Category Archives: News

Are cars about to start talking to you?

Self-driving (autonomous) cars are all over the news recently. Firms like Uber, Google and Apple are working hard to develop intelligent vehicles that can make drive themselves without human assistance.

Clearly this technology is quite impressive. Learning to drive is hard enough for humans, whose brains are the most advanced supercomputers in existence. How much more difficult to train a relatively dumb computer to do the same?

The “human” factor in driving

Researchers are relatively confident that they have solved the problem of driving a car from point A to point B. They have also developed a range of very clever sensors that make these cars aware of their surroundings, traffic and pedestrians so that they can avoid accidents.

The problem is that other road users also need to know what the autonomous vehicle is doing. Human drivers will often make (polite) gestures to other road users, signalling their intention. It is not unusual for drivers to wave pedestrians across the road in front of them, or to flash headlights to signal they are giving way to oncoming traffic.

And occasionally drivers may even call out the window, or beep their horn.

But apart from using flashing indicators to allow other drivers to know their intentions, autonomous cars cannot give any of these innately human signals.

Copying human driver behaviour

Researchers are now looking at how self-driving cars may be able to mimic some of these driver behaviours. One patent application filed by Uber suggests using flashing signs to tell pedestrians what the car is about to do.

According to the pictures in the patent application, cars will be fitted with a series of displays on the door, bumper and rear-view mirror. These displays will issue pedestrians with instructions (“Please proceed to cross” for instance”), along with scrolling arrows to show which direction they should travel.

Uber has also suggested integrating a projector into the front of the car to create even more instructions. The patent application shows a pedestrian crossing projected in front of the car to make it even easier for other road users to know it is safe to move in front of the car.

With so many lights, screens and animations, the car (and instructions) will be hard to miss.

Hacking the “human” factor

There is one minor downside to all this extra technology being included in cars – a slightly greater risk of being hacked. Every additional connected device – screen, projector, sign etc – is a potential attack point for cybercriminals.

These new innovations may help to protect other road users – but they could also create new dangers for drivers and passengers if hackers can use them to take control of the vehicle.

Will autonomous cars speak to us?

Using digital assistants like OK Google and Siri, autonomous cars will undoubtedly talk to their owners and passengers. At this point however, none of the leading autonomous car manufacturers are testing voice announcements directed at pedestrians.

This is probably a good thing. Many people still regard the use of the car horn as being offensive and rude – a robotic announcement from nearby cars may be even worse.

Good news for pedestrians

The ideas in Uber’s patent may never be built into cars, but it does show that manufacturers are now seriously considering the welfare of people outside the vehicle. Which means that the roads of the future should be much safer for everyone.

Download your Antivirus

The post Are cars about to start talking to you? appeared first on Panda Security Mediacenter.

Former SunTrust employee stole data on 1.5 million clients

US commercial bank SunTrust has announced on Friday that they’ve fallen victim to insider threat, and that customer records of some 1.5 million of its customers had been extracted from its systems. What is known so far and has been shared with investors by the bank’s Chairman and CEO William Rogers, the insider was a former employee had tried to download customer data and hand it over to a “criminal third party.” Rogers said that … More

The post Former SunTrust employee stole data on 1.5 million clients appeared first on Help Net Security.

The Last Known Person Born in the 19th Century Dies in Japan at 117

Jason Kottke: As of 2015, only two women born in the 1800s and two others born in 1900 (the last year of the 19th century) were still alive. In the next two years, three of those women passed away, including Jamaican Violet Brown, the last living subject of Queen Victoria, who reigned over the British Empire starting in 1837. Last week Nabi Tajima, the last known survivor of the 19th century, died in Japan at age 117.

Read more of this story at Slashdot.

FDA plans to improve medical device cybersecurity

The US Food and Drug Administration (FDA) plans to tackle security issues related to medical devices and has released a plan of action it means to implement in the near future. Broadly, plan is as follows: Establish a robust medical device patient safety net in the US Explore regulatory options to streamline and modernize timely implementation of postmarket mitigations; Spur innovation towards safer medical devices; Advance medical device cybersecurity; and Integrate CDRH’s premarket and postmarket … More

The post FDA plans to improve medical device cybersecurity appeared first on Help Net Security.

Kaspersky Lab Identifies Infrastructure Of Crouching Yeti Known For Attacks On Industrial Companies

The ISBuzz Post: This Post Kaspersky Lab Identifies Infrastructure Of Crouching Yeti Known For Attacks On Industrial Companies appeared first on Information Security Buzz.

Kaspersky Lab has uncovered infrastructure used by the well-known Russian-speaking APT group Crouching Yeti, also known as Energetic Bear, which includes compromised servers across the world. According to the research, numerous servers in different countries were hit since 2016, sometimes in order to gain access to other resources. Others, including those hosting Russian websites, were used as watering holes.

Crouching Yeti is a Russian-speaking advanced persistent threat (APT) group that Kaspersky Lab has been tracking since 2010. It is best known for targeting industrial sectors around the world, with a primary focus on energy facilities, for the main purpose of stealing valuable data from victim systems. One of the techniques the group has been widely using is through watering hole attacks: the attackers injected websites with a link redirecting visitors to a malicious server.

Recently Kaspersky Lab has discovered a number of servers, compromised by the group, belonging to different organisations based in Russia, the U.S., Turkey and European countries, and not limited to industrial companies. According to researchers, they were hit in 2016 and 2017 with different purposes. Thus, besides watering hole, in some cases they were used as intermediaries to conduct attacks on other resources.

In the process of analysing infected servers, researchers identified numerous websites and servers used by organisations in Russia, U.S., Europe, Asia and Latin America that the attackers had scanned with various tools, possibly to find a server that could be used to establish a foothold for hosting the attackers’ tools and to subsequently develop an attack. Some of the sites scanned may have been of interest to the attackers as candidates for waterhole. The range of websites and servers that captured the attention of the intruders is extensive. Kaspersky Lab researchers found that the attackers had scanned numerous websites of different types, including online stores and services, public organisations, NGOs, manufacturing, etc.

Also, experts found that the group used publicly available malicious tools, designed for analysing servers, and for seeking out and collecting information. In addition, a modified sshd file with a preinstalled backdoor was discovered. This was used to replace the original file and could be authorised with a ‘master password’.

“Crouching Yeti is a notorious Russian-speaking group that has been active for many years and is still successfully targeting industrial organisations through watering hole attacks, among other techniques. Our findings show that the group compromised servers not only for establishing watering holes, but also for further scanning, and they actively used open-sourced tools that made it much harder to identify them afterwards,” said Vladimir Dashchenko, Head of Vulnerability Research Group at Kaspersky Lab ICS CERT.

The group’s activities, such as initial data collection, the theft of authentication data, and the scanning of resources, are used to launch further attacks. The diversity of infected servers and scanned resources suggests the group may operate in the interests of the third parties.” he added.

Kaspersky Lab recommends that organisations implement a comprehensive framework against advanced threats comprising of dedicated security solutions for targeted attack detection and incident response, along with expert services and threat intelligence. As a part of Kaspersky Threat Management and Defense, our anti-targeted attack platform detects an attack at early stages by analysing suspicious network activity, while Kaspersky EDR brings improved endpoint visibility, investigation capabilities and response automation. These are enhanced with global threat intelligence and Kaspersky Lab’s expert services with specialisation in threat hunting and incident response.

The ISBuzz Post: This Post Kaspersky Lab Identifies Infrastructure Of Crouching Yeti Known For Attacks On Industrial Companies appeared first on Information Security Buzz.

Expand vulnerability and risk management programs to eliminate security misconfigurations

In this podcast recorded at RSA Conference 2018, Tim White, Director of Product Management, Policy Compliance at Qualys, discusses how expanding vulnerability and risk management programs can eliminate security misconfigurations. Many don’t realize misconfigurations can be exploited just as easily as a vulnerable piece of software to result in compromise. Here’s a transcript of the podcast for your convenience. Hi, my name is Tim White with Qualys. I am the Director of Product Management for … More

The post Expand vulnerability and risk management programs to eliminate security misconfigurations appeared first on Help Net Security.

Are the AMD chip vulnerabilities cause for concern?

panda-security

In the wake of the alarm caused by the Meltdown and Spectre cases, the news of thirteen vulnerabilities affecting AMD’s chip architecture has triggered a new wave of uncertainty about the security risks to which millions of devices were exposed. It took a week before AMD acknowledged that the vulnerabilities revealed in a CTS-Labs report were true. After evaluating all the information documented by this company, AMD finally confirmed the existence of these vulnerabilities, assuring however that the risk was minimal.

What’s the story with AMD chips?

There are two aspects to the security flaws revealed by CTS-Labs. The first affects the AMD Secure Processor in Ryzen and EPYC chips. This is precisely the component responsible for processor security, where devices store passwords and encryption keys. On the other hand, other vulnerabilities, grouped under the name ‘Chimera’, affect the chipset that usually accompanies Ryzen systems.

What all 13 vulnerabilities have in common is that they enable a backdoor to be exploited in order to inject malicious code and launch a range of attacks. In this way, an attacker could take control of a system to steal network user credentials and move through corporate networks. It also means that someone could read and write in secure memory areas, bypass BIOS protection, or attack the operating system of a device. In short, these vulnerabilities in AMD’s products could have serious consequences for all types of organizations, as they could leave them vulnerable to attackers who could use these backdoors to gain access to sensitive information.

This latest news comes just weeks after AMD was embroiled in the case of Meltdown and Specter, although the main company affected was Intel. Even though the source of the vulnerabilities is not the same, as with Meltdown and Specter, these flaws could allow cybercriminals to access critical information on system memory and launch a range of attacks.

How to resolve the problem

After acknowledging the existence of these vulnerabilities, AMD has now presented a plan to address them. In the coming weeks, they are set to publish firmware updates that will be installed through BIOS updates. Moreover, the company has announced that, unlike what happened with the solutions for Meltdown and Specter, these updates will not impact on the performance of the affected systems, nor on the servers or the computers based on those CPUs.

At the same time, AMD has played down the issue, explaining that the risk was minimal, as to exploit these vulnerabilities, an attacker would first need to have administrator access to the system. As Mark Papermaster, AMD’s CTO, points out, attackers with this kind of access would have numerous attack mechanisms at their disposal to delete, create or modify any file on the system, without the need to exploit these vulnerabilities.

This attack confirms two things. On the one hand, the need for advanced cybersecurity systems that can detect any anomalous behavior that could potentially enable the theft of administrator login credentials on corporate systems. And, on the other hand, they are a reminder of the importance of regularly updating corporate systems to mitigate the risk of attacks that jeopardize critical data.

The post Are the AMD chip vulnerabilities cause for concern? appeared first on Panda Security Mediacenter.

Most dangerous attack techniques, and what’s coming next

Experts from SANS presented the five most dangerous new cyber attack techniques in their annual RSA Conference 2018 keynote session in San Francisco, and shared their views on how they work, how they can be stopped or at least slowed, and how businesses and consumers can prepare. The five threats outlined are: 1. Repositories and cloud storage data leakage 2. Big Data analytics, de-anonymization, and correlation 3. Attackers monetize compromised systems using crypto coin miners … More

The post Most dangerous attack techniques, and what’s coming next appeared first on Help Net Security.

IT workforce increasingly overworked and stressed out

45% of IT workers are feeling the pressure of strained technology operations and suffer regular stress in their jobs, according to Chess Cybersecurity. IT staff who said they were stressed out indicated the following: 59% work more than 45 hours a week, 20% more than the ONS’s stated national average of 37.1 hours, hinting at a chronic overworking problem in the sector Six out of 10 lack the resources to do their jobs well Almost … More

The post IT workforce increasingly overworked and stressed out appeared first on Help Net Security.

Week in review: New Cybersecurity Framework, Android patching issues, RSA Conference 2018

Here’s an overview of some of last week’s most interesting news and articles: RSA Conference 2018 coverage Check out what you missed at the infosec event of the year. Real-time detection of consumer IoT devices participating in DDoS attacks Could we detect compromised consumer IoT devices participating in a DDoS attack in real-time and do someting about it? A group of researchers Princeton University have presented some encouraging results showing that the first part of … More

The post Week in review: New Cybersecurity Framework, Android patching issues, RSA Conference 2018 appeared first on Help Net Security.

The 10 Top Funded Cybersecurity Companies in the D.C. Metro Area

DCINNO - Your Source for Local Innovation

By Sam Sabin / DCCINO

Cybersecurity has long been said to be a hot industry in the D.C. metro area.

In a three-year period from 2011 to 2014, the D.C. metro area saw three cybersecurity acquisitions totaling $4.1 billion. And currently, there are more than 77,500 filled cybersecurity jobs in the D.C. metro area, and another roughly 41,700 job openings in the field, according to records maintained by the Commerce Department’s National Institute of Cybersecurity Education.

In February, CB Insights ranked the the top funded cybersecurity startups from each of the 50 states and the District of Columbia and found that Maryland’s Tenable Network Security was the second highest funded startup in the entire country. The company, which is reportedly exploring an IPO, fell behind California-based Tanium.

But, outside of Tenable, what are the other companies making funding moves in the region? Using data from the Crunchbase Pro database, DC Inno sought out to answer that question.

DC Inno collected disclosed equity funding information on companies headquartered in either the D.C. metro area and identified themselves with one of the following industries: cybersecurity, security, compliance, network security and risk management. DC Inno also pulled from our own archives for news.

Here are the results:

1. Tenable Network Security: $300M

Considering the company’s recent hire of Morgan Stanley to explore a possible IPO, it might not come as a surprise that Tenable outranks everyone else in the region. Founded in 2002, the Columbia, Maryland-based company sells software used by businesses and governments to monitor cyber threats, such as those from unpatched software vulnerabilities. Customers include Amazon, Apple and JPMorgan Chase.

Tenable’s most recent funding round in November 2015 came in at $250 million, the largest cyber funding round in history.

2. Alarm.com: $163M

Before debuting on the public markets in 2016, Alarm.com had raised a significant sum of equity. The Vienna, Va.-based, Internet of Things software security company raised a Series B round of $136 million in 2012 with Palo Alto, Calif.-based TCV leading the round.

Now, Alarm.com trades on the Nasdaq. It started traded at $14 per share in June 2016, and it closed on Wednesday at $42.71 per share.

3. Cyren: $124.2M

Founded in 1991, the McLean, Va.-based cybersecurity company debuted on the Nasdaq in 1999; however, the company has still raised a fair amount of post-IPO equity in the years following. Cyren provides web, email, mobile and endpoint security protection products for the world’s largest iT companies.

Pre-IPO, Cyren raised at least one round of funding that was disclosed, coming in at $20 million. It last raised a post-IPO equity round in November.

4. LookingGlass Cyber: $108.7M

LookingGlass Cyber Solutions walked away from 2017 with one of the largest funding rounds in the D.C. metro area. In August, the Reston, Va.-based company raised a $26.3 million Series D round, including both debt and equity funding.

Founded in 2006, LookingGlass develops ScoutVision, a security product aimed at detecting and responding to any threats in a security network — often before the threat gets far enough to do any damage.

5. Endgame: $92.6M

Much like the name implies, Arlington, Va.-based Endgame focused on endpoint security solutions. Endgame relies on machine learning and data science to prevent and detect attacks at every stage of an attack.

Endgame last received funding in the form of a contract with the U.S. Air Force valued at $18.8 million. As a result, Endgame’s technology was deployed across thousands of internal Army computers operated by military cyber protection teams.

6. Savi Technology: $82.5M

Founded in 1989, Alexandria, Va.-based Savi Technology creates tools allowing companies and military personnel to track packages and cargo in realtime. For most of its lifespan, Savi functioned as a government solutions option and federal contractor. Recently, it’s started catering to other enterprise clients outside of the government.

In 2012, Savi spun out from Bethesda-based Lockheed Martin to expand into its own business. In 2015, the company raised $15 million to expand its offerings beyond the Department of Defense and into commercial and industrial markets.

7. AppGuard: $80M

Owned by Japan’s Blue Planet-works, Chantilly, Va.-based AppGuard develops technology to prevent security breaches that might be too nuanced for traditional anti-virus software, including fileless malware, botnets, polymorphic malware, ransomware and more.

The company last raised $30 million in funding in September from Japan’s JTB Corporation. The funding was used to complete an acquisition of secure video messaging service KeepingTree.

8. Sonatype: $74.7M

Fulton, Md.-based Sonatype was founded in 2008, and the company counts notable firms like New Enterprise Associates, Accel Partners, Hummer Winblad Venture Partners and Goldman Sachs as investors.

In February 2016, Sonatype raised $30 million, led by Goldman Sachs, in a mix of equity and debt financing. The company, which creates an automated, policy-driven component security product, counts 12 of the top 15 North American banks as clients.

9. Fugue: $73.7M

Frederick, Md.-based Fugue is also among the cyber startups that walked out of 2017 with one of the largest funding rounds of the year. In January 2017, the company scored a $41 million Series D round led by New Enterprise Associates.

Founded in 2012, Fugue creates a product aimed at simplifying cloud-based work and the infrastructure it’s housed in. To give a sense of its scale, the product was first used to operate workloads found on Amazon Web Services.

10. Mandiant: $70M

Alexandria, Va.-based security startup Mandiant was acquired in 2014 by FireEye in a $1 billion deal, and, at that price point, it’s a given that the company raised a fair sum before exiting.

Past investors include Kleiner Perkins Caufield & Byers and One Equity Partners, an investment arm of JPMorgan Chase. Mandiant, before being folded into FireEye, provided products, professional services and education to numerous Fortune 500 companies, government agencies and financial institutions.

Daniel Ebrahimi
Media Associate
703-877-8105

W2 Communications
8200 Greensboro Drive, Suite 1450
McLean, Va 22102


Source: https://www.americaninno.com/dc/funding-dc/the-10-top-funded-cybersecurity-companies-in-the-d-c-metro-area/

The post The 10 Top Funded Cybersecurity Companies in the D.C. Metro Area appeared first on LookingGlass Cyber Solutions Inc..

Energy security pros worry about catastrophic failure due to cyberattacks

70 percent of energy security professionals are concerned that a successful cyberattack could cause a catastrophic failure, such as an explosion, a recent survey has shown. Of the 151 IT and operational technology (OT) security pros at energy and oil and gas companies that were polled, 97 percent are concerned that attacks could cause operational shutdowns, and 96 percent believe they could impact the safety of their employees. Respondents were also asked about their organizations’ … More

The post Energy security pros worry about catastrophic failure due to cyberattacks appeared first on Help Net Security.

When BEC scammers specialize

A group of BEC scammers has been focusing its efforts on the global maritime shipping industry, compromising emails accounts and attempting to trick targets into delivering considerable sums to bank accounts set up by the group. Secureworks researchers have been tracking the group’s activities for quite a while and have been warning the targets. They estimate that between June 2017 and January 2018, the scammers attempted to steal a minimum of $3.9 million U.S. dollars … More

The post When BEC scammers specialize appeared first on Help Net Security.

Customized IOCs, intelligence and SOC automation for orgs of every size

CrowdStrike announced at RSA Conference 2018 that it has expanded the capabilities of the CrowdStrike Falcon platform by introducing a new threat analysis subscription module, CrowdStrike Falcon X. The output of this analysis is a combination of customized indicators of compromise (IOCs) and threat intelligence designed to help prevent against threats your organization faces now and in the future. Falcon X produces IOCs for both the threat that was actually encountered in your organization and … More

The post Customized IOCs, intelligence and SOC automation for orgs of every size appeared first on Help Net Security.

Watch out for and report malicious Russian cyber activity

The UK & US Governments have issued a joint Technical Alert  advising all businesses – public and private sector, critical infrastructure providers, and ISPs supported them – to review their network security and report back on any signs of malicious cyber activity carried out by or on behalf of the Russian Government.

 This first joint security statement, Government officials said they had “high confidence” that Russian state-sponsored cyber actors was behind the “broad campaign” to compromise network hardware devices such as routers, switches, firewalls, and the Network Intrusion Detection System (NIDS).

By compromising these devices, the cyber criminals are able to redirect traffic, steal valuable information, and have a staging post for future offensive activity. Multiple sources, including private and public-sector cyber security research organisations and allies, have reported this activity to the U.S. and UK governments.

Businesses of all sizes are advised to read the Technical Alert and act on the recommendations. The alert contains details of Indicators of Attack (IoA) on the networks of compromised victims. Any signs of compromise should be reported to DHS, FBI, NCSC or law enforcement immediately.

Ciaran Martin, CEO of the National Cyber Security Centre said:

“This is the first time that in attributing a cyber attack to Russia the U.S. and the UK have, at the same time, issued joint advice to industry about how to manage the risks from the attack. It marks an important step in our fight back against state-sponsored aggression in cyberspace.

Guards all the doors and holds all the keys

Network devices are ideal targets, as the majority of organizational and customer traffic must traverse these critical devices. Any cyber criminal with access to these devices can monitory, modify, deny and redirect traffic as desired. This coupled with a lack of regular updates, as once installed network devices are often neglected when assumed to be working correctly, often only receiving attention when a fault arises, means a complete layer of corporate security could be bypassed without knowing.

 Mitigation Strategies

There is a large amount of publicly available cybersecurity guidance and best practices from NCSC, DHS, device vendors, and the cybersecurity community on mitigation strategies.

The advice given to firms in Technical Alert TA18-106A includes ways to configure their systems correctly and how to apply patches to address hardware vulnerabilities.

  • Review network device logs and data for indications of compromise on all network device hosts.
  • Do not allow unencrypted management protocols to enter an organization from the Internet.
  • Harden the encrypted protocols based on current best security practice.
  • Do not allow Internet access to the management interface of any network device.
  • Immediately change default passwords and enforce a strong password policy.
  • Apply software updates and security patches to all devices.

Also ensure a reputable Endpoint Detection and Response solution is in place across the network, such as Panda Adaptive Defense, to mitigate attacks should your network devices be compromised.

See It. Say It. Sorted.

 

The post Watch out for and report malicious Russian cyber activity appeared first on Panda Security Mediacenter.

NIST releases Cybersecurity Framework 1.1

The US Commerce Department’s National Institute of Standards and Technology (NIST) has announced at RSA Conference 2018 the release of version 1.1 of its popular Framework for Improving Critical Infrastructure Cybersecurity, more widely known as the Cybersecurity Framework. The framework was developed with a focus on industries vital to national and economic security, including energy, banking, communications and the defense industrial base. It has since proven flexible enough to be adopted voluntarily by large and … More

The post NIST releases Cybersecurity Framework 1.1 appeared first on Help Net Security.

WinMagic’s Latest Software Delivers Unified Encryption And Key Management With A Single Pane Of Glass

The ISBuzz Post: This Post WinMagic’s Latest Software Delivers Unified Encryption And Key Management With A Single Pane Of Glass appeared first on Information Security Buzz.

WinMagic, a leading encryption solutions provider, today announced the launch of its latest software release, SecureDoc 8.2.  Purpose-built for a new, unified approach to encryption and key management, SecureDoc 8.2 will enable industry-leading data security across endpoints, data centres, hyper-converged infrastructures and into the cloud – and view it all from a Single Pane of Glass.

For over 20 years WinMagic has built and continually evolved SecureDoc Enterprise Server to meet the needs of evolving enterprises.  From its early years as a full disk encryption provider to a recent shift into protecting virtualised and cloud environments, WinMagic is constantly improving its software solutions to deliver comprehensive and unified encryption to simplify data security for customers, from small businesses to Fortune 500 enterprises and everything in between.  The launch of SecureDoc 8.2 represents another step forward for its suite of SecureDoc encryption solutions.  In fact, in recognition of its innovation towards meeting the next generation of data security challenges, WinMagic was earlier this week awarded the Cyber Defense Magazine InfoSec Award for Cloud Security – Next Gen.

“SecureDoc 8.2 enables a fundamental shift in how our customers will control and manage their encryption and keys,” says Thi Nguyen-Huu, CEO, WinMagic.  “Our unique Single Pane of Glass provides true unification between our endpoint and cloud security platforms, giving customers a single point to view their entire encrypted environment, from endpoints to IoT, even servers and virtual machines in mixed cloud environments – all on one screen.”

WinMagic’s SecureDoc 8.2 software release introduces a rich interactive dashboard that helps organisations save critical time and operational costs by unifying auditing and reporting across their complex, hybrid infrastructure into a single report.  The dashboard provides unified visibility into the encryption status of endpoints and cloud Virtual Machines (VM), generates audit reports from all supported platforms and puts them on one screen, speeds time-to-market for virtualised applications, and lowers development cost through access to data from all supported platforms.

SecureDoc 8.2 also contains a wide range of new and improved features for customers that help them to simplify deployments, adopt flexible encryption options, and improve data-centric security across the organisation.

 

The ISBuzz Post: This Post WinMagic’s Latest Software Delivers Unified Encryption And Key Management With A Single Pane Of Glass appeared first on Information Security Buzz.

Identity-as-a-Service for hybrid customer environments

OneLogin is showcasing enhancements to its Identity-as-a-Service (IDaaS) cloud platform, including the OneLogin Desktop experience, LDAP, and RADIUS capabilities, at RSA Conference 2018, in continued efforts to serve the sophisticated Access Management needs of modern enterprises. As customers digitally transform, OneLogin makes it simpler and safer for organizations to access the apps and data they need anytime, anywhere. OneLogin’s Unified Access Management Platform (UAM) is purpose-built for hybrid customer environments, allowing companies of any size … More

The post Identity-as-a-Service for hybrid customer environments appeared first on Help Net Security.

Organizations are becoming more resilient to focused cyber attacks

Accenture has polled 4,600 security decision makers at US$1B+ companies in 15 countries to understand the effectiveness of security efforts and the adequacy of existing investments. The survey has shown that, while the average number of focused cyberattacks per organization has more than doubled this year compared to the previous 12 months (232 vs 106), organizations are demonstrating far more success in detecting and blocking them. They are now preventing 87 percent of all focused … More

The post Organizations are becoming more resilient to focused cyber attacks appeared first on Help Net Security.

Stealth network traffic analysis appliance automates defense actions

LookingGlass Cyber Solutions announced at RSA Conference 2018 the general availability of the LookingGlass IRD-100 (Intelligence Response and Deception) security appliance. This fully programmable, custom stealth hardware is invisible to adversaries’ view of corporate and government networks. Designed to run in-line with low latency, the appliance creates a new point of control by using real-time traffic analysis. Performing these actions invisibly at line speeds across enterprise networks is made possible by the IRD-100’s unique Titan … More

The post Stealth network traffic analysis appliance automates defense actions appeared first on Help Net Security.

How attackers can exploit iTunes Wi-Fi sync to gain lasting control of target devices

An iOS feature called iTunes Wi-Fi sync, which allows a user to manage their iOS device without physically connecting it to their computer, could be exploited by attackers to gain lasting control over the device and extract sensitive information from it. The vulnerability was discovered by Symantec researchers, disclosed to Apple and now to the RSA Conference 2018 attendees and the wider public. Apple has implemented a mechanism that should prevent easy exploitation of the … More

The post How attackers can exploit iTunes Wi-Fi sync to gain lasting control of target devices appeared first on Help Net Security.

Cisco plugs critical hole in WebEx, users urged to upgrade ASAP

Cisco has fixed a critical vulnerability in its WebEx videoconferencing software that could be exploited to compromise meeting attendees’ systems by simply opening a booby-trapped Flash file shared in a meeting. About the vulnerability (CVE-2018-0112) The flaw is due to insufficient input validation by the Cisco WebEx clients, and affects Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server. (The Cisco WebEx Business Suite (WBS) meeting services and Cisco WebEx Meetings … More

The post Cisco plugs critical hole in WebEx, users urged to upgrade ASAP appeared first on Help Net Security.

Pedro Uría: “The challenge for cybersecurity in the future won’t be malware”

The European cybersecurity summit is just a few weeks away. On May 18, the Panda Security Summit (PASS2018), a key date for European CISOs and CIOs, will be held in Madrid.

The event will see experts from companies such as Gartner or Deloitte offering their perspectives and analyzing the global cybersecurity panorama and trends in protection and threats. Attendees will also be able to see the workings of PandaLabs -our laboratory where the cyberdefense techniques are coordinated- through the eyes of its director, Pedro Uría. We have spoken to Pedro to get a preview of his talk, in which he will explain how to keep organizations protected, secure and resilient when malware is no longer a problem.

What’s the biggest challenge facing organizations and companies with respect to computer security today?

The biggest challenge is to make them aware that the security of their IT assets is critical and that they face a constant risk of attack. According to the INCIBE, Spain witnessed a record number of cyberattacks in 2017 with more than 120,000 incidents, a 140 percent increase in just two years. The forecast is for this figure to rise in 2018, and with more complex attacks.

What can we learn from security breaches based on vulnerabilities, such as Equifax?

That no organization is safe from cybercriminals. The use of vulnerabilities to infiltrate a company’s systems is a common technique. This case is the largest leak of personal information data ever known. Hackers stole the data of 147.9 million Americans.

Zero-day vulnerabilities are traded on the Deep Web and are a highly successful vector of silent attacks for criminal organizations. For example, Microsoft has just released an urgent patch for this type of critical vulnerability in the Windows Defender antivirus on Windows 10. As you can see, not even organizations such as Microsoft are secure on such critical issues as its antivirus.

Malwareless attacks and attacks without files are new trends, how can organizations and governments combat them?

The challenge for the future of cybersecurity lies not in malware, but in hackers. They are expert, highly-trained cybercriminals with resources, capable of compromising a system in an organization without being detected as they don’t use malware or files that could give them away.

To combat them, companies have to protect each and every one of their IT systems with an advanced cybersecurity solution able to constantly monitor in real time what happens on every computer. They must also be able to ascertain whether actions taken are genuinely legitimate, even though they are performed with legitimate applications or without malware.

How can we achieve resilience in the face of malware attempts to evade the scanning of security solutions?

To achieve cyber-resilience, all of the organization’s IT resources must be protected with an advanced security solution capable of detecting, preventing and remedying attacks. Similarly, the solution has to monitor in real time all processes and actions taken by users locally on the physical computer. This requires the monitoring, supervision and attestation of all processes and actions by a specialized team of experts, like the PandaLabs team.

It is also important to educate managers, workers and contractors to prevent them from being tricked into becoming an unwitting vector for attacks.

We talk about keeping organizations secure, protected and resilient when malware is no longer a problem. Have we already reached that level of protection or is malware still the main problem for companies?

It depends to a large extent on how mature a company is in terms of the importance given to cybersecurity, and the advanced protection solution it uses to protect its infrastructure.

For Panda Security, malware is no longer a problem thanks to the high visibility we have with our advanced solution, Panda Adaptive Defense and the model for classifying 100 percent of the processes that run on the endpoints we are monitoring. Thanks to this, we are able to anticipate attacks and protect the systems of the companies that place their trust in us.

Similarly, the Threat Hunting service, delivered through the Panda Adaptive Defense platform, is focused on discovering new threats, including malwareless attacks.

For other companies, malware continues to represent a big problem. Every day there is more malware, the number of incidents is greater and the trend for 2018 is set to see an increase in the volume and complexity of attacks.

Want to see real cases of attackers uncovered by PandaLabs? Don’t miss Pedro Uría’s talk at #PASS2018!

 

The post Pedro Uría: “The challenge for cybersecurity in the future won’t be malware” appeared first on Panda Security Mediacenter.

Botnets Remain A Persistent Cyber Threat

The ISBuzz Post: This Post Botnets Remain A Persistent Cyber Threat appeared first on Information Security Buzz.

CenturyLink tracked 104 million unique botnet targets per day in 2017

Businesses, governments and consumers should pay more attention to the risk posed by botnets, according to a new threat report released by CenturyLink, Inc. (NYSE: CTL).

In 2017, CenturyLink Threat Research Labs tracked an average of 195,000 threats per day impacting, on average, 104 million unique targets – from servers and computers to handheld or other internet-connected devices – due to the work of botnets.

“Botnets are one of the foundational tools bad actors rely on to steal sensitive data and launch DDoS attacks,” said Mike Benjamin, head of CenturyLink’s Threat Research Labs. “By analysing global botnet attack trends and methods, we’re better able to anticipate and respond to emerging threats in defense of our own network and those of our customers.”

Key Observations

  • Geographies with strong or rapidly growing IT networks and infrastructure continue to be the primary source for cybercriminal activity.
    • The top five countries by volume of global malicious internet traffic in 2017 were the United States, Russia, China, Brazil and Ukraine.
    • The top five countries hosting the most command and control servers (C2s), which amass and direct botnets, were the United States, Russia, Ukraine, China and Germany.
  • While countries and regions with robust communication infrastructure unknowingly supplied bandwidth for IoT DDoS attacks, they also represented some of the largest victims based on attack command volume.
    • The top five target countries of bot attack traffic were the United States, China, Germany, Russia and the United Kingdom.
    • The top five countries by volume of compromised hosts or bots were the United States, China, Brazil, the United Kingdom and Germany.
  • Mirai and its variants have been the focus of consistent news coverage, but in 2017, CenturyLink Threat Research Labs witnessed Gafgyt attacks affecting more victims and with noticeably longer attack durations.

Key Facts

  • CenturyLink collects 114 billion NetFlow records each day, capturing over 1.3 billion security events daily and monitoring 5,000 known C2 servers on an ongoing basis.
  • CenturyLink responds to and mitigates roughly 120 DDoS attacks per day and removes nearly 40 C2 networks per month.
  • The scope and depth of CenturyLink’s threat awareness is derived from its global IP backbone, one of the world’s largest. This critical infrastructure supports CenturyLink’s global operations and informs its comprehensive suite of security solutions, including threat detection, secure log monitoring, DDoS mitigation and network-based security solutions.

The ISBuzz Post: This Post Botnets Remain A Persistent Cyber Threat appeared first on Information Security Buzz.

LocalBlox found leaking info on tens of millions of individuals

LocalBlox, a US-based data technology company that “crawls, discovers, extracts, indexes, maps and augments data in a variety of formats from the web and from exchange networks” and ties it all together to create profiles on individuals that contain personal, business and consumer data for marketing purposes, has been found leaking information on tens of millions of individuals. The discovery was made by UpGuard researcher Chris Vickery, who stumbled upon the unsecured Amazon Web Services … More

The post LocalBlox found leaking info on tens of millions of individuals appeared first on Help Net Security.

Cyber CFO: The Next Top Finance Job?

strategic finance

Strategic Finance, Ramona Dzinkowski, April 1, 2018

In a world where the ever-evolving global economy requires the CFO to wear a multitude of hats, there’s another one to add to the rack: “cyber CFO.” While cyber risk is nothing new, the magnitude of the disruption has grown exponentially, and the role of the CFO is changing accordingly.

IBM Security and Ponemon Institute report that in 2017 the average total organizational cost of a data breach involving the exposure of customer or personnel data in the United States was $7.35 million, according to the “2017 Cost of Data Breach Study: Global Overview.” As we know, however, some companies experienced far more severe losses.

The most dramatic of these was Equifax. In 2017, the credit monitoring firm reported that a data breach of highly sensitive information—including birth dates, addresses, credit card numbers, and Social Security numbers—impacted roughly 145.5 million people in the U.S. Company reports indicated that hackers accessed data between mid-May and July through a vulnerability in a web application. While final costs to Equifax are still being tallied, the initial financial impact of the breach was a 12-month decline in net income of 27%.

Meanwhile, another hack, called WannaCry, infected the computer systems of large multinational companies such as FedEx and Nissan and institutions around the globe, including colleges in China. As a result, some companies paid bitcoin ransoms while others lost core operations. Nevertheless, other, more serious impacts were felt by the wider public: Clinics and hospitals in the U.K. suffered a massive outage, causing delays in surgeries; telephone service in France was disrupted; train travel was affected in Germany; and the Brazilian Ministry of Foreign Affairs had untold interruptions in its internet services.

A GLOBAL HEADACHE
In its 2017 survey of 92 U.S. companies, Willis Towers Watson found that one in five companies had suffered a cyber breach in the last year. In many cases, the companies themselves may have been to blame, the survey indicated. For instance, 16% of respondents reported incidents in which senior leaders put confidential information at risk over the last three years.

Two-thirds of the respondents surveyed see cyber risk as a fundamental challenge to their business, and 85% view cybersecurity as a top priority for their companies. Nevertheless, many have been slow to take defensive positions: Half of the companies surveyed by Willis Towers Watson have implemented various risk management activities but haven’t formally articulated a cyber strategy. In fact, only one in nine firms has adopted written objectives and goals for its cyber risk program.

This is about to change. The same study shows that the vast majority (85%) of companies will embed a culture of cyber risk management within three years, and 72% will improve business and operating processes within the same time frame to bolster cybersecurity. (For more information, see “Decoding Cyber Risk: 2017 Willis Towers Watson Cyber Risk Survey” at http://bit.ly/2u1KZGo.)

While the role of the CFO in this arena is still a moving target, many observers are calling for the finance chief—not the CIO or chief risk officer—to lead the charge in ensuring company data is safe and that investors are well informed about any risks related to cyber attacks and data security. As Steve Vintz, CFO of Tenable, a cyber risk management solutions company based in Columbia, Md., comments in a recent Harvard Business Review article, “Given the increasingly new relationship between cyber risk and financial risk, the CFO should ultimately be accountable for cyber risk.” (See “CFOs Don’t Worry Enough About Cyber Risk” at http://bit.ly/2DHB2Ny.)

IT’S THE LAW

The European Union (EU) has recently undertaken measures to ensure that preventing cyber risk becomes the CFO’s responsibility.

In May 2018, the EU’s newly inked General Data Protection Regulation (GDPR) takes effect. Violations of these rules that result in data breaches could cost companies up to €20 million in fines or 4% of global annual turnover for the preceding financial year—whichever is greater. The provisions of the GDPR draw a straight line between a company’s data risk management practices and the office of the CFO. (For more on the GDPR, see “Does the GDPR Apply to You?)

In response to the increased incidence of cyber risk in the U.S., the Securities & Exchange Commission (SEC) is also taking measures to ensure cyber risk governance and disclosure are top priorities for CFOs. On February 21, 2018, the SEC published updated guidance on how public companies should disclose cybersecurity risks and data breaches, broadening the scope of disclosure from its initial 2011 rule and strengthening the relationship between cyber risk, financial risk, and the company’s ongoing viability.

The SEC extended this guidance to risk factors that may arise in connection with acquisitions (a potentially huge risk analysis and disclosure assignment across the board) and suggested that companies “consider the impact of such incidents on each of their reportable segments.” (A summary of the new requirements can be found in “A Duty to Disclose.”)

While this appears to be a significant step forward in terms of protecting investors, more disclosure around cyber risk has thus far received little support from the corporate community.

The uptake has been slow for a variety of possible reasons, not the least of which might be the potential negative impact on corporate brands and investor perceptions. In fact, three professors at Creighton University in Omaha, Neb.—Edward A. Morse, Vasant Raval, and John R. Wingender, Jr.—recently found that disclosing cyber risks in company 10-K and 10-Q filings has had a negative impact on company share prices. (Their article, “SEC Cybersecurity Guidelines: Insights into the Utility of Risk Factor Disclosures for Investors,” was published in the Winter 2017/2018 issue of The Business Lawyer.)

The authors examined the filings of roughly 200 companies with publicly traded common stock that made their first cybersecurity-related risk disclosure pursuant to the SEC’s 2011 rule. The data revealed a significant decline in share values post-disclosure. “Rather than viewing disclosure as a positive signal of management attentiveness, investors apparently viewed it as a cautionary sign,” the authors concluded.

GREAT(ER) EXPECTATIONS

Given time, however, investors will come to view cybersecurity efforts in a positive light, predicts Stewart Curley, CFO of LookingGlass Cyber Solutions, a global cybersecurity and intelligence company based in the U.S. He explains that investors will eventually come to understand the evolving regulatory environment, which will compel more disclosure, not less. “With increased regulation around cyber risk,” he says, “companies are clearly moving towards improving corporate governance, and over time this will be the norm. In my view, investors will also demand a greater understanding of risk across the entire supply chain.”

For example, in New York State, the new Stop Hacks and Improve Electronic Data Security (SHIELD) Act requires companies that handle sensitive data to adopt comprehensive programs to not only monitor and report on their own security position but also on the positions of their major suppliers. Similarly, covered entities that are regulated by New York banking, insurance, and finance laws are required to have a written cybersecurity program that extends to the management of vendors and third-party service providers. Companies that meet or exceed the state’s measures can qualify to receive safe harbor from enforcement actions under the SHIELD Act.

The rationale for extending accountability beyond company borders is clear. “You can have everything buttoned down neatly, but if you’re working with a trusted contractor or other entity that doesn’t have that same level of security, you’ve created a significant risk,” Curley notes. These new regulations, he explains, require companies to think beyond their own networks into the extended networks they work with.

THE CALL TO ACCOUNTANTS

Not only are improvements in cyber risk management and disclosure being driven by regulatory bodies, but they’re being ingrained in accounting training and standardized practice as well. According to a February 2016 joint study by IMA® (Institute of Management Accountants) and ACCA (Association of Chartered Certified Accountants) titled “Cybersecurity—Fighting Crime’s Enfant Terrible,” “What is needed, but is still often lacking, is a strategic approach to mitigating cybercrime risks.” Accordingly, IMA and ACCA recommend that accountants and finance professionals play a leading role. More specifically, this role would include:

Creating reasonable estimates of financial impact that different types of cybersecurity breaches will cause so that a business can be realistic about its ability to respond to an attack and/or recover from it.

Defining risk management strategy and helping businesses establish priorities for their most valuable digital resources in order to implement a “layered” approach to cybersecurity.

Following closely the work of governments and various regulators in order to have clear, up-to-date information on relevant legislation and on requirements for adequate disclosure and prompt investigation of cybersecurity breaches.

In April 2017, in an effort to provide a consistent reporting platform, the American Institute of CPAs (AICPA) unveiled its cybersecurity risk management reporting framework. As AICPA Executive Vice President for Public Practice Susan S. Coffey points out, “While there are many methods, controls, and frameworks for developing cybersecurity risk management programs, until now there hasn’t been a common language for companies to communicate about, and report on, these efforts.” (AICPA press release, April 26, 2017)

And in November 2017, the Public Company Accounting Oversight Board (PCAOB) cautioned that it will turn a spotlight on audit quality related to cyber risk, reminding auditors that it’s important to consider whether there are cybersecurity risks that could affect the accuracy and completeness of financial statements and whether there are any implications for internal controls over financial reporting.

A COMPETITIVE ADVANTAGE?

According to Richard Swinyard, managing partner and CFO at Computer Integrated Services (CIS), a U.S.-based identity and access management and network security firm, the heavy focus on data security and compliance in the audit world is something that should be driving CFO behavior. At the same time, he adds, “If people can show that they’re ahead of the curve—that they’re going slightly above requirements—it can be a real competitive advantage.”

Yet CFOs still have a long way to go to get up to speed with this evolving cyber risk management and reporting ethos, says Stewart Curley, who believes there’s still some naïveté around cybersecurity. “A lot of CFOs feel that they have basic protections in place that will take care of cyber risk, not realizing that they really need to move to much more sophisticated defenses to keep up with the skills of the attackers.

“Many companies also rely too much on [data protection] insurance,” he adds, “whereas there needs to be more focus on remediation.”

CFOs also need to be forward-looking when it comes to cyber risk and not rely on compliance alone as an effective tool against cyberattacks, Curley warns. “When it comes to the cloud, for example, companies rely too much on the effectiveness of third-party audits. I’ve certainly seen times over my career where companies have met all the technical requirements from a compliance standpoint, but still had some pretty big holes that hackers could get into. Companies need to focus more on the real vulnerabilities that they have, and maybe less on the compliance or paper documentation that makes it look like they’re doing the right things.”

For a CFO, this means understanding not only the constantly changing regulatory environment but the cyber risk implications of the company’s investments in new technologies as well. According to Swinyard, although not firmly under the banner of the CFO, “we’re increasingly seeing the shift of responsibility there, or at least joint responsibility between the CFO and the chief technology officer of the company.”

Swinyard likens the evolving relationship in the cyber risk space to the one that evolved as a result of cloud computing. “If we go back five years, CFOs were being told, ‘We’re moving to the cloud because it’s going to save us money.’ Suddenly, we had to start working more closely with CIOs to figure out how we were going to implement cloud-based strategies. I think cybersecurity has become the next phase in this business relationship.”

THE AUDIT FACTOR

Another reason cyber risk management is migrating toward the office of the CFO is because of ever-changing and potential future audit and reporting requirements. Swinyard notes, “We have seen companies being told they have a going concern risk (especially after cyber attacks) because they don’t have tried and tested business-continuity programs in place and/or because they had no strategies around employee identity and access management or testing for and managing vulnerabilities to cybersecurity attacks.” He adds that this goes to the heart of the CFO’s job. “What CFO wants to have an independent expert report that goes externally or to their board of directors and says, ‘We found all these control deficiencies and weaknesses within this company on their watch’?”

But the biggest challenge when it comes to the CFO’s role is climbing the learning curve and then putting the math to it, Swinyard says. “The key is building the knowledge to be comfortable when making decisions on what’s acceptable financially. There is a fine balance that is hard to strike—you don’t want to leave yourself exposed because you’ve done too little or in financial distress because you’ve spent too much.” That’s particularly true for small and medium-sized businesses, he notes.

Whether CFOs are increasingly involved in cyber risk management because of potentially devastating exposure to cyberattacks (read: Equifax), the evolving regulatory and audit environment that’s driving changes in reporting and disclosure around the world, or the framework guidance emerging from the accounting bodies, one thing is clear: Companies will continue to look to their finance chiefs for broad-based leadership. The decade of the cyber CFO is truly here!


Source: http://sfmagazine.com/post-entry/april-2018-cyber-cfo-the-next-top-finance-job/

The post Cyber CFO: The Next Top Finance Job? appeared first on LookingGlass Cyber Solutions Inc..

In preparation for the GDPR, CoSoSys launches Endpoint Protector 5.1

CoSoSys announced the latest update of its award-winning flagship Data Loss Prevention product, Endpoint Protector 5.1, which brings added functionalities to key features and a boost for GDPR compliance. With only a few weeks to go until the EU’s General Data Protection Regulation (GDPR) comes into force on May 25th, companies on both sides of the Atlantic serving European customers are rushing to reach compliance before time runs out. Placing a heavy emphasis on protecting … More

The post In preparation for the GDPR, CoSoSys launches Endpoint Protector 5.1 appeared first on Help Net Security.

Stealth Security Appliance Levels The Cyber Battlefield

Sensors Online

Sensors Online, Matthew Dirjish, April 18, 2018

LookingGlass Cyber Solutions introduces the LookingGlass IRD-100 (Intelligence Response and Deception) security appliance. The IRD-100 is purposefully-built and optimized to change the digital battlefield by actively disrupting adversary activities and forcing them to overcome a deeper level of visibility and control.

The fully programmable, custom stealth hardware is invisible to an adverse view of corporate and government networks. Designed to run in-line with low latency, the appliance creates a new point of control by using real-time traffic analysis. Performing these actions invisibly at line speeds across enterprise networks is made possible by the IRD-100’s unique Titan IC components, including a high-performance processing engine.

Inside the IRD-100, a Deep Packet Processing Module (DPPM) installed on a fully programmable blade with the Titan IC high-performance RegEx processing engine delivers rapid responses to changing network and security challenges. Real-time, deep packet inspection of network traffic occurs at line speed for layers 2 through 7, allowing fully-automated security mitigation against identified threats. A convenient internal server gives IRD-100 users flexible local and centralized management functions, without the hassle of setting up additional, dedicated equipment.

Users have the option of configuring the IRD-100 to implement customized, automated defense actions to rapidly prevent malicious intrusions and system compromises, such as masking attackers’ view of vulnerable applications and data, or manipulating traffic to deny malicious programs the connectivity and access they need to function. For more details, visit LookingGlass and Titan IC Systems.


Source: https://www.sensorsmag.com/embedded/stealth-security-appliance-levels-cyber-battlefield

The post Stealth Security Appliance Levels The Cyber Battlefield appeared first on LookingGlass Cyber Solutions Inc..

Open-source library for improving security of AI systems

IBM researchers have created the Adversarial Robustness Toolbox, an open-source library to help researchers improve the defenses of real-world AI systems. Attacks against neural networks have recently been flagged as one of the biggest dangers in our modern world where AI systems are increasingly getting embedded in many technologies we use and depend on daily. Adversaries can sometimes tamper with them even if they don’t know much about them, and “breaking” the system could result … More

The post Open-source library for improving security of AI systems appeared first on Help Net Security.

Honeypot Project Reveals How Hackers Use Bots To Break Into Networks

The ISBuzz Post: This Post Honeypot Project Reveals How Hackers Use Bots To Break Into Networks appeared first on Information Security Buzz.

A new project from Cybereason, where the team created a fake company as a honeypot to trick the bots commonly used by hackers to initiate attacks.

The honeypot took the form of a fake financial company with weak security, and it was discovered and breached by bots almost instantly. The team monitored the intruders to gain some interesting insight into how attackers are using bots – with one notable example entering the network within 2 hours and performing 80% of the tasks required for a hack in less than 15 seconds.

As well as demonstrating how automation can quickly overwhelm security teams, the honeypot also revealed how attackers would case the target and then return a few days later to extract the data. Overall, more than 4gb of fake data was stolen.

Brief details of the project below.

No one likes grunt work, including attackers, who have turned to botnets to automatically handle menial tasks like exploiting vulnerabilities. If exploit automation wasn’t enough of a concern for security teams, this technique has grown even more potent with attackers using botnets that can automatically exploit vulnerabilities, create backdoors, dump passwords, conduct network reconnaissance, and laterally move in seconds. That finding comes from Cybereason researchers who analyzed the data collected in a honeypot that masqueraded as a financial services company.

The project had three phases that lead to unique findings. First, the team released usernames and passwords for the Remote Desktop Protocol for three servers in the network in dark markets and paste sites to see how suspicious hackers have become of the forums that were once thriving with illicit activity. Second, the team created additional RDP services that had weak passwords to see how quickly botnets would compromise the service and what they did once they had access. Finally, we opened up several other services to see which ports were scanned the most and if there was a large difference in functionality once they broke in.  

BOTNETS HANDLE THE HARD WORK

While there was a lot of rudimentary activity across all the services, one of the most interesting botnets was observed less than two hours after weakening the RDP ports.  This botnet performed the groundwork for human attackers before they entered an environment, handling tasks exploiting known vulnerabilities, scanning the network and dumping the credentials of compromised machines. The botnet also created new user accounts, which would allow the attackers to access the environment if the users of the compromised machines changed their passwords. And the botnet carried out these functions in approximately 15 seconds.

For defenders, automatic exploitation in a matter of seconds means they’ll likely be overwhelmed by the speed at which the botnet can infiltrate their environment. The increasing automation of internal network reconnaissance and lateral movement is an even larger concern. These tools will drop the average dwell time of an attacker from a couple of hours to a couple of minutes. Additionally, the versatility of the botnet changes the threat significantly. The security industry is use to seeing worms self replicate and perform one or two tasks. Take NotPetya and Olympic Destroyer, two prominent nation-state attacks from 2017. They mainly had three functions: replicate, move, and destroy. By comparison, the botnet that attacked the honeypot is designed to give full access to every machine it touches and spread throughout the entire network.

Two days after the third botnet finished its work, a human attacker entered the environment. Cybereason researchers knew it was a human because the attacker logged in with a user account created by the botnet. Also, a user interface application was opened and remote access capabilities were accessed, functions not typically carried out by bots. The attacker already had a roadmap to the environment and wasted no time creating an exfiltration capability and siphoning off 3GB of information. This data was junk files with little value to any criminals, which is why the stolen data never appeared on the dark Web.

This honeypot experiment revealed the commoditization of using bots to perform low-level tasks. At one time, only advanced attackers had this capability. But as tools that were once used by only sophisticated adversaries become more generally available, even novice attackers now have this capability. For example, the botnet that laid the groundwork for human adversaries attacked the honeypot just two hours after we added new data. This means that using bots to automatically exploit vulnerabilities is more prevalent than anticipated. The use of this technique proves that the operational profile of attackers is changing with less sophisticated attackers having access to tools that were once reserved for their more advanced counterparts.

The ISBuzz Post: This Post Honeypot Project Reveals How Hackers Use Bots To Break Into Networks appeared first on Information Security Buzz.

Researchers propose scheme to secure brain implants

A group of researchers from KU Leuven, Belgium, have proposed a practical security scheme that would allow secure communications between a widely used implantable neurostimulator – an electrical brain implant used to treat a number of medical issues – and its external device programmer. Other researchers have already noted that motivated attackers could find ways to hack brain implants due to their poor or inexistent security, and have pointed out that, while the current risk … More

The post Researchers propose scheme to secure brain implants appeared first on Help Net Security.

Infrastructure-agnostic web app protection with virtual patching option

Signal Sciences announced the latest innovations for its Web Protection Platform. Its patented architecture provides security, operations and development teams with the visibility, security and scalability needed to protect against the full spectrum of threats their web applications now face, from OWASP Top 10 to account takeovers, API misuse and bots. Signal Sciences works across any architecture, providing the broadest coverage against real threats and attack scenarios as well as integrations into DevOps tools that … More

The post Infrastructure-agnostic web app protection with virtual patching option appeared first on Help Net Security.

Top tech firms pledge not to help governments launch cyberattacks

34 global technology and security companies have pledged not to aid governments launch cyberattacks and to protect all customers regardless of nationality, geography or attack motivation. The Cybersecurity Tech Accord The Cybersecurity Tech Accord is a watershed agreement among the largest-ever group of companies agreeing to defend all customers everywhere from malicious attacks by cybercriminal enterprises and nation-states. The 34 companies include ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, Datastax, Dell, DocuSign, Facebook, … More

The post Top tech firms pledge not to help governments launch cyberattacks appeared first on Help Net Security.

Photo gallery: RSA Conference 2018 Innovation Sandbox

The RSA Conference 2018 is underway at the Moscone Center in San Francisco. Here are a few photos from the Innovation Sandbox, where the 10 finalists – Acalvio Technologies, Awake Security, BigID, BluVector, CyberGRX, Fortanix, Hysolate, ReFirm Labs, ShieldX Networks, and StackRox – demonstrated their technology to conference attendees as well as a judging panel. This year’s winner is BigID.

The post Photo gallery: RSA Conference 2018 Innovation Sandbox appeared first on Help Net Security.

Anomali collaborates with Microsoft to integrate threat data

Threat management solutions provider Anomali announced a collaboration with Microsoft to integrate threat intelligence from the Anomali ThreatStream platform with the security insights customers can obtain from the new Microsoft Graph security API. The collaboration provides Microsoft and Anomali customers with the ability to correlate cloud service and network activity with adversary threat information. As the work progresses, the integration will provide a complete view of asset and user information from Graph providers allowing for … More

The post Anomali collaborates with Microsoft to integrate threat data appeared first on Help Net Security.

Photo gallery: CIO/CISO Interchange inaugural event

CIO/CISO Interchange, a new non-profit, non-commercial organization co-founded by Philippe Courtot, Chairman & CEO, Qualys, and the Cloud Security Alliance (CSA) was launched during RSA Conference 2018. The CIO/CISO Interchange is a private, invitation-only forum for discussions, debates and exchanges between CIOs, CTOs, CISOs and security experts centered around securing the digital transformation. There are no product pitches and no sales personnel, just frank talk on important security issues to help CXOs secure the digital … More

The post Photo gallery: CIO/CISO Interchange inaugural event appeared first on Help Net Security.

Researchers develop algorithm to detect fake users on social networks

Ben-Gurion University of the Negev and University of Washington researchers have developed a new generic method to detect fake accounts on most types of social networks, including Facebook and Twitter. According to their new study in Social Network Analysis and Mining, the new method is based on the assumption that fake accounts tend to establish improbable links to other users in the networks. “With recent disturbing news about failures to safeguard user privacy, and targeted … More

The post Researchers develop algorithm to detect fake users on social networks appeared first on Help Net Security.

Tech-skilled cybersecurity pros in high demand and short supply

The worldwide cybersecurity skills gap continues to present a significant challenge, with 59 percent of information security professionals reporting unfilled cyber/information security positions within their organization, according to ISACA’s new cybersecurity workforce research. The research is the result of polling 2,300+ cybersecurity professionals who hold ISACA’s Certified Information Security Manager (CISM) and/or Cybersecurity Nexus Practitioner (CSXP). Among the concerning trends revealed in part 1 of the ISACA State of Cybersecurity 2018 Report, released today at … More

The post Tech-skilled cybersecurity pros in high demand and short supply appeared first on Help Net Security.

Distributed security event correlation solution helps SOCs combat cyber-attacks

Micro Focus announced ArcSight Enterprise Security Manager (ESM) 7.0, the latest release of its solution that prioritizes security threats and compliance violations with real-time threat intelligence to quickly identify and impede potential cyber-attacks. Micro Focus ArcSight ESM 7.0 enables security operations centers (SOCs) to become agile, expand their cyber security footprint and respond quickly to evolving threats. By collecting, correlating, and reporting security event information at a massive scale (up to 100,000 correlated events per … More

The post Distributed security event correlation solution helps SOCs combat cyber-attacks appeared first on Help Net Security.

Cisco announces new endpoint and email security services

To combat the rise of advanced threats targeting employees, Cisco is announcing new email security services at RSA Conference 2018, to protect users from fraudulent emails, as well as new capabilities to protect employees’ devices from ransomware, cryptomining, and fileless malware. Endpoint protection Nearly all endpoint security solutions on the market claim to block 99 percent of malware. But what about the one percent of threats that evade detection using sophisticated techniques? Cisco Advanced Malware … More

The post Cisco announces new endpoint and email security services appeared first on Help Net Security.

BigID is this year’s most innovative startup at RSA Conference

BigID was named “Most Innovative Startup” at the 2018 RSA Conference Innovation Sandbox Contest. A judging panel comprised of venture capitalists, entrepreneurs and industry veterans selected BigID from a group of 10 finalists and announced the winner at RSA Conference 2018. Based in New York and Tel Aviv, BigID uses advanced machine learning and identity intelligence to help enterprises better protect their customer and employee data at petabyte scale. Using BigID, enterprises can better safeguard … More

The post BigID is this year’s most innovative startup at RSA Conference appeared first on Help Net Security.

US, UK warn Russians hackers are compromising networking devices worldwide

Russian state-sponsored hackers are targeting network infrastructure devices worldwide, the US Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC) have warned on Monday. A joint technical alert published by the organizations says that the targets are “primarily government and private-sector organisations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors.” The attackers are compromising routers, switches, firewalls, Network-based Intrusion Detection System … More

The post US, UK warn Russians hackers are compromising networking devices worldwide appeared first on Help Net Security.

Most US consumers don’t trust companies to keep their data private

While a majority of the US public sees companies’ ability to keep data private as absolutely key, it has little trust in companies to do so. In fact, only 20 percent of them “completely trust” organizations they interact with to maintain the privacy of their data, the results of a recent survey have shown. They are also much more worried about hackers accessing their data than companies using it for purposes they have not agreed … More

The post Most US consumers don’t trust companies to keep their data private appeared first on Help Net Security.

Passwordless enterprise authentication on Windows 10 and Azure AD

Yubico announced that the new Security Key by Yubico supporting FIDO2 will be supported in Windows 10 devices and Microsoft Azure Active Directory (Azure AD). The feature is currently in limited preview for Microsoft Technology Adoption Program (TAP) customers. This means that organizations will soon have the option to enable employees and customers to sign in to an Azure AD joined device with no password, simply by using the Security Key by Yubico to get … More

The post Passwordless enterprise authentication on Windows 10 and Azure AD appeared first on Help Net Security.

RSA NEWS: Cloud Sec. Alliance, Cyxtera, Forcepoint – Research And Products Released

The ISBuzz Post: This Post RSA NEWS: Cloud Sec. Alliance, Cyxtera, Forcepoint – Research And Products Released appeared first on Information Security Buzz.

Cloud Security Alliance Global Enterprise Advisory Board Publishes State of Cloud Security 2018

The report, authored by the CSA Global Enterprise Advisory Board, examines such areas as the adoption of cloud and related technologies, what both enterprises and cloud providers are doing to ensure security requirements are met, how to best work with regulators, the evolving threat landscape, and goes on to touch upon the industry skills gap. Explores case studies and potential use cases for blockchain, application containers, microservices and other technologies will be important to keep pace with market adoption and the creation of secure industry best practices.

Full Release https://cloudsecurityalliance.org/media/news/global-enterprise-advisory-board-publishes-state-of-cloud-security-2018/

Full Report:  https://cloudsecurityalliance.org/download/best-practices-for-cyber-incident-exchange/

Cloud Security Alliance Releases New Research: Building a Foundation for Successful Cyber Threat Intelligence Exchange

The report is a first in a series of reports that will provide a framework to help corporations seeking to participate in cyber intelligence exchange programs that enhance their event data and incident response capabilities.  The paper offers high-level, practical, guidance to support companies in three key areas: 1) Connecting with sharing partners and exchange platforms that best meet their needs, 2)Identifying the capabilities and business requirements that will form the foundation for a value-driven cyber intelligence exchange program, and 3) Understanding the basics of the exchange process so they can efficiently share the event they see and more efficiently operationalize any intelligence they collect.

Full Release: https://cloudsecurityalliance.org/media/news/new-research-building-a-foundation-for-successful-cyber-threat-intelligence-exchange/

Full Report: https://cloudsecurityalliance.org/download/best-practices-for-cyber-incident-exchange/

Forcepoint’s Category-Defining Risk-Adaptive Protection Maximizes Data Security Without Inhibiting End-User Productivity 

The company announced the release of Dynamic Data Protection the first Risk-Adaptive Protection solution in response to the challenges enterprise and government CISOs face today in balancing airtight user and data security with business productivity. It works to tap into the power of human-centric behavior analytics for the most effective data protection against advanced threats by working to continuously assess risk and automatically provide proportional enforcement that can be dialed up or down.  enterprise networks. With the industry’s first automated enforcement capability that dynamically adapts, security analysts are now freed to focus on high value activities and eliminate the backlog of alerts from traditional security tools.

Press Release: https://www.forcepoint.com/newsroom/2018/forcepoint’s-category-defining-risk-adaptive-protection-maximizes-data-security

Product Info: https://www.forcepoint.com/solutions/need/dynamic-data-protection

Cyxtera Releases AppGate SDP 4.0 With Enhanced Access Controls and Extended Network Protections

The latest release of AppGate SDP, its flagship secure access solution, gives organizations a way to curb the epidemic of security compromises created by over-privileged access and obsolete physical perimeter solutions. AppGate SDP 4.0 implements the zero-trust principles of software-defined perimeter as a full network platform, providing a unified, enterprise-grade solution to secure today’s diverse, hybrid IT environments. AppGate SDP creates encrypted, one-to-one connections between users and resources and dynamically enforces identity-centric access policies at the network level. It also reduces costs by eliminating the maintenance and management of aging security tools, including VPNs, NACs and corporate firewalls.

Full Release: https://www.cyxtera.com/newsroom/press-releases/cyxtera-releases-appgate-sdp-4-0-with-enhanced-access-controls-and-extended-network-protections

Product Link: https://www.cyxtera.com/security-analytics/appgate-sdp

The ISBuzz Post: This Post RSA NEWS: Cloud Sec. Alliance, Cyxtera, Forcepoint – Research And Products Released appeared first on Information Security Buzz.

Devs know application security is important, but have no time for it

Sonatype polled 2,076 IT professionals to discover practitioner perspectives on evolving DevSecOps practices, shifting investments, and changing perceptions, and the results of the survey showed that breaches related to open source components grew at a staggering 50% since 2017, and 121% since 2014. This follows on from Sonatype’s findings earlier in the year, which showed that 1 in 8 open source components downloaded by developers in the UK contained a known security vulnerability. Yet despite … More

The post Devs know application security is important, but have no time for it appeared first on Help Net Security.

Enterprise-grade security for midmarket organizations

To simplify how customers protect their organizations, FireEye is launching three core subscription solutions plus one comprehensive suite at RSA Conference 2018. FireEye Endpoint Security is designed to provide comprehensive defense on the endpoint, combining endpoint protection to stop common malware and endpoint detection and remediation to find, block and remove advanced targeted attacks. FireEye Network Security is designed to protect against all types of threats, from commodity breaches to the most advanced, targeted attacks, … More

The post Enterprise-grade security for midmarket organizations appeared first on Help Net Security.

Qualys brings web application security to DevOps

Qualys announced new functionality in its web application security offerings that helps teams automate and operationalize global DevSecOps throughout the Software Development Lifecycle (SDLC), drastically reducing the cost of remediating application security flaws prior to production. Qualys Web Application Scanning (WAS) 6.0 now supports Swagger version 2.0, a new native plugin for Jenkins for automated vulnerability scanning of web applications, and the new Qualys Browser Recorder. New functionality Qualys WAS 6.0 and new capabilities include: … More

The post Qualys brings web application security to DevOps appeared first on Help Net Security.

Rambus launches fully programmable secure processing core

At RSA Conference 2018, Rambus announced the availability of the CryptoManager Root of Trust (CMRT), a fully programmable hardware security core built with a custom RISC-V CPU. The secure processing core creates a siloed architecture that isolates and secures the execution of sensitive code, processes and algorithms from the primary processor. This mitigates the risk of critical vulnerabilities like the recent Meltdown and Spectre security flaws and allows designers to optimize the primary processor for … More

The post Rambus launches fully programmable secure processing core appeared first on Help Net Security.

Third-party and insider threats one of the biggest concerns to IT pros

External threats are not the main concern for IT professionals, but rather breaches that are linked to vulnerabilities caused by staff or third-party vendors operating within an organization’s own network, Bomgar’s 2018 Privileged Access Threat Report reveals. In fact, 50% of organizations claimed to have suffered a serious information security breach or expect to do so in the next six months, due to third-party and insider threats – up from 42% in 2017. Additionally, 66% … More

The post Third-party and insider threats one of the biggest concerns to IT pros appeared first on Help Net Security.

Free Qualys services give orgs visibility of their digital certs and cloud assets

Qualys announced two new free groundbreaking services: CertView and CloudView. Harnessing the power and scalability of the Qualys Cloud Platform, Qualys CertView and CloudView enable organizations of all sizes to gain such visibility by helping them create a continuous inventory and assessment of their digital certificates, cloud workloads and infrastructure that is integrated into a single-pane view of security and compliance. Qualys CertView CertView helps customers inventory and assess certificates and underlying SSL/TLS configurations and … More

The post Free Qualys services give orgs visibility of their digital certs and cloud assets appeared first on Help Net Security.

Moxa plugs serious vulnerabilities in industrial secure router

A slew of serious vulnerabilities in the Moxa EDR-810 series of industrial secure routers could be exploited to inject OS commands, intercept weakly encrypted or extract clear text passwords, expose sensitive information, trigger a crash, and more. Moxa EDR-810 series flaws The existence of the flaws has been revealed when the Cisco Talos team published a post detailing them on Friday. The good news is that they’ve all been fixed, and Moxa is urging users … More

The post Moxa plugs serious vulnerabilities in industrial secure router appeared first on Help Net Security.

Your Android phone says it’s fully patched, but is it?

How do fully-maintained (i.e., patched) Android phones end up getting exploited? Searching for an answer to that question spurred security researchers to analyze thousands of Android firmwares for the presence of hundreds of patches. Their research led to an unwelcome discovery: most Android vendors regularly forget to include some patches in the security updates provided to users. The research Security Research Labs researchers Jakob Lell and Karsten Nohl explained how they went about making the … More

The post Your Android phone says it’s fully patched, but is it? appeared first on Help Net Security.

New ransomware releases your files if you play PUBG

A new ransomware associated with PlayerUnknown’s Battlegrounds (PUBG) is seemingly just a joke, as no money is demanded to release your files.

Many types of computer viruses or ‘malware’ can make life impossible if you don’t take care when using the Internet or your computer is not adequately protected. From spyware to Trojans or requests urging you to make Bing your default search engine whenever you update Skype (well, the latter is not a virus, though you still have to take care). Yet ransomware is more popular than ever due to the opportunities it offers for making money. One case in particular, which forces victims to play PlayerUnknown’s Battlegrounds (PUBG), says a lot about the creativity of today’s criminals.

As a general rule, ransomware is not something to be taken lightly. When all’s said and done, it’s a virus. The main difference however, with other types of malware is that it doesn’t destroy data, it encrypts it, or in other words, it ‘kidnaps’ the files of the victim. Those behind these attacks simply need to provide the password in order to return the system back to normal after they have got what they were after. You may remember in fact that little more than a year ago, the ransomware WCry or WannaCry shook the world and jeopardized thousands of computers, though the case in hand involving the game PUBG is not on that scale.

The existence of this virus came to light thanks to the efforts of the MalwareHunterTeam, and its main feature is that it encrypts all files and folders on a desktop, adding the extension .PUBG, in order to “force” you to play PlayerUnknown’s Battlegrounds for an hour. I say “force” in inverted commas because the ransomware also makes it clear that you can enter a code in a corresponding box in order to return the system to normal. As such, it would seem that the malware is just a harmless joke.

Specifically, the message that aims to persuade you to rescue your hijacked data says, in poor English, that PUBG Ransomware has encrypted your files. It is made clear however, that you need not worry as nobody is after your money, and that your files can be decrypted simply by playing PlayerUnknown’s Battlegrounds for an hour or by entering a code you are given.

So, if you don’t feel like playing PUGB, you can just enter a series of numbers. Digging deeper into the code to see how it detects whether or not you are playing the game, MalwareHunterTeam’s experts have revealed that it simply monitors whether the TS1Game file (the executable that starts the game itself) has been launched or not.
Also, it is possible to avoid this particular ransomware without having to follow the instructions and play for an hour, by renaming any other file as TS1Game.exe and running it, as it only requires three seconds to detect that the action has been satisfactorily completed.

Once the requirement has been met, either using this simple trick or by directly playing PUBG (because you may feel like playing for a while anyway), the ransomware automatically decrypts the hijacked files and lets you go about your business, or perhaps play Fortnite, the competitor of PlayerUnknown’s Battlegrounds.

This is not the first time that this kind of virus associated with a video game has appeared. In 2017, there was another with a similar modus operandi, but with the difference that no code was given to bypass it and that the objective was to get a certain score in a very difficult shoot-em-up game.

Nevertheless, the security of your systems is not something to play with, and even apparently harmless jokes can end up embedding secretive Trojans that activate a few months later. Better to play video games in the conventional way and not through threats that could be infecting your computer.

Fuente, Vía

Download your Antivirus

The post New ransomware releases your files if you play PUBG appeared first on Panda Security Mediacenter.

1-in-4 orgs using public cloud has had data stolen

McAfee has polled 1,400 IT professionals across a broad set of countries (and continents), industries, and organization sizes and has concluded that lack of adequate visibility and control is the greatest challenge to cloud adoption in an organization. However, the business value of the cloud is so compelling that some organizations are plowing ahead. Cloud services nearly ubiquitous According to the survey, the results of which have been unveiled at RSA Conference 2018, 97 percent … More

The post 1-in-4 orgs using public cloud has had data stolen appeared first on Help Net Security.

Real-time detection of consumer IoT devices participating in DDoS attacks

Could we detect compromised consumer IoT devices participating in a DDoS attack in real-time and do someting about it? A group of researchers Princeton University have presented some encouraging results showing that the first part of that equation can be relatively easily solved. As IoT traffic is often distinct from that of other Internet connected devices and as machine learning has proved promising for identifying malicious Internet traffic, they decided to use these facts to … More

The post Real-time detection of consumer IoT devices participating in DDoS attacks appeared first on Help Net Security.

MinerEye introduces AI-powered Data Tracker

MinerEye is launching MinerEye Data Tracker, an AI-powered governance and data protection solution that will enable companies to continuously identify, organize, track and protect vast information assets including undermanaged, unstructured and dark data for safe and compliant cloud migration. Most data tracking and classification technologies categorize data based on descriptive elements such as file size, type, name and location. MinerEye dives deeply into the basic data form to its essence – to uncover and categorize … More

The post MinerEye introduces AI-powered Data Tracker appeared first on Help Net Security.

Week in review: Emergency alert systems easily hacked, the cost of GDPR compliance

Here’s an overview of some of last week’s most interesting news and articles: One in 10 C-level execs say GDPR will cost them over $1 million Companies are taking the new General Data Protection Regulation (GDPR) much more seriously than HIPAA and PCI: 99 percent are actively involved in the process to become GDPR-compliant, despite the cost and internal reorganization involved, a new survey that polled 300 C-level security executives has shown. Researchers use power … More

The post Week in review: Emergency alert systems easily hacked, the cost of GDPR compliance appeared first on Help Net Security.

Court rules to ban access to Telegram in Russia

It didn’t take long for judge Yuliya Smolina of the Tagansky District Court of Moscow to rule that the Telegram secure messaging service should be blocked on the whole territory of Russia. She made the decision in less than 20 minutes and expects it to be effected immediately. The Roskomnadzor – the Russian media and telecom regulator – said that it will start the procedure to block the service as soon as it received a … More

The post Court rules to ban access to Telegram in Russia appeared first on Help Net Security.

Protect and manage secure company files with Vera’s agentless solution

Vera is taking the next step to a truly agentless experience by giving customers the ability to edit, collaborate, and save changes to secure files without requiring any downloads whatsoever. This new browser-based editing experience makes it easy for enterprises to collaborate on all Office file types — notes, documents, presentations, and more — while preserving the company’s policy, security, and control, no matter where the file travels or who has access. Frictionless solution “One … More

The post Protect and manage secure company files with Vera’s agentless solution appeared first on Help Net Security.

Onapsis raises $31 million Series C funding for ERP cybersecurity

Onapsis, the global experts in business-critical application cybersecurity and compliance, today announced a $31 million Series C minority funding round led by new investor LLR Partners, with participation from existing institutional investors .406 Ventures, Evolution Equity Partners and Arsenal Venture Partners. This marks the largest single round of funding in the company’s history, bringing the total investment in Onapsis to $62 million. David Stienes, Partner at LLR Partners, will join the company’s board of directors. … More

The post Onapsis raises $31 million Series C funding for ERP cybersecurity appeared first on Help Net Security.

One in 10 C-level execs say GDPR will cost them over $1 million

Companies are taking the new General Data Protection Regulation (GDPR) much more seriously than HIPAA and PCI: 99 percent are actively involved in the process to become GDPR-compliant, despite the cost and internal reorganization involved, a new survey that polled 300 C-level security executives has shown. About half (49 percent) are 75 percent of the way through the process, and another 37 percent are halfway there. What’s more, 71 percent of the pollees are confident … More

The post One in 10 C-level execs say GDPR will cost them over $1 million appeared first on Help Net Security.

Joel on Software: A Dusting of Gamification

[This is the second in a series of posts about Stack Overflow. The first one is The Stack Overflow Age.]

Around 2010 the success of Stack Overflow had led us into some conversations with VCs, who wanted to invest.

at the Getty

The firm that eventually invested in us, Union Square Ventures, told us that they were so excited by the power of gamification that they were only investing in companies that incorporated some kind of game play.

For example, Foursquare. Remember Foursquare? It was all about making your normal post-NYU life of going to ramen noodle places and dive bars into a fun game that incidentally generated wads of data for marketers. Or Duolingo, which is a fun app with flash cards that teaches you foreign languages. Those were other USV investments from that time period.

At the time, I had to think for a minute to realize that Stack Overflow has “gamification” too. Not a ton. Maybe a dusting of gamification, most of it around reputation.

Stack Overflow reputation started as a very simple score. The original idea was just that you would get 10 points when your answers were upvoted. Upvotes do two things. They get the most useful answers to the top, signaling that other developers who saw this answer thought it was good. They also send the person who wrote the answer a real signal that their efforts helped someone. This can be incredibly motivating.

You would lose points if your questions were downvoted, but you actually only lose 2 points. We didn’t want to punish you so much as we wanted to show other people that your answer was wrong. And to avoid abuse, we actually make you pay one reputation point to downvote somebody, so you better really mean it. That was pretty much the whole system.

Now, this wasn’t an original idea. It was originally inspired by Reddit Karma, which started out as an integer that appeared in parentheses after your handle. If you posted something that got upvoted, your karma went up as a “reward.” That was it. Karma didn’t do a single thing but still served as a system for reward and punishment.

What reputation and karma do is send a message that this is a community with norms, it’s not just a place to type words onto the internet. (That would be 4chan.) We don’t really exist for the purpose of letting you exercise your freedom of speech. You can get your freedom of speech somewhere else. Our goal is to get the best answers to questions. All the voting makes it clear that we have standards, that some posts are better than others, and that the community itself has some norms about what’s good and bad that they express through the vote.

It’s not a perfect system (more on the problems in a minute), but it’s a reasonable first approximation.

By the way, Alexis Ohanian and Steve Huffman, the creators of Reddit, were themselves inspired by a more primitive karma system, on Slashdot. This system had real-world implications. You didn’t get karma so that other people could see your karma; you got karma so that the system knew you weren’t a spammer. If a lot of your posts had been flagged for abuse, your karma would go down and you might lose posting or moderation privileges. But you weren’t really supposed to show off your high karma. “Don’t worry too much about it; it’s just an integer in a database,” Slashdot told us.

To be honest, it was initially surprising to me that you could just print a number after people’s handles and they would feel rewarded. Look at me! Look at my four digit number! But it does drive a tremendous amount of good behavior. Even people who aren’t participating in the system (by working to earn reputation) buy into it (e.g., by respecting high-reputation users for their demonstrated knowledge and helpfulness).

But there’s still something of a mystery here, which is why earning “magic internet points” is appealing to anyone.

I think the answer is that it’s nice to know that you’ve made a difference. You toil away in the hot kitchen all day and when you serve dinner it’s nice to hear a compliment or two. If somebody compliments you on the extra effort you put into making radish roses, you’re going to be very happy.

This is a part of a greater human need: to make an impact on the world, and to know that you’re contributing and being appreciated for it. Stack Overflow’s reputation system serves to recognize that you’re a human being and we are super thankful for your contribution.

in Utah

That said, there is a dark side to gamification. It’s not 100% awesome.

The first problem we noticed is that it’s very nice to get an upvote, but getting a downvote feels like a slap in the face. Especially if you don’t understand why you got the downvote, or if you don’t agree. Stack Overflow’s voting has made many people unhappy over the years, and there are probably loads of people who felt unwelcome and who don’t participate in Stack Overflow as a result. (Here’s an old blog post explaining why we didn’t just eliminate downvotes).

There’s another problem, which is that, to the extent that the gamification in Stack Overflow makes the site feel less inclusive and welcoming to many people, it is disproportionately off-putting to programmers from underrepresented groups. While Stack Overflow does have many amazing, high reputation contributors who are women or minorities, we’ve also heard from too many who were apprehensive about participating.

These are big problems. There’s a lot more we can and will say about that over the next few months, and we’ve got a lot of work ahead of us trying to make Stack Overflow a more inclusive and diverse place so we can improve the important service that it provides to developers everywhere.

Gamification can shape behavior. It can guide you to do certain things in certain ways, and it can encourage certain behaviors. But it’s a very weak force. You can’t do that much with gamification. You certainly can’t get people to do something that they’re not interested in doing, anyway. I’ve heard a lot of crazy business plans that are pinning rather too high hopes on gamification as a way of getting people to go along with some crazy scheme that the people won’t want to go along with. Nobody’s going to learn French just to get the Duolingo points. But if you are learning French, and you are using Duolingo, you might make an effort to open the app every day just to keep your streak going.

I’ve got more posts coming! The next one will be about the obsessive way Stack Overflow was designed for the artifact, in other words, we optimized everything to create amazing results for developers with problems arriving from Google, not just to answer questions that people typed into our site.

 



Joel on Software

RSA Conference 2018 AdvancedU expands security education to new audiences

RSA Conference is known among CTOs, CISOs and information security professionals as the place where the world talks security. What started as a small cryptography conference in the early 1990s now brings close to 45,000 attendees together in San Francisco each year. But as the conference expands, so does its influence among new audiences – spanning beyond the security C-Suite and reaching students, parents and educators and infosec professionals at all stages of their careers. … More

The post RSA Conference 2018 AdvancedU expands security education to new audiences appeared first on Help Net Security.

Absolute debuts GDPR data risk assessment

Absolute announced new GDPR Data Risk and Endpoint Readiness Assessments to accelerate compliance with the impending General Data Protection Regulation (GDPR). These comprehensive assessments empower organizations to accelerate GDPR compliance programs by pinpointing vulnerable endpoints and at-risk data — on and off the corporate network. Absolute’s new assessments offer deep insights and actionable recommendations to better protect and manage endpoints, where sensitive data might be accessed, stored or shared. Increasingly sophisticated security incidents and escalating … More

The post Absolute debuts GDPR data risk assessment appeared first on Help Net Security.

Illumio and Qualys integrate to deliver vulnerability-based micro-segmentation

Illumio announced new global vulnerability mapping capabilities on its Adaptive Security Platform. Vulnerability and threat data from the Qualys Cloud Platform is integrated with Illumio application dependency mapping to show potential attack paths in real time. Automated vulnerability-based policy recommendations: mitigate vulnerabilities without breaking your application. The integration between the Qualys Cloud Platform and Illumio delivers vulnerability maps, enabling organizations to see connections to vulnerabilities within and between applications. This new capability also includes an … More

The post Illumio and Qualys integrate to deliver vulnerability-based micro-segmentation appeared first on Help Net Security.

Niche dating apps can still be dangerous

Pressures at work and home mean that many people struggle to find time to make new friends. As a result, we are increasingly reliant on Internet services to meet people – and find love.

As some of the most popular dating services, apps like Tinder and Grindr have managed to hog the limelight for years. But the generic nature of these apps makes them unsuitable for some people – the suggested matches can be extremely inaccurate for example, mismatching interests, location or personality.

Farmder – dating becomes more specific

Aware of these limitations, and with a desire to help people find better potential love matches, Michelle Li has built a new mobile app. Named “Farmder”, the app is targeted at a specific group of people – those living in rural areas.

Speaking to the Daily Mirror, Li explained the importance of Farmder, which has been described as “Tinder for farmers”;

“It’s very difficult to find the right one on Tinder if you have any specific requirements.

“For example, if you are a biker, it’s likely that you want to only date other bikers.

“So a dating app specifically for bikers and riders would be better than Tinder in this scenario.

“There are many niche dating apps in different fields. Why not one for single farmers?”

Although targeted at farmers, Li hopes that Farmder will help anyone living in rural areas make new friends – or find love.

New app, same old rules apply

Because it is targeted at a smaller group of users, Farmder will inevitably be used by fewer people. Despite this, users will still need to exercise caution to protect themselves from fraud, identity theft and harassment.

More specifically, Farmder users should:

1. Secure their personal data

Farmder provides a range of settings designed to protect your personal data. Make sure that you fully understand these features and they are set to maximum wherever possible. You should also choose a strong password for your account to keep hackers out.

2. Share information carefully

As you connect with other Farmder users, use your common sense before sharing personal information. Always arrange to meet in a public place to protect your home address for instance. And never, ever share details like bank accounts or passwords – even if the contact claims to work for Farmder.

3. Install antivirus

Ensure that data stored in the app is properly protected from loss and theft by installing mobile anti-malware. As an added bonus, you will be protected from receiving malware sent by other users that could compromise your phone.

4.Common sense is king

Whether you are using Farmder, Tinder, or any other dating app, you must exercise caution. Your personal data is hugely valuable to criminals, and they will use any trick they can to steal it. Always think very carefully before sharing information publicly, or you could become a victim of cybercrime.

Protect yourself – and your phone – today by downloading a free trial of our new Panda Dome anti-malware software.

Download Panda Mobile Security

The post Niche dating apps can still be dangerous appeared first on Panda Security Mediacenter.

AMD users running Windows 10 get their Spectre fix

AMD has released new microcode updates for mitigating variant 2 of the Spectre attack and Microsoft has released an OS update with the mitigation to AMD users running Windows 10. As you might remember, AMD processors were found not to be vulnerable to Meltdown attacks, but they were affected by Spectre (both variants). Variant 1 necessitates application-level fixes and variant 2 (CVE-2017-5715) requires changes at the OS level. Microsoft fixes problem for Windows 10 users … More

The post AMD users running Windows 10 get their Spectre fix appeared first on Help Net Security.

2.5 billion crypto mining attempts detected in enterprise networks

The volume of cryptomining transactions has been steadily growing since Coinhive came out with its browser-based cryptomining service in September 2017. Some websites have embraced the option and are giving their visitors the choice between viewing ads or sharing their CPU power to mine cryptocoins. Unfortunately malicious, covert hijackings of computer power are much more common, as the mining code can be secretly injected into compromised legitimate sites or even ads that are being served … More

The post 2.5 billion crypto mining attempts detected in enterprise networks appeared first on Help Net Security.

Key obstacles in enterprise security budgeting

IANS released its latest findings on budget-related best practices for information security leaders to consistently command the budget and resources they need. “It’s part of the CISO’s job to transition from unsupported to being fully supported, but that can only be done when the stage has been properly set within an organization,” said Doug Graham, CSO at Nuance Communications. “This research report from IANS goes beyond the numbers and uncovers some of the underlying and … More

The post Key obstacles in enterprise security budgeting appeared first on Help Net Security.

2.6 billion records were stolen, lost or exposed worldwide in 2017

Gemalto released the latest findings of the Breach Level Index, revealing that 2.6 billion records were stolen, lost or exposed worldwide in 2017, an 88% increase from 2016. While data breach incidents decreased by 11%, 2017 was the first year publicly disclosed breaches surpassed more than two billion compromised data records since the Breach Level Index began tracking data breaches in 2013. Over the past five years, nearly 10 billion records have been lost, stolen … More

The post 2.6 billion records were stolen, lost or exposed worldwide in 2017 appeared first on Help Net Security.

Many businesses struggling to meet GDPR deadline

IT decision makers across the U.S., UK, France, and Germany are still missing an opportunity to transform their business through a holistic data management approach that reduces risk and improves business efficiency. For nearly two years, most organizations have lagged in addressing their GDPR compliance, and in some cases are ignoring the issue completely. In doing so, they are ignoring the benefits to be gained from the compliance effort, including developing a data-centric approach to … More

The post Many businesses struggling to meet GDPR deadline appeared first on Help Net Security.

Capsule8 introduces Linux workload attack detection platform

Capsule8 announced the general availability of Capsule8 1.0, a real-time, zero-day attack detection platform capable of scaling to massive production deployments. As organizations modernize their production infrastructure with technologies like cloud, microservices and containers, they face a changing attack surface that conventional security solutions can’t address. And with vulnerabilities such as Meltdown and Spectre, legacy Linux environments such as bare metal and virtual infrastructures are also up against inadequate protection due to low visibility and … More

The post Capsule8 introduces Linux workload attack detection platform appeared first on Help Net Security.

Qualys at RSA Conference 2018: Best practices presentations from industry leaders

There will be no lack of interesting content from Qualys at this year’s RSA Conference. Depending on you interests, you might want to make time for some of these talks and presentations. Visit Qualys at Booth N3815 to hear best practices presentations from industry leaders. Monday, April 16 5:10 – 5:35 PM Continuous Security and Visibility of Your Complete Public Cloud Infrastructure Hari Srinivasan, Director of Product Management, Qualys Learn how to extend continuous cloud … More

The post Qualys at RSA Conference 2018: Best practices presentations from industry leaders appeared first on Help Net Security.

Join Panda Security at RSA Conference 2018

Slated for April 16-20, this year’s RSA Conference will once again bring together the most important cybersecurity vendors, providers and gurus at the Moscone Center in San Francisco, California (USA), for the largest information security conference in the world.

An exciting event that will be attended by Panda Security as an exhibitor. Don’t miss the opportunity to visit us at booth #5013 and learn about the newest approaches to information security on your workstations and servers. Discover the latest technological innovations and trends in EDR (Endpoint Detection and Response) combined with Managed Security Services designed to streamline risk management processes and other essential cyber-resilience capabilities in organizations.

Share your experiences with us and let us help you find solutions to your business concerns. We’ll be happy to let you know about emerging trends in the cybersecurity sector to better protect your organization against advanced threats and the latest cyberattack techniques.

#5013: Be one step ahead with Panda Security

In the last few years in which we have participated in the event, hundreds of visitors have come to our booth and enjoyed demos of our solutions. We go way beyond traditional security and would love you to see it for yourself, that’s why we have prepared a series of demos showcasing our platform and managed services:

  • Discover an advanced cybersecurity model recognized by Gartner as visionary in its Magic Quadrant and based on our Panda Adaptive Defense Platform, which integrates this innovative endpoint security strategy into a single solution with the following differentiating factors: a lightweight agent; prevention, detection and response technologies with managed services for classifying, discovering and detecting any type of threat; and full visibility into every action taken on endpoints.
  • Learn about the managed cybersecurity services essential to optimize your organization’s security posture and delivered from the Panda Adaptive Defense platform: 100% Attestation Service for classifying all running processes and applications, and our proactive Threat Hunting Service for uncovering threats affecting our customers’ networks.

The Panda Adaptive Defense platform, in figures

How does it work? The Panda Adaptive Defense platform receives and processes 2.5 billion events every day, having categorized more than 5 million applications to date, and counting. The automated classification process, based on Machine Learning algorithms, runs continually and is able to determine the nature of 99.98% of all new processes and applications automatically.

Discover how Panda Adaptive Defense technologies and services work together to provide a new protection paradigm. Use the X8EPANDA Panda code and don’t miss the opportunity to visit us at RSA Conference 2018!

The post Join Panda Security at RSA Conference 2018 appeared first on Panda Security Mediacenter.

Fortanix presenting on protecting containerized apps with runtime encryption at RSAC 2018

Fortanix been selected to present in the session Protecting Containers from Host-Level Attacks at RSA Conference 2018 next week. CEO and Co-Founder Ambuj Kumar will join renowned cryptography expert Benjamin Jun, CEO of HVF Labs, and Docker Security Lead David Lawrence in the session that describes how Runtime Encryption and Intel SGX keep a container encrypted during runtime to protect data in use from host OS, root users and network intruders, even if the infrastructure … More

The post Fortanix presenting on protecting containerized apps with runtime encryption at RSAC 2018 appeared first on Help Net Security.

What patches to prioritize following the April 2018 Patch Tuesday?

Patch Tuesday came and went and, as usual, Microsoft and Adobe have released patches/security updates for vulnerabilities affecting a wide variety of their products. Adobe’s patches This April 2018 Patch Tuesday Adobe addressed vulnerabilities in Adobe PhoneGap Push Plugin, Adobe Digital Editions, Adobe InDesign, Adobe Experience Manager, and Adobe Flash Player. Of these updates, the most important one is that for Adobe Flash Player. Not only is the product the most widely used of those … More

The post What patches to prioritize following the April 2018 Patch Tuesday? appeared first on Help Net Security.

ThreatQ Investigations: Cybersecurity situation room accelerates security operations

ThreatQuotient launched ThreatQ Investigations, a cybersecurity situation room designed for collaborative threat analysis, shared understanding and coordinated response. ThreatQ Investigations allows real-time visualization of an investigation as it unfolds within a shared environment, enabling teams to better understand and anticipate threats, as well as coordinate a response. The solution, built on top of the ThreatQ threat intelligence platform, brings order to the chaos of security operations that occurs when teams work in silos, acting independently, … More

The post ThreatQ Investigations: Cybersecurity situation room accelerates security operations appeared first on Help Net Security.

How security researchers deal with risks stemming from their activities

Broad and inconsistent interpretations of behind the times laws, new anti-infosec legislation, lawsuits and criminal prosecutions are having a chilling effect on security research. It’s difficult to quantify the effect, but Joseph Lorenzo Hall and Stan Adams of the US-based non-profit Center for Democracy & Technology have attempted to reveal the worries and choices of security researchers in the current climate by interviewing twenty of them. “We used a qualitative methods research design to understand … More

The post How security researchers deal with risks stemming from their activities appeared first on Help Net Security.

FIDO2: Authenticate easily with phishing-resistant security

The FIDO Alliance and the World Wide Web Consortium (W3C) have achieved a standards milestone in the global effort to bring simpler yet stronger web authentication to users around the world. The W3C has advanced Web Authentication (WebAuthn), a collaborative effort based on Web API specifications submitted by FIDO to the W3C, to the Candidate Recommendation (CR) stage. The CR is the product of the Web Authentication Working Group, which is comprised of representatives from … More

The post FIDO2: Authenticate easily with phishing-resistant security appeared first on Help Net Security.

How many can detect a major cybersecurity incident within an hour?

Less than half of all organizations were able to detect a major cybersecurity incident within one hour. Even more concerning, less than one-third said that even if they detected a major incident, they would be unable to contain it within an hour, according to LogRhythm. Average time to detect a major cybersecurity incident The study, conducted by Widmeyer, which surveyed 751 IT decision makers from the U.S., U.K. and Asia-Pacific, also revealed that a majority … More

The post How many can detect a major cybersecurity incident within an hour? appeared first on Help Net Security.

Silvia Barrera: “90% of success in the fight against cybercrime is prevention and awareness” .

PASS2018

Panda’s first-ever cybersecurity conference, Panda Security Summit (#PASS2018), will be hosted by a very special master of ceremonies, Silvia Barrera. A renowned cybersecurity expert and writer, Silvia was the head of social media investigations at the Spanish National Police Corps for 5 years, and headed the digital forensics group of the National Police’s Technology Research Unit for another 3 years. We had the opportunity to sit with her now that she has quit her job at the Police Force, and talk about how the cybersecurity landscape has changed, and the ways in which companies and public institutions can defend themselves and combat cybercrime.

Cybercrime is a very profitable business model, with little exposure for the perpetrator and very difficult to fight”.

How do you feel about this new stage in your life?

I feel like a whole new world of possibilities is opening up before me. The Police Force has given me exceptional vision, knowledge and experiences that I couldn’t have had anywhere else. It’s been a privilege. Nevertheless, until now, as a member of the Police Force, my job has always had a reactive nature, identifying and arresting the ‘alleged’ bad guys. However, the paradigm of the fight against cybercrime has changed. Today, less than 4 percent of cybercriminals are identified (let alone sentenced), but at the same time we also know that the great majority of Internet crimes (up to 80 percent) could have been prevented. Cybercrime is a very profitable business model, with little exposure for the perpetrator and very difficult to fight. It’s unavoidable and is definitely on the rise. The reactive approach to fighting it is necessary but not very effective or sufficient (because of the very way the Internet works).

In this context, it is important to be aware that 90% of success in the fight against cybercrime is prevention, awareness and security controls, and 10% is reaction (investigation and prosecution). We must act with all human and technical resources available to us in order to prevent cybercrime and, should it occur, be ready to react quickly and decisively. And that is where the concept of resilience comes to play.

Why do you think an event such as the Panda Security Summit is necessary?

Events like this are necessary to give visibility to cybersecurity, explain some of its key concepts and give it the central place it must occupy. In the corporate world, all business activities rely on computer data and IT structures. And, at public level, crime always has technological implications relative to its modus operandi or in order to obtain the necessary evidence to investigate it, and let’s not forget that a country’s national security can be seriously compromised by cyberthreats.

In your opinion, what level of cybersecurity awareness and training is there in Europe?   

I’ve been a member of different cybercrime and cybersecurity working groups in Europe for four years and have participated in dozens of meetings. That’s where you see the difference in resources and the importance given to cybersecurity by each country. Spain is ten years behind countries such as the Netherlands, Germany or the United Kingdom for example, where the public sector dedicates many more human and technical resources to cybersecurity. Even at legislative level, there are countries such as Germany that have specific IT security laws.

How prepared do you think are the Spanish and European institutions to combat cybercrime?

Spain has no reason to envy other European countries. Actually, we have demonstrated to be very efficient in the fight against cybercrime. It’s not a question of lacking competence, as it is a lack of human and technical resources, and cybercrime and the digital world require significant investments.

During a police exchange I had with Germany’s Federal Police for the investigation of a case affecting a number of German banks, I could see how they set up a global team of police officers, prosecutors and members of the privacy sector to work exclusively on that case until it was solved or the investigation came to an end. In Spain, police investigators usually work on dozens of cases at the same time, and despite there is contact with people from different areas, there is not so much teamwork.

Don’t miss the opportunity to listen to and share opinions with Silvia at the Panda Security Summit, where Europe will meet Cybersecurity, on May 18- Madrid.

 

The post Silvia Barrera: “90% of success in the fight against cybercrime is prevention and awareness” . appeared first on Panda Security Mediacenter.

Organizations want to leverage the cloud but are held back by security misconceptions

iboss has published the findings of its 2018 Enterprise Cloud Trends report. The survey of IT decision makers and office workers in U.S. enterprises found that 64% of IT decision makers believe the pace of software as a service (SaaS) application adoption is outpacing their cybersecurity capabilities. Combined with growing pressures from shadow IT and mobile employees, 91% of IT decision makers agree they need to update security policies to operate in a cloud-first environment. … More

The post Organizations want to leverage the cloud but are held back by security misconceptions appeared first on Help Net Security.

Emergency alert systems used across the US can be easily hijacked

A vulnerability affecting emergency alert systems supplied by ATI Systems, one of the leading suppliers of warning sirens in the USA, could be exploited remotely via radio frequencies to activate all the sirens and trigger false alarms. “We first found the vulnerability in San Francisco, and confirmed it in two other US locations including Sedgwick County, Wichita, Kansas,” Balint Seeber, Director of Threat Research at Bastille, told Help Net Security. “Although we have not visited … More

The post Emergency alert systems used across the US can be easily hijacked appeared first on Help Net Security.

Major uptick in mobile phishing URL click rate

In a study of Lookout users, more than half clicked mobile phishing URLs that bypassed existing security controls. Since 2011, Lookout has observed this mobile phishing URL click rate increase 85 percent year-over-year. “Mobile devices have eroded the corporate perimeter, limiting the effectiveness of traditional network security solutions like firewalls and secure web gateways,” said Aaron Cockerill, chief strategy officer at Lookout. “Operating outside the perimeter and freely accessing not just enterprise apps and SaaS, … More

The post Major uptick in mobile phishing URL click rate appeared first on Help Net Security.

Cryptshare brings its secure communication and privacy solution to U.S. market

Cryptshare, a German-based maker of data security and privacy solutions for the exchange of business-critical information, today announced its expanded presence in the U.S. market and new QUICK technology used to simplify the exchange of passwords used to protect encrypted files. Cryptshare will demo a beta version of the patent-pending technology at the RSA Conference, April 16-20 in San Francisco, where the company is a co-exhibitor with TeleTrusT in the German Pavilion, booth 3927/20. The … More

The post Cryptshare brings its secure communication and privacy solution to U.S. market appeared first on Help Net Security.

How to minimize healthcare supply chain threats

There are many reasons why healthcare institutions have poor cybersecurity: most resources go towards providing patient care and not enough is left for cybersecurity; not all hospitals have a dedicated cybersecurity team; cybersecurity policies and authentication procedures are difficult to implement due to many users who rotate within the hospital, and more. In a recent paper, though, Trend Micro researchers zeroed in on two particular risks these organizations are susceptible to and they don’t feel … More

The post How to minimize healthcare supply chain threats appeared first on Help Net Security.

Steps executives are taking to increase security while launching new ways to pay

More than 80 percent of organizations that have been impacted by a data breach have introduced a new security framework and 79 percent have reduced employee access to customer data, according to new benchmark data, “2018 Global Payments Insight Survey: Bill Pay Services,” from ACI Worldwide and Ovum. The benchmark, comprised of responses from executives at billing organizations such as consumer finance, healthcare and higher education, also revealed that over 70 percent of organizations that … More

The post Steps executives are taking to increase security while launching new ways to pay appeared first on Help Net Security.

Hackers leverage flaw in Cisco switches to hit Russian, Iranian networks

The proof-of-concept exploit code for a vulnerability affecting many Cisco switches has been leveraged by vigilante hackers to mess with networks and data-centers in Russia and Iran. Who has been hit? According to Kaspersky Lab researchers, after exploiting the flaw the attackers are able to run code that allows them to rewrite the Cisco IOS image on the switches and change the configuration file, leaving a message that reads “Do not mess with our elections.” … More

The post Hackers leverage flaw in Cisco switches to hit Russian, Iranian networks appeared first on Help Net Security.

Global IT spending to grow 6.2% in 2018

Worldwide IT spending is projected to total $3.7 trillion in 2018, an increase of 6.2 percent from 2017, according to the latest forecast by Gartner. “Although global IT spending is forecast to grow 6.2 percent this year, the declining U.S. dollar has caused currency tailwinds, which are the main reason for this strong growth,” said John-David Lovelock, research vice president at Gartner. “This is the highest annual growth rate that Gartner has forecast since 2007 … More

The post Global IT spending to grow 6.2% in 2018 appeared first on Help Net Security.

Russian government asks court to allow them to block Telegram

Russian communications regulator’s fight to block the Telegram encrypted messaging service continues. Telegram (the company) has been fighting the Roskomnadzor – the Russian federal agency tasked with overseeing that the media, telecoms and other mass communications providers comply with existing laws and adequately protect the confidentiality of personal data being processed – every step of the way. First, they tried to skip on registering as an “organizer of dissemination of information,” which would force them … More

The post Russian government asks court to allow them to block Telegram appeared first on Help Net Security.

Week in review: Critical flaw in Cisco switches, Saks breach, closing the security update gap

Here’s an overview of some of last week’s most interesting news and articles: Establishing covert communication channels by abusing GSM AT commands Security research often starts as a hobby project, and Alfonso Muñoz’s and Jorge Cuadrado’s probe into mobile privacy is no exception. The duo, who’s scheduled to reveal the results of their research at the Hack in the Box Conference in Amsterdam, ended up finding a way to establishing covert communication channels over GSM … More

The post Week in review: Critical flaw in Cisco switches, Saks breach, closing the security update gap appeared first on Help Net Security.

Security teams are under resourced, overwhelmed by attackers

A new report conducted by the Ponemon Institute uncovered security’s “patching paradox” – hiring more people does not equal better security. While security teams plan to hire more staffing resources for vulnerability response – and may need to do so – they won’t improve their security posture if they don’t fix broken patching processes. Firms struggle with patching because they use manual processes and can’t prioritize what needs to be patched first. The study found … More

The post Security teams are under resourced, overwhelmed by attackers appeared first on Help Net Security.

Delta and Sears suffer data breach, credit card information compromised

US-based Delta Air Lines and Sears Holdings, the owners of Sears and Kmart, have announced that the breach suffered by chatbot company [24]7.ai has resulted in the compromise of credit card information of its customers. According to a statement by [24]7.ai, which provides online support services to the two companies, the incident began on September 26 and was discovered and contained on October 12, 2017. Sears Holdings says that the incident involved unauthorized access to … More

The post Delta and Sears suffer data breach, credit card information compromised appeared first on Help Net Security.

IT audit best practices: Technological changes give rise to new risks

IT security and privacy, IT governance and risk management, regulatory compliance, emerging technology and cloud computing are the key issues impacting IT audit plans in 2018, according to a benchmarking study from Protiviti and ISACA. To whom within the organization does your IT audit director report? The seventh annual survey of more than 1,300 chief audit executives (CAE), internal audit professionals and IT audit vice presidents and directors worldwide found that most audit plans for … More

The post IT audit best practices: Technological changes give rise to new risks appeared first on Help Net Security.

Cyber attacks are becoming more organized and structured

Trustwave released the 2018 Trustwave Global Security Report which reveals the top security threats, breaches by industry, and cybercrime trends from 2017. The report is derived from the analysis of billions of logged security and compromise events worldwide, hundreds of hands-on data-beach investigations and internal research. Findings depict improvement in areas such as intrusion to detection however, also showed increased sophistication in malware obfuscation, social engineering tactics, and advanced persistent threats. North America and retail … More

The post Cyber attacks are becoming more organized and structured appeared first on Help Net Security.

Inbox placement improving, spam placement remains the same

The global trend of delivery data increased over the last eight quarters, with a growth of 4 percent inbox placement, according to 250ok. Missing emails saw a decrease of 5 percent, while spam folder placement remains rather stable with less than 1 percent change. Of the global seed accounts 250ok studied, Canada was the only country with a dip in email deliverability, as the 3-year transition period for Canada’s Anti-Spam Legislation (CASL) came to an … More

The post Inbox placement improving, spam placement remains the same appeared first on Help Net Security.

What will happen with WHOIS when GDPR is implemented?

data-protection-panda

The countdown has now begun for the introduction of the General Data Protection Regulation (GDPR). Although the implications of the new regulation have been widely discussed, one of the lesser known side effects of its coming into force could jeopardize user security instead of enhancing it. This situation is due to the conflict between the obligations of the GDPR and WHOIS, the extensive system managed by ICANN (Internet Corporation for Assigned Names and Numbers) and which identifies to whom a domain belongs.

What is WHOIS and why is it important?

WHOIS is a protocol that enables you to find the names and contact details of the owners of a domain and was created by ICANN in the 1980s. It is, in fact, one of the oldest Internet tools to verify identities.

The WHOIS system is an invaluable resource for investigators and security forces: the data it provides is a first line of enquiry whenever malicious activity is detected, given that it is publicly available. Investigators use WHOIS to track the spread of malware or to discover who is really behind a malicious domain. ICANN has agreements with all domain registrars which require them to publish data such as the names, email addresses and phone numbers of those who register domains through their service.

Even though they cover all domains, the requirements of the WHOIS system are under scrutiny and it has long been suggested that it is an outdated system. Even supporters readily admit that it is easy to provide false information, and it is estimated that some 40 percent of the data could be fraudulent or inaccurate. It is also true that WHOIS has traditionally been a mine of information for hackers and spammers, who can extract data from WHOIS databases to launch spam, target registered users or steal their identity. This has led to the proliferation of services offering to conceal WHOIS data, many of which are provided by the same domain management companies.

But, what exactly is the problem that arises with the implementation of the GDPR? Currently, the WHOIS protocol publishes the names, addresses and phone numbers of those who register an Internet domain. Yet this system will become illegal under the GDPR, as it does not ask for the express consent of these people before sharing their personally identifiable data. As mentioned, some companies already offer the possibility of hiding personal data for an extra fee, but this is also not compatible with GDPR compliance.

A head-on collision between GDPR and WHOIS

The situation is not easy to resolve. The GDPR prohibits companies from publishing information that identifies individuals, which means that the agreements between domain registrars and ICANN regarding WHOIS will be illegal. And this will also hinder the work of identifying cyber-attackers.

As it stands now, it is difficult to integrate the WHOIS protocol into the GDPR regulatory framework. It cannot be claimed that the fact that this database is public helps to fulfill the original purpose for which the information was collected (registering the domain). This means that the current public WHOIS system is incompatible with the data privacy principles of the GDPR.

Last November, ICANN announced that it would not take legal action against domain registrars for failing to comply with contractual obligations regarding the management of registration data. In other words, the corporation will not act against those who do not publish the WHOIS data until a permanent solution that aligns with the GDPR requirements has been found. Nevertheless, there is a risk that an increasing amount of personal data will be deleted from the public WHOIS database, as it is easier for companies simply to eliminate sensitive data than to invest time in properly implementing the measures required by the GDPR. In fact, GoDaddy, the world’s largest domain registrar, announced in January that it would retract bulk searches of WHOIS contact details for its 17 million customers and it is feared that many other registrars will follow suit before May 25.

Some years ago, ICANN created a working group to study ways of protecting privacy, preserving freedom of expression and, taking into account consumer protection and the public interest, to ensure confidence and competitiveness. Its recommendations indicated the need to have a system of ‘informing’, designed to replace WHOIS’ publicly available information. As early as 2012, ICANN proposed a solution, which was to implement a Registration Directory Service (RDS) which would run an automatically updated database filled with domain registration data from all the accredited registries. The data would be “gated” by default, unlike what happens with WHOIS. However, six years later the organization does not seem to be any closer to implementing this proposal.

ICANN is in a difficult position. On the one hand, it is under pressure from security experts who rely on WHOIS data to investigate crimes or mitigate the effects of attacks. On the other hand, the organization also has to adapt to the GDPR to protect the personal data of Internet users. Will it be able to find a viable way of balancing the security forces’ need-to-know with right to privacy of users?

 

The post What will happen with WHOIS when GDPR is implemented? appeared first on Panda Security Mediacenter.

How One Investor Is Navigating The Cybersecurity Sector

logo-pe-hub-network

From managing healthcare records and finances to how we do our shopping, innovative technologies have made our lives easier by giving us the freedom to access almost anything at the touch of a button. But this on-demand convenience often comes with increased security risk.

With so much of our personal information being transmitted daily, we have become more susceptible to cyberattacks. In fact, cyberattacks have become the fastest growing crime in the U.S. with cybersecurity spending expected to exceed $1 trillion through 2021, according to a report by Cybersecurity Ventures.

When the National Association of Corporate Directors asked board members to identify trends most affecting their companies over the next 12 months, “cybersecurity threats” were cited more frequently than even “political uncertainty in the United States” or “technology disruption” — a revealing statistic, given the state of current events.

As a result, the mounting need for cybersecurity solutions has opened the door for thousands of new companies touting the “best” and “most effective” security platforms.

As growth-equity investors, how do we determine the best opportunity within this crowded market?

In the cybersecurity sector, a handful of well-established megacompanies make up the tip of the iceberg. We at NewSpring, however, see greater opportunity just beneath the surface.

We pursue growth-oriented cybersecurity companies that are multifaceted, have revenue- and service-expansion potential, and will be able to deliver attractive exit multiples.

Beyond these criteria, we believe it’s crucial to identify companies with innovative, differentiated product offerings that provide effective solutions to the problems facing their target customers, whether in enterprise or mid-market sectors.

A little more than a year ago, I attended the RSA Conference in San Francisco, where it’s easy to become overwhelmed by the myriad cybersecurity solutions on the market.

The majority of these companies are single-niche companies, focused on one specific area, such as endpoint protection, network security, cloud security or threat intelligence.

If you are a company looking to protect yourself against cyberattacks, you would need to bundle several of these companies to get a full suite of services.

And with cyberattacks appearing in a variety of shapes and sizes, you need a wide range of security solutions. This presents an opportunity for those who can fill this void.

For example, a few years ago we invested in LookingGlass Cyber Solutions, which provides intelligence-driven security by delivering unified threat protection to global enterprises and government agencies.

LookingGlass’s end-to-end portfolio, backed by a global team of security analysts, addresses a full spectrum of cybersecurity risks by rapidly analyzing structured and unstructured data gathered from its customers’ infrastructures and correlating this information in real-time with security trends the company monitors across the wider internet.

This view of threats offers earlier recognition and mitigation of cyberrisks present in business operations, supply chains and other third parties.

LookingGlass provides not only the technology required to combat sophisticated cyberattacks, but also information-security, brand-security or physical-security monitoring as a service to its customers and partners.

When we were evaluating the company’s offering, it had recently acquired two companies and was negotiating a third. LookingGlass’s commitment to a rollup strategy enabled it to offer multidimensional cybersecurity solutions, which played an important role in our decision to invest.

As technology advances and consumers’ appetites for customization and convenience continue to grow, the need for cybersecurity will become even more prevalent.

While healthcare and fintech will continue to garner most of the headlines, other industries such as automotive, logistics and smart home technology will also spur new opportunities.

The cybersecurity industry has only just begun to scratch the surface and we are optimistic about the exciting new investment opportunities this sector will have to offer.


Source: https://www.pehub.com/2018/04/how-one-investor-is-navigating-the-cybersecurity-sector/

The post How One Investor Is Navigating The Cybersecurity Sector appeared first on LookingGlass Cyber Solutions Inc..

Easily exploited flaw in Microsoft Malware Protection Engine allows total system compromise

A critical and extremely easily exploitable vulnerability in the Microsoft Malware Protection Engine (MMPE) has been patched through an out-of-band security update pushed out by Microsoft on Tuesday. “Administrators of enterprise antimalware deployments should ensure that their update management software is configured to automatically approve and distribute engine updates and new malware definitions. Enterprise administrators should also verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded, … More

The post Easily exploited flaw in Microsoft Malware Protection Engine allows total system compromise appeared first on Help Net Security.

ShifLeft: Fully automated runtime security solution for cloud applications

When talking about data loss prevention, the first thing that comes to mind are solutions aimed at stopping users from moving sensitive documents/data out of a network. But there is a different type of data loss that app developers should be conscious and worry about: cloud applications inadvertently sending critical data to unencrypted/public databases/services. Fuelled by the adoption of microservices and short software development cycles, this is the fastest growing problem in application security today. … More

The post ShifLeft: Fully automated runtime security solution for cloud applications appeared first on Help Net Security.

Establishing covert communication channels by abusing GSM AT commands

Security research often starts as a hobby project, and Alfonso Muñoz’s and Jorge Cuadrado’s probe into mobile privacy is no exception. The duo, who’s scheduled to reveal the results of their research at the Hack in the Box Conference in Amsterdam next week, ended up finding a way to establishing covert communication channels over GSM by abusing GSM AT commands. The investigation The first step of their investigation was to build a DIY mobile phone, … More

The post Establishing covert communication channels by abusing GSM AT commands appeared first on Help Net Security.

Fewer records breached: Cybercriminals focus on ransomware, destructive attacks

According to the 2018 IBM X-Force Threat Intelligence Index, the number of records breached dropped nearly 25 percent in 2017, as cybercriminals shifted their focus on launching ransomware and destructive attacks that lock or destruct data unless the victim pays a ransom. Last year, more than 2.9 billion records were reported breached, down from 4 billion disclosed in 2016. While the number of records breached was still significant, ransomware reigned in 2017 as attacks such … More

The post Fewer records breached: Cybercriminals focus on ransomware, destructive attacks appeared first on Help Net Security.

What’s new at RSAC 2018?

With the most significant global information security event just around the corner, we caught up with Sandra Toms, VP and Curator, RSA Conference, to find out what attendees can expect in San Francisco, April 16-20, 2018. What is new at RSA Conference this year that you’d like to highlight? One exciting thing we’re introducing this year is Broadcast Alley, which you could consider the “unofficial newsroom” of RSAC 2018. Publishers, sponsors, partners and exhibitors can … More

The post What’s new at RSAC 2018? appeared first on Help Net Security.

How critical infrastructure operators rate their security controls

Indegy revealed that nearly 60 percent of executives at critical infrastructure operators polled in a recent survey said they lack appropriate controls to protect their environments from security threats. As expected, nearly half of all respondents indicated their organizations plan to increase spending for industrial control system (ICS) security measures in the next 12-24 months. “We have been tracking the escalation in cyber threat activity specifically targeting critical infrastructures for some time,” says Barak Perelman, … More

The post How critical infrastructure operators rate their security controls appeared first on Help Net Security.

Massive data breaches just one month before the arrival of the GDPR

panda-security

The security and privacy of personal data is once again a cause of concern and debate for business organizations. With the new General Data Protection Regulation just weeks away, the latest cyber-security studies reveal that data theft incidents continue on the rise, with an average of 122 data records being compromised per second. What’s more, if you take a look at the data breach statistics recorded since 2013, you will realize that the number of data records lost of stolen over the last four years is over 9,740,567,988. From medical information to credit card numbers, from access credentials to information relating to purchasing habits, personal choices and opinions, this information is large enough to generate a huge database that could be exploited for social, financial and even electoral purposes.

Facebook, Equifax or MyFitnessPal

Although when talking about security breaches the first thing that usually comes to mind are attacks perpetrated by cybercriminals, it is important to focus on internal threats and oversights in companies’ own security as well. Over the last week we have seen how data breaches can hurt even tech giants such as Facebook, which is in the eye of a controversy storm for the alleged harvesting of data from more than 50 million users in order to favor President Trump’s election campaign.

Accidental data leaks, due to simple negligence, reached a disproportionately large number in 2017, with the Equifax case offering a prime example of the consequences of not protecting confidential data adequately. Last September, Equifax, one of the three major credit bureaus in the United States, was hit by a security breach affecting the personal information of 147.9 million customers, making this one of the biggest data breaches in history. The attackers got their hands on the victims’ names, social security numbers, home addresses and even driver’s license numbers, being able to access customers’ credit scores and financial profiles.

Unfortunately, this trend doesn’t seem like it will stop anytime soon. Sport clothing company Under Armour has suffered the largest data breach this year and one of the top five to date, based on the number of records compromised. The American company confirmed it had discovered on March 25 a potential data breach affecting 150 million users of its MyFitnessPal app and website.

Don’t be a victim of data theft

No one wants their company to appear in the news as the latest victim of a security breach due to the devastating impact it can have on their reputation, users and business. And even more so with the imminent entry into force of the GDPR on May 25. The purpose of this legislation is to protect the personal data of the EU citizens, monitoring how that data is collected, stored, and processed by organizations. Companies must take all necessary measures to ensure the proper levels of data security, traceability and management, including the application of the ‘Right to Erasure’, as failing to comply with the GDPR requirements can have significant consequences including fines of up to €20 million or 4 percent of an organization’s annual worldwide turnover.

To avoid being in that position, the first step is to be aware of the importance of implementing effective security measures and policies. Prevention in data processing activities is one of the basic requirements set out in the new Regulation. It’s very important to work with the necessary vision and anticipation to gain competitive advantage in business strategies.

Security solutions such as Panda Data Control are capable of discovering, auditing and monitoring the unstructured personal data stored across an organization: from data at rest to data in use and data in motion. They allow administrators to prevent uncontrolled access to the company’s sensitive data, ensure proper registration and traceability of personal information, and help comply with data protection regulations such as the GDPR or PCI-DSS.

The data monitoring capabilities provided by Panda Data Control are key to showing senior management, the DPO and the relevant authorities the strict control you have over the PII files found on your network. It is the ultimate tool for justifying any operation you must perform on that information: alteration, confirmation or deletion.

Don’t let your organization be in the headlines for the wrong reasons: find, monitor and control unstructured personal data across your network in real time, with one agent, and from one single solution with Panda Data Control.

The post Massive data breaches just one month before the arrival of the GDPR appeared first on Panda Security Mediacenter.

YouTube Shooting: Woman Wounds 3, Then Kills Self, Police Say

Woman shoots and wounds 3 at YouTube headquarters in California before killing self

A woman opened fire with a handgun at YouTube’s headquarters in San Bruno, California, on Tuesday, which prompted panic as 2,000 people employed in the office hid and tried to flee into the surrounding streets. YouTube is a video-sharing service owned by Alphabet Inc.’s, Google.

The suspect has been identified as Nasim Najafi Aghdam, 39, of Southern California, who wounded four people before shooting herself dead, said two law enforcement officials on the condition of anonymity, as they were not authorized to discuss the case. San Bruno police said in a statement that the suspect did not know the victims when she opened fire on Tuesday afternoon before killing herself.

The suspect’s father, Ismail Aghdam, told CBS Los Angeles that she was angry with the company because it had stopped paying her for videos she posted on the platform.

Those who post videos on YouTube can earn money from advertisements that accompany their videos. However, the channel has the right to “de-monetize” some channels for reasons such as less than 1,000 subscribers or for uploading inappropriate material.

A law enforcement official said investigators believe Aghdam used the name Nasime Sabz online and had a long-running dispute with YouTube. Her website accuses “new closed-minded” YouTube employees of reducing her view count and also criticized YouTube’s policies. It said that YouTube was trying to “suppress” content creators.

YouTube had “stopped everything,” and “she was angry”, Ismail Aghdam said from his San Diego home in a telephone interview with the Bay Area News Group.

Ismail Aghdam said that when his daughter did not answer her phone for two days, he reported Nasim missing on Monday. He further said the family received a call from Mountain View police around 2 a.m. on Tuesday saying that they had found his daughter sleeping in a car.

Ismail Aghdam said he warned them that she might be headed to YouTube because she “hated” the company. He told police she said the company was “ruining her life.”

Katie Nelson, spokeswoman for Mountain View Police, confirmed that they had found a South Californian woman by the same name asleep in a vehicle in a Mountain View parking lot on Tuesday morning and had notified her family. When asked whether police were warned that Nasim might go to YouTube, Nelson chose not to respond to this question.

After multiple 911 calls reporting gunfire were reported, officers and federal agents swarmed the company’s headquarters complex in the city of San Bruno. Television news footage showed people leaving the building in a line, holding their arms in the air. Officers patted them down to make sure none had weapons.

Todd Sherman, a YouTube product manager, described on Twitter that when he heard people running, he first thought it was an earthquake before he was told that a person had a gun.

“At that point every new person I saw was a potential shooter. Someone else said that the person shot out the back doors and then shot themselves,” Sherman said in a tweet.

“I looked down and saw blood drips on the floor and stairs. Peaked around for threats and then we headed downstairs and out the front,” Sherman said.

YouTube employee Vadim Lavrusik posted on Twitter that he heard gunshots and saw people running. He said he was locked up in a room with co-workers before being safely evacuated.

Further, a dispatcher in a recording of a 911 call posted online by the Los Angeles Times, can be heard saying: “Shooter. Another party said they spotted someone with a gun. Suspect came from the back patio … Again we have a report of a subject with a gun. They heard seven or eight shots being fired.”

Dr. Andre Campbell, a trauma surgeon at the hospital, said at a news conference that three people were brought to San Francisco General Hospital who were victims of gunshot wounds. However, none of them had to undergo surgery, Campbell said. Authorities did not release names of the victims. A fourth person also was taken to a local hospital, who suffered an ankle injury due to fleeing the scene.

Google, YouTube’s parent company, said in a statement that they are “coordinating with authorities and will provide official information here from Google and YouTube as it becomes available.”

“It’s with great sadness that I tell you – based on the latest information – four people were injured in this horrific act of violence,” Google Chief Executive Sundar Pichai said in letter to employees that was posted on Twitter.

“I know a lot of you are in shock right now. Over the coming days, we will continue to provide support to help everyone in our Google family heal from this unimaginable tragedy,” he added.

In a separate tweet, Pichai said he and Susan Wojcicki, YouTube Chief Executive were “focused on supporting our employees & the @YouTube community through this difficult time together.”

President Donald Trump tweeted his “thoughts and prayers” to everyone involved.

“Our thoughts and prayers are with everybody involved,” Trump tweeted. “Thank you to our phenomenal Law Enforcement Officers and First Responders that are currently on the scene.”

In response, Twitter Chief Executive Jack Dorsey tweeted: “We can’t keep being reactive to this, thinking and praying it won’t happen again at our schools, jobs, or our community spots. It’s beyond time to evolve our policies.”

The shooting was the latest in a string of mass killings carried out in the U.S. in recent years. Most recently, the massacre of 17 people at a Florida high school has led to calls for tighter restrictions on gun ownership.

Source: CBS Los Angeles

The post YouTube Shooting: Woman Wounds 3, Then Kills Self, Police Say appeared first on TechWorm.

Intel will not provide Spectre/Meltdown microcode updates for some processor families

Intel has decided not to provide microcode updates to plug Spectre and Meltdown vulnerabilities in a number of older processors. According to the last update (April 2, 2018) of the “Microcode Revision Guidance,” Bloomfield, Bloomfield Xeon, Clarksfield, Gulftown, Harpertown Xeon C0 and E0, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale, Wolfdale Xeon, Yorkfield, and Yorkfield Xeon families of processors will not receive the updates. (Most of these “abandoned” CPUs are older products no longer in production.) … More

The post Intel will not provide Spectre/Meltdown microcode updates for some processor families appeared first on Help Net Security.