Category Archives: News

Global cyber risk perception: Highest management priorities

Few organizations are highly confident in their ability to manage the risk of a cyber-attack, despite viewing cybersecurity as a top risk management priority, according to a survey conducted by Marsh and Microsoft. Cybersecurity confidence In the global survey of more than 1,300 senior executives, two-thirds ranked cybersecurity among their organizations’ top five risk management priorities – approximately double the response to a similar question Marsh asked in 2016. The survey also found that a … More

Week in review: Vulnerability tracking, GDPR quick guide, tackling the insider threat

Here’s an overview of some of last week’s most interesting news and articles: Intel offers to pay for Spectre-like side channel vulnerabilities Intel is expanding the bug bounty program it started last March, and is raising considerably the awards it plans to give out for helpful vulnerability information. The company is, simultaneously, starting a new bug bounty program focused specifically on side channel vulnerabilities, i.e., vulnerabilities that are rooted in Intel hardware but can be … More

The United States is “vulnerable” to cybersecurity attacks said by the co-founder of the computer security firm CrowdStrike

Recent cyber attacks, including NotPetya last June, have been destructive to American organizations, causing them hundreds of millions of dollars

The post The United States is “vulnerable” to cybersecurity attacks said by the co-founder of the computer security firm CrowdStrike appeared first on Latest Hacking News.

Dell EMC plugs critical bugs in VMAX enterprise storage offerings

Dell EMC has patched two critical flaws in vApp Manager, the management interface for its VMAX enterprise storage systems, and is urging all customers to implement fixes as soon as possible. About the VMAX enterprise storage vulnerabilities The flaws were discovered and reported by Tenable’s director of reverse engineering Carlos Perez. The graver of the two is CVE-2018-1216, which marks the existence of a hard-coded password vulnerability. “The vApp Manager contains an undocumented default account … More

Scanned IDs of 119,000 FedEx customers exposed online

An unsecured Amazon Web Services bucket holding personal information and scans of IDs of some 119,000 US and international citizens has been found sitting online by Kromtech security researcher earlier this month. The stored data had been stockpiled by Bongo International, a company that specialized in helping North American retailers and brands sell online to consumers in other countries. Bongo was acquired by FedEx in 2014, relaunched as FedEx Cross-Border International, and ultimately shuttered in … More

New infosec products of the week​: February 16, 2018

ScramFS: Encryption system for safeguarding cloud data Scram Software has announced that ScramFS – an internationally peer-reviewed encryption system for safeguarding cloud data – is now available globally to SMEs, government and not-for-profit organizations, enabling encryption of sensitive data to reduce breaches and assist in ensuring legal, HIPPA and GDPR compliance. Dtex Systems updates its Advanced User Behavior Intelligence Platform Dtex Systems announced innovations to its Advanced User Behavior Intelligence Platform, designed to meet the … More

Intel offers to pay for Spectre-like side channel vulnerabilities

Intel is expanding the bug bounty program it started last March, and is raising considerably the awards it plans to give out for helpful vulnerability information. Where information about critical vulnerabilities in Intel software, firmware and hardware could have previously been rewarded with up to $7,500, $10,000 and $30,000, respectively, now the bounties in those same categories go up to $10,000, $30,000 and $100,000. A new bug bounty program for side channel vulnerabilities The company … More

Still relying solely on CVE and NVD for vulnerability tracking? Bad idea

2017 broke the previous all-time record for the highest number of reported vulnerabilities. The 20,832 vulnerabilities cataloged during 2017 by Risk Based Security (VulnDB) eclipsed the total covered by MITRE’s Common Vulnerability Enumeration (CVE) and the National Vulnerability Database (NVD) by more than 7,900. “Incredibly, we see too many companies still relying on CVE and NVD for vulnerability tracking, despite the US government funded organization falling short year after year. While some argue that the … More

7 steps security leaders can take to deal with Spectre and Meltdown

Security and risk management leaders must take a pragmatic and risk-based approach to the ongoing threats posed by an entirely new class of vulnerabilities, according to Gartner. Spectre and Meltdown are the code names given to different strains of a new class of attacks that target an underlying exploitable design implementation inside the majority of computer chips manufactured over the last 20 years. Security researchers revealed three major variants of attacks in January 2018. The … More

A five-year analysis of reported Windows vulnerabilities

Based on analysis of all disclosed Microsoft vulnerabilities in 2017, a new Avecto report shows a significant rise in the number of reported vulnerabilities. Last year, 685 vulnerabilities were found versus 325 vulnerabilities that were found in 2013. The removal of admin rights could mitigate 80% of all critical Microsoft vulnerabilities reported in 2017. Nearly all (95%) of critical vulnerabilities in Microsoft browsers could be mitigated by the removal of admin rights. The rise of … More

Hackers Exploited Telegram Messenger Zero-Day Vulnerability To Spread Multipurpose Malware

The ISBuzz Post: This Post Hackers Exploited Telegram Messenger Zero-Day Vulnerability To Spread Multipurpose Malware appeared first on Information Security Buzz.

Kaspersky Lab researchers have uncovered ‘in the wild’ attacks being carried out by a new piece of malware using a zero-day vulnerability in the Telegram Desktop app. The vulnerability was used to deliver multipurpose malware, which depending on the computer can be used either as a backdoor or as a tool to deliver mining software. According to the research, the vulnerability has been actively exploited since March 2017 for the cryptocurrency mining functionality, including Monero, Zcash, etc.

Social messaging services have long been an essential part of our connected life, designed to make it much easier to keep in touch with friends and family. At the same time, they can significantly complicate things if they suffer a cyberattack. For instance, last month Kaspersky Lab published a research report on advanced mobile malware, the Skygofree Trojan, which is able to steal WhatsApp messages. The latest research reveals that experts were able to identify ‘in the wild’ attacks with a new, previously unknown vulnerability in the desktop version of another popular instant messaging service.

According to the research, the Telegram zero-day vulnerability was based on the RLO (right-to-left override) Unicode method. It is generally used for coding languages that are written from right to left, like Arabic or Hebrew. Besides that, however, it can also be used by malware creators to mislead users into downloading malicious files disguised, for example, as images.

Attackers used a hidden Unicode character in the file name that reversed the order of the characters, thus renaming the file itself. As a result, users downloaded hidden malware which was then installed on their computers. Kaspersky Lab reported the vulnerability to Telegram and, at the time of publication, the zero-day flaw has not since been observed in messenger’s products.

During their analysis, Kaspersky Lab experts identified several scenarios of zero-day exploitation in the wild by threat actors. Firstly, the vulnerability was exploited to deliver mining malware, which can be significantly harmful to users. By using the victim’s PC computing power, cybercriminals have been creating different types of cryptocurrency including Monero, Zcash, Fantomcoin and others. Moreover, while analysing a threat actor’s servers, Kaspersky Lab researchers found archives containing a Telegram local cache that had been stolen from victims.

Secondly, upon successful exploitation of the vulnerability, a backdoor that used the Telegram API as a command and control protocol was installed, resulting in the hackers gaining remote access to the victim’s computer. After installation, it started to operate in a silent mode, which allowed the threat actor to remain unnoticed in the network and execute different commands including the further installation of spyware tools.

The artefacts discovered during the research indicate Russian origins of cybercriminals.

“The popularity of instant messenger services is incredibly high, and it’s extremely important that developers provide proper protection for their users so that they don’t become easy targets for criminals. We have found several scenarios of this zero-day exploitation that, besides general malware and spyware, was used to deliver mining software – such infections have become a global trend that we have seen throughout the last year. Furthermore, we believe there were other ways to abuse this zero-day vulnerability.” said Alexey Firsh, Malware Analyst, Targeted Attacks Research, Kaspersky Lab.

Kaspersky Lab products detect and block the exploitation cases of this discovered vulnerability.

In order to protect your PC from any infection, Kaspersky Lab recommends the following:

  • Do not download and open unknown files from untrusted sources;
  • Try to avoid sharing any sensitive personal information in instant messengers;
  • Install a reliable security solution such as Kaspersky Internet Security or Kaspersky Free that detects and protects you from all possible threats, including malicious mining software.

The ISBuzz Post: This Post Hackers Exploited Telegram Messenger Zero-Day Vulnerability To Spread Multipurpose Malware appeared first on Information Security Buzz.

Microsoft boosts Windows Analytics to help squash Meltdown and Spectre bugs

A day after Microsoft announced it will be adding Windows Defender ATP down-level support for older OSes comes the news that its Windows Analytics service is getting new capabilities aimed at helping businesses tackle Meltdown and Spectre vulnerabilities on machines in their fleet. What is Windows Analytics? Windows Analytics is a free telemetry analysis tool for business administrators. It is meant for guiding organizations through upgrading to and staying current on Windows 10 by providing … More

Indian Banks Can Do More To Make Open Banking Obvious Path To Prosperity, Says GlobalData

The ISBuzz Post: This Post Indian Banks Can Do More To Make Open Banking Obvious Path To Prosperity, Says GlobalData appeared first on Information Security Buzz.

Indian banking system is among the most convenient and trusted in the world, but Indian banks can do more to put consumer centricity to the core of their strategy and make open banking the obvious path to prosperity, says leading data and analytics company GlobalData.

According to GlobalData’s Retail Banking, Customer Insight Survey, 2017, India has taken several measures including granting new banking licenses to stir up competition, introducing the unified payment interface (UPI) to ensure inter-operability across the new eco-system, and demonetization to increase digital payment volumes and set up a supporting infrastructure for open banking.

IMAGE FOR PUBLICATION: Importance of various business objectives in influencing IT investment strategies

To accommodate that increase, the government implemented a standard set of APIs (Aadhaar, eKYC and DigitalLocker, etc.) and even rolled out its own payment app–Bharat Interface for Money (BHIM)– in late 2016, to enable payments from any bank 24/7 in real-time and expedite the move towards a ‘presence-less, paperless, and cashless service delivery’ system.

These initiatives have resulted in dramatic improvements across key indicators. As a true measure of openness, around 270 million Aadhaar-driven bank accounts were opened and digital payment volumes soared to all-time highs. However, with such rapid digitization inevitably come growing pains.

Stephen Walker, Digital Banking Analyst at GlobalData, comments: “As more banking happens outside of proprietary banking apps, authorities must continually re-calibrate regulatory policies and frame risk-based thresholds for new entrants to keep cybersecurity vulnerabilities in check and maintain consumer confidence.”

There are data management challenges too to contend with. Mining data from traditional sources as well as from e-commerce purchases, utility payments, social media and electronic payments will have particular applications for India’s SME sector, most of whom presently obtain financing from the informal sector.

Walker continues: “The APIs available through India Stack are at various stages of maturity, some are still being refined, and not all have been subject to nation-wide education and awareness campaigns. The authorities should consider the Competition and Markets Authority (CMA) -type approach as in the UK to strengthen open banking led by the top eight banks and/or FinTech firms by market share.

“To stay ahead in the game, banks should put consumer centricity to the core of their strategy, build close relationships with partners (vendors and FinTech) and create integrated digital infrastructures. They will have to tap into the available consumer data to plan new products, services and business models. After all, innovative and infrastructure-lite business models are now more possible in India than anywhere else in the world.”

The ISBuzz Post: This Post Indian Banks Can Do More To Make Open Banking Obvious Path To Prosperity, Says GlobalData appeared first on Information Security Buzz.

Microsoft, Adobe February 2018 security updates: An overview

The Microsoft February 2018 security updates are for Internet Explorer, Edge, Windows, Office, Office Services and Web Apps, Adobe Flash, and ChakraCore (the core part of the Chakra Javascript engine that powers Microsoft Edge). Jimmy Graham, director of product management at Qualys, considers the Adobe Flash update and that for StructuredQuery in Windows servers and workstations to be the most critical and best implemented as soon as possible. The former plugs the Flash zero-day bug … More

Here’s what keeps your CISO up at night

89.1 percent of all information security leaders are concerned about the rise of digital threats they are experiencing across web, social and mobile channels, according to the 2018 CISO Survey by RiskIQ. Some 1,691 U.S. and U.K. information security leaders across multiple verticals, including enterprise, consulting, government and education, provided insights into their cyber risk concerns and plans for 2018. Overall, the survey revealed a coming “perfect storm,” where the problem of staff shortages collides … More

Hybrid data storage is growing rapidly in the digital workplace

82% of businesses are currently deploying a mix of cloud and on- premises infrastructure. Egnyte analyzed over 14 petabytes of data across thousands of businesses worldwide to better understand the trends around the content that is being stored, shared, and collaborated on. The analysis uncovered a number of trends, including: Businesses have increased their storage footprint by 55% YoY The average file size for all businesses in 2018 is 3.13 MB, up from 2.59 MB … More

Security newsround: February 2018

We round up reporting and research from across the web about the latest security news. This month: coinjacking for cryptocurrency, CEO fraud takings, Google gets into security, a hefty fine for data breach, and social engineering the CIA.

They got the jack

Irish Government websites were among 4,200 portals around the world infected with ‘coinjacking’ malware. This malicious code turned visitors’ web browsers into secret and illegal cryptocurrency miners. The Irish Times reported that the Health Service Executive, the Oireachtas, Safefood and some county councils were among the affected sites. Scott Helme, a UK-based security researcher, discovered the attack which exploited a plugin called Browsealoud. This plugin is mandatory for many websites for accessibility, as it reads text to visually impaired people. Until the developer Texthelp disabled the plugin, anyone visiting a site that had it inadvertently ran hidden mining code on their computer, generating money for “miscreants unknown,” as The Register described them. The Irish Times quoted BH Consulting CEO Brian Honan who said website owners using third-party plug-ins should perform due diligence to ensure the software is reputable.

Business email compromise = billions exfiltrated cleverly

CEO fraud, also known as business email compromise, is a large and growing business risk affecting organisations worldwide. How large? $9 billion this year, according to a forecast from Trend Micro. The security company analysed nine months’ worth of incidents to identify patterns and emerging trends. One popular tactic uses keyloggers and phishing kits to steal credentials and access an organisation’s email. The second approach is an email-only attack that relies on social engineering. Dark Reading’s roundup noted that attackers’ methods are getting more sophisticated. For businesses, CEO fraud is a significant but preventable threat, whereas criminals love it because it’s both relatively simple and highly effective. The full report is free to download.

Alphabet says C for cybersecurity

Google’s parent company Alphabet has launched a standalone security intelligence and analytics company called Chronicle. The announcement came via a post on Medium, where founder Stephen Gillett said “We think we’ll be able to help organisations see their full security picture in much higher fidelity than they currently can.” In addition, Chronicle will include the malware reporting network VirusTotal. The company claims it’s already working with Fortune 500 customers. Many news outlets carried the story, including The Verge, ZDNet and The Register. All noted the scarcity of technical details available so far, beyond references to using the cloud and machine learning.

A fine mess as Carphone Warehouse faces financial penalty for data breach

The UK Information Commissioner’s Office has fined Carphone Warehouse £400,000 over “significant and distinct inadequacies” in the company’s security controls. It’s one of the biggest fines the ICO has ever levied. In 2015, the telecoms retailer suffered an attack which exposed more than 3 million records. The ICO’s penalty notice contains many interesting technical details about the breach. For example, attackers exploited a weak point in WordPress. In Carphone Warehouse’s case, the WordPress installation was “considerably out of date”, said the ICO. Reuters’ report quoted Commissioner Elizabeth Denham saying: “Carphone Warehouse should be at the top of its game when it comes to cyber-security and it is concerning that the systemic failures we found related to rudimentary, commonplace measures.”

Norwegian loot (this data has flown)

Almost half the population of Norway had their data exposed in a breach of a regional health authority. Health South-East RHF, an organisation that manages hospitals in southeast Norway, announced the breach in late January. HelseCERT, Norwegian healthcare’s national information security centre, described the as-yet-unknown perpetrator as ‘advanced and professional’, reported the Inquirer. HelpNet Security speculated the attackers were either working for a foreign nation state, or simply wanted to sell the data. Bleeping Computer pointed out that the leak was not as large as that suffered by Sweden in 2015. By comparison, that wide-ranging breach involved millions of compromised records, including all Swedish driving licence holders.

Teenagers these days!

Lastly, a 15-year-old from Britain allegedly impersonated the former head of the CIA, John Brennan. In doing so, he accessed secret intelligence about US operations in Afghanistan and Iran. The Telegraph reported the prosecutor John Lloyd-Jones QC saying the teenager used social engineering to access emails, phones, computers and law enforcement portals. Kane Gamble from Leicestershire is alleged to have founded the Crackas with Attitude hacker group, which boasted about its exploits on Twitter, Hackread reported. John Dunn at Sophos’ Naked Security blog said the nature of intrusions hold “a big warning for organisations everywhere”. It didn’t take amazing technical skills, he wrote. “Gamble simply phoned up help desks for broadband services and utilities using public numbers, convincing staff they were speaking to the target as a way of gaining access or resetting accounts.”

The post Security newsround: February 2018 appeared first on BH Consulting.

Canon selects Vera to secure the future of digital imaging and printing

Canon has selected Vera to secure and protect Canon’s fleet of digital imaging and printing products and services. This partnership will help enterprises protect their intellectual property and business information from data leaks for all information processed or handled by Canon devices. Canon will leverage Vera’s award-winning encryption and dynamic data protection technology to further its commitment to innovation and deliver advanced rights management across its entire product portfolio. Vera’s data-centric security platform gives customers … More

Microsoft to provide Windows Defender ATP for older OS versions

Microsoft will backport Windows Defender Advanced Threat Protection (ATP) to meet the security needs of organizations that have not yet entirely switched to Windows 10. Windows Defender ATP provides deep insights into Windows 7 events on a rich machine timeline What is Windows Defender ATP? Windows Defender ATP is a unified endpoint security platform that provides administrators a central view of threats on company endpoints. For that to work, the OS must have the Windows … More

Most CIOs plan to deploy artificial Iintelligence

Meaningful artificial intelligence (AI) deployments are just beginning to take place. Gartner’s 2018 CIO Agenda Survey shows that four percent of CIOs have implemented AI, while a further 46 percent have developed plans to do so. “Despite huge levels of interest in AI technologies, current implementations remain at quite low levels,” said Whit Andrews, research vice president and distinguished analyst at Gartner. “However, there is potential for strong growth as CIOs begin piloting AI programs … More

German court says Facebook use of personal data is illegal

Facebook’s default privacy settings and some of its terms of service fall afoul of the German Federal Data Protection Act, the Berlin Regional Court has found. By not adequately securing the informed consent of its users, Facebook’s use of personal data is illegal – and so is the social network’s “real-name” clause, as the German Telemedia Act says that providers of online services must allow users to use their services anonymously or by using a … More

Tackling the insider threat: Where to start?

Many organizations still believe the definition of an insider threat is limited to a rogue employee purposefully leaking embarrassing information, or nuking a couple of systems when he or she quits and walks out the door with internal or customer data to take to a new job. But not all insider threats have to be malicious to cause an incident. Perhaps someone on your marketing team wasn’t aware of their regulatory obligations in handling customer … More

What CISOs prioritize in order to improve cybersecurity practices

In a new study by the The Financial Services Information Sharing and Analysis Center (FS-ISAC), CISOs weighed in on the most critical cyber-defense methods, frequency of cyber-preparedness reporting to their respective boards of directors as well as the current cyber chain of command within their respective financial organizations. Critical defense CISOs surveyed were split on their top priorities for securing their organizations against cyberattacks. 35 percent of CISOs surveyed said that employee training is a … More

Consumers want more IoT regulation

A demand for more regulation may seem counterintuitive in today’s world and yet that’s exactly what consumers who understand IoT technologies want, according to a new study from Market Strategies International. The study identified two distinct groups: the IoT “Haves” and the IoT “Have Nots.” The Haves are defined as people who have worked with IoT technologies in their workplace, whether in an office, home office, retail space, factory or other work setting. They comprise … More

Polisis: AI-based framework for analyzing privacy policies in real time

It has been known for a while that the overwhelming majority of Internet users doesn’t read privacy policies and terms of service before agreeing to them. Those few that do usually skim over them. That’s mostly because these documents and agreements are extremely long and – intentionally or unintentionally – written in a way that makes them unintelligible to the great majority of users. Companies’ privacy policies and terms of service also change through time, … More

NEWS: Kaspersky Lab Provides Technical Assistance To Ransomware Investigation

The ISBuzz Post: This Post NEWS: Kaspersky Lab Provides Technical Assistance To Ransomware Investigation appeared first on Information Security Buzz.

The Belgian Federal Police is today releasing free decryption keys for the Cryakl ransomware, after working in close cooperation with Kaspersky Lab. The keys were obtained during an ongoing investigation; and by sharing the keys with No More Ransom the Belgian Federal Police becomes a new associate partner of the project – the second law enforcement agency to do so after the Dutch National Police.

In the last few years, ransomware has eclipsed most other cyber threats, with global campaigns now indiscriminately affecting organisations across multiple industries in both the public and private sectors, as well as consumers. One of the most effective ways to fight ransomware is to prevent it. This is exactly why No More Ransom was launched more than a year ago.

Today sees yet another successful example of how cooperation between law enforcement and internet security companies can lead to great results. When the Belgian Federal Computer Crime Unit (FCCU) discovered that Belgian citizens had been victims of the Cryakl ransomware, it was able to locate a command and control server in one of Belgium’s neighbouring countries. Led by the federal prosecutor’s office, the Belgian authorities seized this and other servers while forensic analysts worked to retrieve the decryption keys. Kaspersky Lab provided technical expertise to the Belgian federal prosecutor and has now added these keys to the No More Ransom portal on behalf of the Belgian Federal Police. This will allow victims to regain access to their encrypted files without having to pay the criminals.

The Belgian authorities have continued with their investigation.

“Our regular advice in the case of ransomware attacks is: please don’t pay the ransom. A number of cyber security experts work worldwide to help the victims, creating new, previously non-existent tools for decryption. Free decryption keys for Cryakl ransomware can be considered as proof of this policy and yet another reminder that there is always a chance of winning in the fight with criminals,” said Jornt van der Wiel, Security Researcher in the Global Research and Analysis Team at Kaspersky Lab. 

52 decryption tools available

Since the launch of the No More Ransom portal in July 2016, almost 1.6 million people from more than 180 countries have accessed the website, available in 29 languages with Estonian as the most recent addition.

There are now 52 free decryption tools on www.nomoreransom.org, which can be used to decrypt 84 ransomware families. CryptXXX, CrySIS and Dharma are the most detected infections. More than 35,000 people have managed to retrieve their files for free, which has prevented criminals from profiting from more than EUR 10 million.

The number of partners working together on No More Ransom has risen to more than 120, including more than 75 internet security companies and other private partners. The Cypriot and Estonian police forces are the latest law enforcements agencies to join. KPN, Telenor and The College of Professionals in Information and Computing (CPIC) have also joined as new private sector partners.

Find more information and prevention tips on www.nomoreransom.org.

The ISBuzz Post: This Post NEWS: Kaspersky Lab Provides Technical Assistance To Ransomware Investigation appeared first on Information Security Buzz.

Download: The 2017 State of Endpoint Security Risk Report

To determine the cost and impact of evolving threats, the Ponemon Institute, a preeminent research center dedicated to data privacy and protection, surveyed 665 IT and security leaders. Their responses indicate today’s organizations are struggling to secure their endpoints, and paying a steep cost for each successful attack — $5 million for a large organization or an average of $301 per employee. Get the full report here. Attacks are evolving This year, over 40% of … More

OASIS Completes 1st Successful Plugfest for STIX/TAXII 2 Interoperability

Anomali, Cisco, Fujitsu, IBM Security, LookingGlass Cyber Solutions, NC4, New Context, Phantom, and Others Participate in Event to Validate Threat Intelligence Sharing Standards.

The OASIS Cyber Threat Intelligence (CTI) Technical Committee conducted the First STIX/TAXII 2 Interoperability Plugfest on January 30, 2018. Nine participants, including Anomali, FreeTAXII (Bret Jordan), Cisco Systems, Fujitsu, IBM Security, LookingGlass Cyber Solutions, NC4, New Context, and Phantom integrated and exercised capabilities in their various STIX/TAXII2 products.

The Plugfest was considered successful and provided an important validation of leveraging STIX/TAXII 2 specifications and STIX/TAXII Interoperability Tests within today’s Cyber Threat Intelligence products.

OASIS and the CTI Technical Committee applauds all the Plugfest participants and thanks Symantec Corporation for hosting the event.

Plans for continuing STIX/TAXII2 Plugfests are underway. Any organization that is developing STIX/TAXII 2 capabilities is encouraged to get involved. Organizations interested in participating in the OASIS CTI TC Interoperability Test development and future events should contact communications@oasis-open.org.

More information

About OASIS

OASIS is a non-profit, international consortium that drives the development, convergence, and adoption of open standards for the global information society. OASIS promotes industry consensus and produces worldwide standards for cyber security, privacy, cloud computing, IoT, SmartGrid, and other areas. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. OASIS members broadly represent the marketplace of public and private sector technology leaders, users, and influencers. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 65+ countries.


Article Source: https://www.oasis-open.org/news/pr/oasis-completes-1st-successful-plugfest-for-stix-taxii-2-interoperability

The post OASIS Completes 1st Successful Plugfest for STIX/TAXII 2 Interoperability appeared first on LookingGlass Cyber Solutions Inc..

Cybercrime shifts: Rise of Russian cybercrime, attacks on cryptocurrency marketplaces

Cryptocurrency marketplaces, designed to facilitate trading on the full range of digital currencies, are experiencing a range of fraudulent activity. The world of cryptocurrency has moved from being the playground of the criminal underworld to be a prime target for attacks on legitimate transactions, according to the Q4 2017 Cybercrime Report by ThreatMetrix. Fraudulent new accounts are created using stolen or synthesized identities to set up mule accounts to launder money. Additionally, legitimate accounts are … More

Worldwide spending on blockchain services to reach $8.1 billion in 2021

Interest and investment in blockchain as an emerging technology is accelerating as firms seek secure, sequential, and immutable solutions to improve business processes, enable new services, and reduce service costs. Worldwide spending on blockchain services Given the maturity state of the technology, the hype surrounding potential applications, and the need for specialized skills, the majority of blockchain spending will be in the services market – both business and technology services. A new forecast from IDC … More

President Trump Will Unveil $1.5 Trillion Infrastructure Plan on Monday

U.S. President Donald Trump will unveil his administration’s long-awaited infrastructure plan on Monday, fulfilling a core campaign pledge. Although the Trump White House is riding a wave of momentum following successful tax reform, the proposed infrastructure blueprint already faces major hurdles in Congress. Trump Infrastructure Plan President Trump’s infrastructure plan is said to be worth […]

The post President Trump Will Unveil $1.5 Trillion Infrastructure Plan on Monday appeared first on Hacked: Hacking Finance.

Week in review: Crypto-mining malware hits SCADA network, server-side exploits dominate threat landscape

Here’s an overview of some of last week’s most interesting news and articles: When crypto-mining malware hits a SCADA network Radiflow has recently discovered Monero-mining malware on five servers of a water utility company located in Europe. Intel releases new Spectre microcode updates for some affected processors Now that Intel has shipped new microcode updates, it expects OEMs to push out new firmware again and urges users to implement them as soon as possible. 99 … More

Thailand Seizes 100,000 Bitcoins in Arrest of Infraud Kingpin Sergey Medvedev

Authorities in Thailand have reportedly seized 100,000 bitcoins following the arrest arrest of cyber crime kingpin Sergey Medvedev. Bitcoin Seized The coins were seized by law enforcement agencies in the wake of a Feb. 2 arrest of Medvedev, the co-founder of an online criminal network called Infraud. The platform served as a marketplace for buyers […]

The post Thailand Seizes 100,000 Bitcoins in Arrest of Infraud Kingpin Sergey Medvedev appeared first on Hacked: Hacking Finance.

Russian scientists arrested for mining Bitcoin at nuclear facility

Russian Scientists Arrested For Using a Top-Secret Government Computer For Mining Bitcoin

Some engineers working at a top-secret Russian nuclear research facility have been arrested by Russian security officers for allegedly using one of the country’s most powerful supercomputers to mine Bitcoin, reports BBC.

The alleged attempt to mine Bitcoin was carried out at the Federal Nuclear Center in Sarov, a top-secret area with high security where the Soviet Union’s first atomic bomb was developed during the cold war.

“There has been an unsanctioned attempt to use computer facilities for private purposes including so-called mining,” The Federal Nuclear Center in Sarov stated, according to the BBC and the Russian news agency, Interfax. “As far as we are aware, a criminal case has been launched against them.”

The supercomputer that was reportedly used was not supposed to be connected to the internet for security reasons. However, it was used by the engineers for personal agendas that included mining for cryptocurrencies. The officials quickly realized something was not right after they were alerted that it had been connected.

“Their activities were stopped in time,” institute spokeswoman Tatiana Zalesskaya, told Interfax news agency.

“The bungling miners have been detained by the competent authorities. As far as I know, a criminal case has been opened regarding them,” she added, without saying how many were detained.

The arrested engineers have been handed over to the Federal Security Service. It is unclear when the crime had taken place or how many suspects were involved.

Cryptocurrencies require a great deal of computational power and energy consumption to turn a profit. The Federal Nuclear Center employs about 20,000 people and its supercomputer boasts a capacity of 1 petaflop, which is the equivalent of 1,000 trillion calculations per second, the BBC reported.

Russia is turning into a breeding ground of cryptocurrency mining due to its low-cost energy reserves and computer takeovers are expected to only continue in all likelihood.

The Federal Nuclear Center is supervised by Rosatom, the Russian nuclear agency, and works on producing nuclear weapons.

“Similar attempts have recently been registered in a number of large companies with large computing capacities, which will be severely suppressed at our enterprises,” Zalesskaya told the Russian news agency Interfax.

Such attempts “at our enterprises will be harshly put down, this activity technically has no future and is punishable as a crime”, she added.

The post Russian scientists arrested for mining Bitcoin at nuclear facility appeared first on TechWorm.

Japanese Cryptocurrency Traders Will Be Taxed 15% to 55% This Year

Last summer, Japan became one of the first countries to formally recognize cryptocurrencies as legal tender. Now, it has announced new tax measures to govern the trade, sale and exchange of digital assets. “Miscellaneous Income” In Japan, capital gains on cryptocurrency transactions are deemed “miscellaneous income,” according to a Dec. 1 ruling by the National […]

The post Japanese Cryptocurrency Traders Will Be Taxed 15% to 55% This Year appeared first on Hacked: Hacking Finance.

India fines Google $21.17 million for ‘Search Bias’

India rules Google abused its dominant position in web search, imposes $21.17 million fine

India’s antitrust watchdog, Competition Commission of India (CCI) on Thursday imposed a fine of $21.17 million (approx Rs. 136 crore) on the US Internet giant Google for abusing its dominant position in the local search market by biasing search results in favor of its own services, reports CNBC.

The ruling brings to an end a probe started by CCI in 2012 after complaints in India were lodged against Google that included matchmaking website, Bharat Matrimony and the non-profit consumer protection group, Consumer Unity and Trust Society (CUTS).

The CCI says its investigation found that Google placed its commercial flight search function on its own flight search page, thereby directing web users to its search results page rather than other smaller competitors’ page. By doing this, Google not only prevented businesses from gaining market access but they also forced its products on users of general search devices.

“Google was found to be indulging in practices of search bias and by doing so, it causes harm to its competitors as well as to users,” the CCI said in a 190-page order.

“Google was leveraging its dominance in the market for online general web search, to strengthen its position in the market for online syndicate search services.

“(The Commission) finds it appropriate to impose a penalty on Google at the rate of 5 percent of their average total revenue generated from India operations from different business segments for the financial years 2013, 2014 and 2015.”

An unidentified Google spokesperson told that the company was reviewing the order imposed by the CCI.

Google said it was “always focused on innovating to support the evolving needs of our users.”

“The CCI has confirmed that, on the majority of issues it examined, our conduct complies with Indian competition laws.

“We are reviewing the narrow concerns identified by the Commission and will assess our next step,” the company official said.

The law firm representing Bharat Matrimony said that the CCI’s order provided welcome closure after a six-year long battle with the internet giant.

Naval Satarawala Chopra, a partner at law firm Shardul Amarchand who represented Bharat Matrimony in the case said in a statement, “The Google decision is a landmark decision. Its (CCI) investigation report finding Google to be dominant and to have abused its dominance preceded that of any authority. Its final order is in line with the order of the European Commission.”

However, Chopra was shocked by the small amount of the fine imposed on the search giant, which is equal to about 5% of Google’s average annual revenues in India.

“Whilst finding Google to have abused its dominant position, the CCI has nonetheless exercised restraint in recognizing the dynamic nature of online markets and not found Google guilty of every allegation,” Chopra told.

Google has 60 days to pay the fine for “for infringing anti-trust conduct”, the CCI said. The order was passed by a majority of 4-2 with two members not agreeing to the order.

The post India fines Google $21.17 million for ‘Search Bias’ appeared first on TechWorm.

Chrome will mark HTTP pages as “not secure”

Starting with Chrome 68, which is scheduled to be released in July 2018, Google will explicitly mark all HTTP sites as “not secure”: According to Google’s numbers, 68% of Chrome traffic on both Android and Windows is now encrypted, as is 78% of Chrome traffic on both Chrome OS and Mac. In July, those numbers are going to be even higher. “Developers have been transitioning their sites to HTTPS and making the web safer for … More

Cylance Expands Availability Of First AI-Based Consumer Endpoint Protection Platform: CylancePROTECT Home Edition

The ISBuzz Post: This Post Cylance Expands Availability Of First AI-Based Consumer Endpoint Protection Platform: CylancePROTECT Home Edition appeared first on Information Security Buzz.

Employee Purchase Program Now Available

LONDON, UK – Cylance® Inc., the company that revolutionised the antivirus and endpoint protection industry with true AI-powered prevention that blocks malware, ransomware, password-stealing Trojans, and the world’s most advanced cyberthreats, today announced the launch of the new Employee Purchase Program for CylancePROTECTÒ Home Edition. Available exclusively for companies enrolled in this program, employees of these eligible Cylance customers can buy Cylance’s enterprise-grade AI-powered endpoint prevention to protect their family’s home PCs and Macs against malicious attackers.

Companies are increasingly concerned that the virtual borders of their corporate network are no longer defined by the corporate firewall. With the proliferation of work and personal devices at home, the distinction between the corporate network and employees’ home networks has become blurred. CISOs and their security teams have a difficult time controlling their security risk and exposure from cybersecurity threats originating from employees’ homes. Companies offering CylancePROTECT® Home Edition to their employees can extend their perimeter protection and reduce their attack surface without infringing on employee privacy or managing their personal devices.

“CylanceProtect Home Edition is the only next-generation consumer antivirus solution on the market, and our Employee Purchase Program is a key milestone in making this available to consumers. Our priority was to make this revolutionary technology exclusively available through our loyal base of Enterprise customers for their employees before we release it to the general market later this year,” says Christopher Bray, General Manager of Cylance’s Consumer division.

Traditional signature-based consumer anti-virus solutions are rooted in technology developed in the 1990’s and are no longer adequate in protecting consumers against the exponential growth of malicious software, especially zero-day threats and ransomware. They rely on the premise that some need to be infected first for the virus to be identified before others can be protected. This reactive approach made sense in the early days of a handful of new viruses every month, but it is completely overwhelmed in today’s environment with over 12 million new malicious programs released monthly.

The industry should be ashamed in perpetuating the myth that consumers are protected using legacy solutions, when it is clearly not the case,” says Bray. “It’s the key reason that ransomware continues to wreak such havoc.”

Like the version of CylancePROTECT used inside government agencies and on millions of corporate endpoints around the world, CylancePROTECT Home Edition renders new malware and unknown future variants useless through the use of artificial intelligence. Employees of eligible Cylance customers no longer need to wait for signature updates to traditional antivirus technologies after new zero-day malware and its variants have already done damage.

Traditional anti-virus has been viewed as a necessary evil by many consumers, slowing down systems, pestering them with pop-ups, and overwhelming them features they don’t need or understand.

Now, employees of eligible Cylance customers, and soon consumers at large, can rely on CylancePROTECT Home Edition to work in the background to prevent attacks, without dealing with annoying pop-ups or waiting for updates to protect them from current attacks that their traditional anti-virus solution has already missed.

The ISBuzz Post: This Post Cylance Expands Availability Of First AI-Based Consumer Endpoint Protection Platform: CylancePROTECT Home Edition appeared first on Information Security Buzz.

Kaspersky Lab official blog: Cryakl/Fantomas victims rescued by new decryptor

The No More Ransom project for assisting victims of ransomware has good news to report: The Belgian police, in cooperation with Kaspersky Lab, managed to obtain keys for recovering files encrypted with new versions of Cryakl ransomware, also known as Fantomas. The updated decryption tool is already available on the project’s website.

How to decrypt files encrypted by the Shade ransomware

What is Cryakl?

The Trojan ransomware Cryakl (Trojan-Ransom.Win32.Cryakl) has been . At first, it was distributed through attached archives in e-mails that appeared to come from an arbitration court in connection with some alleged wrongdoing. There is something about such messages that sets nerves to jangling, and even those who know better might be inclined to click on the attachment. Later, the e-mails diversified, looking like messages from other organizations, such as a local homeowners’ association.

When encrypting files on a victim’s computer, Cryakl creates a long key that it sends to a command-and-control C&C server. Without this key, it is nearly impossible to recover files impacted by the malware. After that, Cryakl replaces the desktop wallpaper with contact details for its creators together with a ransom demand. Cryakl also displays an image of the mask of the 1964 French movie villain Fantomas, hence its alternative name. Cryakl mostly targeted users in Russia, so information about it is mostly available in Russian.

Ransomware’s history and evolution in facts and figures

Success story

As we already said, the joint efforts of our experts and Belgian police resulted in obtaining the master keys. The investigation began when the computer crime unit learned about victims of the ransomware in Belgium, and then they discovered a C&C server in a neighboring country. An operation led by the Belgian federal prosecutor neutralized the server, along with several other C&C servers that received master keys from infected machines. Then Kaspersky Lab stepped in to assist the law enforcement agencies, not for the first time. As before, the results were first-class: Our experts helped analyze the data found and extract the decryption keys.

The keys have already been added to the RakhniDecryptor tool on the No More Ransom website, and the Belgian federal police is now an official partner of the project. No More Ransom, which has been running since July 2016, has to date provided free help to tens of thousands of people in decrypting files rendered unusable by ransomware, and deprived cyberblackmailers of at least 10 million euros of potential booty.

No More Ransom: A very productive year

How to rescue files encrypted by Cryakl ransomware

The No More Ransom site offers two tools for decrypting files corrupted by Cryakl. One, named RannohDecryptor and around since 2016, is for older versions of Cryakl. You can download it at NoMoreRansom.org, and get decryption instructions here.

We recently updated the second tool, RakhniDecryptor, by adding the master keys from the servers seized by the Belgian police. It can be downloaded from the same site; instructions are available here. RakhniDecryptor is needed to decrypt files hit by newer versions of Cryakl. Either one of the tools should restore Cryakl-infected files to full health.

How to stay safe in the future

When dealing with cryptoransomware, prevention is far cheaper and simpler than a cure. In other words, it’s better to secure yourself now and sleep easy than to mess around with file decryption. We’d like to share a few preemptive file protection tips:

1. Always keep a copy of your most important files somewhere else: in the cloud, on another drive, on a memory stick, or on another computer. More details about backup options are available here.

2. Use reliable AV software. Some security solutions — for example, Kaspersky Total Security — can also assist with file backup.

3. Don’t download programs from suspicious sources. Their installers might contain something you’d rather not have on your computer.

4. Don’t open attachments in e-mails from unknown senders, even if they look important and credible. If in doubt, look up the phone number on the organization’s official website and call to check.



Kaspersky Lab official blog

ESET To Expose Latest Security And Privacy Risks Of Smart Home Devices At Mobile World Congress 2018

The ISBuzz Post: This Post ESET To Expose Latest Security And Privacy Risks Of Smart Home Devices At Mobile World Congress 2018 appeared first on Information Security Buzz.

ESET, the leading IT security vendor based in the European Union, will launch its latest IoT security solutions and share groundbreaking research into the security and privacy implications of smart homes and devices at Mobile World Congress (MWC) – taking place February 26 – March 1, 2018 in Barcelona

Exhibiting in Hall 7, booth 7H41, ESET’s stand will form part of MWC’s Internet of Things tour. ESET’s security specialists will demonstrate the company’s focus on IoT ecosystem protection – a top priority in this ever-more connected world. More information can be found on the dedicated ESET website.

We continue to see a rise in Android malware – with ransomware being part of it – as a result of a growing number of malicious applications and targeted attacks. So, as more connected devices become available on the market, the risk to consumers and businesses has never been greater,” said Juraj Malcho, Chief Technology Officer at ESET. “MWC is the perfect platform for us to share our industry-leading insights, and our latest research on privacy concerns, to help better protect users now and in the future.”

  1. Hackers in the home?

Smart home gadgets were big news at CES 2018, and there can be no doubt the latest and greatest in innovative smart devices will be on display at MWC. Consumers are continually acquiring more connected devices into their homes. Yet while they have their benefits, these cool gadgets have a darker side as individuals share more sensitive, personal data about their everyday lives.

Are the concerns over smart devices justified? To find out, ESET engineers tested how smart home devices communicate with networks and manufacturers. At MWC, ESET will showcase a purpose-built concept Smart Home where the team will demonstrate the potential risks to security and privacy posed by these gadgets.

Join ESET at booth 7H41 as experts announce the findings from this leading-edge IoT research and ESET Global Security Evangelist, Tony Anscombe will be on hand to answer questions about what it means for consumers’ security and privacy.

  1. New solutions for new technology

Did you know 90 percent of Android TVs are reportedly vulnerable to hacking? Don’t miss the launch of ESET’s new security solution for Android TVs, which provides advanced technology against cybercriminals targeting connected TVs.

Join ESET at MobileFocus Global, PEPCOM‘s annual media event, on Monday 26th February at 19.00 where ESET’S team of experts will be hosting a live demonstration to show how the new security solution defends consumers from cyberattacks. Find out more by visiting ESET’s dedicated MWC website here.

  1. Ransomware as global threat

2017 was certainly the year of ransomware, with the likes of WannaCry and (Not)Petya demonstrating the chaos it can cause. At MWC 2018, get up to date with ESET’S new research on ransomware for Android. The latest findings provide detailed insight into how ransomware for Android has evolved into a full-scale global threat, affecting telcos, ISPs and MSPs, over the past 12 months and how ESET succeeds in combatting the evolving risk.

  1. Meet the experts

This year’s MWC marks ESET’s 30 year anniversary. For three decades ESET experts have single-mindedly focused on protecting its customers from complex threats. This year, meet ESET Chief Technology Officer Juraj Malcho and Tony Anscombe, ESET´s Global Security Evangelist, ESET’s Security Awareness Specialist Ondrej Kubovic and Director of Global Sales Jeronimo Varela, at ESET’s booth, 7H41. To set up a meeting with ESET experts, and to see a full rundown of ESET’s activities at MWC, click here.

The ISBuzz Post: This Post ESET To Expose Latest Security And Privacy Risks Of Smart Home Devices At Mobile World Congress 2018 appeared first on Information Security Buzz.

New infosec products of the week​: February 9, 2018

Protect network, IoT, ICS, and SCADA devices from privilege-based attacks BeyondTrust announced a privilege management solution for network, IoT, ICS, and SCADA devices. PowerBroker for Networks is an agentless solution that controls what commands users can run, records sessions, alerts, and provides a complete audit trail of user activity on network devices via the command line. Lifecycle management for groups and persistent listing from AD Hitachi ID Systems released version 11 of its Identity and … More

Server-side exploits dominate the threat landscape

Skybox Security released its inaugural Vulnerability and Threat Trends Report, which analyzes vulnerabilities, exploits and threats in play in 2017. Cybercrime is a money–making machine A trend observed for the last several years has seen threat actors turn cybercrime into a money–making machine. An integral part of this approach means taking the path of least resistance: leveraging existing attack tools rather than developing new ones, using the same attack on as many victims as possible … More

Integrated IT: The changing role of technology across organizations

The role that IT is playing in business is changing: 85% of the IT professionals surveyed by Insight noted that their executives view the organization as an IT company at heart. This finding inspired Insight to field a follow-on survey of 104 CIOs/CTOs and 105 Procurement professionals, to better understand how this evolution has affected IT at enterprise-level companies. “This change has been taking shape over years but now is fully underway. Technology has enabled … More

Check Point Announces CloudGuard, Complete Cyber Protection For The Cloud

The ISBuzz Post: This Post Check Point Announces CloudGuard, Complete Cyber Protection For The Cloud appeared first on Information Security Buzz.

New cloud security product family prevents account hijacking and Gen V cyber-attacks on SaaS applications and cloud workloads 

Check Point has announced the CloudGuard product family to protect enterprises from Gen V cyber-attacks on cloud applications and infrastructure.  Check Point is also introducing CloudGuard SaaS protecting enterprises against cyber-attacks on SaaS applications. CloudGuard is a part of the Check Point Infinity architecture, built on industry proven and award winning technologies to provide comprehensive cyber protection for the cloud.

As enterprise cloud adoption grows, multivector attacks on cloud workloads and cloud applications involving malware and account hijacking are increasing.  According to Check Point research, half of all breaches of enterprise SaaS applications are the result of account hijacks.

“Security is continually cited as a key barrier to wide-spread enterprise  cloud adoption,” said Gil Shwed, CEO at Check Point.  “Our new CloudGuard product family provides consistent and comprehensive threat prevention for cloud based SaaS applications and infrastructure workloads.” 

CloudGuard SaaS is an industry-first set of technologies designed to provide advanced security and threat prevention for software-as-a-service (SaaS) applications. CloudGuard SaaS also prevents account hijacking, using patent-pending ID-Guard technology.  Key security features include: 

  • Zero-day Threat Protection: Prevents APTs and unknown zero-day malware from infecting content in SaaS applications using real-time sandboxing, ransomware protection, anti-bot technologies and real-time cloud-based threat intelligence.
  • Identity Protection with ID-Guard (patent-pending) technology:  identifies and blocks threat actors or impostors to access SaaS accounts, and blocks unauthorized users and compromised devices.
  • Data Protection:  automatically forces encryption of sensitive data, and blocks and quarantines unauthorized sharing of sensitive files. 

“After migrating our organization to Office365 and OneDrive, we searched for a comprehensive cybersecurity solution to protect them and decided on Check Point CloudGuard,” said Amir Shay, Security Officer, Neopharm Group.  “Since adopting CloudGuard SaaS, it has blocked numerous attacks on our applications, including account takeover, phishing and ransomware attacks.” 

CloudGuard IaaS – formerly vSEC and now a member of the CloudGuard family, CloudGuard IaaS  provides advanced Gen V security/threat prevention of attacks on infrastructure and workloads for all leading public and private cloud platforms including: Amazon Web Services, Google Cloud Platform, Microsoft Azure, Cisco ACI, OpenStack, VMware NSX, VMware Cloud on AWS, VMware ESX, Alibaba Cloud, KVM, Hyper-V and more.

“With cloud adoption at an all-time high, cloud security is clearly a major concern for most enterprises,” said Doug Cahill, group director and senior cybersecurity analyst at market research firm, Enterprise Strategy Group. “As enterprises evaluate cloud security solutions, they must look to offerings like Check Point’s CloudGuard family of security solutions that not only provide advanced threat protection but also keep applications, infrastructure and data in the cloud safe.”

Gen V cyber-attacks are defined as large-scale and fast moving attacks across mobile, cloud and on-premise networks.  These sophisticated attacks easily bypass the conventional, static detection-based defenses being used by most organizations today.  With the shared ownership of assets in the cloud between cloud provider and end user, knowing who is responsible for security is often unclear, and can lead to additional confusion.  CloudGuard is the industry’s only complete family of cloud security solutions focused on advanced threat prevention and keeping enterprise cloud applications, infrastructure and data protected from Gen V cyber-attacks.

Check Point CloudGuard Iaas is available immediately; CloudGuard SaaS will be available in early Q2’18.

https://www.checkpoint.com/products/cloud-security/

The ISBuzz Post: This Post Check Point Announces CloudGuard, Complete Cyber Protection For The Cloud appeared first on Information Security Buzz.

Binance Says No Foul Play Involved in Temporary Shutdown

The Binance cryptocurrency exchange temporarily halted trading and withdrawals on Thursday, but assured investors that the shutdown was routine and not related to any attack. Server Downtime Trading and withdrawal disruptions first emerged around 2:20 GMT, with the company later announcing server issues “due to a significant increase in users and trading activity.” Although the […]

The post Binance Says No Foul Play Involved in Temporary Shutdown appeared first on Hacked: Hacking Finance.

Intel releases new Spectre microcode updates for some affected processors

Intel has provided a new update on the Spectre patch situation. Skylake fix ready, others to follow “Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners, and we expect to do the same for more platforms in the coming days,” Navin Shenoy, general manager of the Data Center Group at Intel Corporation, has announced on Wednesday. “We also continue to release beta microcode updates so … More

Most remain dissatisfied with threat intelligence quality and accuracy

While security professionals are increasingly recognizing the importance of threat intelligence, the majority remain dissatisfied with its accuracy and quality, according to a study conducted by the Ponemon Institute. Meanwhile, because many security teams still execute threat investigations solo rather than pooling intelligence, their ability to quickly act on threats is limited. The report found that 67 percent of IT and security professionals spend more than 50 hours per week on threat investigations, instead of … More

Data of 800,000 Swisscom customers compromised in breach

Swisscom, the biggest telecom company in Switzerland, has suffered a data breach that resulted in the compromise of personal data of some 800,000 customers, i.e., nearly ten percent of the entire Swiss population. “The data accessed included the first and last names, home addresses, dates of birth and telephone numbers of Swisscom customers; contact details which, for the most part, are in the public domain or available from list brokers,” the company explained. The data … More

99 percent of domains are not protected by DMARC

Essentially every global domain is vulnerable to phishing and domain name spoofing. A new report incorporates data from Agari, revealing that 90 percent of its customers have been targeted by domain name fraud. Insight from the Farsight Security indicates that less one percent of all domains are authenticated and protected by Domain Message Authentication Reporting & Conformance (DMARC). “This report provides compelling evidence of the successes of DMARC adoption in protecting customers and brands, driving … More

IT ops and engineering are embracing automation to increase business agility

Based on a survey of nearly 700 engineering and operations individuals globally, a report by Indeni and GNS3 reveals a programming knowledge gap that is having an impact on the productivity of businesses surveyed, putting network availability at risk. Knowledge gaps and productivity challenges Individuals surveyed identify creating, parsing, and analyzing scripts as the biggest gaps in their knowledge for managing network and security efforts. Due to a lack of programming experience, individuals surveyed spend … More

Facebook Survey: More than 50% of users don’t trust news on the social network

Facebook tries to stop “fake news” by surveying its own users

Facebook is surveying its own users to try and stop the spread of “fake news” on its social media platform. The new survey asks two questions:

  1. Do you recognize the following websites?
  2. How much do you trust each of these domains?

The “fake news” phenomenon is a cybersecurity issue that we predict will be relevant in 2018 and beyond, since social media platforms are used to sway public opinion. As reported by the New York Times, social media companies provided evidence to Congress that Russian influence might have reached 126 million Americans on Facebook and other platforms during the 2016 elections.

Social media critics are questioning whether Facebook’s own users should be trusted to determine which news outlets are “fake news”. In fact, when it comes to domain trust, Facebook itself faces skepticism. A recent Panda Security survey showed that 47 percent of parents consider Facebook “unsafe” for their children to use.

Panda Security has conducted an additional survey using Google Surveys to see how much consumers trust Facebook as a gatekeeper of news and information on their newsfeeds.

We asked a weighted sample of 765 online users in the United States: “How much do you trust Facebook to choose what news you read?”

  • 8.2 percent said “A lot” or “Entirely”
  • 20.4 percent said “Somewhat”
  • 20.0 percent said “Barely”
  • 51.5 percent said “Not at all”

The data shows almost three-quarters of respondents have little confidence in Facebook’s ability as a news gatekeeper, with a minority of respondents indicating high levels of trust.

Looking at the data by gender, male survey respondents were more likely to distrust Facebook than female survey respondents. While 73.4 percent of males said they “Barely” trust Facebook or trusted it “Not at all”, 69.7 percent of females said the same.

A larger percentage of males also said they trusted Facebook “A lot” or “Entirely”: 8.9 percent of males versus 7.4 percent of females.

Trust among age groups was fairly consistent. While 49.1 percent of respondents aged 18 to 34 answered “Not at all” with respect to level of trust, 56.9 percent of respondents aged 35 to 54 answered the same. Among respondents aged 55 and older, 51.5 percent answered “Not at all”.

Methodology

The Facebook Trust Survey was written by Panda Security and conducted using Google Surveys. The survey collected responses from 1,015 online users in the United States from January 25 to 27, 2018. Responses were matched down to a weighted sample (by age, gender, and geographic distribution) of 765 to produce the final results.

The following methodology description is provided by Google Surveys: Google Surveys shows questions across a network of premium online news, reference, and entertainment sites (where surveys are embedded directly in the content), as well as through a mobile app, Google Opinion Rewards. On the web, users answer questions in exchange for access to the content, an alternative to subscribing or upgrading. The user’s gender, age, and geographic location are inferred based on anonymous browsing history and IP address. On the mobile app, users answer questions in exchange for credits for books, music, and apps, and users answer demographic questions when first downloading the app. Using this data, Google Surveys can automatically build a representative sample of thousands of respondents. For more detailed information, see the whitepaper.

Download your Antivirus

The post Facebook Survey: More than 50% of users don’t trust news on the social network appeared first on Panda Security Mediacenter.

intY assures Systems Assurance With Microsoft Cloud Support

The ISBuzz Post: This Post intY assures Systems Assurance With Microsoft Cloud Support appeared first on Information Security Buzz.

BACKGROUND

Systems Assurance has been providing IT equipment and services to corporate and government organisations since 1992. Initially focusing on hardware technology sales, in recent years Systems Assurance has moved into the cloud technology market, offering its customers a range of services to help improve the flexibility and scalability of their IT estate. Working with a small team of engineers, Systems Assurance offers a comprehensive variety of services to its clients, including web hosting, software licensing and maintenance, all underpinned by dedicated customer support.

THE CHALLENGE

When Systems Assurance initially moved into the cloud services market, it worked with several of the large, broadline distributors. However, these were not particularly productive relationships, as Simon Lewington, Managing Director at Systems Assurance, explained:

“Four or five years ago we recognised that cloud technology would enable us to deliver services that give us a stable source of recurring revenue and provide real value to the customer, which we could deliver with our small team. We looked at the large, broadline distributors, but felt that they didn’t understand the services market, and they couldn’t close the gap between what the dealer can’t do and what the distributor can do. As our dealings with these larger distributors progressed, we grew increasingly frustrated at the disjointed process of delivering cloud services to our customers, which didn’t align with the seamless way that Systems Assurance does business.

“We were looking for a distributor that had knowledgeable staff that could provide attentive support and engage with us as well as our customers. Our clients are large corporate enterprises and government institutions, so a reliable IT service is critical to business success. It was important to us that we worked with a cloud provider who understood our needs and those of our clients.”

THE SOLUTION

Since it was founded in 1997, intY has developed unparalleled expertise and knowledge in distributing cloud services, ensuring that its partners have access to the latest cloud solutions, all supported with the necessary training and resources needed to make them as competitive as possible. intY’s breadth of experience and success in the cloud marketplace is reflected not only in its global reach, with operations in the UK, US and main-land Europe, but also in the depth of its partnerships with the biggest names in the industry – something which became quickly apparent to Systems Assurance. Simon continued:

“Having tried a number of the major cloud distributors, we had a conversation with intY. The company may not have been quite as big as some of the other’s we had worked with, but it was its total focus on cloud services that appealed to us. As we discussed our requirements, and those of our customers, with intY, it became clear that not only have they acquired significant expertise in the market, but that the team were focused on ensuring smooth and seamless service delivery.

“Working with intY to access Microsoft’s cloud solutions has been critical to the recent growth in our cloud services business. Our clients are large corporations and government institutions, and they want a name and a brand that they can trust. Everyone knows Microsoft, it is a real industry leader, so when you can offer your clients cloud services from one of the world’s largest, most recognisable technology companies, it gives them confidence in the services we are delivering. When we can go to our customers and tell them that we can have them on-boarded on Microsoft Office 365 within a matter of hours, rather than days, that’s a convincing sales proposition, and is really only possible because of the support that intY gives us.”

Over the 18 months that Systems Assurance has been working with intY, the company has purchased a range of Microsoft services through intY, including licenses for Microsoft Office 365 and Microsoft Dynamics. It is also rapidly expanding its Microsoft Azure capabilities so that it can offer its clients the full range of Microsoft cloud services.

“As a business, we aim to have fewer but larger clients than a typical IT services provider. Quality of service is critically important to our clients. Without intY serving as the bridge between us and Microsoft, I know for a fact that we wouldn’t get issues resolved as quickly, and have the level of support that we do.

“We said to intY when started working with them that we wouldn’t come to them as often as some resellers might, but that we would bring them big deals, that would need a lot of support and advice. We have since found that intY are the ideal partner for our approach to business. They offer us the assistance we need, getting involved with conference calls with the client to put their minds at ease, and offer the skills and expertise that we don’t have in-house, closing the loop where the larger broadline distributors couldn’t.”

THE RESULTS

Simon concluded: “Working with intY has had an immensely positive impact on our business. We all know that channel partners have to adapt the way they work to profit from the rise in cloud services and intY has supported us and enabled us to make this transition. We have seen a significant growth in customers since working with intY, and intY is also helping us on-board these customers into using cloud services much faster than we would usually. The key differentiator between intY and other distributors that we have experienced is that they are more than happy to be in front of the customer. Many distributors will back out of that engagement, but intY are happy to support us with the customer, which makes the delivery of cloud services utterly seamless and gives our customers more confidence in the solutions we are delivering.”

The ISBuzz Post: This Post intY assures Systems Assurance With Microsoft Cloud Support appeared first on Information Security Buzz.

Manufacturer of the security-focused Turing Phone files for bankruptcy in Finland

Turing Robotics files for bankruptcy, CEO Steve Chao says company is not going out of business

Turing Robotic Industries (TRI), the American-held company headquartered in Salo, Finland, has filed for bankruptcy in its home country.

For those unaware, TRI, which is famous for its completely secured products, had announced its Android based phone, Turing in 2015 with security features like end-to-end encryption, as well as metal-clad body that was tougher than titanium. The company was supposed to start shipping the device in December 2015, which has not happened till date.

Apparently, TRI is facing major financial troubles that is causing the delay in bringing the device to the market. The company’s latest public financial year records for 2016 showed a loss of some €557,000 (around RM2.7mil), reports Finnish publication Salon Seudun Sanomat. Also, where TRI rented a warehouse, creditors have filed a claim with the company in 2017 and all movable property belonging to the company has already been seized, reveals reports.

The company has yet to comment if its US operations will be shut down as well.

In order to reduce the damage and guarantee customers that they will finally get their devices, TRI’s CEO, Steve Y.L. Chao in a post on Facebook said:

“A recent news about TRI’s Salo company filing for bankruptcy may have sent an uneasy feeling to some of you. We want you to know that this filing was initiated to temporarily suspend our manufacturing intentions in Salo, however, it doesn’t mean that TRI is bankrupt. We will be posting the latest developments concerning the future of TRI in the coming weeks.”

Currently, it’s unclear what will happen to customers who had pre-ordered the device back in 2015 but have not yet received it. When the device was first announced, pre-orders for the Turing Phone started at $610, however, the second iteration of the same called the Appassionato was set to retail for $1099, with a luxury edition that cost $1,599.

The Turing Phone will feature a 5.5-inch Quad HD display, powered by a Snapdragon 835, 8GB RAM, 128GB internal storage, 3000mAh battery and dual rear camera setup. It also has a USB Type-C port and headphone jack, as well as a microSD card slot. The phone is also expected to ship with Android rather than Sailfish OS. Whether or not will the Turing Phone make it to the market, only time will tell….

In a recent news coming from Finnish publication Salon Seudun Sanomat on TRI, Chao claimed that he has no debt. Chao also revealed that he is starting a new company in Salo, Finland, called Turing Robotics Industries Kepler with his old partners and all the work related to the new company will be completed in March.

The post Manufacturer of the security-focused Turing Phone files for bankruptcy in Finland appeared first on TechWorm.

Kaspersky Lab official blog: Looking back on 10 years of The SAS

This year marks the 10th anniversary of Security Analyst Summit, the annual research conference put on by Kaspersky Lab’s Global Research and Analysis Team (GReAT). With the conference now less than a month away, I sat down with Costin Raiu to discuss how the SAS has evolved over the years as well as what makes the conference special and why those looking to attend shouldn’t wait to sign up for this year’s iteration in Cancun (Spoiler: there are not too many tickets left!).

Aside from talking on SAS history and some behind the scenes secrets of the conference, Costin and I discussed his pre-conference YARA training (sign up here) and why the tool and hands-on course is vital for those looking to protect their companies’ environments.

The full description of the course can be seen below:

Have you ever wondered how Kaspersky Lab discovered some of the world’s most famous APT attacks? Now, the answer is within your reach. This training will lead you through one of the essential tools for the APT hunter: the Yara detection engine.

If you’ve wondered how to master Yara and how to achieve a new level of knowledge in APT detection, mitigation and response, it all breaks down to a couple of secret ingredients. One of them is our private stash of Yara rules for hunting advanced malware.

During this training you will learn how to write the most effective Yara rules, how to test them and improve them to the point where they find threats that nobody else does. During the training you will gain access to some of our internal tools and learn how to maximize your knowledge for building effective APT detection strategies with Yara.

Now the last question I have for you is this… Will we see you at #TheSAS2018?

rss-podcasts rss-podcasts



Kaspersky Lab official blog

How to track smartphone users when they’ve turned off GPS

As it turns out, turning off location services (e.g., GPS) on your smartphone doesn’t mean an attacker can’t use the device to pinpoint your location. A group of Princeton University researchers has devised of a novel user-location mechanism that exploits non-sensory and sensory data stored on the smartphone (the environment’s air pressure, the device’s heading, timezone, network status, IP address, etc.) and publicly-available information to estimate the user’s location. The PinMe mechanism The non-sensory and … More

Hotspot Shield VPN flaw can betray users’ location

A flaw in the widely used Hotspot Shield VPN utility can be exploited by attackers to obtain sensitive information that could be used to discover users’ location and, possibly and ultimately, their real-world identity. About the vulnerability According to the entry for the vulnerability (CVE-2018-6460) in the National Vulnerability Database, Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895, and the web server uses JSONP and hosts sensitive information including … More

HITB Security Conference in Amsterdam is all about advanced research

The agenda for Day 2 of the 9th annual HITB Security Conference in The Netherlands has been announced with even more advanced research including new sandbox evasion techniques, a ground breaking method for establishing covert channels over GSM mobile networks, a tool for backdooring cars and much more. Reference This: Sandbox Evasion Using VBA Referencing The sandbox, last line of defense for many networks, isn’t what it used to be. This talk shows how attackers … More

Palo Alto Networks Unveils Comprehensive Cloud Security Offering For All Major Cloud Providers

The ISBuzz Post: This Post Palo Alto Networks Unveils Comprehensive Cloud Security Offering For All Major Cloud Providers appeared first on Information Security Buzz.

Offers Consistent Security Across All Major Cloud Providers and Simplifies  Deployment and Management in Hybrid and Multi-Cloud Environments

 Palo Alto Networks® (NYSE: PANW), the next-generation security company, will welcome more than 10,000 attendees to its Epic Cloud Security Event today, where the company will showcase how it is infusing new cloud capabilities into its Next-Generation Security Platform designed to prevent successful cyberattacks in the cloud. The forthcoming advancements, introduced today, will provide customers operating in hybrid and multi-cloud environments with a comprehensive, consistent security offering that integrates directly with cloud infrastructure and workloads.

In an upcoming study conducted by ZK Research, 86 percent of respondents indicated that their organization stores and manages data across multiple cloud infrastructure providers. Maintaining a consistent and effective security posture in these multi-cloud environments becomes especially cumbersome because the security capabilities that are native to cloud providers can only be configured to protect the infrastructure for which it was developed. These native capabilities must also be supplemented for effective cyber breach prevention, and failure to do so could leave an organization vulnerable to data loss or exposure.

The cloud evolution demands a new model of cybersecurity that is specifically designed to address its nuances; provide frictionless deployment and management of effective security capabilities; and enable security, operations, networking and development teams to meet the demands of agile organizations.

Customers of Palo Alto Networks benefit from consistent security for modern cloud environments, including:

  • Consistent protections across locations and clouds:Palo Alto Networks Next-Generation Security Platform will extend cloud workload protections to the Google® Cloud Platform, in addition to enhanced capabilities for AWS® and Azure® environments.
  • Cloud-resident management: Panorama™ network security management will be supported in all major clouds, offering simplified and centrally managed deployment and management for all Palo Alto Networks next-generation firewalls and VM-Series virtualized next-generation firewalls, regardless of form factor or location.
  • Automation integrations for frictionless workflows in multi-cloud environments: Enhanced auto-scaling for AWS and added support for Azure Security Center and Google Cloud Deployment Manager will simplify security deployments and enable scaling based on changing cloud demands. Integrations with Terraform® and Ansible® will automate workflows and policy management.
  • Continuous data security and compliancefor all three major clouds: New protections will be provided by Aperture™ security service to enable discovery and monitoring of cloud resources, guard against sensitive data loss, enable monitoring for risky or suspicious administrator behavior, and provide additional protection against security misconfigurations and malware propagation.
  • Prevention of zero-day attacks:Traps™ advanced endpoint protection will prevent zero-day attacks for Linux workloads across all major clouds, in addition to the existing support of Windows® workloads.

QUOTES 

  • “Several IDC surveys have shown that hybrid-cloud is today’s reality. Centralized management across on-premise, cloud, endpoint, and SaaS are crucial for frictionless and effective security in the cloud. Using Panorama, Palo Alto Networks customers can now have both visibility and control regardless of form-factor or location.”

– Rob Ayoub, research director, Security Products IDC

  • “Organizations are moving to the cloud at a rapid pace, and the reality is that most operate multi-cloud environments. By extending protections to all major public cloud providers and streamlining the management of all physical and virtual appliances, Palo Alto Networks can provide enterprises with consistent security across all types of infrastructure: physical, virtual and cloud.”

– Garrett Bekker, principal security analyst, 451 Research 

  • “Our multi-cloud customers require comprehensive security that is frictionless. With Palo Alto Networks, REAN Cloud can design and launch secure foundations in an automated and consistent manner, and our customers can take full advantage of the cloud’s agility while protecting critical data and preventing cyberattacks.”

– Dan Connolly, executive vice president, Customer Business Group, REAN Cloud 

  • “Today’s organizations are challenged by the speed at which the shift to public cloud is occurring. Driven by the demands of the business, many organizations deploy cloud infrastructure quickly and develop cloud-based applications without consideration for the cybersecurity implications. The advancements announced today will enable our customers to fully embrace all of the benefits provided by the cloud while ensuring that their critical information is protected and that successful cyberattacks are prevented.”

– Lee Klarich, chief product officer, Palo Alto Networks 

AVAILABILITY 

Updates to VM-Series virtualized next-generation firewalls, Aperture security service, Panorama and Traps are targeted for general availability in March 2018.

The ISBuzz Post: This Post Palo Alto Networks Unveils Comprehensive Cloud Security Offering For All Major Cloud Providers appeared first on Information Security Buzz.

2017 was extraordinary: 5,200 breaches exposed 7.8 billion records

Once again, the record has been broken for both the most breaches and the most data compromised in a year. There were 5,207 breaches recorded last year, surpassing 2015’s previous high mark by nearly 20%, according to the 2017 Data Breach QuickView Report by Risk Based Security. The number of records compromised also surpassed all other years with over 7.8 billion records exposed, a 24.2% increase over 2016’s previous high of 6.3 billion. “The level … More

Identity fraud enters a new era of complexity

The number of identity fraud victims increased by eight percent (rising to 16.7 million U.S. consumers) in the last year, a record high since Javelin Strategy & Research began tracking identity fraud in 2003. The 2018 Identity Fraud Study found that despite industry efforts to prevent identity fraud, fraudsters successfully adapted to net 1.3 million more victims in 2017, with the amount stolen rising to $16.8 billion. With the adoption of EMV cards and terminals, … More

Why developing an internal cybersecurity culture is essential for organizations

ENISA published a report providing organisations with practical tools and guidance to develop and maintain an internal cybersecurity culture. Understanding the dynamics of cybersecurity culture The Cybersecurity Culture in Organisations report is based on a multi-disciplinary research, conducted to better understand the dynamics of how cybersecurity culture can be developed and shaped within organisations. This research draws from different disciplines, including organisational sciences, psychology, law and cybersecurity as well as the knowledge and experiences of … More

Cloud service adoption creates new data center demands

Both consumer and business applications are contributing to the growing dominance of cloud services over the Internet, according to the Cisco Global Cloud Index (2016-2021). For consumers, streaming video, social networking, and Internet search are among the most popular cloud applications. For business users, enterprise resource planning (ERP), collaboration, analytics, and other digital enterprise applications represent leading growth areas. Strong multicloud traffic growth projected Driven by surging cloud applications, data center traffic is growing fast. … More

Realistic, well-positioned Reddit clone is out to grab users’ login credentials

A convincing clone of the popular social news aggregation and discussion site Reddit has been spotted on the reddit.co domain. The author is obviously counting on users not to spot it for what it is: a site meant to harvest users’ username and password. HEADSUP: Looking for infosec people at @Reddit. Website at (phishing?) domain reddit(.)co — using the Colombian TLD — was acting a pitch-perfect apparent MITM of the actual Reddit. Now returning 500 … More

Flaw in Grammarly’s extensions opened user accounts to compromise

A vulnerability in the Grammarly Chrome and Firefox extensions allowed websites to read users’ authentication tokes and use to them to log in to the users’ Grammarly accounts and access all the (potentially sensitive) information held in them. About the vulnerability The vulnerability was discovered by Google project Zero researcher Tavis Ormandy, who reported it to Grammarly on Friday. “I’m calling this a high severity bug because it seems like a pretty severe violation of … More

Cisco issues new, complete fixes for critical flaw in enterprise security appliances

Cisco researchers have identified additional attack vectors and features that are affected by the “perfect 10” remote code execution and denial of service vulnerability they attempted to patch last Tuesday. This discovery also means that the fix they pushed out at the time is incomplete, and administrators now have to update the vulnerable software again. More on CVE-2018-0101 Initially, they thought that the vulnerability (CVE-2018-0101) only affected the webvpn feature of the Cisco Adaptive Security … More

A New Solution For Cyber Fraud

The ISBuzz Post: This Post A New Solution For Cyber Fraud appeared first on Information Security Buzz.

Hiscox publishes its annual Cyber Readiness Report today, offering a best practice blueprint for businesses to counter the growing threat of cybercrime and fraud. Without investment in prevention, detection and training, firms risk exposing themselves to costly business interruptions and brand impairment.

A number of large-scale cyber-attacks have grabbed media attention in the headlines in recent years. But to protect against all cyber threats and comply with the latest regulations, companies in the commercial and financial sectors (including Fintech and eCommerce) also need to be on the lookout for online fraud, a more subtle type of cybercrime that costs UK citizens £1.4bn a year.

But recent advances in mobile tech are facilitating the process of verifying identity, which makes fraud detection and compliance with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations much easier. Anti-fraud doesn’t have to be cumbersome.

Trulioo, which has been recognised as the Global Leader in identity verification, has released the first international mobile KYC solution to connect to 24 of the world’s largest MNOs.

This enables companies to ensure that only legitimate customers are on-boarded from the start, significantly reducing the risk of fraud. It is also changing the game for sectors that find it challenging to meet KYC compliance requirements due to limited data access and availability.

Stephen Ufford, CEO of Trulioo, comments: “With a growing number of financial transactions made over the internet, fewer interactions than ever are carried out face-to-face. It is often difficult for companies to tell who exactly their customers are online, which poses a serious security and compliance problem.

“This kind of threat requires a risk-based approach from companies to identify and understand the risks they are exposed to, and take the appropriate measures to verify that individuals are who they say they are.

“But the proliferation of smartphones across the world offers a solution to this. Two-thirds of the global population own mobile phones, giving a digital identity to an increasing number of people, including unbanked individuals.

“New mobile technologies are allowing payments companies to leverage smartphones as a way to detect fraud and verify identity during account creation.

“This adds an extra layer of security to identity verification, enabling successful compliance with rigorous KYC and AML regulations, whilst ensuring a secure experience for the end-user.

Stephen continues: “MNOs have the ability to offer enhanced coverage and convenience for identity matching and fraud prevention.

“Perhaps most importantly, Mobile Network Operator data signals a leap forward for financial inclusion, making it easier for individuals and organisations all around the world to safely and securely transact on a global scale.

“This kind of capability is key to mitigate the ever-evolving risk of cyber-fraud, in a world where interactions are made between screens rather than face-to-face. Now digital identities can be verified through the swipe of a phone.”

The ISBuzz Post: This Post A New Solution For Cyber Fraud appeared first on Information Security Buzz.

Data and analytics maturity: Most organizations should be doing better

91 percent of organizations have not yet reached a transformational level of maturity in data and analytics, despite this area being a number one investment priority for CIOs in recent years, according to a worldwide survey of 196 organizations by Gartner. Overview of the maturity model for data and analytics “Most organizations should be doing better with data and analytics, given the potential benefits,” said Nick Heudecker, research VP at Gartner. “Organizations at transformational levels … More

8 trends in government tech for an enterprise-focused approach to IT

Deloitte examined emerging trends in government technology, and highlighted eight trends that are shaping strategic and operational transformations and redefining IT’s role within the enterprise. “Instead of implementing ‘one-off IT initiatives’ in a single domain, government organizations can be more forward-looking and develop an approach by which disruptive technologies can work in harmony in a holistic way across an agency, department or multiple departments,” said Scott Buchholz, managing director, Deloitte Consulting LLP, and federal CTO. … More

About the Flash zero-day currently exploited in the wild

The zero-day Flash Player vulnerability (CVE-2018-4878) that Adobe warned about on Thursday was leveraged by North Korean hackers. FireEye calls the group TEMP.Reaper and Cisco researchers named it Group 123 (and have been tracking their exploits for a while). The threat actors leveraging the Flash zero-day “We have observed TEMP.Reaper operators directly interacting with their command and control infrastructure from IP addresses assigned to the STAR-KP network in Pyongyang. The STAR-KP network is operated as … More

The new gold rush: A look inside cryptocurrency fraud

Cybercriminals are flooding to the new world of cryptocurrencies looking to exploit the boom in interest and adoption of these electronic currencies, according to Digital Shadows. This new gold rush is creating a new frontier for professional cybercriminals moving away from less profitable techniques and exploits to make money on the back of the huge interest in these digital currencies. With over 1,400 cryptocurrencies in circulation, and new alternative coins – “altcoins” – emerging every … More

Number of Internet-accessible ICS components is increasing every year

The number of industrial control system (ICS) components – which run factories, transport, power plants and other facilities – left open to Internet access, is increasing every year. In Germany, for example, researchers from Positive Technologies found 13,242 IP addresses for ICS components, up from 12,542 in 2016. Internet-accesible ICS components around the world Advanced industrial countries, such as the U.S., Germany, China, France, and Canada, were home to the largest numbers of Internet-accesible ICS … More

Week in review: The future of smartphone security, automated cyber threat anticipation

Here’s an overview of some of last week’s most interesting news and articles: Authentication today: Moving beyond passwords A new global study from IBM Security examining consumer perspectives around digital identity and authentication, found that people now prioritize security over convenience when logging into applications and devices. Dridex gang follows trends, also created FriedEx ransomware The gang behind the infamous banking Trojan Dridex has also created the FriedEx (aka BitPaymer) ransomware, ESET researchers confidently claim. … More

Scammers steal nearly $1 million from Bee Token ICO would-be investors

Another day, another ICO-related scam. In an attack similar to that which fooled investors into the Enigma cryptocurrency investment platform, users who were aiming to buy Bee Tokens during a Token Generation Event (i.e., an initial coin offering) were tricked into sending the money to scammers instead. What is the Bee Token? Beenest is a home-sharing network built on top of a set of Bee Protocols (Ethereum smart contracts) running on the Ethereum network. The … More

New infosec products of the week​: February 2, 2018

Stop threats in enterprise container runtime environments StackRox announced StackRox Detect and Respond 2.0, enhancing its robust threat detection capabilities across five phases of container attacks defined by the new StackRox AIM. With expanded depth and breadth of threat detection, auto-tuned machine learning, and application auto-grouping, StackRox Detection and Response 2.0 enables customers to get ahead of threats aimed at their Docker containers running in production with efficiency. Kenna Security announces vulnerability exploit prediction capability … More

Researchers showcase automated cyber threat anticipation system

A group of researchers is trying to develop an automatic early warning system that should help defenders take preventative action before specific cyber attacks start unfolding. How does their system work? Their approach leverages the fact that preparation of cyber attacks often occurs in plain sight, discussed on online platforms and publicly accessible discussion forums. “The system monitors social media feeds of a number of prominent security researchers, analysts, and white-hat hackers, scanning for posts … More

A New Cryptomining Botnet Called Smominru Infected Over 500 Thousand Windows Machines

Security researchers from Proofpoint (cybersecurity firm) have discovered that over 500 thousand Windows machines have been infected with Cryptomining malware

The post A New Cryptomining Botnet Called Smominru Infected Over 500 Thousand Windows Machines appeared first on Latest Hacking News.

AutoSploit: Automated mass exploitation of remote hosts using Shodan and Metasploit

A “cyber security enthusiast” that goes by VectorSEC on Twitter has published AutoSploit, a Python-based tool that takes advantage of Shodan and Metasploit modules to automate mass exploitation of remote hosts. “Targets are collected automatically as well by employing the Shodan.io API. The program allows the user to enter their platform specific search query such as; Apache,IIS, etc, upon which a list of candidates will be retrieved,” the tool’s creator explained. “After this operation has … More

BEC scams surge, cybercriminals target nearly all organizations

96 percent of organizations have received business email compromise (BEC) emails during the second half of 2017, according to Agari. “BEC is a particularly effective attack vector because its lack of payload makes it nearly impossible for conventional email security solutions to detect and prevent,” said Markus Jakobsson, chief scientist, Agari. “At its core, business email compromise is a social engineering attack that leverages familiarity, authority and trust, which can result in billions of dollars … More

Innovative organizations build security into their cloud strategy

Businesses are increasingly evolving their security strategy to advance their cloud strategy. Based on research and interviews with industry practitioners, Hurwitz & Associates sees clear evidence that balancing velocity and security in the cloud starts with adopting new approaches to security. When evaluating an ideal cloud solution, what is your most important priority? “Customers are increasingly depending on cloud computing to support the need for business agility and speed of transformation. However, to be successful … More

Time to stop watching Porn on Smartphones as they are Vulnerable to Hacking and Ransomware

Android smartphones are used all around the world and are become popular by the day. If you are an owner of an Android smartphone and use to watch porn on it, its time you should start avoiding that. Android smartphones have been found to be vulnerable to hacking and ransomware in the recent times. According

The post Time to stop watching Porn on Smartphones as they are Vulnerable to Hacking and Ransomware appeared first on Hacker News Bulletin | Find the Latest Hackers News.

How do your IT complexity challenges compare to those of other CIOs?

A global survey of 800 CIOs conducted by Vanson Bourne reveals that 76% of organizations think IT complexity could soon make it impossible to manage digital performance efficiently. IT complexity is growing The study further highlights that IT complexity is growing exponentially; a single web or mobile transaction now crosses an average of 35 different technology systems or components, compared to 22 just five years ago. This growth has been driven by the rapid adoption … More

The Ransomware Survival Handbook

When a ransomware infection spreads through your network, its goal is to encrypt any files it can access (even backups) as quickly as possible. That can happen in a matter of minutes or even seconds. And from there, the clock starts ticking. Because everyone is expecting you to get things back up and running. Read The Ransomware Survival Handbook and learn how to recover quickly and effectively (and not get hit again). Written based on … More

Attackers disrupt business operations through stealthy crypto mining

WannaMine, a Monero-mining worm discovered last October, is increasingly wreaking havoc on corporate computers. Either by slowing down computers or by crashing systems and applications, the crypto mining worm is, according to CrowdStrike researchers, seriously affecting business operations and rendering some companies unable to operate for days and even weeks. In one case, a client informed CrowdStrike that nearly 100 percent of its environment was rendered unusable due to overutilization of systems’ CPUs. As time … More

Mozilla plugs critical and easily exploitable flaw in Firefox

Firefox users would do well to upgrade to the browser’s latest release if they want to keep their computers safe from compromise. Released on Monday, Firefox 58.0.1 contains one but very important security fix that plugs a vulnerability arising from insufficient sanitization of HTML fragments in chrome-privileged documents. (In this context, chrome is not the popular Google browser, but a component of Firefox.) The vulnerability (CVE-2018-5124) is considered critical because a successful exploit could allow … More

Multiple zero-day vulnerabilities found in ManageEngine products

Digital Defense uncovered multiple, previously undisclosed vulnerabilities within several Zoho ManageEngine products. ManageEngine offers more than 90 tools to help manage IT operations, including networks, servers, applications, service desk, Active Directory, security, desktops, and mobile devices. Currently, the company claims to have more than 40,000 customers, including three out of every five Fortune 500 company. Vulnerability impact The discovered vulnerabilities allow unauthenticated file upload, blind SQL injection, authenticated remote code execution and user enumeration, potentially … More

Most top US and EU e-retailers are putting their consumers at risk

A new study by 250ok has revealed that 87.6 percent of the root domains operated by top e-retailers in the United States and European Union are putting their brands and consumers at risk for phishing attacks. SPF and DMARC Phishing and spoofing attacks against consumers are most likely when companies don’t have a published Sender Policy Framework (SPF) or Domain-based Message Authentication, Reporting and Conformance (DMARC) policy properly in place. SPF is an email validation … More

Widespread API use heightens cybersecurity risks

A new Imperva survey showed a heightened concern for cybersecurity risk related to API use. Specifically, 63 percent of respondents are most worried about DDoS threats, bot attacks, and authentication enforcement for APIs. APIs power the interactive digital experiences users love and are fundamental to an organization’s digital transformation. However, they also provide a window into an application that presents a heightened cybersecurity risk. The survey shows that 69 percent of organizations are exposing APIs … More

Kaspersky Lab official blog: Naked online: cyberthreats facing users of adult websites and applications

Pornography has always been part of human culture, and this continues in the digital age. When technologies started changing the way people entertained themselves visually (first through photography, then through cinema, television and video and, after that, the internet) adult content was always there, hiding in the shadows of mainstream art and entertainment content. With the arrival of the internet, adult content rapidly migrated from physical home collections and the upper shelves of video shops to the web and mobile applications.

With this transition, adult content became readily available to a wider and larger audience, at lower cost and often even for free. Today, porn can be found not only on specialist websites, but also in social media networks and on social platforms like Twitter. Meanwhile, the ‘classic’ porn websites are turning into content-sharing platforms, creating loyal communities willing to share their videos with others in order to get ‘likes’ and ‘shares’.

In other words, from a niche, secret and tabooed type of content, porn is turning into mainstream entertainment with an audience comparable to non-adult sites. Sex sells, as they say in the advertising industry. However, in cyberspace it not only serves as a means of generating sales, but also as a tool for malicious activity.

This is not a new development. In fact, Kaspersky Lab researchers have observed criminals using porn as a lure to malware or a fraud scheme almost from the first day of adult online content. However, until now we haven’t had a chance to look more deeply into the issue.

The idea for this overview came to us during some completely unrelated activity. While observing underground and semi-underground market places on the dark web, looking for information on the types of legal and illegal goods sold there, we found that among the drugs, weapons, malware and more, credentials to porn websites were often offered for sale. Unlike many other digital goods available to buy on the dark web, these accounts were being sold at very low prices and in almost unlimited numbers. And we asked ourselves: where are these accounts coming from in such impressive quantities?

The sources could be the websites themselves. Based on our brief dive into open sourced information, since 2016 more than 72 million sets of account credentials for adult content websites were stolen and later appeared online. These include data from Cams.com (62.6 million), Penthouse.com (7.1 million), Stripshow (1.42 million), 380,000 of xHamster accounts, and about 791,000 thousand from Brazzers data. And these stats do not include the enormous leak of around 400 million sets of credentials from the AdultFriendFinder website – which focuses on setting up offline encounters rather than content for viewers.

But is that all? And is the loss of credentials to a premium porn website account – with the resulting threat of exposure or extortion – the only risk users face when it comes to online pornography? We decided to find out: to look into the malicious landscape to see how, on what scale and for which purpose cybercriminals are using adult content in their activity. The overall goal of this overview is to raise awareness among consumers of adult content about cybersecurity, as they may find themselves an easy target for a cybercriminal.

Key Findings

Threats to desktop users:

  • Kaspersky Lab identified at least 27 variations of PC malware, belonging to three infamous families, which specifically hunt for credentials to paid-for porn websites.
  • In 2017, these malicious families were seen more than 300,000 times, attempting to attack more than 50,000 PCs across the world.

Threats to mobile users:

  • In 2017, at least 1.2 million users encountered malware with adult content at least once. That is 25.4% of all users who encountered any type of Android malware.
  • Mobile malware is making extensive use of porn to attract users: Kaspersky Lab researchers identified 23 families of mobile malware that use porn content to hide their real functionality.
  • Malicious clickers, rooting malware, and banking Trojans are the types of malware that are most often found inside porn apps for Android.

A peek into the underground:

  • Hacked premium accounts for porn websites are being sold in their thousands on dark market websites; more than five thousand unique sales offerings were identified during the course of our research.
  • Credentials to accounts for Naughty America, Brazzers, Mofos, Reality Kings, and Pornhub are the ones most often found for sale on the dark web.
  • The average price on the dark market for an unlimited annual account is usually around one tenth of the official cost.

More details on these findings can be found in the report.

Part 1 – Threats to desktop users

When it comes to threats users may face when consuming porn on a desktop computer, we divide these into two major categories: phishing and malware. While malware is something that PC users are more likely to encounter than Mac users, phishing scams are a common threat to both platforms, so we’ll start there.

Porn phishing

Phishing is a type of Internet fraud, the purpose of which is to obtain user identification data: passwords, credit card numbers, credentials to bank accounts and other confidential information. Most phishing schemes have nothing to do with porn and are based on fake emails from banks, service providers, payment systems and other organizations, informing the recipient of an urgent need to update their personal data. Some cybercriminals use porn in phishing campaigns, but in this case it is often used as a tool for delivering so-called ‘scareware’ schemes, and sometimes to lure people into installing malware on their computers.

The scareware schemes work in the following way: when a user – while searching for porn – clicks on the phishing link, they are redirected to a page with a pop-up window that carries a warning that the user’s device has been infected with dangerous malware.

Fig. 1: Example of scareware porn phishing

The same message invites the user to call what appears to be Microsoft’s technical support service in order to disinfect the device and protect their files. The message claims that the cost will be toll free, but this is not always the case. And even if it is, the phone number usually connects the victim to a fraudster who then uses social engineering to get their personal or banking data.

Another scenario suggests that a ‘technical support’ employee will provide technical assistance and then charges the victim a fee for the service.

Based on what we see in our telemetry such fraud schemes are fairly popular and exist for both PC and Mac users.

Fig. 2: Example of scareware porn phishing shown to Mac users

The other type of phishing fraud schemes that users risk encountering while searching for porn is aimed at infecting the user’s device with malware disguised as an update for Flash Player – the software application needed to run the video the user is looking for.

Fig. 3: Example of phishing fraud scheme, luring user into installing malware disguised as Flash Player update

This type of fraud has existed for years, and can be fairly easily identified ‘with the naked eye’. However, given that our detection technologies continue to regularly catch such pages, we can assume that criminals still consider it a worthwhile approach.

Some phishing fraud schemes we’ve seen mimic sex dating services. The scheme usually starts with an ad banner on a porn website, which promises a quick and easy date with a woman who lives locally and is looking for a date. If the user clicks on the ad, they are redirected to a page where they are informed that another user is ready for a date.

Fig. 4: Example of multistage sex-date phishing scheme

However in order to get in touch with the potential date, the victim is required to provide their credit card details, for example to prove that they are over the age of consent. This requirement promises not to charge anything to the card and is positioned as a mandatory component of the service. Of course, once the data is entered, the session ends and the victim is left with nothing but compromised payment details.

It would be fair to say that porn phishing is not the most sophisticated threat. The criminals behind such schemes generally target users who are not very cyber-savvy and, unlike five or six years ago there are fewer such users out there. Perhaps that is why, overall, porn phishing is a type of threat we rarely encounter when analyzing the threat landscape. This is, however, not the case when it comes to malware.

Malware and porn

When it comes to malware, porn serves two main purposes:

  1. Porn websites are a tool to deliver malware to the victim.
  2. The malware itself is used to collect different kinds of personal data, including account credentials for porn websites.

Multiple times we’ve seen porn websites serve as watering holes for different kinds of malicious software. The scheme is quite simple: first, the cybercriminal hacks the porn website or the advertising platform that is used to show ads on the pages of a porn site. Then they set up a redirection mechanism that automatically redirects a visitor to a malicious webpage that serves them with malicious software.

This is one of the most convenient ways to spread malware and it is often utilized by cybercriminals. We didn’t do a deep dive into the topic to collect exact numbers. However, we did a brief search through our malware collection and almost immediately identified several different malicious tools that were served through porn websites. In most cases, these are not very popular sites, like 2porno-in.ru, pornopriz.loan, pornohd24.com etc. It is possible that many of these and other websites were specifically created as watering holes for malware. However, in a few recent cases we’ve seen dangerous malware being served from popular porn websites, like PornHub, which was used for a short period of time last year to spread advertising malware known to us as Trojan.Win32.Kovter.

Banking Trojans with unusual purpose

When it comes to spyware and Trojans, it is no secret that there are plenty of them, targeting any type of credentials available on a victim’s PC. A special place among this kind of malicious program is taken by banking Trojans. This type of malware is aimed specifically at online banking and is made so that – once installed on the victim’s PC – the malicious program can monitor which pages are opened in the browser and when the victim opens an online banking page. The malware can then modify certain parts of the webpage loaded in the victim’s browser in such a way that the victim enters their credentials into fake login/password fields instead of the real ones. The malware subsequently sends this information on to the criminals.

This is a very widespread technique, used by multiple different banking Trojans. Each such Trojan comes with a number of specific web-injects: pieces of code that are injected into the online banking webpage code instead of the legitimate code. As each online banking system has its own unique code, it requires an exclusive web inject in order to make the credential-stealing work. The most powerful banking Trojans are usually equipped with tens of different web-injects to be able to attack the users of multiple banks. This is a classic feature of most banking Trojans, and that is why we were quite surprised when we found samples that were targeting porn websites instead of banking ones. In total we found 27 variants of three different families of banking Trojan (betabot, Neverquest and Panda) with this unusual target preference.

Fig. 5: Example of malware families specifically targeting credentials to popular porn websites

Ten of those variants were specifically hunting for PornHub.com accounts; five others – for Brazzers.com accounts; three – for chatrubate.com; and the remaining 12 variants were aimed at other popular adult websites like Xvideos.com, Xnxx.com, Motherless.com, Youporn.com and Myfreecams.com.

According to Kaspersky Lab telemetry, in 2017 these 27 pieces of malware were spotted 307,868 times, attempting to infect more than 50,000 PCs across the world.

In comparison to the typical distribution scale of many other types of malware, for example traditional banking Trojans, which are sometimes spotted at a rate of tens or even hundreds of thousand times a month, these are fairly low numbers. That is why it is quite difficult to understand what the existence of these porn-credentials hunting malicious programs means: it could be just an artifact of criminals testing new variants of banking malware, in which bank web-injects are temporarily replaced with web-injects for other sites. Or it could be criminals testing new ways of making money via stealing credentials to paid porn websites and then selling them on hacker forums. Given that the most popular porn websites have user communities that are tens of millions in size, with many users prepared to pay for premium access, the idea of trying to steal those account details may seem quite a good one to cybercriminals.

Whatever the motives are behind the development of malware to hunt for porn-account credentials, it is obvious that users of these kinds of websites are of interest to cybercriminals. This fact is further substantiated when we look at malware aimed at Android users.

Part 2 – Threats to mobile users

When we talk about mobile threats, we mean threats such as malware targeting Android users. And when it comes to malware that uses porn content to lure users into installing a malicious program, the Android threat landscape is much more vivid than that of other desktop.

Android Trojans actively use porn themes, generally distributed from fake porn sites that users are apparently redirected to through advertising on genuine sites. The reason for the uncertainty around dissemination is that redirection depends on many parameters (e.g. the mobile operator, country, device type etc.), which makes it extremely difficult to reconstruct the entire user’s path. In addition, each of the advertising servers in the chain of redirects can change advertising at any time. As a result, it becomes increasingly difficult to track the intruders.

During our research we were able to identify 23 different families of Android malware that are heavily using porn. They belong to five major types: clickers (WAP-subscription malware), banking Trojans, ransomware, rooting Trojans, premium SMS malware, fake porn subscriptions and one more type, which we failed to attribute to any known group. Given that the total number of Android malware families we’ve got in our collection is 1,024, 23 families that are hiding behind adult content is a fairly low number. However, if we look at the scale at which these malicious apps are distributed, things look very different. In 2017 alone, more than 1.2 million users encountered one of the apps from those 23 families at least once. The number of detection events for the same period was over 4.5 million.

In total, in 2017 around 4.9 million users faced some kind of Android malware, which means that in at least 25.4% of them encountered a piece of malware that somehow uses adult content.

Here is how the distribution of users attacked by different kinds of porn malware looks for 2017:

Fig. 6: The distribution of users who encountered different types of malware disguised as adult content applications.

The chart above gives a clue as to what type of threat users risk encountering when they face an unknown app promising adult content. Below we elaborate on how these examples of malware work.

Clicker/WAP-subscription malware

45.8% of users who encountered any type of porn malware, faced this threat in 2017

The main function of so-called clickers is to open a web page and click on some buttons without the knowledge of the user, with two goals:

  • To click on advertising, i.e. to receive money for a shown ad, but not showing it to the user. This is humane in relation to the user, but, due to the fact that the user does not see it, the malware can continuously click on advertising, consuming battery power and generating traffic. In addition, this also represents the theft of money from advertising companies.
  • To enable WAP-subscriptions, which leads to direct financial losses for the victim. This functionality is particularly dangerous in countries where pre-paid cellular plans are popular.

At first glance, it is really hard to imagine what is so special about yet another advertising Trojan, since it only clicks on ad links and doesn’t steal anything.

Fig. 7: Network traffic of a clicker malware

But while doing the analysis of one of such Trojan, we spotted that through clicking it ate more than 100 Mb of mobile traffic, and totally drained the battery in one night! Given that this was only one night, it is easy to imagine what would be the traffic bill of the victim a week or two after infection.

In addition to that, clickers can collect information about the data device – contacts, call history, and coordinates, can crawl web pages using JS-files received from the command server, install applications, and delete incoming SMS. In some cases, they have a modular structure, elements of which are responsible mainly for self-defense and for clicking through sites. The Trojans of the ‘clicker’ type often use the administrator rights of the device to make it difficult to remove them from the OS. And when it comes to older versions of Android, it could be even impossible to do so

A prime example of a clicker appeared recently: Trojan.AndroidOS.Loapi. This is a modular Trojan, the behavior of which depends on additional modules that are downloaded from the attacker’s server. The main functionality of Loapi is to click-jack ads and WAP-subscription web pages. In addition, the Trojan can mine cryptocurrency. Mostly it is distributed under the guise of various useful programs or games, but there have been cases when it was downloaded directly from web pages with porn themes.

Fig. 8: Example of a web page from which the Loapi Trojan was downloaded

Along with Loapi, another five Trojans – Trojan.AndroidOS.Agent.rx, Trojan-SMS.AndroidOS.Gudex, Trojan-Spy.AndroidOS.SmForw.gr, Trojan.AndroidOS.Hiddad.de, Trojan-SMS.AndroidOS.Podec.a – have been hiding within porn apps and video players, stealing users’ data and money by the second.

Bankers and ransomware

30.38% of users who encountered any type of porn malware faced one of these threats in 2017

Bankers and ransomware have also been using porn for their distribution for a long time – mostly under the guise of a specific porn player, which instead of showing porn compromises the security of the attacked device and the devices financials. In general they have the same functionality as other mobile malware, being able to show phishing windows, steal SMS from banks, and so on. However when it comes to the differences between how banking Trojans and ransomware Trojans utilize porn content, it is easy to see that while banking Trojans mostly use porn websites to distribute themselves, or just present themselves as a specific video player needed to launch an adult video, ransomware often present itself as a legitimate porn app.

Fig. 9: Example of ransomware app disguised as the legitimate PornHub application. Once installed it locks the device.

In many cases they also use scareware tactics. They lock the screen of the device and show a message stating that illegal content (usually child porn) has been detected on the device, and the device has been locked. In order to unlock the device, the victim has to pay a ransom. This message usually comes with screenshots from actual child porn videos.

Fig. 10: An example of ransomware using scareware tactic, to make the user pay a ransom. The target audience of this app is obviously U.S. based user.

Recently, we’ve seen two major ransomware families utilizing these tactics: Svpeng and Small. While Small targets apparently live mostly in Russia and neighboring countries, Svpeng has been targeting U.S. citizens in the first place, showing them a message allegedly from the Federal Bureau of Investigation (FBI). This is confirmed by our telemetry – the vast majority of users (more than 95%) who encountered this malicious app, were U.S. based.

The scariest thing about mobile ransomware is that these Trojans change (or set) the device PIN code to random, so even if the user can delete the Trojan, the phone will remain locked.

Rooting malware

22.38% of users faced this threat in 2017

Continuing the theme of dangerous Trojans – rooting malware has also been seen actively using porn topics for distribution. Once installed on the victim’s device, it may exploit vulnerabilities in Android and practically get ‘god mode’: the capability to access any data on the user’s device, silently install any applications and get direct remote access. The most active, according to the Kaspersky Lab investigation are two families:

  • Trojan.AndroidOS.Ztorg – consisting of encrypted modules that use exploits to get root rights on the device, flock to system folders and annoy the user with ads.
  • Trojan.AndroidOS.Iop – in general, the same rooter as previously mentioned.

Fig. 11: Example of rooting malware Ztorg, disguised as an app with “Everything you want online video collection”.

What is unusual about rooting malware is that such apps are often spread as part of legitimate applications. Cybercriminals just pick a porn app, add malicious code to it and distribute it as if it were legitimate.

Porn with a subscription and other premium SMS Trojans

2.81% of users who encountered any type of porn malware faced this threat in 2017

These primitive Trojans only know how to send SMS or make calls to paid numbers in order to access the porn site – even though in reality the content of the site is usually available without payment. During the period from 2014 till 2016 there were a lot of SMS-Trojans, most of which were distributed under enticing porn names such as PornoVideo.apk, XXXVideo.apk, XXXPORN.apk, PornXXXVideo.apk, Porevo.apk, Znoynye_temnokozhie_lesbiyanki.apk, Trah_v_bane.apk, Kamasutra_3D.apk, and Russkoe_analnoe_porno.apk.

Android SMS Trojans started with Trojan-SMS.AndroidOS.FakePlayer.a. Active since 2012, this Trojan has still not acquired new functionality and continues to spread under the guise of a video player, often with the ‘pornoplayer’ name. Another example that we found – Trojan-SMS.AndroidOS.Erop.a was being distributed under the guise of a porn player, usually with names like ‘xxx_porno_player'[RU1] . While a further one – Trojan-SMS.AndroidOS.Agent.abi was distributed under the name AdobeFlash from sites with porn themes.

Fig. 12: Example of a simple SMS-Trojans under the guise of a video player

The number of slightly more developed SMS Trojans has intensified recently, despite being originally detected by Kaspersky Lab experts as early as 2012. The Trojan-SMS.AndroidOS.Vidro, not-a-virus: RiskTool.AndroidOS.SMSreg.mq, and Trojan-SMS.AndroidOS.Skanik.a trio is distributed under the guise of porn applications from porn sites. They refuse to work without a SIM-card, since the main purpose of the applications is to send a paid SMS (and remove the SMS reply with cost information from the mobile operator), and only then to open the porn video site.

Fig. 13: Example of cracker, which refuses to work without a SIM

The most lucrative examples of this type of malware are Trojan.AndroidOS.Pawen.a and its development: Trojan.AndroidOS.Agent.gp, which can make calls to paid numbers and squander their victims’ budgets. An interesting feature is that the application icon is absent, so it’s rather difficult to find it, as well as to remove it because the app uses the device’s administrator rights.

Despite its primitiveness and old-fashioned approach, Trojan SMS have been around for years. At some point their number started to decline steadily, due to range of anti-fraud measures enabled by cellular companies. However, these Trojans are still around: according to Kaspersky Lab telemetry, in 2017 many thousands of users around the world were protected by our product against this type of malware pretending to be porn apps.

Mysterious Soceng

To finish the story of Android malware, it is worth mentioning an interesting Trojan that does not fall into any of the categories above: Trojan.AndroidOS.Soceng.f. The malware is distributed mainly under the guise of games and programs, but also sometimes under the guise of porn. In the sample that was analyzed during the research, we found that after launching it sent an SMS to the victim’s entire phone book, with the text “HEY!!! {user name} Elite has hacked you. Obey or be hacked.” It then deleted all files from the memory card, and overlaid Facebook, Google talk, WhatsApp and MMS applications with its own window.

Fig. 14: Screenshots of Trojan.AndroidOS.Soceng.f

We couldn’t spot any attempts at financial gain through this malware, apparently its only purpose was to ruin the victims’ digital life. Or it was a test attempt by another yet unknown cybercriminal operation.

That said, you can’t really say the listed above malware is different to any other malware threatening Android users. It is not. What is different and perhaps a bit surprising is how heavily these examples rely on adult content in their infection strategies. Perhaps this is because these strategies have proved effective – something that can be seen clearly if we look at the distribution rate of these porn-powered apps. Another quite interesting finding of this part of our overview is that, apparently, cybercriminals behind Android malware are not very interested in stealing credentials. At least, we couldn’t identify a malware that is specifically hunting for credentials from porn websites. Instead, Android criminals are using adult content to draw victim into a fraud scheme or to get a ransom.

Nevertheless, given how few porn-related threats we found when looking into PC malware, and how many of them are in the mobile threat landscape, porn is moving to mobile. And that doesn’t contradict the insight from one of the industry leaders, which has spotted significant growth of mobile traffic on their website in 2017.

Part 3 – A peek into the underground

As we mentioned at the beginning of this overview, the idea of looking into how cyberthreats deal with porn came to us when we were poking around on dark web sites to see what is sold there, and eventually spotted porn accounts for sale. This made us look deeper into the details.

For a better understanding of the field, we have analyzed 29 top-rated Tor marketplaces. The list can be easily found on DeepDotWeb, an open Tor site, which contains all the inside information about dark market news – including changes in the list of black markets (since there are constant renovations in structure and the number of illegal stores). The markets’ rating comprises an evaluation of each shop by Tor administrators on criteria for enrollment and reviews, easiness of registration and navigation, vendor bond and commission.

Fig. 15: The list of top Tor marketplaces

During the research it turned out that of all the marketplaces we found, four offered the most choice: with more than 1,500 offers on sale, while others proposed only limited user data from well-known and less well-known porn sites. Such results, however, were expected, because Tor’s basic aim was originally the sale of drugs, guns and malware.

For the purpose of analysis we choose five major marketplaces with the largest number of sales offerings. In total that gave us 5,239 unique offers to buy one or more accounts to popular porn sites. The actual quantity available was not always clear: sometimes sellers simply do not disclose how many sets of account credentials they’ve got. But based on several examples which actually provided the available number of accounts, we can say that one offer could contain up to 10 thousands accounts.

Based on this information, we’ve created a top five of the most-often sold porn accounts on those underground markets (number of offers in descending order):

  1. Naughty America (2,575 sales offers)
  2. Brazzers (1,228 sales offers)
  3. Mofos (789 sales offers)
  4. Reality Kings (294 sales offers)
  5. Pornhub (153 sales offers)

To be clear: this ranking doesn’t mean that this particular website or users of this websites are more vulnerable to cyberattacks and that is why there are so many offers on the market. What this list could potentially show is the popularity of these websites among the audience of dark web markets.

Fig. 16: Porn accounts sold in unknown quantity on one of the dark web markets

Speaking of the audience. Question here: why would someone go to buy a porn account on the dark web if they are available from legitimate sources in practically any quantity? We think there are two main reasons for that:

The first one is of course the price. Based on our observations, an average subscription to a popular official site (such as Brazzers, RealityKings, etc.) is as follows:

  • Annual unlimited access (no ads): one payment of $119.99 or $9.99 / month
  • Three months of unlimited use: one payment of $59.99 or $ 19.99 / month
  • One month of unlimited use: one payment of $29.99 or $29.99 / month
  • 1-2 days of trial use: $1.00 / day

Not a lot of money in general; nevertheless on the dark web those same accounts appear at a significantly lower price. We’ve seen multiple offerings of unlimited access for a price as low as 10$. So, economically, the purchase of a stolen account on the dark market totally makes sense.

The other possible reason for the popularity of porn accounts on the dark market is anonymity. Although some legal websites offer customers a chance to buy a subscription more-or-less anonymously, on the dark market you can buy things via cryptocurrencies and the purchase will not eventually appear in your credit card history. Even though nowadays porn is becoming ever more mainstream, in general the perception of this type of content is not always neutral.

That said, purchasing this type of goods on the dark web brings certain risks for the customer. First of all, doing so is illegal, given that all or most of the accounts are stolen from other users or the websites themselves. Second, the latter also casts doubt on the very validity of the account purchased. Sooner or later, the user whose account has been stolen will understand that and report it to the vendor and the compromised account will be blocked. The situation is the same when website owners identify a breach. Compromised accounts are being blocked almost immediately after that. In other words, clients of dark net markets risk paying money for nothing, because although there are some exceptions, in the vast majority of cases we’ve seen, dark market traders do not offer a refund option. The ability to buy an account at a significantly lower than official price is what the client gets in exchange for the risk that they are paying for a blocked account.

Conclusion and Recommendations

As our overview has shown, adult content serves as a tool for cybercriminals to lure victims into fraudulent schemes involving phishing, PC and Android malware. The outcome of such involvement is loss of financial data or even direct money loss and compromised privacy. It would be fair to say that the very same consequences come from any other type of malicious attack, whether they use adult content or not. The difference is that, in general, victims of porn malware, especially the most severe scareware types of it, are unlikely to report the crime to anyone, because they would have to admit they were looking for or watching porn. As we said earlier, the latter is not necessary perceived as something that it is OK to be proud of or even to let others know about. Perhaps this is the reason why criminals use adult content in their schemes so actively. They know that porn by default attracts a lot of users, and that victims of porn-related malware would keep quiet about the incident rather than disclose it.

To prevent any malware or cyber-fraud related troubles when it comes to adult content we strongly recommend users to follow this advice:

  • Use only trusted web sites when it comes to adult content. Cybercriminals often set up fake porn sites for the single reason of infecting victims with malware
  • Do not install Android applications from unknown sources, even if they promise you access to the content you were looking for. Instead use official applications from official sources, like Google Play.
  • Avoid purchasing hacked accounts to porn websites. This is illegal and such accounts may already be blocked by the time you buy them.
  • Use reliable internet security solution capable of protecting all your devices from any kind of cyberthreats.


Kaspersky Lab official blog

President Trump Delivers First State of the Union Address

U.S. President Donald Trump delivered his first State of the Union address on Tuesday, where he vowed to beef up infrastructure spending and seek bipartisan support on immigration. Although the annual presidential has become more akin to political theater, it nevertheless divulges key information on the current administration’s priorities. Trump’s Agenda In his first State […]

The post President Trump Delivers First State of the Union Address appeared first on Hacked: Hacking Finance.

Cisco plugs critical hole in many of its enterprise security appliances

There’s an eminently exploitable remote code execution flaw in the Adaptive Security Appliance (ASA) Software running on a number of Cisco enterprise appliances, and admins are advised to plug the hole as soon as possible. The Cisco Product Security Incident Response Team (PSIRT) says that it is aware of public knowledge of the vulnerability, but not of any current malicious use of it. Nevertheless, active exploitation might be close at hand. Also, details about the … More

How to prepare for the future of digital extortion

Digital extortion has evolved into the most successful criminal business model in the current threat landscape, and Trend Micro researchers predict that it will continue to grow rampant because it’s cheap, easy to commit, and many times the victims pay. Attackers can go after a wide variety of targets The line between blackmail and extortion is blurred in the digital realm. “Many digital crimes we normally think of as blackmail are, in fact, extortion — … More

Blockchain Startups And Exchanges Now Can Pay In Over 50 Cryptocurrencies For Application Security Services

The ISBuzz Post: This Post Blockchain Startups And Exchanges Now Can Pay In Over 50 Cryptocurrencies For Application Security Services appeared first on Information Security Buzz.

Following Microsoft’s announcement to accept Bitcoin for its Windows and Xbox online stores, High-Tech Bridge believes now is the time to simplify payment for security services among the skyrocketing number of blockchain startups.

The majority of digital coins theft cases involve insecure mobile or web applications, and vulnerable applications are low-hanging fruit for cybercriminals. Applications are easy to hack and usually contain, or provide access to critical data and even access to the digital wallets.

Many blockchain startups hesitate to spend their scanty reserves of fiat money on cybersecurity, preferring to pay in various digital currencies or tokens. To provide them with simple and convenient access to web and mobile application security services, High-Tech Bridge’s award-winning Application Security Platform ImmuniWeb® now accepts instant payments in over 50 digital currencies including Bitcoin and Ether.

Virtually every day, a new breach of a cryptocurrency startup or exchange is reported. Industry experts estimate that in less than a decade, cybercriminals will have stolen $1.2 billion worth of Bitcoin and Ether, mainly from the pockets of naïve investors and innocent users. A report published by Ernst & Young says that cybercriminals stole $400 million of digital currencies during ICOs last year. The notorious Mt. Gox’s breach was outshone last Friday when Japan’s biggest cryptocurrency exchange Coincheck announced a $400 million loss caused by hacker attack.

High-Tech Bridge’s CEO and Founder, Ilia Kolochenko, comments: “At High-Tech Bridge, we are committed to delivering groundbreaking application security services capable of solving our customers’ problems more efficiently and effectively. Our security engineers, Machine Learning experts and AI scientists work very hard to create new algorithms and technologies to reduce costs, increase speed and reliability of application vulnerability detection. Our continuous innovation is globally recognized by many prestigious awards, and most importantly – by our customers. We also try to facilitate and improve tangential processes, such as online payments.

“When we launched ImmuniWeb in 2014, we were the first application security vendor to accept online payments by credit card and PayPal. Today, a huge market segment wants to pay in crypto-currencies to protect data and customers. We are happy to make this possible for the benefit of the emerging blockchain industry.

“It is important to highlight, however, that we do not endorse any particular digital currency. High-Tech Bridge does not store or invest in any digital coins, but enables our customers to perform secure instant payments in them.”

Johann Schneider-Ammann, Swiss economics minister, considers Switzerland to become a crypto-nation. Some Swiss municipalities allow paying taxes in Bitcoin, while others offer ski passes for Bitcoins.

According to PwC, High-Tech Bridge’s strategic partner, Switzerland is also a major hub for Initial Coin Offerings (ICO) due to its friendly regulatory environment and political stability, out of the six largest ICOs, four were hosted in Switzerland.

High-Tech Bridge also provides various free web security services that, for example, can help blockchain startups to promptly detect phishing websites targeting their customers or impersonating their brand.

The ISBuzz Post: This Post Blockchain Startups And Exchanges Now Can Pay In Over 50 Cryptocurrencies For Application Security Services appeared first on Information Security Buzz.

Cryptomining: Paying the Price for Cryptocurrency

By Simon Marshall, Security Now, January 30, 2018

What are BitCoin, Ethereum or any other cryptocurrency really worth? Valuations are mercurial, exchanges have been raided, wallets hacked and currencies manipulated — so, who really knows?

Weiss Ratings has just released the world’s first cryptocurrency grades, in the race to enable better currency trading decisions. No cryptocurrency scored an “A” rating — primarily Weiss says because of the volatility of these currencies — with Bitcoin scoring a “fair” C+ and Ethereum ranking highest at a “good” B.

It’s not clear if Weiss has, in creating the grades, factored in that crypto coins can be outright stolen from wallets, or are the ill-gotten proceeds from ransomware and other illegal activity. Also, with so many websites either openly or covertly running cryptominers, it’s uncertain how much is being created, and who really owns it.

Pirate Bay, Showtime and politifact.com have all secretly or unknowingly exploited their customers by exposing them to onerous cryptomining. But with the value of cryptocurrencies currently rising, are we looking at the perfect storm?

1 billion cryptominers
Web browsing firm Opera estimates that about 1 billion people worldwide are currently affected by unwanted cryptomining.

To be fair, in some cases, users are aware their machines are being used to mine currency because the website offers a heads up that a miner will be installed instead of, for example, serving up ads. But in most recent cases, the site installs a miner without informing the user, or indeed, in Showtime’s case, the site is hacked and the miner is injected without their knowledge.

A reported total of 2,531 of the top 3 million websites (about one in 1,000) are running the de facto miner, Coinhive, which creates Monero currency, and was at the center of the Pirate Bay and Showtime cryptojacking incidents. Kaspersky has said it considers miners as riskware, not malware. That is, it considers the software is legitimate, but acknowledges it could be used for malicious purposes.

There are other cryptojacking tools out there, such as JSEcoin, and Crypto-Loot. However, I have MalwareBytes installed on my machine, and it blocks access to Coinhive’s home page, period. That says something.

“The recent uptick in [cryptojacking] can likely be attributed to the release of the popular JavaScript miner by Coinhive in September 2017,” Jonathan Tomek, senior director of threat research at Reston, VA-based LookingGlass Cyber Solutions, told SecurityNow.

Coinhive maintains that digital advertising doesn’t really work, and that coin mining is an alternative for website owners to monetize their sites. It recently added an opt-in interface so that users can decide for themselves if they wish their PC to be used for mining. That only works if the site is upfront about having users do the work for them by exposing them to the interface.

Coinhive mines Monero because the currency is anonymous and requires less computing power to yield results than other currencies such as Bitcoin. LookingGlass believes Monero will be the major cog in ransomware and money laundering schemes this year. However, LookingGlass believes criminals will broaden their horizons beyond ransomware, and for good reason.

Expanding mining territories
“Last year was plagued with ransomware but we have seen a recent decrease which is likely tied to the ever-rising prices of cryptocurrencies,” said Tomek. “Cybercriminals appear to be targeting wallets or leveraging mining due to its ease. Mining is expanding and taking the form of malicious website injection, malware, trojanized applications, and even WiFi connection hijacking.”

Smart cybercriminals are also involved in driving the value of currencies by recruiting botnets to spam consumers with emails hyping the values, according to Tomek. This shows how savvy the hackers are, as they insinuate themselves into every aspect of the currency lifecycle from creation through to valuation and eventually rogue ownership.

“Cybercriminals are typically involved in pump-and-dump schemes, not dissimilar to day traders,” said Tomek. “A recent cybertheft example is when the Necurs botnet was pumping Swisscoin last month from $0.20 to $20. It is now worth less than $0.01”

Obviously, one way to reduce this is to eliminate the botnets currently pumping the currencies by taking down the infected hosts, and blocking the spam. Joe Public can make a difference too, by ensuring that cryptowallets remain locked.

“The most common way for their cryptocoin to be stolen is by having their wallet taken and coin transferred to a cybercriminal,” said Tomek. “With a secure password, victims would prevent the criminals from moving or stealing their coin.”

Are you being mined?
Apart from a tell-tale spike in CPU usage, causing machines to slow down and heat up, there are very few signs that a PC is being mined. And even less so for mobile devices.

“When you browse the web, there are no visual clues that your device is exposed to mining,” said Jan Standal, vice president of product marketing at Opera.

Cryptomining can be considered a nuisance, but it is very dangerous to users for several reasons; it takes place in most instances without their knowledge, and it robs them of computing power, putting the PC at threat and inflating power bills. It can cause PCs to slow or freeze, work to be lost, productivity downed, and battery life reduced.

Most worryingly, cryptojacking tools can provide easy access for hackers to computer resources and private data.

An extension for Chrome called NoCoin hopes to alleviate issues. Microsoft browsers need a decent third-party antimalware tool, but there is a handy No Miner extension to protect Firefox users.

Opera now has built-in miner protection. Worried you’re a victim? The firm has posted a free tool. It only works on desktop OS and Android phones but support for iOS is reportedly coming soon.

The post Cryptomining: Paying the Price for Cryptocurrency appeared first on LookingGlass Cyber Solutions Inc..

UK critical operators risk £17m fines for poor cybersecurity practices

UK essential service operators risk fines of up to £17 million if they fail to implement robust protections against cyber attack. The penalties will apply to energy, transport, water, digital infrastructure, and health firms. “A simple, straightforward reporting system will be set up to make it easy to report cyber breaches and IT failures so they can be quickly identified and acted upon. It will also cover other threats affecting IT such as power outages, … More

Cryptominers On The Rise In H2 2017, Says Check Point Software Technologies

The ISBuzz Post: This Post Cryptominers On The Rise In H2 2017, Says Check Point Software Technologies appeared first on Information Security Buzz.

Check Point releases H2 2017 Global Threat Intelligence Trends Report, highlighting the rise in illegal cryptomining malware

 Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber-security solutions globally, today released its H2 2017 Global Threat Intelligence Trends report, revealing that cyber-criminals are increasingly turning to cryptominers to develop illegal revenue streams, while ransomware and ‘malvertising’ adware continue to impact organizations worldwide.

During the period July to December 2017, one in five organizations were impacted by cryptomining malware, tools that enable cybercriminals to hijack the victim’s CPU or GPU power and existing resources to mine cryptocurrency, using as much as 65% of the end-user’s CPU power.

The H2 2017 Global Threat Intelligence Trends report gives a detailed overview of the cyber-threat landscape in the top malware categories – ransomware, banking and mobile – and is based on data drawn from Check Point’s ThreatCloud intelligence between July and December 2017, highlighting the key tactics cyber-criminals are using to attack businesses.

Key malware trends in H2 2017

Check Point researchers detected a number of key malware trends during the period, including:

  • Cryptocurrency Miners Frenzy – While crypto-miners are commonly used by individuals to mine their own coins, the rising public interest in virtual currencies has slowed the mining process, which depends directly on the number of currency holders. This slowdown has increased the computational power needed to mine crypto-coins, which led cybercriminals to think of new ways to harness the computation resources of an unsuspecting public.
  • Decrease in Exploit Kits – Up until a year ago, Exploit Kits used to be a prime attack vector. During 2017 however, the use of Exploit Kits has significantly decreased as once exploited platforms have become more secure.  The rapid response to new vulnerabilities exposed in these products by security vendors and leading browser developers, along with automatic updates of newer versions, have also significantly shortened the shelf life of new exploits.
  • Increase in Scam Operations and Malspam – Throughout 2017, the ratio between infections based on HTTP and STMP shifted in favor of SMTP, from 55% in the first half of 2017 to 62% in the second. The increase in the popularity of these distribution methods attracted skilled threat actors who brought with them an advanced practice that included various exploitations of vulnerabilities in documents, especially in Microsoft Office.
  • Mobile malware reaches enterprise level –In the last year, we have witnessed several attacks directed at enterprises originating from mobile devices. This includes mobile devices acting as a proxy, triggered by the MilkyDoor malware, andused to collect internal data from the enterprise network.. Another type is mobile malware, such as the Switcher malware, that attempts to attack network elements (e.g. routers) to redirect network traffic to a malicious server under the attacker’s control.

Maya Horowitz, Threat Intelligence Group Manager at Check Point commented: “The second half of 2017 has seen crypto-miners take the world by storm to become a favorite monetizing attack vector.  While this is not an entirely new malware type, the increasing popularity and value of cryptocurrency has led to a significant increase in the distribution of crypto-mining malware.  Also, there has been a continuation of trends, such as ransomware, that date back to 2016, which is still a leading attack vector, used for both global attacks and targeted attacks against specific organizations.  25% of the attacks we saw in this period exploit vulnerabilities discovered over a decade ago, and less than 20% use ones from the last couple of years.  So it’s clear that there is still a lot that organizations need to do to fully protect themselves against attacks.”

Top Malware During H2 2017

  1. Roughted (15.3%)– A purveyor of ad-blocker aware malvertising responsible for a range of scams, exploits, and malware. It can be used to attack any type of platform and operating system, and utilizes ad-blocker bypassing and fingerprinting in order to make sure it delivers the most relevant attack.
  2. Coinhive (8.3%)– A crypto-miner designed to perform online mining of the Monero cryptocurrency without the user’s approval when a user visits a web page.  Coinhive only emerged in September 2017 but has hit 12% of organizations worldwide hit by it.
  3. Locky (7.9%)– Ransomware that spreads mainly via spam emails containing a downloader, disguised as a Word or Zip attachment, before installing malware that encrypts the user files. 

Top Ransomware During H2 2017

  1. Locky (30%)– Ransomware that spreads mainly via spam emails containing a downloader, disguised as a Word or Zip attachment, before installing malware that encrypts the user files.
  2. Globeimposter (26%)– Distributed by spam campaigns, malvertising and exploit kits. Upon encryption, the ransomware appends the .crypt extension to each encrypted file.
  3. WannaCry (15%) – Ransomware that was spread in a large scale attack in May 2017, utilizing a Windows SMB exploit called EternalBlue, in order to propagate within and between networks.

Top Mobile Malware During H2 2017

  1. Hidad (55%)– Android malware which repackages legitimate apps and then releases them to a third-party store. It is able to gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data.
  2. Triada (8%)– A Modular Backdoor for Android which grants superuser privileges to downloaded malware, as it helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
  3. Lotoor (8%)– A hacking tool that exploits vulnerabilities on the Android operating system in order to gain root privileges.  

Top Banking Malware During H2 2017

  1. Ramnit (34%) – A banking Trojan that steals banking credentials, FTP passwords, session cookies and personal data.
  2. Zeus (22%)– A Trojan that targets Windows platforms and often uses them to steal banking information by man-in-the-browser keystroke logging and form grabbing.
  3. Tinba (16%)– A banking Trojan which steals the victim’s credentials using web-injects, activated as the user tries to login to their banking website.

 The statistics in this report are based on data drawn from the Check Point’s ThreatCloud intelligence between July and December 2017. Check Point’s ThreatCloud intelligence is the largest collaborative network to fight cybercrime and delivers threat data and attack trends from a global network of threat sensors. The ThreatCloud database holds over 250 million addresses analyzed for bot discovery, more than 11 million malware signatures and over 5.5 million infected websites, and identifies millions of malware types daily.

A full copy of the report can be found here.

The ISBuzz Post: This Post Cryptominers On The Rise In H2 2017, Says Check Point Software Technologies appeared first on Information Security Buzz.

Crypto Mining Malware being distributed through Google’s DoubleClick

According to a report by a security firm named TrendMicro, numerous users in Asia and Europe were distributed cryptocurrency mining malware with the help of Google ads or commonly known as Google DoubleClick ad service. TrendMicro published a Blog on their Security and Intelligence section stating that a JavaScript program called CoinHive which mines Monero

The post Crypto Mining Malware being distributed through Google’s DoubleClick appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Hackers Behind Dridex Also Created FriedEx Ransomware

The ISBuzz Post: This Post Hackers Behind Dridex Also Created FriedEx Ransomware appeared first on Information Security Buzz.

In a new blog post researchers from ESET researchers reveal that that the authors behind the infamous Dridex banking trojan are also behind the high-profile, sophisticated ransomware variant FriedEx.

The ransomware was discovered in early July 2017 by Michael Gillespie. In August, it returned to the spotlight and made headlines by infecting NHS hospitals in Scotland.

FriedEx focuses on higher profile targets and companies rather than regular end users and is usually delivered via an RDP brute force attack. The ransomware encrypts each file with a randomly generated RC4 key, which is then encrypted using the hardcoded 1024-bit RSA public key.

In December 2017, ESET took a closer look at one of the FriedEx samples and almost instantly noticed the resemblance of the code to Dridex. Intrigued by the initial findings, ESET dug deep into the FriedEx samples, and found out that FriedEx uses the same techniques as Dridex to hide as much information about its behaviour as possible.

Further analysis revealed a number of additional attributes that confirmed ESET’s initial suspicions – the two malware families were created by the same developers.

The full blog post detailing ESET’s discovery can be found here, however let me know if you have any questions or would like to speak to one of their researchers.

The ISBuzz Post: This Post Hackers Behind Dridex Also Created FriedEx Ransomware appeared first on Information Security Buzz.

British cryptocurrency traders robbed of Bitcoin at gunpoint

Cryptocurrency heist are usually covert affairs that leave users with empty wallets, but not fearing for their life. Still, there are always some unlucky individuals who get the worst of everything. Case in point: Bitcoin traders Danny Aston and Amy Jay, who were robbed at gunpoint on January 22 in their home in Moulsford, Oxfordshire (UK). The two are directors of Aston Digital Currencies, and Aston traded cryptocurrency online under the pseudonym “Goldiath.” He has … More

Lenovo Fingerprint Manager Pro is full of fail

Lenovo Fingerprint Manager Pro, a piece of software that allows users to log into their PCs or authenticate to configured websites using fingerprint recognition, has been found seriously wanting in the security department. The problems are several: the software contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in. Also, the data it stores – users’ Windows logon credentials and fingerprint data, among other … More

Strava user heatmap reveals patterns of life in western military bases

In November 2017, online fitness tracker Strava published a heatmap of the activity many of its users around the world engage in (and track) daily. But what might have seemed as a harmless sharing of anonymized, aggregated data turned out to reveal potentially sensitive information about (mostly western) military bases and secret sites. The revelation was made and shared over the weekend by Nathan Ruser, an Australian university student and founding member of Institute for … More

Waterfall Security and HCNC collaborate to provide OSIsoft PI offerings to the Korean market

Waterfall Security Solutions, a global leader in cybersecurity technologies for critical infrastructure and industrial control systems, announced a partnership with HCNC Co., a systems integrator based in Korea, to further extend Waterfall’s and HCNC’s OSIsoft product offering within the region. HCNC specializes in integrating OSIsoft PI solutions throughout a wide spectrum of industries including power, oil and gas, utilities and transportation. HCNC’s combination of strong, local support coupled with extensive knowledge of and services for … More

Authentication today: Moving beyond passwords

A new global study from IBM Security examining consumer perspectives around digital identity and authentication, found that people now prioritize security over convenience when logging into applications and devices. Authentication methods perceived as most secure (global perspective) Generational differences also emerged showing that younger adults are putting less care into traditional password hygiene, yet are more likely to use biometrics, multifactor authentication and password managers to improve their personal security. With millennials quickly becoming the … More

How can we avoid another record year for breaches and ransomware?

More than 14.5 billion emails laced with malware were sent in 2017 according to the annual Global Security Report issued by AppRiver. The majority of cyber threats were initiated in the US and persisted throughout the year, with significant peaks in August, September and October. In the first half of 2017, 1.9 billion data records were lost or stolen as a result of cyberattacks. This followed a tough year in 2016, when losses totaled $16 … More

Cloud Security Alliance Quantum-Safe Security Awareness Survey Report

The ISBuzz Post: This Post Cloud Security Alliance Quantum-Safe Security Awareness Survey Report appeared first on Information Security Buzz.

Newest paper finds that despite awareness of threat posed by quantum computing,
little is being done to prepare 

  The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released the Quantum-Safe Security Awareness Survey Report. Conducted by CSA’s Quantum Safe Security Working Group (QSS WG) the survey looks to assess the overall awareness and understanding of quantum security risk and is part of the group’s larger effort to develop a future framework for addressing quantum computing threats.

“Within the next 10 to 15 years we can expect to see a cryptographically useful quantum computer,” said Bruno Huttner, CSA QSS WG co-chair and product manager for the Quantum-Safe division of ID Quantique. “With this considerable breakthrough will come a significant threat to the security of public key cryptography and the associated challenges of securing the global digital communications infrastructure. This report is an important step in identifying potential areas of concern and so we can begin to lay the groundwork for security solutions.”

Perhaps the most striking information to come from the survey was the realization that while most companies are aware of the risk, they are not yet ready to take action, a fact which could conceivably  lead to a very dangerous situation in the future when confidential information may become available to any entity possessing a quantum computer.

“While there is still a tremendous amount of work to be done in convincing the industry of the importance of including the threat of quantum computing in enterprise security strategies, the good news is that there is a great deal of interest in learning more about the threat quantum presents and how it can be mitigated,” said Jane Melia, CSA QSS WG co-chair and vice president of strategic business development at QuintessenceLabs. “This latest report provides an excellent context for moving forward in our efforts to educate the industry.”

Of those surveyed more than 90 percent were IT or information security professionals. Among other key findings:

  • Sixty percent of respondents are “very aware” or “somewhat aware” of quantum computer technology and of the impact that quantum computers will have on data security.
  • Just 30 percent are very or somewhat confident that their current security approaches will keep their data safe.
  • Only 40 percent of the companies surveyed are working to future-proof their data against the quantum computer threat.
  • Thirty-three percent of respondents are not aware that quantum solutions exist.

The CSA Quantum-Safe Security Working Group was formed to address key generation and transmission methods and to help the industry understand quantum‐safe methods for protecting their networks and their data. Individuals interested in joining the working group and participating in future research can do so by visiting the join page.

The Quantum-Safe Security Awareness Survey Report, available at https://cloudsecurityalliance.org/download/quantum-safe-security-awareness-survey/,  is a free resource being offered by the CSA. To see full survey results, please contact the CSA Research Team.

The ISBuzz Post: This Post Cloud Security Alliance Quantum-Safe Security Awareness Survey Report appeared first on Information Security Buzz.

PCI DSS 3.2 will unveil compliance cramming culture

February 1, 2018 marks the deadline for businesses to adopt the new industry standard, PCI DSS 3.2, aimed at reducing and better responding to cyber attacks resulting in payment data breaches. Originally announced in 2016, the industry has had almost two years to prepare for these increased requirements but a significant percentage of businesses are still not prepared, secure payment solutions provider, PCI Pal, warns. “The industry has developed a culture of compliance cramming, treating … More

Week in review: Intel testing new Spectre fixes, ICO protection, cybercrooks abusing travel industry

Here’s an overview of some of last week’s most interesting news, articles, and whitepapers: British teenager hacked top ranking US officials using social engineering How did British teenager Kane Gamble, who at the time was only 15 years old, manage to break into email accounts of the CIA and DNI chiefs, as well as gain access to a number of sensitive databases and plans for intelligence operations in Afghanistan and Iran? The answer is social … More

Malaysian man gets electrocuted to death while charging mobile phone

Man electrocuted to death while charging mobile phone

Another disastrous incident involving phone charger has been reported where a Malaysian man is believed to have died of electrocution while charging his mobile phone on Tuesday (Jan 23).

The deceased identified as Rosli Othman, 35, was found dead next to his mobile phone, charger and an extension wire at his friend’s house in the town of Jasin. His friend alerted police after he discovered what had happened.

“The deceased, who was a labourer, was found by his friend at around 11.30pm in an unconscious state alongside his mobile phone, charger and an extension cord,” Jasin Police Chief DSP Arshad told Bernama, the country’s local news agency.

Police investigations revealed that the victim did not suffer any other injuries. The case has been classified as sudden death, as the victim did not die out of natural causes.

The deceased’s body has been sent to Jasin Hospital, Melaka for a post mortem. There is no information on which model of phone he was using or what kind of charger he was using.

The post Malaysian man gets electrocuted to death while charging mobile phone appeared first on TechWorm.

Old Bitcoin transactions can come back to haunt you

A group of researchers from Qatar University and Hamad Bin Khalifa University have demonstrated how years-old Bitcoin transactions can be used to retroactively deanonymize users of Tor hidden services. It seems that Bitcoin users’ past transactions – and especially if they used the cryptocurrency for illegal deals on the dark web and didn’t think to launder their payments – may come back to haunt them. Researchers’ findings “We crawled 1.5K hidden service pages and created … More

Facebook, Microsoft announce new privacy tools to comply with GDPR

In four months the EU General Data Protection Regulation (GDPR) comes into force, and companies are racing against time to comply with the new rules (and avoid being brutally fined if they fail). One of the things that the regulation mandates is that EU citizens must be able to get access to their personal data held by companies and information about how these personal data are being processed. Facebook users to get new privacy center … More

New infosec products of the week​: January 26, 2018

Empowering security teams with unlimited security data collection, indexing and search Exabeam Data Lake centralizes all relevant logs to reduce the work of collecting logs from multiple systems. It is built on open source, big data technology, providing unlimited security data collection, indexing, and search. It supports better analytics and enables compliance reporting. Data Lake now has a database collector which enables logs to be collected from remote Microsoft SQL Server and MySQL databases. Proxmox … More

Good privacy is good for business, so pay attention

Data privacy concerns are causing significant sales cycle delays for up to 65 percent of businesses worldwide, according to findings in the new Cisco 2018 Privacy Maturity Benchmark Study. The study shows that privacy maturity is connected to lower losses from cyberevents: 74 percent of privacy-immature organizations experienced losses of more than $500,000 last year caused by data breaches, compared with only 39 percent of privacy-mature organizations. Privacy maturity is a framework defined by the … More

Cyber attacks surge, ransomware leading the way

The Online Trust Alliance (OTA) found that cyber incidents targeting businesses nearly doubled from 82,000 in 2016 to 159,700 in 2017. Since the majority of cyber incidents are never reported, OTA believes the actual number in 2017 could easily exceed 350,000. “Surprising no one, 2017 marked another ‘worst year ever’ in data breaches and cyber incidents around the world,” said Jeff Wilbur, director of the OTA initiative at the Internet Society. “This year’s big increase … More

Kaspersky Lab official blog: Transatlantic Cable podcast, episode 21

In this week’s edition of the Transatlantic Cable podcast, Dave and I discuss teenage hackers, a woman who has a bad habit of sneaking onto airplanes, Sonic the Hedgehog and more.

For more on this week’s topics, see:

rss-podcasts rss-podcasts



Kaspersky Lab official blog

Alphabet enters enterprise cybersecurity market, launches Chronicle

Google’s parent company Alphabet has announced its entry into the lucrative enterprise cybersecurity market through Chronicle, a company started in early 2016 as a project at X, Alphabet’s “moonshot factory.” Chronicle has now “graduated” to the status of an independent company within Alphabet, and is lead by Stephen Gillett, formerly an ​executive-in-residence at Google Ventures and Chief Operating Officer of Symantec. VirusTotal, a malware intelligence service acquired by Google in 2012, will be become a … More

PCI Council sets security requirements for mobile point of sale solutions

The PCI Security Standards Council has announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf (COTS) devices such as smartphones and tablets. What are we talking about here? Stores that offer customers the possibility to purchase things with their payment card usually have a hardware terminal and PIN entry device. But this can be too pricey an option for small merchants in markets that require EMV chip-and-PIN acceptance. A cheaper option … More

Great Gesture by Mohammed Siraj after 14 year kid hacked his account and got arrested

With the increase in cybercrimes nowadays, social media accounts are the ones which are the most vulnerable. The rate of them getting hacked is increasing day by day. One of the things we see now is not only professional hackers are into hacking social media accounts, but young students and teenagers are also now doing

The post Great Gesture by Mohammed Siraj after 14 year kid hacked his account and got arrested appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Data breaches at an all time high: How are businesses protecting themselves?

Digitally transformative technologies are shaping the way organisations do business and moving them to a data-driven world, with 94% of organisations using sensitive data in cloud, big data, IoT, container, blockchain and/or mobile environments, according to the 2018 Thales Data Threat Report. Digital transformation is driving efficiency and scale as well as making possible new business models that drive growth and profitability. Enterprises are embracing this opportunity by leveraging all that digital technology offers, with … More

ICO protection: Key threats, attack tools and safeguards

Group-IB has analyzed the basic information security risks for the cryptoindustry and compiled a rating of key threats to an ICO (initial coin offering). On average, over 100 attacks are conducted on one ICO, and criminals are increasingly using modified Trojans that were previously used for thefts from banks, as well as targeted attacks with a view to compromise secret keys and secure control over accounts. Ranking threats While summing up a year of protecting … More

Check Point Announces Infinity Total Protection

The ISBuzz Post: This Post Check Point Announces Infinity Total Protection appeared first on Information Security Buzz.

Check Point Announces Infinity Total Protection, a Unique New Security Model to Prevent ‘Gen V’ Threats and Attacks

 Game-changing new security deployment model for real-time prevention of threats and cyberattacks

 CPX 360, BARCELONA, SPAIN  Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber-security solutions globally, today announced Infinity Total Protection:  a revolutionary security consumption model that enables enterprises to prevent Gen V cyberattacks.  This innovative model utilizes Check Point Infinity Architecture components, providing the highest levels of security,while also reducing cost by consolidating security components.

All business sectors are now experiencing Gen V (5th Generation) cyber-attacks which are characterized by being large-scale and fast moving across multiple industries.  These sophisticated attacks on mobile, cloud and various enterprise networks, easily bypass conventional, static detection-based defenses being used by most organizations today.  To protect networks and data against these attacks, organizations need to move up to Gen V cyber-security using Check Point Infinity, which combines real-time threat prevention, shared intelligence and the most advanced security across networks, cloud and mobile.

“Enterprises need to protect themselves from sophisticated—and dangerous—attacks on all fronts: network, endpoint, mobile and cloud,” said Doug Cahill, group director and senior cybersecurity analyst at market research firm, Enterprise Strategy Group. “These latest, fifth generation attacks (Gen V) require a comprehensive fifth generation cyber-security solution, such as Check Point’s Infinity Total Protection, to keep critical business data safe from potentially devastating attacks across the entire enterprise.”

Infinity Total Protection is a game-changing new consumption model with a simple all-inclusive, per-user, per-year subscription offering.  The offering enables enterprises to fully utilize Gen V security across their entire network.  Infinity Total Protection is the only subscription solution available today that includes both network security hardware and software, with fully integrated endpoint, cloud and mobile protections and zero-day threat prevention, together with unified management and 24×7 premium support. With it, subscribers immediately benefit from Check Point Infinity’s unified security architecture and total threat prevention across all their enterprise environments, whether on-premise, mobile, or cloud.

“Cyberattacks are getting bigger, more sophisticated and more complex daily, yet many organizations still rely on outdated, older-generation security technologies that can only detect attacks after they have already occured,” said Gabi Reish, VP product management and product marketing at Check Point.  “With Infinity Total Protection, enterprises can quickly and easily deploy Gen V cyber security, the Check Point infinity architecture,  across their entire environment, and so prevent and block the most advanced threats and attacks.”

Check Point Infinity Total Protection delivers the broadest set of security technologies to protect organizations against the most advanced and unknown threats, including: 

  • Real-time Threat Prevention:  Protection against APTs and unknown zero day malware, using real-time sandboxing;  ransomware protection;  and anti-bot technologies, powered by integrated, real-time cloud-based threat intelligence and machine learning for identifying new threats.
  • Advanced Network Security:  the most advanced firewall, intrusion prevention and application control, supporting networks of any size – from branch offices to global enterprises, and across both private and public cloud security offerings.
  • Cloud Security:  advanced threat prevention security in public, private and hybrid cloud, and SDN environments, with micro-segmentation for east-west traffic control inside the cloud.
  • Mobile Security:  malware prevention on iOS and Android mobile devices, rogue network identification, secure containers, data protection and document encryption, and EMM integration.
  • Data Protection:  anti-ransomware for known and unknown ransomware, data protection and seamless document encryption, browser security, a fully integrated endpoint protection suite and security forensics.
  • Integrated Security & Threat Management:  a unified security management environment supporting multi-device, multi-domain and multi-admin management, with complete threat visibility supporting collection, correlation and attack analysis, and reporting tools for compliance and audit.

The new solution was unveiled at CPX 360 Barcelona, Check Point’s annual cyber-security summit and expo for customers and partners.  CPX 360 is dedicated to addressing today’s most pressing cyber security challenges and helping customers of all sizes develop strategies to stay one step ahead of new and emerging cyberthreats and sophisticated hackers.

The ISBuzz Post: This Post Check Point Announces Infinity Total Protection appeared first on Information Security Buzz.