused on cyber threats and tips on being as secure as possible. We provide actionable insights into threat actors and their motivations and also dive into their tactics in ways that will inform your business decisions.

To sign up for the Daily Threat Brief see: CTOvision Newsletter Signups

Our full array of newsletters includes:

  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

 

 

The post The Daily Threat Brief: The President Gets A Daily Brief, Shouldn’t You? appeared first on The Cyber Threat.

The CTOvision Cyberwar and Cybersecurity Weekly

The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. We help you defend your piece of cyberspace at home and at work.

To sign up for the CTOvision Cyberwar and Cybersecurity Weekly see: CTOvision Newsletter Signups

Our full array of newsletters includes:

  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

The post The CTOvision Cyberwar and Cybersecurity Weekly appeared first on The Cyber Threat.

The CTOvision Artificial Intelligence, Big Data and Analytics Weekly

The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.

To sign up for the Weekly AI, Big Data and Analytics Newsletter see: CTOvision Newsletter Signups

Our full array of newsletters includes:

  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

The post The CTOvision Artificial Intelligence, Big Data and Analytics Weekly appeared first on The Cyber Threat.

The CTOvision Weekly Tech Review

The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts for the executive in need of actionable insights which can drive decisions and lead to victory in the market place.

We report on: on Cloud Computing, Artificial Intelligence, Mobility, Big Data, Robotics, Internet of Things, Cybersecurity and Blockchain and Cryptocurrencies.

We also provide focus on high interest topics, including Science Fiction, Entertainment, Cyber War, Tech Careers, Training and Education and Tech Tips.

To sign up for the CTOvision Pro IT Report see: CTOvision Newsletter Signups

Our full array of newsletters includes:

  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

The post The CTOvision Weekly Tech Review appeared first on The Cyber Threat.

The CTOvision Daily: Keep your finger on the pulse of the tech world

The Daily CTOvision.com is produced for the technology executive who needs to stay in the loop on the latest in technology and concepts for applying IT to address business and mission needs. Our daily provides summaries of all reporting.  If we don’t publish it does not go out, but it is never more than once a day.

We report on: on Cloud Computing, Artificial Intelligence, Mobility, Big Data, Robotics, Internet of Things, Cybersecurity and Blockchain and Cryptocurrencies.

We also provide focus on high interest topics, including Science Fiction, Entertainment, Cyber War, Tech Careers, Training and Education and Tech Tips.

To sign up for the CTOvision Daily see: CTOvision Newsletter Signups

Our full array of newsletters includes:

  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

The post The CTOvision Daily: Keep your finger on the pulse of the tech world appeared first on The Cyber Threat.

The CTOvision Monthly Report

CTOvision writes for the enterprise technologist. We provide CTOs, CIOs, CISOs, data scientists and other technologists with insights into emerging tech trends and concepts for making the most of advanced technologies. We organize events focused on thought leadership and provide research insights through a portfolio of newsletters.

Our premier publication is our monthly technology review, sent to over 32,000 technology thought leaders. This monthly summarizes reporting from the CTOvision.com blog as well as tech trends from the IT industry. The monthly also provide links to our technology assessments. The result: readers are provided with deep and actionable insights into the dynamic tech world.

To sign up for the Monthly CTOvision.com Tech Review see: CTOvision Newsletter Signups

Our full array of newsletters includes:

  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

The post The CTOvision Monthly Report appeared first on The Cyber Threat.

Inform your decisions with exquisite intelligence from CTOvision and ThreatBrief

For 10 years, Crucial Point, the consultancy formed by The Cyber Threat author Bob Gourley, has supported business and government decision-makers with action oriented research, consulting and advisory services. We have continually provided insights on our research via products under our CTOvision and ThreatBrief brands.
The current newsletter lineup includes:
  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities. This is our largest distribution list with over 32000 members. As its name implies, it is published once a month.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

The post Inform your decisions with exquisite intelligence from CTOvision and ThreatBrief appeared first on The Cyber Threat.

Interviewed on RSAC TV

I had the pleasure of being interviewed by Eleanor Dallaway, Editor and Publisher – Infosecurity Magazine, on RSA Conference Television (RSAC TV) last week at the annual RSA Security Conference.

In the interview, we spoke of what I had observed on the show floor, the state of the security industry, and I describe my perfect customer in information security.

Windows 10 Update Disrupts Pen Input; Microsoft Offers Potentially Dangerous Fix

A recent Microsoft security update – according to Wacom’s support pages, the OS build 16299.334 – has had a rather unexpected side-effect. Many users of have been experiencing issues where drawing apps, such as Photoshop, no longer function correctly. For example, pressing the pen to the tablet device does not “draw” as it should, but […]

Why the Cyber Criminals at Synack need $25 Million to Track Down Main Safety Faults

The enormous number of hacks in 2014 have propelled information safety into the front of the news and the brains of many companies. Cyber attacks on big enterprises like Target, Sony, and Home Depot lately caused President Obama to call for partnership amongst the two sectors (private and public) in order to share the information

The post Why the Cyber Criminals at Synack need $25 Million to Track Down Main Safety Faults appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Three Hacking Groups You Definitely Need to Know About

Hacker groups began to flourish in the early 1980s with the emergence of computer. Hackers are like predators that can access your private data at any time by exploiting the vulnerabilities of your computer. Hackers usually cover up their tracks by leaving false clues or by leaving absolutely no evidence behind. In the light of

The post Three Hacking Groups You Definitely Need to Know About appeared first on Hacker News Bulletin | Find the Latest Hackers News.

The Health insurance Company – Premera Blue Cross – of the United States of America was cyber criminally attacks and 11 million records were accessed

Pemera Blue Cross, a United States of America – based health insurance corporation, has confided in that its systems were infringed upon and their security and associability was breached when  cyber criminals hacked the company and made their way in 11 million of their customers’ records. It is the second cyber attack in a row

The post The Health insurance Company – Premera Blue Cross – of the United States of America was cyber criminally attacks and 11 million records were accessed appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Want to have a VPN Server on Your Computer (Windows) Without setting up Any Software?

Windows has the added facility to work as a VPN server, even though this choice is undisclosed. This can work on both versions of Windows – Windows 8 and Windows 7. To enable this, the server makes use of the point-to-point tunneling protocol (PPTP.) This could be valuable for linking to your home system on

The post Want to have a VPN Server on Your Computer (Windows) Without setting up Any Software? appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Anonymous wants to further its engagement in the exploration of space – ‘Unite as Species’

The hack – tivist cyber criminal group Anonymous, more often than not related with cyber campaigns in opposition to fraudulent government administrations and terrorist organizations, has now set its sights on space. They posted a video on the group’s most important You Tube channel on the 18th of March, and called on to everyone through

The post Anonymous wants to further its engagement in the exploration of space – ‘Unite as Species’ appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Microsoft Remote Desktop Connection Manager

Imagine having the access and control to your computer to any place in the world from your iPhone. That would be really futuristic, no? Actually, this is not because there are applications available that can let you tap into your computer from on your mobile. These remote control applications do more than simply allow you

The post Microsoft Remote Desktop Connection Manager appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Vanished in 60 seconds! – Chinese cyber criminals shut down Adobe Flash, Internet Explorer

Associates of two Chinese cyber crime teams have hollowed out the best prizes at a main yearly hacking competition held in Vancouver, Canada. Cyber attackers at Pwn2Own, commenced in 2007, were triumphant in violating the security of broadly -used software including Adobe Flash, Mozilla’s Firefox browser, Adobe PDF Reader and Microsoft’s freshly – discontinued Internet

The post Vanished in 60 seconds! – Chinese cyber criminals shut down Adobe Flash, Internet Explorer appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Researcher makes $225,000, legally, by cyber attacking browsers

A single researcher who is actually a cyber criminal made $225,000 this week  – that too all by legal means! This cyber research hacker cyber criminally attacked browsers this past week. For the past two days, safety researchers have tumbled down on Vancouver for a Google – sponsored competition called Pwn – 2 – Own,

The post Researcher makes $225,000, legally, by cyber attacking browsers appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Political analysts caution air plane connections systems that are susceptible to cyber attacks

Marketable and even martial planes have an Achilles heel that could abscond them as susceptible to cyber criminals on the ground, who specialists say could possibly seize cockpits and generate disorder in the skies. At the present, radical groups are thought to be short of the complexity to bring down a plane vaguely, but it

The post Political analysts caution air plane connections systems that are susceptible to cyber attacks appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Security Beyond The Perimeter

Whether we like it or not, the way we architect, utilize, and secure the networks and systems under our control has changed. When servers were safely tucked away behind corporate firewalls and perimeter-deployed intrusion prevention controls, organizations became complacent and dependent on their host security. Unfortunately, inadequately architected security controls that rely solely on broad network-based protection can make the migration of an organization’s systems to private, public, and hybrid cloud hosting even more exposed to attackers than they were before.

Everyone has heard the “defense in depth” analogy relating security to a medieval castle with controlled access to different locations of the castle and a defensive moat around the perimeter. This “hard outside” and “soft inside” model was designed to make it as difficult as possible to get past the perimeter. However, once inside the walls, the trusted individual had elevated access to resources within the network.

Unsurprisingly, the medieval defense analogy has lost much of its relevance in a world where systems and users move effortlessly from within the confines of a walled corporation, to a local coffee shop, and perhaps even to a different country as part of normal business operations.

Securing the next generation of hosting platforms requires a new approach that not every organization is ready for. Some industry analyst firms promote the idea of a “cloud first strategy” for all technology deployments. Though not a bad idea, per se, this doesn’t mean that forklifting your entire architecture into cloud or containerized environments should be your number one priority – especially if you’re being forced to choose between a new architecture and the traditional security controls that you depend upon.

Thankfully, technology has evolved to allow for more seamless security in environments that need to span traditional datacenters, virtualization, and cloud environments. This has allowed organizations to grow their capabilities without the need to choose between having security and having new technology stacks.

So how do we, as security professionals and business owners, decide what mitigating controls should be deployed to future-proof our security? It’s actually much easier than it sounds. To learn more about how to perform security beyond the perimeter please read my full post on https://www.juniper.net/us/en/dm/security-beyond-the-perimeter/.

The Hay CFP Management Method

By Andrew Hay, Co-Founder and CTO, LEO Cyber Security.

I speak at a lot of conferences around the world. As a result, people often ask me how I manage the vast number of abstracts and security call for papers (CFPs) submissions. So I thought I’d create a blog post to explain my process. For lack of a better name, let’s call it the Hay CFP Management Method. It should be noted that this method could be applied to any number of things from blog posts to white papers and scholastic articles to news stories. I have successfully proven this methodology for both myself and my teams at OpenDNS, DataGravity, and LEO Cyber Security. Staying organized helped manage the deluge of events, submitted talks, and important due dates in addition to helping me keep track of where in the world my team was and what they were talking about.

I, like most people, started managing abstracts and submissions by relying on email searches and documents (both local and on Google Drive, Dropbox, etc.). Unfortunately, I didn’t find this scaled very well as I kept losing track of submitted vs. accepted/rejected talks and their corresponding dates. It certainly didn’t scale when it was applied to an entire team as opposed to a single individual.

Enter Trello, a popular (and freemium) web-based project management application that utilizes the Kanban methodology for organizing projects (boards), lists (task lists), and tasks (cards). In late September I start by creating a board for the upcoming year (let’s call this board the 2018 Conference CFP Calendar) and, if not already created, a board to track my abstracts in their development lifecycle (let’s call this board Talk Abstracts).

Within the Talk Abstracts board, I create several lists to act as swim lanes for my conference abstracts and other useful information. These lists are:

* Development: These are talks that are actively being developed and are not yet ready for prime time.
* Completed: These are talks that have finished development and are ready to be delivered at an upcoming event.
* Delivered: These are talks that have been delivered at least once.
* Misc: This list is where I keep my frequently requested form information such as my short bio (less than 50 characters), long bio (less than 1,500 characters), business mailing address (instead of browsing to your corporate website every time), and CISSP number (because who can remember that?).
* Retired: As a personal rule, I only use a particular talk for one calendar year. When I feel as though the talk is stale, boring, or stops being accepted, I move the card to this list. That’s not to say you can’t revive a talk or topic in the future as a “version 2.0”. This is why keeping the card around is valuable.

Within the 2018 Conference CFP Calendar board, I create several lists to act as swim lanes for my various CFPs. These lists are:

* CFP open: This is where I put all of the upcoming conference cards that I know about even if I do not yet know the exact details (such as location, CFP open/close, etc.).
* CFP closes in < 30 days: This is where I put the upcoming conference cards that have a confirmed closing date within the next 30 days. Note, it is very important to record details in the cards such as closing date, conference CFP mechanism (e.g. email vs. web form), and any related URLs for the event.
* Submitted: These are the conferences that I have submitted to and the associated cards. Note, I always provide a link to the abstract I submitted as a way to remind myself what I’m talking about.
* Accepted: These are the accepted talk cards. Note, I always put a copy of the email (or link to) acceptance notification to record any details that might be important down the road. I also make sure to change the date on the card to that of the speaking date and time slot to help keep me organized.
* Attending but not presenting: This is really a generic catch-all for events that I need to be at but may not be speaking at (e.g. booth duty, attending training, etc.). The card and associated dates help keep my dance card organized.
* Accepted but backed out: Sometimes life happens. This list contains cards of conference submissions that I had to back out of for one reason or another. I keep these cards in their own column to show me what was successfully accepted and might be a fit for next year in addition to the reason I had to back out (e.g. conflict, personal issue, alien abduction, etc.).
* Completed: This list is for completed talk cards. Again, I keep these to reference for next year’s board as it provides some ballpark dates for when the CFP opens, closes, as well as the venue and conference date.
* Rejected: They’re not all winners and not everybody gets every talk accepted. In my opinion, keeping track of your rejected talks is as (if not more) important as keeping track of your accepted talks. Not only does it allow you to see what didn’t work for that particular event, but it also allows you to record reviewer feedback on the submission and maybe submit a different style or type of abstract in the future.
* Not doing 2018: This is the list where I put conference cards that I’ve missed the deadline on (hey, it happens), cannot submit to because of a conflict, or simply choose to not submit a talk to.

It should be noted that I keep the above lists in the same order every year to help minimize my development time against the Trello API for my visualization dashboard (which I will explain in a future blog post). This might sound like a lot of work but once you’ve set this board up you can reuse it every year. In fact, it’s much easier to copy last year’s board than starting fresh every year, as it brings the cards and details over. Then all you need to do is update the old cards with the new venue, dates, and URLs.

Now that we have our board structure created we need to start populating the lists with the cards – which I’ll explain in the next blog post. In addition to the card blog post, I’ll explain two other components of the process in subsequent posts. For reference, here are the upcoming blog posts that will build on this one:

* Individual cards and their structure
* Moving cards through the pipeline
* Visualizing your board (and why it helps)

The post The Hay CFP Management Method appeared first on LEO Cyber Security.

Detect and Prevent Data Exfiltration Webinar with Infoblox

Please join SANS Institute Instructor and LEO Cyber Security Co-Founder & CTO Andrew Hay and Infoblox Security Product Marketing’s Sam Kumarsamy on Thursday, August 17th, 2017 at 1:00 PM EDT (17:00:00 UTC) as they present a SANS Institute webinar entitled Detect & Prevent Data Exfiltration: A Unique Approach.

Overview

Data is the new currency in the modern digital enterprise and protecting data is a strategic imperative for every organization. Enterprises must protect data whether it resides in a data center, an individual’s laptop that is used on premise or off premise and across the global distributed enterprise. Effective data exfiltration prevention requires protecting DNS, the most commonly used channels to steal data and combining reputation, signatures and behavioral analytics. The detection and prevention of loss of data requires analysis of vast amounts of network data and require a solution that can scale to examine this data. In this webinar you will also learn about the Infoblox’s unique approach to detecting and preventing data exfiltration.

To register for the webinar, please visit: https://www.sans.org/webcasts/detect-prevent-data-exfiltration-unique-approach-infoblox-104985

You can now also attend the webcast using your mobile device!

 

The post Detect and Prevent Data Exfiltration Webinar with Infoblox appeared first on LEO Cyber Security.

Petya Ransomware: What You Need to Know and Do

By: Andrew Hay

Unless you’ve been away from the Internet earlier this week, you’ve no doubt heard by now about the global ransomware outbreak that started in Ukraine and subsequently spread West across Western Europe, North America, and Australia yesterday. With similarities reminiscent to its predecessor WannaCry, this ransomware attack shut down organizations ranging from the Danish shipping conglomerate Maersk Line to a Tasmanian-based Cadbury chocolate factory.

I was asked throughout the course of yesterday and today to help clarify exactly what transpired. The biggest challenge with any surprise malware outbreak is the flurry of hearsay, conjecture, speculation, and just plain guessing by researchers, analysts, and the media.

At a very high level, here is what we know thus far:

  • The spread of this campaign appears to have originated in Ukraine but has migrated west to impact a number of other countries, including the United States where pharmaceutical giant Merck and global law firm DLA Piper were hit
  • The initial infection appears to involve a software supply-chain threat involving the Ukrainian company M.E.Doc, which develops tax accounting software, MeDoc
  • This appears to be a piece of malware utilizing the EternalBlue exploit disclosed by the Shadow Brokers back in April 2017 when the group released several hacking tools obtained from the NSA
  • Microsoft released a patch in March 2017 to mitigate the discovered remote code execution vulnerabilities that existed in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handled certain requests
  • The malware implements several lateral movement techniques:
    • Stealing credentials or re-using existing active sessions
    • Using file-shares to transfer the malicious file across machines on the same network
    • Using existing legitimate functionalities to execute the payload or abusing SMB vulnerabilities for unpatched machines
  • Experts continue to debate whether or not this is a known malware variant called Petya but several researchers and firms claim that this is a never before seen variant that they are calling GoldenEye, NotPetya, Petna, or some other random name such as Nyetya
  • The jury is still out on whether or not the malware is new or simply a known variant

 

Who is responsible?

The million dollar question on everyone’s mind is “was this a nation-state backed campaign designed to specifically target Ukraine”? We at LEO believe that to be highly unlikely for a number of reasons. The likelihood that this is an opportunistic ransomware campaign with some initial software package targets is far more likely scenario than a state-sponsored actor looking to destabilize a country.

Always remember the old adage from Dr. Theodore Woodward: When you hear hoofbeats, think of horses not zebras.

If you immediately start looking for Russian, Chinese, or North Korean state-sponsored actors around every corner, you’ll inevitably construct some attribution and analysis bias. Look for the facts, not the speculation.

What does LEO recommend you do?

We recommend customers that have not yet installed security update MS17-010 to do so as soon as possible. Until you can apply the patch, LEO also recommends the following steps to help reduce the attack surface:

  • Disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547
  • Block incoming SMB traffic from the public Internet on port 445 and 139, adding a rule on your border routers, perimeter firewalls, and any intersecting traffic points between a higher security network zone to a lower security network zone
  • Disable remote WMI and file sharing, where possible, in favor of more secure file sharing protocols
  • Ensure that your logging is properly configured for all network-connected systems including workstations, servers, virtualized guests, and network infrastructure such as routers, switches, and firewalls
  • Ensure that your antimalware signatures are up-to-date on all systems (not just the critical ones)
  • Review your patch management program to ensure that emergency patches to mitigate critical vulnerabilities and easily weaponized attacks can be applied in an expedited fashion
  • Finally, consider stockpiling some cryptocurrency, like Bitcoin, to reduce any possible transaction downtime should you find that your organization is forced to pay the ransom. Attempting to acquire Bitcoin during an incident may be time-prohibitive

 

Should your organization need help or clarification on any of the above recommendations, please don’t hesitate to reach out to LEO Cyber Security for immediate assistance.

Further reading

The post Petya Ransomware: What You Need to Know and Do appeared first on LEO Cyber Security.

Diving into the Issues: Observations from SOURCE and AtlSecCon

Last week I had the pleasure of presenting three times, at two conferences, in two different countries: SOURCE in Boston, MA and at the Atlantic Security Conference (AtlSecCon) in Halifax, NS, Canada.

The first event of my week was SOURCE Boston. This year marked the tenth anniversary of SOURCE Conference and it continues to pride itself on being one of the only venues that brings business, technology and security professionals together under one roof to focus on real-world, practical security solutions for some of todays toughest security issues. Though I was only there for the first day, I was able to catch up with friends, play some Hacker Movie Trivia with Paul Asadoorian (@securityweekly), and chat with attendees on some of the biggest challenges we face around detecting and mitigating ransomware attacks.

After my presentation, I rushed off to Logan Airport to sit in, on what I now choose to call, the “Air Canada Ghetto” – a small three gate departure area segregated from the rest of the airport and its amenities. A minor four hour delay later, I was on my way to Halifax for AtlSecCon.

Between meetings and casual conversations I was enlightened by several presentations. Raf Los (@Wh1t3Rabbit), managing director of solutions research & development at Optiv, discussing Getting Off the Back Foot – Employing Active Defence which talked about an outcome-oriented and capabilities-driven model for more effective enterprise security.

After his talk, Aunshul Rege (@prof_rege), an assistant professor with the Criminal Justice department at Temple University, gave a very interesting talk entitled Measuring Adversarial Behavior in Cyberattacks. With a background in criminology, Aunshul presented her research from observations and interviews conducted at the Industrial Control Systems Computer Emergency Response Team’s (ICS-CERT) Red/Blue cybersecurity training exercise held at Idaho National Laboratory. Specifically, she covered how adversaries might engage in research and planning, offer team support, manage conflict between group members, structure attack paths (intrusion chains), navigate disruptions to their attack paths, and how limited knowledge bases and self-induced mistakes can possibly impact adversaries.

The last presentation was Mark Nunnikhoven’s (@marknca) highlighting Is Your Security Team Set up To Fail? Mark, the VP of cloud research at Trend Micro and a personal friend, examined the current state of IT security programs and teams…delving into the structure, goals, and skills prioritized by the industry.

The second day of the conference was filled with meetings for me but I was able to sit through Michael Joyce’s talk entitled A Cocktail Recipe for Improving Canadian Cybersecurity.  Joyce described the goals and objectives of The Smart Cybersecurity Network (SERENE-RISC) – a federally funded, not-for-profit knowledge mobilization network created to improve the general public’s awareness of cybersecurity risks and to empower all to mitigate them through knowledge. He was an excellent presenter and served as a call to action for those looking to help communicate the need for cybersecurity to all Canadians.

At both conferences I presented my latest talk entitled The Not-So-Improbable Future of Ransomware which explored how thousands of years of human kidnap and ransom doctrine have served as a playbook for ransomware campaign operators to follow. It was well received by both audiences and sparked follow-up conversations and discussions throughout the week. The SOURCE version can be found here and the AtlSecCon version here.

The conversation was received some early praise on the SOURCE session in addition to written pieces by Bill Brenner (@billbrenner70) from Sophos:


And Taylor Armerding (@tarmerding2) from CSO:


At AtlSecCon I joined a panel entitled Security Modelling Fundamentals: Should Security Teams Model a SOC Around Threats or Just Build Layers? Chaired by Tom Bain (@tmbainjr1), VP of marketing at CounterTack, the session served as a potpourri of security threats and trends ranging from ransomware, to regulation, to attack mitigation. It was quite fun and a great way to end the day.

Though it was a long series of flights home to the Bay Area I thoroughly enjoyed both conferences. I would highly recommend attending and/or speaking at both next year if you are provided with the opportunity.

Next up, (ISC)² CyberSecureGov 2017 in Washington, D.C. and the Rocky Mountain Information Security Conference (RMISC) in Denver, CO. Perhaps I’ll see some of our readers there!

The post Diving into the Issues: Observations from SOURCE and AtlSecCon appeared first on LEO Cyber Security.

Security is Not, and Should not be Treated as, a Special Flower

My normal Wednesday lunch yesterday was rudely interrupted by my adequate friend and reasonable security advocate Javvad calling me to ask my opinion on something. This in itself was surprising enough, but the fact that I immediately gave a strong and impassioned response told me this might be something I needed to explore further… The UK … Read More