Category Archives: News

LockerGoga Ransomware – Another Threat To Businesses

Recently, Lockergoga ransomware made it to the news after repeated attacks on different organizations. The ransomware first became known after

LockerGoga Ransomware – Another Threat To Businesses on Latest Hacking News.

Cyber Security Week in Review (March 22)


Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here.

Top headlines this week


  • Norwegian aluminum company Norsk Hydro was hit with a “severe” ransomware attack. The malware affected production operations in the U.S. and Europe. The company says they do not know the origin of the attack and are still working to contain the effects. 
  • Cisco disclosed several vulnerabilities in some of its IP phones. The bugs could allow an attacker to carry out a cross-site request forgery attack or write arbitrary files to the filesystem. Cisco’s IP Phone 8800 series, a desk phone for businesses that includes HD video features, and the 7800 series, which are mainly used in conference rooms at businesses. Snort rules 49509 - 49511 protects users from these vulnerabilities. 
  • A new variant of the Mirai botnet is in the wild targeting televisions hosting signage and presentation systems. The malware uses 27 different exploits to infect systems, 11 that are completely new to Mirai. Snort rules 49512 - 49520 protects users from this new variant. 

From Talos


  • The new LockerGoga malware straddles the line between a wiper and ransomware. Earlier versions of LockerGoga leverage an encryption process to remove the victim's ability to access files and other data that may be stored on infected systems. A ransom note is then presented to the victim that demands the victim pay the attacker in Bitcoin in exchange for keys that may be used to decrypt the data that LockerGoga has impacted.
  • The latest episode of the Beers with Talos podcast covers point-of-sale malware. Additionally, the guys recap the RSA Conference from earlier this month and talk OpSec fails. 
  • We recently discovered 11 vulnerabilities in the CUJO Smart Firewall. These vulnerabilities could allow an attacker to bypass the safe browsing function and completely take control of the device, either by executing arbitrary code in the context of the root account or by uploading and executing unsigned kernels on affected systems. Snort rules 47234, 47663, 47809, 47811, 47842, 48261 and 48262 provide coverage for these bugs.
  • Our researchers discovered a new way to unmask IPv6 addresses using UPnP. This allows us to enumerate a particular subset of active IPv6 hosts which can then be scanned. We performed comparative scans of discovered hosts on both IPv4 and IPv6 and presented the results and analysis.

The rest of the news


  • A health care vendor in Singapore mistakenly exposed the personal information of 800,000 blood donors. The vendor reportedly used an unsecured database on an internet-facing server without properly protecting it from authorized access. All affected donors have been notified by Singapore’s government. 
    • Talos Take: "The data leak in Singapore is the latest in a string of these. Last summer (June/July) it was 1.5 million records, earlier this year it was 14,000 HIV patients and now this 800,000 blood donor info that you have," Nigel Houghton, director of Talos operations.
  • Google patched a bug in its Photos app that could have allowed an attacker to track users. The vulnerability opened mobile devices to browser-based timing attacks that could produce information about when, where and with whom a user had taken a photo. 
  • The European Union hit Google with another fine, this time worth roughly $1.7 billion. A recent report from the European Commission found that Google “shielded itself from competitive pressure” by blocking rivals from placing advertisements on third-party websites by adding certain clauses in AdSense contracts.
  • Windows is ending support for Windows 7. The company says it will cease support for the operating system on Jan. 14, 2020. Users are being notified of the change via a recent update. 
  • U.S. officials at the recent RSA Conference warned that China is the greatest cyber threat to America, not Russia. Rob Joyce, a cybersecurity adviser at the National Security Agency, compared Russia to a hurricane that can move quickly, while China is closer to the long-term problems that can come with climate change.


Norsk Hydro cyber attack: What’s new?

Norwegian aluminum producer Norsk Hydro ASA was hit by ransomware-wielding attackers early this week. The company lost no time in reacting and responding to the attack – they notified the authorities, called in experts to help, and (very laudably) committed to keeping the public informed. In the latest official update on the situation, the company shared that: With the help of experts from Microsoft and other IT security partners, they are working on reverting virus … More

The post Norsk Hydro cyber attack: What’s new? appeared first on Help Net Security.

Google Disallows VPN Ads Targeting Chinese Users Due To ‘Local Legal Restrictions’

China is already known for its strict policies regarding internet censorship. It is also among those few countries who have

Google Disallows VPN Ads Targeting Chinese Users Due To ‘Local Legal Restrictions’ on Latest Hacking News.

Worldwide spending on security solutions expected to continue growing

Worldwide spending on security-related hardware, software, and services is forecast to reach $103.1 billion in 2019, an increase of 9.4% over 2017. This pace of growth is expected to continue for the next several years as industries invest heavily in security solutions to meet a wide range of threats and requirements. $133.8 billion by 2022 Worldwide spending on security solutions will achieve a compound annual growth rate (CAGR) of 9.2% over the 2018-2022 forecast period … More

The post Worldwide spending on security solutions expected to continue growing appeared first on Help Net Security.

The privacy risks of pre-installed software on Android devices

Many pre-installed apps facilitate access to privileged data and resources, without the average user being aware of their presence or being able to uninstall them. On the one hand, the permission model on the Android operating system and its apps allow a large number of actors to track and obtain personal user information. At the same time, it reveals that the end user is not aware of these actors in the Android terminals or of … More

The post The privacy risks of pre-installed software on Android devices appeared first on Help Net Security.

Latest Hacking News Podcast #245: Brent White and Tim Roberts, NTT Security

On episode 245 of our daily cybersecurity podcast we discuss the physical aspect of cybersecurity with Brent White and Tim Roberts, senior security consultants with NTT Security.

Latest Hacking News Podcast #245: Brent White and Tim Roberts, NTT Security on Latest Hacking News.

Cost of telecommunications fraud estimated at €29 billion a year

As our society evolves, so does our reliance on telecommunications technology. Cybercriminals prey on our daily use of electronic devices and continuously seek out new ways to exploit vulnerabilities and access information. Cooperation and information-sharing between law enforcement and the private sector has therefore become essential in the fight against these types of crime. One example of this collaboration is the joint Cyber-Telecom Crime Report 2019, published by Europol and Trend Micro. The report gives … More

The post Cost of telecommunications fraud estimated at €29 billion a year appeared first on Help Net Security.

Businesses have cybersecurity best practice guidelines but fail in practice

Almost 70% of companies have cybersecurity best practice guidelines in place but neglect to take the necessary steps to secure their business. A staggering 44% of businesses admitted to not securing removable devices using anti-virus software, leaving their IT systems exposed to cybersecurity risks and GDPR fines, according to a new research conducted by ESET and Kingston Digital. The ESET and Kingston research looked at over 500 British business leaders to investigate how they are … More

The post Businesses have cybersecurity best practice guidelines but fail in practice appeared first on Help Net Security.

Quality Assurance and Testing is a bottleneck to implementing DevOps for many organizations

The practice of Continuous Testing – the process of fast and efficient validation of software releases in agile developments through highly automated tests – is gaining ground in large enterprises, with almost a third of IT executives (32%) stating that their IT departments had ‘fully embraced Continuous Testing’. However, with 58% of enterprises deploying a new build daily (and 26% at least hourly), companies must work to improve their continuous testing effectiveness by streamlining their … More

The post Quality Assurance and Testing is a bottleneck to implementing DevOps for many organizations appeared first on Help Net Security.

Experts to help boards tackle cybersecurity threats

A consortium of UK cyber security experts including UCL academics is to support global businesses to tackle online threats and protect themselves from cybercrime. The Cyber Readiness for Boards project, which is jointly funded by the National Cyber Security Centre and the Lloyd’s Register Foundation, has launched to explore the factors shaping UK board decisions around cyber risk and develop interventions to provide guidance and support. Project lead and Director of the Research Institute in … More

The post Experts to help boards tackle cybersecurity threats appeared first on Help Net Security.

Microsoft Launch Application Guard Extension For FireFox and Chrome

Earlier, Microsoft introduced a dedicated Windows Defender browser extension for its browser Microsoft Edge with Windows 10. The extension, named

Microsoft Launch Application Guard Extension For FireFox and Chrome on Latest Hacking News.

Flaw in NSA’s GHIDRA leads to remote code execution attacks

By Waqas

GHIDRA is NSA’s reverse engineering tool released earlier this month. Earlier this month, Hackread.com posted about the National Security Agency’s (NSA) publicly releasing its decompiler and disassembler tool GHIDRA and make it open-source software. Now, it has been revealed that the generic reverse engineering tool has a flaw that can be exploited by cybercriminals for carrying […]

This is a post from HackRead.com Read the original post: Flaw in NSA’s GHIDRA leads to remote code execution attacks

An attack with the new LockerGoga ransomware in Norway

An attack with the new LockerGoga ransomware

Ransomware, which has caused so many problems in organizations all over the world, has once more had a direct impact on the business world. On March 18, one of the world’s largest producers of aluminium, Norsk Hydro, was forced to carry out part of its operations manually due to a ransomware attack. According to NorCERT, the Norwegian Computer Emergency Response Team, it is a new ransomware called LockerGoga.

On the night of Monday 18, the company’s IT team alerted of a cyberattack that had affected most of its business areas. From that moment, its priority was to ensure services were safe, limit operational and financial impact, and restore the affected devices. The company made the incident public and gave details of the attack in an official communication.

The LockerGoga ransom note

Norsk Hydro also notified the relevant authorities, and says that, for now, production losses have been minimal, although the delivery of some future orders could be affected due to the fact that the network is down.

NorCERT confirmed that this was a LockerGoga attack – “NorCERT warns that Hydro is exposed to a LockerGoga attack. The attack was combined with an attack on Active Directory (AD)” read the statement.

Norsk Hydro has not commented on the nature of the attack, but has described the situation as an ongoing event. The company “is working to contain and neutralize the attack” with external help.

Eivind Kallevik, Norsk Hydro CFO, said that the situation was “quite severe”. However, he confirmed that the company has backup systems and security policies to deal with this kind of situation. Its main strategy is to neutralize the attack and use backups to restore operations and avoid paying the ransom.

Other victims of ransomware

The attack on the Norwegian company is not the first time that a ransomware of this kind has caused problems in the corporate world. In January this year, there was news of another malware attack on the French company Altran Technologies. Altran had to shut down its network and its applications to protect its clients’ data and its own assets. Although the details in the company’s statement were scarce, several security researchers concluded that it was a ransomware attack, most likely LockerGoga.

In the middle of January this year, the City Hall of a city in Texas reported a ransomware attack that paralyzed its basic services. And just a few days ago, a secondary school in England suffered a similar attack that caused the loss of many of its students’ coursework.

Ransomware’s comeback

Last year, it seemed as though cryptojacking may be on its way to replacing ransomware as the leading threat to corporate cybersecurity. However, with the closure of Coinhive, the most popular service for carrying out this kind of attack, ransomware is likely to once more take the crown as cybercriminals’ most popular tool.

How to protect against ransomware

In order to keep ransomware from causing problems in your company, it is vital to have a security policy in place. This policy must have extremely sound precautions for email and other attack vectors. It must also establish protocols to make backups, monitor and deploy patches and updates for all the company’s software, and establish lines and solutions in order to create a mature, resilient protection strategy.

When designing this strategy, and in the fight against ransomware, the most important thing is to have an advanced cybersecurity solution such as Panda Adaptive Defense. In fact, Panda’s solution, which combines EPP and EDR systems, managed to detect LockerGoga via generic signatures, meaning that every Panda Adaptive Defense customer was safe from this infection from the outset. As an additional layer of security, Adaptive Defense has a protection mode – Lock – that is able to block any unknown, potentially dangerous process until it is analyzed and classified. This means that it is impossible for any malware, be it known or unknown, from running on your system.

The post An attack with the new LockerGoga ransomware in Norway appeared first on Panda Security Mediacenter.

A new Windows vulnerability, exploited by cybercriminals

Windows vulnerability vulnerabilities

CVS (Common Vulnerabilities and Exposures) is a system that registers and provides information about known security vulnerabilities. According to CVS, 16,555 vulnerabilities have been discovered in the last year, of which, over 25% are of high or critical severity. In fact, the number of vulnerabilities discovered each year has shot up in the last two years: 6,447 vulnerabilities were discovered in 2016; in 2017 that figure rose to 14,714.

Vulnerabilities in IT systems have played a decisive role in some of the most serious security incidents of the last few years. A vulnerability called EternalBlue was used to carry out attacks such as WannaCry, which affected over 300,000 companies all over the world, and cost a total of around $4 billion. The malware NotPetya, which came to light just a month later, was able to get onto systems thanks to this vulnerability, stealing passwords in order to take control of the network that it accessed. A piece of malware called Adylkuzz also made use of EternalBlue in order to download a series of commands onto infected computers, which were then used to generate and extract cryptocurrencies.

Vulnerabilities also had a hand in some of the most significant data breaches in history: Equifax suffered one such breach that affected 145 million people. This breach was made possible by a vulnerability in its web application framework. In September last year, almost 50 million Facebook accounts were exposed to an attack that was carried out using a vulnerability in the social network.

The vulnerabilities in Windows

Even such a robust operating system as Windows can’t escape the far-reaching problems that vulnerabilities pose. Last year, in September and October, two zero-day vulnerabilities were discovered in the Windows 10. Both of these vulnerabilities allowed privilege escalation.

Now, on March 12 this year, a zero-day vulnerability was discovered that affected both Windows 8 and Windows 10. This vulnerability in the Microsoft Windows graphic subsystem allows a cybercriminal to introduce a piece of malware in the computer, and thus take control of the device.

More worrying than the discovery of the vulnerability is the fact that it seems to have already been used by at least two threat actors in real attacks. One of these threat actors could be FruityArmor, a group of cybercriminals known for exploiting zero-day vulnerabilities.

Patch possible vulnerabilities

Microsoft has already launched a patch to fix this vulnerability, and it should be installed as soon as possible. Besides this, it is also a very good idea to make sure that all programs are fully updated in order to avoid possible security problems.

In order to streamline the process of searching for and applying patches that are vital for your company’s security, Panda Security has launched Panda Patch Management. Patch Management, a complementary module of Panda Adaptive Defense, audits, monitors, and prioritizes updates on operating systems and applications.  In exploit and malicious program detections, it notifies you of pending patches. Installations are launched immediately, or scheduled from the console, isolating the computer if needed.

What’s more, Panda Adaptive Defense has another module that helps to keep your IT system safe: Panda Advanced Reporting Tool. This module automates the storage and correlation of the information related to process execution and its context extracted by Panda Adaptive Defense from endpoints. This way, Advanced Reporting Tool can generate security intelligence and provide tools that allow organizations to pinpoint attacks and unusual behaviors. This allows vulnerabilities that may exist in the company’s IT network to be detected early.

It is clear that vulnerabilities are a great risk for your company’s IT security. And if your company uses Windows 8 or 10, it is very likely that this latest vulnerability will directly affect you. As such, it is vital that you keep your systems updated at all times.

The post A new Windows vulnerability, exploited by cybercriminals appeared first on Panda Security Mediacenter.

Kaspersky Lab official blog: Transatlantic Cable podcast, episode 83

The latest on the Norsk Hydro ransomware plague, the EU preparing for EU-wide cyberattack, a snafu with Sprint, and more

For this week’s edition of the Kaspersky Lab Transatlantic Cable podcast, Dave and I split our time between sides of the Atlantic.

To start, we look at the latest news out of Norway on the ransomware infection that struck aluminum producer Norsk Hydro. The story is still developing, but we discuss the latest. We stay in Europe to look at a piece of EU legislation that will increase the collaboration of countries when it comes to preparing for Europe-wide cyberattacks.

We then jump over to the shores of America to tackle a tale of Sprint customers who are seeing other people’s data when they log in to their accounts. To close out the podcast we move into the world of scooter sharing — and the data that the city of Los Angeles wants.

If you enjoy the podcast, consider subscribing and sharing with your friends who need more regular updates on security. For the full text of the stories, please visit the links below:



Kaspersky Lab official blog

Aluminum Producer – Norsk Hydro Victim Of LockerGoga Ransomware

Once again, a ransomware attack paralyzed the usual business operations of a giant firm. This time, the aluminum producer Norsk

Aluminum Producer – Norsk Hydro Victim Of LockerGoga Ransomware on Latest Hacking News.

(IN)SECURE Magazine: RSAC 2019 special issue released

RSA Conference, the world’s leading information security conferences and expositions, concluded its 28th annual event in San Francisco. The week saw more than over 42,500 attendees, 740 speakers and 700 exhibitors at Moscone Center and Marriott Marquis, where they experienced the North and South Expo, keynote presentations, peer-to-peer sessions, track sessions, tutorials, seminars and special events on topics such as privacy, hackers and threats, machine learning, artificial intelligence and the human element, law, IoT security, … More

The post (IN)SECURE Magazine: RSAC 2019 special issue released appeared first on Help Net Security.

Google Launches New Policy Manager To Tackle Bad Ads

Every year, Google shares updates about how they handle malicious and scam advertisements. This year, Google announced the launch of

Google Launches New Policy Manager To Tackle Bad Ads on Latest Hacking News.

You may trust your users, but can you trust their files?

In this Help Net Security podcast recorded at RSA Conference 2019, Aviv Grafi, CEO at Votiro, talks about their Content Disarm and Reconstruction (CDR) technology for protection against cyber threats. Here’s a transcript of the podcast for your convenience. We’re here with Aviv Grafi, CEO of Votiro. Hello, how are you? I’m great. How are you? Great. Can you tell us a little bit about Votiro? Sure. Votiro is a cybersecurity company, we ’re headquartered … More

The post You may trust your users, but can you trust their files? appeared first on Help Net Security.

Breaking the cybersecurity stalemate by investing in people

No surprise, it happened again. In 2018, the financial toll cyber breaches took on organizations hit $3.86 million, a 6.4 percent rise from 2017. Before last year’s close, analysts at Gartner claimed worldwide spending on infosec products and services would increase 12.4 percent, reaching over $114 billion in 2019. In fact, when the U.S. government announced a 2019 budget of $15 billion for cybersecurity-related activities, it came with a 4.1 percent jump and a caveat: … More

The post Breaking the cybersecurity stalemate by investing in people appeared first on Help Net Security.

Average DDoS attack sizes decrease 85% due to FBI’s shutdown of DDoS-for-hire websites

The FBI’s shutdown of the 15 largest distributed denial-of-service (DDoS) for hire vendors (booters) reduced the overall number of attacks worldwide by nearly 11 percent compared to the same period last year. Along with the fewer total attacks, the average size decreased by 85 percent as did the maximum attack size by 24 percent, indicating the FBI crackdown was effective in reducing the global impact of DDoS attacks. However, booter websites are poised to make … More

The post Average DDoS attack sizes decrease 85% due to FBI’s shutdown of DDoS-for-hire websites appeared first on Help Net Security.

Latest Hacking News Podcast #244

Google Photos flaw, EU fines Google $1.7 billion, VeryMal campaign using Google Firebase, and tech support scammer pleads guilty on episode 244 of our daily cybersecurity podcast.

Latest Hacking News Podcast #244 on Latest Hacking News.

CEOs more likely to receive pay rise after a cyber attack. Wait, what?

Bosses are more likely to receive a pay rise after their firm suffers a cybersecurity breach, a study has found. Researchers at Warwick Business School found that media reports of a cyber attack led to a stock market shock as investors sold their shares, but this only lasted a few days. Security breaches did have a lasting impact on the way firms were run, as they typically paid lower dividends and invested less in research … More

The post CEOs more likely to receive pay rise after a cyber attack. Wait, what? appeared first on Help Net Security.

Most IT and security professionals feel vulnerable to insider threats

91 percent of IT and security professionals feel vulnerable to insider threats, and 75 percent believe the biggest risks lie in cloud applications like popular file storage and email solutions such as Google Drive, Gmail, Dropbox and more. “The rise of SaaS in the digital workplace has made companies more vulnerable than ever to insider threats,” said David Politis, founder and CEO, BetterCloud. “A major reason is SaaS has given users all the control over … More

The post Most IT and security professionals feel vulnerable to insider threats appeared first on Help Net Security.

Latest tactics used by cybercriminals to bypass traditional email security

Cybercriminals are continuously using new strategies to get past email security gateways, with brand impersonation being used in 83 percent of spear-phishing attacks, while 1 in 3 business email compromise attacks are launched from Gmail accounts. Sextortion scams, a form of blackmail that makes up 10 percent of all spear-phishing attacks, continue to increase. Employees are also twice as likely to be the target of blackmail than business email compromise. These are the key findings … More

The post Latest tactics used by cybercriminals to bypass traditional email security appeared first on Help Net Security.

Bitcoin Cash Price Analysis: U.S. Electronics Giant Avnet to Accept BCH; Price Action has Cooled but Subject to Further Buying Pressure

Nasdaq listed electronics giant Avnet is set to start accepting Bitcoin Cash and Bitcoin as a method of payment.  BCH/USD price is consolidating after a decent push […]

The post Bitcoin Cash Price Analysis: U.S. Electronics Giant Avnet to Accept BCH; Price Action has Cooled but Subject to Further Buying Pressure appeared first on Hacked: Hacking Finance.

Panda Adaptive Defense put to the test by SANS Institute

SANS Institute

In the past, we have discussed the idea that 100% protection is unattainable.  However, there exist defense strategies that combine protection solutions, managed services and artificial intelligence. These are capable of increasing an organization’s capacities to detect and stop attackers. In this battle, it is vital to focus on defending the place where organizations keep their assets: the endpoint

SANS Institute evaluates Panda Adaptive Defense

SANS Institute (SysAdmin Audit, Networking and Security Institute), one of the most influential institutions in the cybersecurity world, which reaches over 165,000 professionals in the sector, has published a review of the advanced solution, Panda Adaptive Defense 360.

“SANS found Panda Adaptive Defense 360 to be easily deployable, with instant results in preventing malware and identifying targeted attacks. Within the platform, we found that tasks associated with large amounts of labor investment, such as tuning and patching, instead are automated or minimal. The solution brings synergy and success with groundbreaking preventive and detective capabilities.”

With this evaluation, Panda Security’s corporate cybersecurity solution joins the group of technologies recognized and certified by SANS Institute in the IT security ambit.

The SANS Institute review, step by step

In order to survive in a world where attackers deploy automatized malware and carry out targeted attacks, organizations need to secure their endpoints with platforms that provide automatized protection and mechanisms.

SANS Institute used Panda Adaptive Defense 360 for a month in order to evaluate its cybersecurity capacities. According to SANS, the evolution of malware requires better solutions, not more solutions. This is where Panda Adaptive Defense 360 comes in: it combines groundbreaking techniques designed to stop attacks immediately and provide detailed analytics to identify the most advanced attacks.

You can find out more about the how this study was carried out, as well as its findings, in the webcast on March 27 at 15:00 UTC.

Register for the webcast

Agent deployment and management capabilities

For SANS, it is vital that a platform of this type adjust to the organization that uses it, and not the other way round. This is exactly what Panda Adaptive Defense 360 did; it returned no false positives, saving the IT team a lot of time.

SANS was impressed with the capability of the Patch Management module to schedule the installation of necessary patches: “Endpoint suites that do not include patch management forget that a key control for the prevention of malware execution is to patch software vulnerabilities.”

Endpoint prevention capabilities

Another reality that we are facing is the fact that it is important – and often tricky – to find a balance between automatizing the protection/detection and how easy it is to maintain the solution.

Panda Adaptive Defense 360’s 100% Attestation service classifies all processes, and depending on this classification, allows it to run, or not, on the endpoint. To do this, the service applies machine learning techniques and gathers over 1000 data points in order to classify the files.

If it cannot be identified this way, the file is sent to Panda’s expert malware analysts, who are part of what makes the platform so special: the managed threat hunting service. This only happens in 0.015% of cases.

How were Panda Adaptive Defense 360’s capabilities tested? By launching malware samples; from ransomware and rootkits, to traditional viruses. All of these samples were deleted or failed to run. One of the samples used was Petya; it failed to run successfully, and was also registered correctly.

Endpoint detection and visibility

There is a big difference between dealing with malware and dealing with a malwareless attack. More and more companies suffer attacks that use a combination of malware and techniques that are resident in the memory – that is, that don’t use malware. To fight this, SANS praises Panda Adaptive Defense 360’s EDR capabilities, which are added to EPP – a combination that, when it was created, was a milestone in endpoint protection.

Taming the endpoint chaos within: A review of Panda Adaptive Defense 360

To find out more, we invite you to register for the live webcast on March 27 at 15:00 UTC. In this webcast, Justin Henderson (SANS Institute analyst) and James Manning  (Panda Security Pre-Sales Engineering team manager in North America) will discuss in detail the advanced cybersecurity solution.

In this link you can find more information about the webcast and a form to register.

You will learn about:

  • The importance of using endpoint protection, detection and response capabilities jointly in order to stop attackers before they can get a foothold on an endpoint.
  • The value of certifying 100% in order to reduce the number of incidents that need to be investigated.
  • How to understand the progression of endpoint protection, from auditing to blocking.
  • How to investigate attacks on endpoints via visualization tools.

Register  today to be among the first to receive the whitepaper written by Justin Henderson, SANS analysts and expert in endpoint security.

Register for the webcast

The post Panda Adaptive Defense put to the test by SANS Institute appeared first on Panda Security Mediacenter.

Ethereum Price Analysis: Core Developers Eye ASIC-Resistant Algorithm ProgPoW Integration

The Ethereum core developer team discussed in their most recent meeting the integration of an ASIC-resistant algorithm, ProgPoW. ETH/USD price action is within consolidation mode; a formation […]

The post Ethereum Price Analysis: Core Developers Eye ASIC-Resistant Algorithm ProgPoW Integration appeared first on Hacked: Hacking Finance.

Norsk Hydro cyber attack: What happened?

“Hydro subject to cyber-attack,” warned Oslo-headquartered Norsk Hydro ASA, one of the world’s biggest aluminum producers, on Tuesday. “Hydro has isolated all plants and operations and is switching to manual operations and procedures as far as possible. Hydro’s main priority is to continue to ensure safe operations and limit operational and financial impact. The problem has not led to any safety-related incidents,” the company added. In the most recent update on the situation, published an … More

The post Norsk Hydro cyber attack: What happened? appeared first on Help Net Security.

New Hacking Method Extracts BitLocker Encryption Keys

A researcher has found a new attack method that can extract BitLocker encryption keys. As a result, the attack puts

New Hacking Method Extracts BitLocker Encryption Keys on Latest Hacking News.

How the Google and Facebook outages could impact application security

With major outages impacting Gmail, YouTube, Facebook and Instagram recently, consumers are right to be concerned over the security of their private data. While details of these outages haven’t yet been published – a situation I sincerely hope Alphabet and Facebook correct – the implications of these outages are something we should be looking closely at. The first, and most obvious, implication is the impact of data management during outages. Software developers tend to design … More

The post How the Google and Facebook outages could impact application security appeared first on Help Net Security.

A network is only as strong as its weakest shard

Blockchain, a nascent technology, has enterprises globally enamored with the promise it holds to fundamentally turn everything from how we interact, transact, store, and manage data on its head. While the technology’s immutable nature and democratized architecture do have the potential to truly disrupt the world as we know it, there is currently no blockchain capable of truly unlocking the technology’s true potential let alone monetizing it. The reason for this is blockchain continues to … More

The post A network is only as strong as its weakest shard appeared first on Help Net Security.

Unsurprisingly, only 14% of companies are compliant with CCPA

With less than 10 months before the California Consumer Privacy Act (CCPA) goes into effect, only 14% of companies are compliant with CCPA and 44% have not yet started the implementation process. Of companies that have worked on GDPR compliance, 21% are compliant with CCPA, compared to only 6% for companies that did not work on GDPR, according to the TrustArc survey conducted by Dimensional Research. “At TrustArc, we’ve seen a significant increase in the … More

The post Unsurprisingly, only 14% of companies are compliant with CCPA appeared first on Help Net Security.

Nearly half of organizations lack the necessary talent to maintain security measures

Regardless of their size, organizations share a common challenge: IT security teams are understaffed and overextended. The number of security alerts, the challenge of what to prioritize, and the shortage of expertise can be overwhelming and introduce risk. The Trend Micro research – which surveyed 1,125 IT decision makers across the globe – shows that 69 percent of organizations agree that automating cybersecurity tasks using Artificial Intelligence (AI) would reduce the impact from the lack … More

The post Nearly half of organizations lack the necessary talent to maintain security measures appeared first on Help Net Security.

Fewer than 28% of gov.uk using DMARC effectively in line with guidelines

Only 28% of gov.uk domains have been proactive in setting up DMARC appropriately, in line with UK Government Digital Service (GDS) advice in preparation for the retirement of the Government Secure Intranet (GSI) platform in March 2019. Since 1996, the GSI framework has enabled connected organizations to communicate electronically and securely at low protective marking levels, according to Egress. The findings reveal a lack of preparation from several government email administrators in readying themselves for … More

The post Fewer than 28% of gov.uk using DMARC effectively in line with guidelines appeared first on Help Net Security.

Latest Hacking News Podcast #243: Social Engineering with Chris Hadnagy

On episode 243 of our daily cybersecurity podcast we interview Chris Hadnagy, founder and CEO of Social-Engineer, LLC. Chris talks about what social engineering is, what it means in the age of social media, and who should be aware of it.

Latest Hacking News Podcast #243: Social Engineering with Chris Hadnagy on Latest Hacking News.

Denial of Service vulnerability discovered in Triconex TriStation Software Suite Emulator

Applied Risk ICS Security Consultant Tom Westenberg discovered a DoS vulnerability in an emulated version of the Triconex TriStation Software Suite. Triconex is a Schneider Electric brand which supplies systems and products in regards to critical control and industrial safety-shutdown technology. The Triconex Emulator is software that allows users to emulate and execute TriStation 1131 applications without connecting to a Tricon, Trident, or Tri-GP controller. Using the Emulator, users can test applications in an offline … More

The post Denial of Service vulnerability discovered in Triconex TriStation Software Suite Emulator appeared first on Help Net Security.

(ISC)² brings its Secure Summit to The Hague

Supporting its membership and the wider sector with continuous education opportunities is a major part of what (ISC)2 does as a membership organisation for certified professionals. Its popular Secure Summit event has moved to The Hague, Netherlands for 2019, with an expanded programme designed to address the wider region. Taking place at The World Forum on 15-16 April, it is the biggest industry practitioner event yet in EMEA for (ISC)2 members and cybersecurity delegates. It … More

The post (ISC)² brings its Secure Summit to The Hague appeared first on Help Net Security.

Zcash Price Analysis: Faster and More Energy Efficient ZEC Miner Released by Bitmain

The mining giant, Bitmain, launched a newly upgraded miner for Zcash (ZEC). It is said to be three times more efficient. ZEC/USD bulls are enjoying a rally […]

The post Zcash Price Analysis: Faster and More Energy Efficient ZEC Miner Released by Bitmain appeared first on Hacked: Hacking Finance.

Mirai variant picks up new tricks, expands list of targeted devices

Mirai, the infamous malware that turns Linux-based IoT devices into remotely controlled bots, has been updated to target new devices and device types. Among these are LG SuperSign TVs (TV solutions meant to be installed in public areas and display information, images, video aimed at customers and employees) and WePresent WiPG-1000 Wireless Presentation systems, both of which are intended for use in business settings. About this newest Mirai variant Since it’s initial and spectacular entry … More

The post Mirai variant picks up new tricks, expands list of targeted devices appeared first on Help Net Security.

Security Lapse Exposed Sensitive Customer Records In Gearbest Data Breach

Here is another report of a massive data leak from an online retailer. The Chinese e-commerce firm Gearbest inadvertently exposed

Security Lapse Exposed Sensitive Customer Records In Gearbest Data Breach on Latest Hacking News.

Latest Hacking News Podcast #242

Ad trackers found on 89% of EU government sites and hacker puts forth collection of stolen databases up for sale on episode 242 of our daily cybersecurity podcast.

Latest Hacking News Podcast #242 on Latest Hacking News.

The art of securing ERP applications: Protecting your critical business processes

In this Help Net Security podcast recorded at RSA Conference 2019, Juan Pablo Perez-Etchegoyen, CTO at Onapsis talks about the challenges of securing and monitoring ERP applications for vulnerabilities and compliance gaps across cloud and on-premise deployments. Juan Pablo leads the research & development team that keeps Onapsis on the cutting-edge of the business-critical application security market. Here’s a transcript of the podcast for your convenience. Hello everyone. Welcome to this Help Net Security podcast. … More

The post The art of securing ERP applications: Protecting your critical business processes appeared first on Help Net Security.

Four key security tips when using any collaboration technology

With database breaches and ransomware attacks making daily news, security is now a top priority for companies, and collaboration solutions are no exception. In the current age of global connectivity, video conferencing and collaboration technologies have become an inescapable part of doing business. Business partners and remote employees around the world rely on these solutions to stay connected and communicate effectively, especially when in-person meetings aren’t possible. While it’s easy enough to say, “my company … More

The post Four key security tips when using any collaboration technology appeared first on Help Net Security.

The modern threat landscape and expanding CISO challenges

Prior to starting Signal Sciences, its founders were running security at Etsy, and growing frustrated with existing legacy technology. So they built their own. For this interview with Andrew Peterson, CEO at Signal Sciences, we dig deep into hot topics such as modern CISO challenges and application security visibility. Prior to co-founding Signal Sciences, Andrew has been building leading edge, highly performing product and sales teams across five continents for +15 years with such companies … More

The post The modern threat landscape and expanding CISO challenges appeared first on Help Net Security.

Tax season scaries: How to keep your data safe from insider threats

With April 15 quickly approaching, companies across the country are rushing to get their taxes filed. This often requires third party specialists who are well-versed in corporate taxes and prepared to navigate new regulations. While the right contractors are extremely valuable during tax season specifically, they shouldn’t be overlooked when it comes to managing insider threats. According to a survey by NPR, one in five employees is a contractor – that’s 20 percent of American … More

The post Tax season scaries: How to keep your data safe from insider threats appeared first on Help Net Security.

G Suite admins can now disable SMS and voice 2FA

G Suite administrators can now prevent enterprise users from using SMS and voice codes as their second authentication/verification factor for accessing their accounts. The ability to disable those two options will be made available in the next two weeks to admins using any of the G Suite editions. Why and how? It has been known for quite a while that additional authentication via SMS and voice codes is the least secure option for 2-factor authentication, … More

The post G Suite admins can now disable SMS and voice 2FA appeared first on Help Net Security.

Cyber preparedness essential to protect EU from large scale cyber attacks

The possibility of a large-scale cyber-attack having serious repercussions in the physical world and crippling an entire sector or society, is no longer unthinkable. Preparing for major cross-border cyber-attacks To prepare for major cross-border cyber-attacks, an EU Law Enforcement Emergency Response Protocol has been adopted by the Council of the European Union. The Protocol gives a central role to Europol’s European Cybercrime Centre (EC3) and is part of the EU Blueprint for Coordinated Response to … More

The post Cyber preparedness essential to protect EU from large scale cyber attacks appeared first on Help Net Security.

MySpace loses 12 years worth of photos, songs & video files

By Waqas

MySpace says it happened during a server migration project. Last time the once prominent social network website MySpace made headlines in 2016 after it suffered a massive data breach in which personal data of 427 million users including emails and passwords was stolen and leaked online. Now, it has been revealed that MySpace has lost another trove of […]

This is a post from HackRead.com Read the original post: MySpace loses 12 years worth of photos, songs & video files

Stellar Price Analysis: XLM/USD Jumps 10% as IBM Launches Stellar-Powered World Wire Platform

XLM/USD late on Monday was holding double-digit gains, as the price broke down a significant barrier of resistance. Information technology giant IBM has launched the World Wire […]

The post Stellar Price Analysis: XLM/USD Jumps 10% as IBM Launches Stellar-Powered World Wire Platform appeared first on Hacked: Hacking Finance.

Dash Price Analysis: The Technology and Its Cryptocurrency that Keeps Bringing Real-Word Value Use Cases

Dash Text launched a new service initially piloting in Venezuela for donation payment in DASH without the requirement of the internet. DASH/USDT has a significant barrier ahead […]

The post Dash Price Analysis: The Technology and Its Cryptocurrency that Keeps Bringing Real-Word Value Use Cases appeared first on Hacked: Hacking Finance.

The Internet is at risk: why is ICANN pushing for the use of DNSSEC?

ICANN DNSSEC

In the world of cybersecurity, there’s a concept that is well known to most experts: man in the middle. This, generally speaking, is when an intruder places himself between two elements in order to deceive the user.

The expression is usually applied to DNS attacks. In this kind of attack, the cybercriminal attacks a domain’s DNS in order to change the address to which it redirects. This kind of DNS attack can take a user to a malicious website, when in fact, they believed they were visiting a trustworthy site. This method can be used to harm users’ cybersecurity in many ways, but the most common is to steal passwords.

Security agencies on alert

This kind of incident is on the up. And it’s not just isolated incidents happening to one or two people; whole organizations and institutions are being affected. Towards the end of 2018, several cybersecurity companies became aware of something seriously troubling: a group of cybercriminals, most likely from Iran, were orchestrating a series of DNS attacks. These attacks were designed to breach the IT security of bodies such as the Lebanese and UAE governments.

And these aren’t the only examples: according to the Cybersecurity and Infrastructure Security Agency (CISA), several agencies in the United States have also been attacked with this method, putting them in a constant state of alert.

And this situation isn’t a passing trend. The Government of the United States, via the Department of Homeland Security, has acknowledged that it has detected “a pattern of multifaceted attacks that use different methodologies.” This includes DNS attacks where, by changing the digital signature, different websites are redirected to malicious portals.

The importance of DNSSEC

Given the current situation, the Internet Corporation for Assigned Names and Numbers (ICANN) has called on all large public and private organizations to reinforce their DNS security by using the Domain Name System Security Extensions (DNSSEC).

This protection system digitally signs data to assure its validity via verifiable chains of trust. It has been in development for around 20 years, and is one of the most effective measures when it comes to fighting this kind of cyberattack. However, its success in the business world and in the ambit of public administrations is more limited; it is estimated that only around 20% of organizations use this system, while among Fortune 1000 companies this figure falls to just 3%.

This data is rather worrying if we bear in mind the fact that the consequences of an attack of this kind can be extremely serious. In cases where similar large-scale cyberattacks have been carried out, the repercussions were serious enough to cause grave crises for those who were affected. We need look no further that 2016, when Dyn suffered the largest DNS attack in recent history. As a result, tech giants such as Twitter, Tumblr, Spotify, The New York Times and CNN all became unavailable for a period of time. In 2017, the power supply in Ukraine was brought down by a similar attack. As we can see, it is not just a case of the Internet going down in people’s houses; incidents of this kind can bring down a huge range of digitalized services, many of which are essential in the day-to-day of our companies. And even in the best case scenario, companies that have been attacked in this way will face million euro losses.

The implementation of DNSSEC and the kind of protection that it provides is therefore absolutely vital, especially for large organizations, be they public or private. The fact is that, as ICANN reminds us, having this kind of protection doesn’t guarantee 100% that a website won’t suffer any kind of attack. What it does guarantee, however, is that DNS attacks are impossible. As such, although there is never going to be total security against cybercriminal activity, the better protected corporate cybersecurity is, the harder it will be to break in. To this end, DNSSEC has become a vital layer of security in 2019.

The post The Internet is at risk: why is ICANN pushing for the use of DNSSEC? appeared first on Panda Security Mediacenter.

Cryptojacking of businesses’ cloud resources still going strong

In the past year or so, many cybercriminals have turned to cryptojacking as an easier and more low-key approach for “earning” money. While the value of cryptocurrencies like Bitcoin and Monero has been declining for a while now and Coinhive, the most popular in-browser mining service, has stopped working, cryptojacking is still a considerable threat. After all, attackers need to expand very little effort and are using someone else’s resources for free. Cybercrooks going after … More

The post Cryptojacking of businesses’ cloud resources still going strong appeared first on Help Net Security.

Google Launched Numerous Privacy Features In Android Q

The new Android version of Google not only brings new features but rather it also heightens user privacy. Recently, Google

Google Launched Numerous Privacy Features In Android Q on Latest Hacking News.

Naked Security – Sophos: Monday review – the hot 23 stories of the week

From a Citrix breach to John Oliver's FCC anti-robocall campaign, and everything in between - it's weekly roundup time.





Download audio: http://feeds.soundcloud.com/stream/590301654-sophossecurity-ep-023-facebook-promises-and-google-chrome-patches.mp3

Naked Security - Sophos

Android Q will come with improved privacy protections

Android Q, the newest iteration of Google’s popular mobile OS, is scheduled to be made available to end users at the end of August. While we still don’t know what its official release name will be, the first preview build and accompanying information released by Google give us a peek into some of the privacy improvements that we can look forward to. Stronger protections for user privacy 1. The platform will stop keeping track of … More

The post Android Q will come with improved privacy protections appeared first on Help Net Security.

39% of Counter Strike 1.6 Servers Found to be Delivering Malware

It has been roughly two decades since the launch of Counter Strike. Yet, the game continues to be popular among

39% of Counter Strike 1.6 Servers Found to be Delivering Malware on Latest Hacking News.

Latest trends in automated threat intelligence-driven network security

Since the earliest days of the Internet both network threats and network defenses have been evolving. In this Help Net Security podcast recorded at RSA Conference 2019, Todd Weller, Chief Strategy Officer at Bandura Cyber, talks about the latest trends in automated threat intelligence-driven network security. Here’s a transcript of the podcast for your convenience. We’re here with Todd Weller, CSO of Bandura Cyber. How are you Todd? I’m great. Fired up for another RSA … More

The post Latest trends in automated threat intelligence-driven network security appeared first on Help Net Security.

Meet the new generation of white hats

The past two years have seen an explosion in the number of software vulnerabilities being published, jumping from 6,447 in 2016 to 14,714 in 2017. Seeing as 2018 beat out the previous year with 16,521 CVEs reported, we should prepare ourselves for plenty of patching ahead in 2019. While factors like the adoption of automated Application Security Testing (AST) tools by more vendors and the absolute growth of code are definitely playing a bigger role … More

The post Meet the new generation of white hats appeared first on Help Net Security.

Current phishing defense strategies and execution are not hitting the mark

Few professionals are completely confident in their ability to assess the effectiveness of their phishing awareness efforts. In a new paper, Phishing Defense and Governance, released in partnership with Terranova Security, ISACA outlines key takeaways from this phishing research that reached security, assurance, risk and governance professionals, including: Only a slight majority (63 percent) regularly monitor and report on the effectiveness of their activities. 38 percent of respondents reported that their organizations develop security awareness … More

The post Current phishing defense strategies and execution are not hitting the mark appeared first on Help Net Security.

2019 may be a record year for enterprise breaches, but secure collaboration tools could help

Despite business executives agreeing that cybersecurity is a major challenge, businesses globally are severely unprepared for cyberattacks. 44% of business executives from Europe and the United States said they shared sensitive information over email, yet 35% admitted they are unaware of the ways in which their organization is protecting its sensitive information, communications and data, according to the results of the annual Communication and Security survey released by Wire. Despite 2018 being a record year … More

The post 2019 may be a record year for enterprise breaches, but secure collaboration tools could help appeared first on Help Net Security.

Latest Hacking News Podcast #241: Cyber Law with Steve Black, Professor of Law

On episode 241 of our daily cybersecurity podcast we are joined by Steve Black, Professor of Law at Texas Tech University School of Law. Steve discusses cyber law, the impact of technological developments on laws, and more.

Latest Hacking News Podcast #241: Cyber Law with Steve Black, Professor of Law on Latest Hacking News.

Security fatigue leads many to distrust personal data protection, can you blame them?

20 percent of Americans suffer from security fatigue and don’t trust anyone to protect their personal data. As a result, some people feel they need to take matters into their own hands or at least work with organizations that give them a greater sense of control. Findings from the nCipher Security survey of more than 1,000 American adults reveal many people want more control over their personal data privacy. Most want tighter controls of how … More

The post Security fatigue leads many to distrust personal data protection, can you blame them? appeared first on Help Net Security.

Week in review: Marriott breach details, public-interest technology, the quantum computer threat

Here’s an overview of some of last week’s most interesting news and articles: Marriott CEO reveals more details about the massive data breach Equifax CEO Mark Begor and Arne Sorenson, the CEO of Marriott International, appeared before a US Senate subcommittee to testify about the massive data breaches their companies have suffered. Mozilla releases Firefox Send, a free encrypted file transfer service Mozilla has released the finalized version of Firefox Send, its free encrypted file … More

The post Week in review: Marriott breach details, public-interest technology, the quantum computer threat appeared first on Help Net Security.

Cardano Price Analysis: Bulls Enjoy Explosive Breakout as Hoskinson Teases ADA-Supported Ledger Wallet

The Cardano (ADA/USDT) price is elevated thanks to another wave of buying pressure out from a bullish pennant pattern. Cardano’s community has much to be excited about […]

The post Cardano Price Analysis: Bulls Enjoy Explosive Breakout as Hoskinson Teases ADA-Supported Ledger Wallet appeared first on Hacked: Hacking Finance.

Cyber Security Week in Review (March 15)


Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here.

Top headlines this week


  • The U.S. warned Germany that using Huawei’s 5G technology could result in a drop in information-sharing. American officials have consistently criticized the use of the Chinese company’s technology, saying they pose a national security risk. If other countries were to use Huawei’s 5G network, the U.S. says it would fear its intelligence was not being kept safe. 
  • It is reported that a hacking group stole an estimated six terabytes of data from the Citrix enterprise network. The company said it took steps to contain this data breach after it was alerted by the FBI, but thousands of customers’ information could still be at risk. It is not yet known what the nature of the information taken was.
  • Adobe fixed multiple remote code execution vulnerabilities in Photoshop and Digital Editions. The company released its monthly security update earlier this week. Two of the vulnerabilities were classified as critical, as an attacker could exploit them to execute code under the context of the current user.

From Talos


  • A new point-of-sale malware known as “GlitchPOS” has popped up on some online marketplaces. The malware is easy enough to install and use that virtually any user could buy their way into setting up their own botnet. We believe with high confidence that this is not the first malware created by this actor.
  • Microsoft released its monthly security update earlier this week, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 64 vulnerabilities, 17 of which are rated “critical,” 45 that are considered “important” and one “moderate” and “low” vulnerability each. This release also includes two critical advisories — one covering security updates to Adobe Flash Player and another concerning SHA-2.
  • CleanMyMac X contains a privilege escalation vulnerability in its helper service due to improper updating. The application fails to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. CleanMyMac X is an all-in-one cleaning tool for Macs from MacPaw.

The rest of the news


  • Video app TikTok paid a $5.7 million fine to the Federal Trade Commission this week as part of a settlement. The FTC rules that the app, which allows users to upload short videos of them performing songs, improperly handled the data of users who are under the age of 13.
  • Two U.S. Senators introduced a new bill that would overhaul the country’s child privacy laws. The new bill would give parents complete control over their children's data online, and even allow them to completely erase information from certain websites. It would also ban targeted ads toward anyone under the age of 13.
  • Security researchers discovered a critical flaw in Switzerland’s new voting system that would allow attackers to manipulate votes. The group is now urging the Swiss government to halt the rollout of the online system.
  • Social media hackers are stepping up their activity as Brexit votes continue in the U.K. Researchers discovered an uptick in fake accounts that are spreading pro-Brexit sentiment over the past several weeks.
  • The U.S.’s Office of the Inspector General says NASA’s information security program contains several critical vulnerabilities. A new report states that the space agency could be open to an attack from a nation-state actor.


NEM Price Analysis: The Foundation and XEM are on a Strong Road to Recovery

NEM (XEM/USDT) has jumped a chunky 18% over the last four sessions of consecutive gains. The NEM community is very much optimistic about the organization’s restricting plan. […]

The post NEM Price Analysis: The Foundation and XEM are on a Strong Road to Recovery appeared first on Hacked: Hacking Finance.

Adobe March Patch Tuesday Brings Fixes For Photoshop And Digital Editions Bugs

Adobe has released the scheduled monthly update bundle for its products. This Adobe March Patch Tuesday addressed critical vulnerabilities in

Adobe March Patch Tuesday Brings Fixes For Photoshop And Digital Editions Bugs on Latest Hacking News.

Unsecured Gearbest server exposes millions of shoppers and their orders

Chinese e-commerce giant Gearbest has exposed information and orders of millions of its customers through an unsecured Elasticsearch server, security researcher Noam Rotem and his team have found. What kind of data was exposed? According to Rotem, the server was not protected with a password and anyone could access it and search the data. Also, despite assurances from the company that sensitive data is encrypted, most of the contents of the database were decidedly not. … More

The post Unsecured Gearbest server exposes millions of shoppers and their orders appeared first on Help Net Security.

Microsoft March Patch Tuesday Addressed Multiple Flaws And Two Zero-Day Bugs

The scheduled Microsoft March Patch Tuesday update bundle has rolled-out. This update bundle also addresses numerous security flaws. In addition,

Microsoft March Patch Tuesday Addressed Multiple Flaws And Two Zero-Day Bugs on Latest Hacking News.

Thinking of threat intelligence as a contributing member of your security team

Threat intelligence is widely considered as a significant asset for organizations, but implementation of this intelligence within security operations can often be cumbersome. In this Help Net Security podcast recorded at RSA Conference 2019, Nicholas Hayden, Senior Director of Threat Intelligence at Anomali, talks about the intelligence-driven security operations center. Here’s a transcript of the podcast for your convenience. My name is Nicholas Hayden. I’m the Senior Director of Threat Intelligence for Anomali. Today, on … More

The post Thinking of threat intelligence as a contributing member of your security team appeared first on Help Net Security.

The quantum sea change: Navigating the impacts for cryptography

Professionals in cybersecurity and cryptography (and even non-IT executives) are hearing about the coming threat from quantum computing. It’s reaching the mainstream business consciousness. A December 2018 report from Deloitte notes “It is expected that 2019 or 2020 will see the first-ever proven example of quantum supremacy, sometimes known as quantum superiority: a case where a quantum computer will be able to perform a certain task that no classical (traditional transistor-based digital) computer can solve … More

The post The quantum sea change: Navigating the impacts for cryptography appeared first on Help Net Security.

Do people with malicious intent present the biggest threat to personal data?

Against the backdrop of a complex and growing cyber threat landscape, organizations are waking up to the fact that one of the biggest chinks in their armour against a data security breach is humans. According to Apricorn’s latest social media poll, sixty five percent of respondents believe that humans pose the biggest threat to their personal data. A staggering fifty two percent of respondents believe that people with malicious intent present the biggest danger, whilst … More

The post Do people with malicious intent present the biggest threat to personal data? appeared first on Help Net Security.

Latest Hacking News Podcast #240

Counter-Strike game clients used to create large botnet, WordPress patches XSS flaw, and school students hack system to change grades on episode 240 of our daily cybersecurity podcast.

Latest Hacking News Podcast #240 on Latest Hacking News.

Is AI really intelligent or are its procedures just averagely successful?

Artificial intelligence (AI) and machine learning algorithms such as Deep Learning have become integral parts of our daily lives: they enable digital speech assistants or translation services, improve medical diagnostics and are an indispensable part of future technologies such as autonomous driving. Based on an ever increasing amount of data and powerful novel computer architectures, learning algorithms appear to reach human capabilities, sometimes even excelling beyond. The issue: so far it often remains unknown to … More

The post Is AI really intelligent or are its procedures just averagely successful? appeared first on Help Net Security.

10 arrested in Gujrat for playing PUBG mobile game in public

After PUBG ban, Rajkot police arrest 10 people for playing the mobile game

Police in Rajkot, Gujarat have arrested 10 people in the last two days for playing the popular battle royale game, PlayerUnknown’s Battlegrounds (PUBG) on their smartphones in the public place. Of the 10 people arrested, six of them undergraduate students. This is the very first arrests that have been made in connection to playing PUBG game.

For those unaware, the Gujarat government had earlier this month announced a ban on playing PUBG mobile game in public in Surat and Rajkot. The ban was implemented on March 9 and would be in effect till April 30.

The Rajkot Special Operations Group (SGO) arrested three young men near the police headquarters on Wednesday. While one of the men arrested works in a private firm, one is a graduate and another is a laborer.

“Our team caught these youths red-handed. They were taken into custody after they were found playing the PUBG game,” SOG police inspector Rohit Raval told The Indian Express.

All of them were arrested on the charges issued under Section 188 of the Indian Penal Code for violating an order issued by the Police Commissioner and Section 35 for playing PUBG despite the ban by the Gujarat Police Act.

Police have seized their mobile phones for the purpose of the investigation. “This game is highly addictive and the accused were so engrossed in playing them that they could not even notice our team approaching them,” said Raval.

Although 12 cases have been registered so far, the crime is a bailable offense. “People have been booked but there is nothing like arrest in it. In the procedure, they will be shown as immediately bailed out by police. The case will go to the courts and there will be a trial for not following the notification issued,” Police Commissioner Manoj Agrawal said in a statement to Indian Express.

Just a day before the three arrests were made, the Rajkot taluka police had arrested six college students for playing the banned game on Tuesday. “As part of a special drive, police sub-inspector N D Damor arrested the six youths who were playing the game at tea stalls and fast-food joints outside a college on Kalavad road on Tuesday,” said Rajkot taluka police inspector V S Vanzara.

“Police checked their mobile to see if the PUBG game was running and also checked the history in their handset. We have filed six different cases against them.” Vanzara said that the six were granted bail. The circular forwarded on PUBG ban is said to highlight that games like PUBG incite violent behavior amongst players and also have a negative impact on kids and their education.

“The notification falls in two parts. One is the person who is playing the game is liable for notification violation. At the same time, people who are aware that they are playing PUBG and still not communicating this to the authorities are also liable for an equal amount of violation. This is more important not for bystanders but for parents and teachers,” Agarwal said.

The notification was issued on directions from the state government. However, cops, education, and research institutes were exempted from this ban order. There are reports that Bhavnagar and Gir Somnath districts too have now banned the game following notification from the Gujarat home ministry.

The post 10 arrested in Gujrat for playing PUBG mobile game in public appeared first on TechWorm.

90% of consumers value additional security measures to verify mobile-based transactions

A strong majority of US adults value additional security measures for mobile transactions, with 90% reporting they would want the ability to approve some or all mobile device transactions before the transaction is completed, and 71% interested in approving all such transactions. One in five (19%) would prefer only to approve some transactions, such as those totaling $100 or more, according to the results of a recent survey conducted online by The Harris Poll and … More

The post 90% of consumers value additional security measures to verify mobile-based transactions appeared first on Help Net Security.

Data breach reports delayed as organizations struggle to achieve GDPR compliance

Businesses routinely delayed data breach disclosure and failed to provide important details to the ICO in the year prior to the GDPR’s enactment. On average, businesses waited three weeks after discovery to report a breach to the ICO, while the worst offending organization waited 142 days. The vast majority (91%) of reports to the ICO failed to include important information such as the impact of the breach, recovery process and dates, according to the Redscan’s … More

The post Data breach reports delayed as organizations struggle to achieve GDPR compliance appeared first on Help Net Security.

PASS2019 will bring together almost 1000 cybersecurity experts from across Europe

Panda Security Summit 2019
Organized by Panda Security, the Panda Security Summit will be attended by professionals from leading companies and institutions in the European IT and technology sector.

#PASS2019 will cement its place as one of the unmissable events in the cybersecurity calendar. At this second edition, leaders from the European Commission, Gartner, Telefónica and CaixaBank, as well as the director of PandaLabs, will all share experiences and explain different cybersecurity trends in Europe.

Panda Security Summit will bring together in Madrid almost 1000 attendees from leading European companies and institutions, including CISOs, CIOs, heads of cybersecurity, experts in the field, and CEOs.

Register here

If you’d like to get a free ticket, ask your Panda salesperson for more information or send an email to: Summit@pandasecurity.com

The agenda

The European Cybersecurity Hub will emphasize how important it is to be proactive and to renew detection methods, given how challenging and volatile an industry cybersecurity is.

In five conferences, nine different speakers will discuss the leading trends in threats and cyberattacks, national cybersecurity strategies, and the protection needs of public and private institutions. Throughout the event, there will be a particular emphasis on threat hunting techniques. Because these days, digital risk management is a key task in any company, regardless of its size or sector. They need to know how to act proactively, and not limit themselves to preventing known attacks; they must also make time to get to know the new tactics that are being employed by the cybercriminals who want to endanger their security.

Many of these threat hunting tactics will be analyzed by the speakers in their respective conferences, all of which can be consulted here.

The speakers

  • Miguel González-Sancho, head of the Unit “Cybersecurity Technology and Capacity Building” at the European Commission will share his vision of the socio-political framework set out in National Security Strategies, as well as the needs that arise when transferring this framework to the European business environment.
  • Pete Shoard, senior Endpoint and Security Operations analyst at Gartner will show in detail the most important aspects of the analyses carried out by managed security service providers, security monitoring technologies and risk management in cybersecurity.
  • Alejandro Ramos, Global Chief Digital Security Officer, and Alejandro Becerra, CISO at Telefónica will give a conference on the development of threat detection strategies at Telefónica, from the point of view of the customer, a SOC and a service provider.
  • Lucas Varela, e-Crime and Security Analytics Manager at CaixaBank will explain how intelligence systems are used to detect threats in the banking sector. He will also provide information about efficiency in incident response, and will go over the latest malware and banking threat trends.
  • Pedro Uría, director of PandaLabs, Panda Security’s analysis and investigation laboratory, will discuss, among other things, the most advanced threat hunting techniques. He will underscore how important it is to discover the new ways that hackers are behaving, since most of the time, they use proprietary malware or legitimate applications and goodware in order to go unnoticed by the most common cybersecurity solutions.
  • José Sancho, president of Panda, Juan Santamaría, CEO of Panda, and María Campos, KA and Telecoms at Panda Security, will present #PASS2019, and will share their views on the main strategies for success against cyberattacks.

Workshops and an immersive experience

There will be five workshops at #PASS2019 where attendees will be abel to learn more about the subjects discussed in the conferences. You will also be able to experience first-hand how the different steps that make up the killchain of a cyberattack unfold.

We’ll get inside an infection to discover the routes followed by cybercriminals to get onto our networks. Here we’ll see the resources that have the capacity to take over our IT park, and how our network is affected as the infection advances. Get inside our Cyber-Kill Chain! You’re invited to share the experience of being the lead actor in a cyberattack.

These workshops will be run by Panda Security Specialists. They will explain in detail the advantages of including threat hunting services in business cybersecurity strategies. They will also share the fundamentals for investigating, locating and isolating attacks at any point along the killchain, all in real-time, and thus reduce the reaction time between detection and deactivation.

You’re invited! We look forward to seeing you at the Panda Security Summit.

Register here

The post PASS2019 will bring together almost 1000 cybersecurity experts from across Europe appeared first on Panda Security Mediacenter.

Microsoft Working to Automatically Remove “Buggy Updates”

We have heard a lot about Windows 10 problems over the past few months, particularly, Microsoft’s struggle to release stable

Microsoft Working to Automatically Remove “Buggy Updates” on Latest Hacking News.

Latest Hacking News Podcast #239

Intel multiple vulnerabilities in it's Windows 10 graphics drivers, new POS malware being marketed, and critical flaw in Swiss and Australian e-voting system on episode 239 of our daily cybersecurity podcast.

Latest Hacking News Podcast #239 on Latest Hacking News.

Chinese Data Leak Contained Stats For ‘Breedready’ Women

The latest report about a Chinese data leak incident will certainly catch your attention. Allegedly, an open Chinese database left

Chinese Data Leak Contained Stats For ‘Breedready’ Women on Latest Hacking News.

Vulnerabilities in critical infrastructure increased 14% in 2018

Critical infrastructure

Any business sector is liable to suffer a cyberattack. But perhaps the most cautious in this respect is the industrial sector. A vulnerability in an industrial system can lead to serious economic losses, along with a loss of information, as well as damage to customers, providers, users and even to the company’s reputation.

And the fact is that critical infrastructure is the kind of infrastructure that suffers most from this cybercriminal activity. According to a Cybersecurity Ventures report, a ransomware attack will be carried out on a company every 14 seconds in 2019. And that doesn’t take into account cyberattacks on individual people, which will be the vast majority of cases.

The report also takes a look at the economic costs of these vulnerabilities: ransomware attacks will costs companies as much as $11.5 billion. And by 2021, all kinds of attacks on corporate cybersecurity could cost as much as $6 trillion. In any case, the increase in damages of this kind is to be expected; all companies in every kind of industry are undertaking a digital transformation, which means that it is only logical that the number of vulnerabilities grows while this digitalization is taking place.

Vulnerabilities in critical infrastructure increased 14% in 2018

228 vulnerability warnings in Spain

The danger is clear; in Spain, the Incibe-CERT (Spanish national CERT) underlines this fact. Every year, it registers the vulnerability warnings in Spanish companies and organizations. And its latest report shows a clear trend: incidents are on the up. According to Incibe, in 2018, there were no fewer than 228 vulnerability warnings in the critical infrastructure of industrial control systems (ICS) in Spain. This figure represents a 14% increase compared to the 199 warnings throughout 2017.

Attacks on infrastructure of this kind, which include everything from the most traditional desktop tools to the most cutting edge Internet of Things (IoT) devices, also have their preferences. As the report shows, the most frequent vulnerabilities are those related to obtaining confidential or sensitive data from companies. It also highlights the use of algorithms to steal passwords for computers and user accounts, and hence, access company information.

The worst thing is perhaps, upon analyzing the most affected computers, we discover that the most vulnerable are those that are multipurpose, used in a vast number of different industries. This, of course, means that very few sectors (if any) are safe. When carrying out an attack, there is no doubt that cybercriminals make use of the most common paths and devices.

And these aren’t small scale cyberattacks either: 45% of them have a high level of severity, while 33% were critical. That is to say, regardless of whether or not the attacks were successful, the intentions behind them were seriously worrying for these companies’ corporate cybersecurity.

2019 won’t be any better

On the other hand, just as in 2018 warnings increased compared to 2017, this year, the landscape doesn’t look any more positive. Incibe believes that the number of vulnerability warnings will continue to grow, especially if we consider the fact that sectors such as energy and healthcare will undergo more cyberattacks of this kind.

However, it is worth remembering that the the increase in the number of warnings can’t simply be put down to an increase in cybercriminal activity; the fact that companies often reinforce their own cybersecurity control systems could also have a hand in it.

How to avoid vulnerabilities in critical infrastructure

In any event, companies must take steps to properly protect their cybersecurity.

1.- Passwords. The use of brute force to try to crack passwords is on the up. This means that it is a very good idea to reinforce verification systems for devices. Although we’ve already discussed the fact that two-factor authentication isn’t foolproof, it will certainly make things more difficult for cybercriminals.

2.- Encryption. The goal of most of these cyberattacks is to gain access to sensitive or confidential information. As such, organizations need to ensure that they’re using appropriate encryption on this data so that, even if someone does manage to get their hands on it, decrypting it will be that much more complex.

3.- Control of processes. The best was to know if there is suspicious activity afoot in an IT system is to monitor what is going on at all times. Solutions such as Panda Adaptive Defense monitor all processes in real time, detect unusual activity and thus stop any threats before they can happen.

4.- Isolation. The Incibe warns that a significant proportion of vulnerabilities occur in infrastructures that cybercriminals can access remotely. It is therefore essential that the most sensitive processes and systems be properly isolated and, wherever possible, on networks with no Internet connection.

It is not possible for a company to be completely sure that it will never experience an attack that will threaten its cybersecurity. However, what it can do is to take appropriate measures to reduce the likelihood and to reduce the fallout from such an attack as much as possible. If we also bear in mind the impact that a cyberattack can have on a country’s critical infrastructure, any improvement in cybersecurity strategy is most welcome.

The post Vulnerabilities in critical infrastructure increased 14% in 2018 appeared first on Panda Security Mediacenter.

Latest Hacking News Podcast #238

New Ursnif banking malware variant, Microsoft Patch Tuesday addressed 2 zero-days actively attacked, and Wordpress cart plugin XSS flaw under attack on episode 238 of our daily cybersecurity podcast.

Latest Hacking News Podcast #238 on Latest Hacking News.

Email Validation Service Left 2 Billion Records Exposed Online

Shortly after we reported about the Dalil app data leak, here comes another similar report. Once again, researchers have found

Email Validation Service Left 2 Billion Records Exposed Online on Latest Hacking News.

Multiple Adobe Sandbox Vulnerabilities Risked Integrity And Confidentiality Of Systems

One of the areas contributing to the rise of cyber attacks is the use of third-party services. While these services

Multiple Adobe Sandbox Vulnerabilities Risked Integrity And Confidentiality Of Systems on Latest Hacking News.

Security roundup: March 2019

We round up interesting research and reporting about security and privacy from around the web. This month: ransomware repercussions, reporting cybercrime, vulnerability volume, everyone’s noticing privacy, and feeling GDPR’s impact.

Ransom vs ruin

Hypothetical question: how long would your business hold out before paying to make a ransomware infection go away? For Apex Human Capital Management, a US payroll software company with hundreds of customers, it was less than three days. Apex confirmed the incident, but didn’t say how much it paid or reveal which strain of ransomware was involved.

Interestingly, the story suggests that the decision to pay was a consensus between the company and two external security firms. This could be because the ransomware also encrypted data at Apex’s newly minted external disaster recovery site. Most security experts strongly advise against paying extortionists to remove ransomware. With that in mind, here’s our guide to preventing ransomware. We also recommend visiting NoMoreRansom.org, which has information about infections and free decryption tools.

Bonus extra salutary security lesson: while we’re on the subject of backup failure, a “catastrophic” attack wiped the primary and backup systems of the secure email provider VFE Systems. Effectively, the lack of backup put the company out of business. As Brian Honan noted in the SANS newsletter, this case shows the impact of badly designed disaster recovery procedures.

Ready to report

If you’ve had a genuine security incident – neat segue alert! – you’ll probably need to report it to someone. That entity might be your local CERT (computer emergency response team), to a regulator, or even law enforcement. (It’s called cybercrime for a reason, after all). Security researcher Bart Blaze has developed a template for reporting a cybercrime incident which you might find useful. It’s free to download at Peerlyst (sign-in required).

By definition, a security incident will involve someone deliberately or accidentally taking advantage of a gap in an organisation’s defences. Help Net Security recently carried an op-ed arguing that it’s worth accepting that your network will be infiltrated or compromised. The key to recovering faster involves a shift in mindset and strategy from focusing on prevention to resilience. You can read the piece here. At BH Consulting, we’re big believers in the concept of resilience in security. We’ve blogged about it several times over the past year, including posts like this.

In incident response and in many aspects of security, communication will play a key role. So another helpful resource is this primer on communicating security subjects with non-experts, courtesy of SANS’ Lenny Zeltser. It takes a “plain English” approach to the subject and includes other links to help security professionals improve their messaging. Similarly, this post from Raconteur looks at language as the key to improving collaboration between a CISO and the board.

Old flaws in not-so-new bottles

More than 80 per cent of enterprise IT systems have at least one flaw listed on the Common Vulnerabilities and Exposures (CVE) list. One in five systems have more than ten such unpatched vulnerabilities. Those are some of the headline findings in the 2019 Vulnerability Statistics Report from Irish security company Edgescan.

Edgescan concluded that the average window of exposure for critical web application vulnerabilities is 69 days. Per the report, an average enterprise takes around 69 days to patch a critical vulnerability in its applications and 65 days to patch the same in its infrastructure layers. High-risk and medium-risk vulnerabilities in enterprise applications take up to 83 days and 74 days respectively to patch.

SC Magazine’s take was that many of the problems in the report come from companies lacking full visibility of all their IT assets. The full Edgescan report has even more data and conclusions and is free to download here.

From a shrug to a shun

Privacy practitioners take note: consumer attitudes to security breaches appear to be shifting at last. PCI Pal, a payment security company, found that 62 per cent of Americans and 44 per cent of Britons claim they will stop spending with a brand for several months following a hack or breach. The reputational hit from a security incident could be greater than the cost of repair. In a related story, security journalist Zack Whittaker has taken issue with the hollow promise of websites everywhere. You know the one: “We take your privacy seriously.”

If you notice this notice…

Notifications of data breaches have increased since GDPR came into force. The European Commission has revealed that companies made more than 41,000 data breach notifications in the six-month period since May 25. Individuals or organisations made more than 95,000 complaints, mostly relating to telemarketing, promotional emails and video surveillance. Help Net Security has a good writeup of the findings here.

It was a similar story in Ireland, where the Data Protection Commission saw a 70 per cent increase in reported valid data security breaches, and a 56 per cent increase in public complaints compared to 2017. The summary data is here and the full 104-page report is free to download.

Meanwhile, Brave, the privacy-focused browser developer, argues that GDPR doesn’t make doing business harder for a small company. “In fact, if purpose limitation is enforced, GDPR levels the playing field versus large digital players,” said chief policy officer Johnny Ryan.

Interesting footnote: a US insurance company, Coalition, has begun offering GDPR-specific coverage. Dark Reading’s quotes a lawyer who said insurance might be effective for risk transference but it’s untested. Much will depend on the policy’s wording, the lawyer said.

Things we liked

Lisa Forte’s excellent post draws parallels between online radicalisation and cybercrime. MORE

Want to do some malware analysis? Here’s how to set up a Windows VM for it. MORE

You give apps personal information. Then they tell Facebook (PAYWALL). MORE

Ever wondered how cybercriminals turn their digital gains into cold, hard cash? MORE

This 190-second video explains cybercrime to a layperson without using computers. MORE

Blaming the user for security failings is a dereliction of responsibility, argues Ira Winkler. MORE

Tips for improving cyber risk management. MORE

Here’s what happens when you set up an IoT camera as a honeypot. MORE

The post Security roundup: March 2019 appeared first on BH Consulting.

Latest Hacking News Podcast #237

US Senate report reveals new details on 2017 Equifax breach and Samsung Galaxy S10's face recognition seems to be a step backwards in security on episode 237 of our daily cybersecurity podcast.

Latest Hacking News Podcast #237 on Latest Hacking News.

Coinhive, the Monero mining service, is closing down

coinhive cryptojacking

According to the 2018 PandaLabs report, between 2017 and 2018, detections of cryptojacking – the illicit use of a third party computer to mine cryptocurrencies – increased 350%. One of the most popular services for carrying out this activity is Coinhive.

Download our cryptojacking whitepaper

Coinhive was set up 18 months ago with the aim of providing a legitimate alternative to ads on websites. However, it didn’t take long for cybercriminals to appropriate this service to attack websites and make themselves some money.

Now, a year and a half after it began, the creators of Coinhive have announced that as of March 8, the service will be discontinued

It may come as a surprise, however, that the decision to close the service is not related to its incessant use in illegal activities. According to the Coinhive team, the fall in the hash rate of Monero, along with the crash of the cryptocurrency market, was the deciding factor.

Coinhive: a controversial history

The fact that Coinhive is closing up shop will come as a great relief for many companies, given that its code was discovered on almost 40,000 websites last year. Many globally renowned companies’ webistes were affected, including: The LA Times, the Australian government, government institutions in the UK and the US… It even affected the world’s second most visited website: YouTube. In this case, the advertising platform DoubleClick was the victim of an attack that hid the CoinHive cryptojacking code in YouTube adverts. All of these factors combined to make it one of the leading threats to users last year.

At the high point of its popularity, it is estimated that cybercriminals who used this service were pocketing around $250,000 a month.

Despite how far reaching the threat is, for many companies, cryptojacking is still not considered to be a serious threat to their cybersecurity. . One reason for this may be the fact that cryptojacking attacks are less showy than other threats, such as ransomware, which have immediate, disruptive effects. However, as we will see, cryptojacking can have serious negative consequences.

Don’t let your guard down

Coinhive was the most popular service for carrying out illicit cryptomining, but it was by no means the only one. Services such as Crypto-Loot, CoinImp, Minr and deepMiner are still very much active. And these scripts were discovered on almost 10,000 websites last year. This means that Coinhive’s closure isn’t the end of the road for cybercriminals who make use of cryptojacking scripts. In fact, one of these alternatives is very likely to become the most popular cryptojacking method.

What’s more, since Coinhive is closing down for financial reasons, we could even see it open its doors again, once more taking up its place as the most popular cryptojacking tool.

With all of this in mind, it’s worth going over the dangers that can stem from a cryptojacking attack:

  • High energy demand. One of the first indications of a cryptojacking malware infection is a significant increase in power consumption.
  • CPU use. Cryptojacking aims to make use of affected computers’ CPU in order to mine cryptocurrencies. So the presence of cryptojacking script in your company can cause low performance in computers.
  • Dangers for corporate cybersecurity. If cryptojacking malware has made its way onto your company’s IT network, that means that there is an open door somewhere. And this open door means that there is a way in for all kinds of threats – threats that can endanger your company.

How to avoid cryptojacking

As is the case with any cyberthreat, it is vital that your company protect itself against cryptojacking – be it cryptojacking that uses Coinhive or whatever the new star cybercriminal tactic may be.

1.- Analyze your resources. If you notice suspicious CPU usage, or if a number of employees report that their computers are slowing down, it may be that cryptojacking is behind it.

2.- Careful with your browser. One of the most popular points of entry for cryptojacking are websites. There are plugins that block suspicious websites.

3.- Carry out periodic risk evaluations. This way, you’ll be able to identify vulnerabilities that can endanger your company’s cybersecurity. Panda Patch Management searches automatically for the patches that are necessary to keep your company safe, and prioritizes the most urgent updates. Appropriate patching policies can reduce the attack surface by up to 80%.

There’s no doubt that the closure of Coinhive is good news for those who want to protect their cybersecurity. Cybercriminals now have one fewer weapon in their arsenal with which to threaten your company’s computers. However, if there’s one thing that defines cybercriminals, it is their adaptability, forever inventing new ways to get what they want. It is therefore essential that we stay vigilant.

The post Coinhive, the Monero mining service, is closing down appeared first on Panda Security Mediacenter.

Panda Security, earns “Recommended Rating” in NSS Labs’ 2019 AEP Group Test

NSS Labs Group Test AEP

At RSA 2019, Panda Security has received a NSS Labs Recommended rating in the 2019 Advanced Endpoint Protection Group Test.

Iratxe Vázquez, Product Marketing manager of Panda Security, expressed her satisfaction with the results, and stated that, “Throughout the long, intense evaluation process, Panda Adaptive Defense 360 and its integrated services have consistently demonstrated what we hear from our customers: that our solution is among the most efficient against any kind of cyberattack: with or without malware, known or unknown, with traditional techniques or next generation.”

Presentation of the recommended AEP solution prize by NSS Labs at Panda Security’s booth at RSA 2019

On top of the exhaustive EDR monitoring capabilities, two completely managed services are provided at no extra cost. These services are based on scalable cloud based machine learning technologies that automate and accelerate the process of identifying threats, without the need for customer intervention.

About Panda Security

At Panda Security we help companies to protect themselves against advanced threats and new attack techniques. Consistently maintaining our spirit of innovation, at Panda we have marked a number of historical milestones in the industry. Today, we are the leading European vendor of EDR systems, with 100% European shareholders, headquarters, technology and cloud platform.

Thanks to our visionary concept of the advanced cybersecurity model, which combines solutions and services, we are able to provide a completely detailed visibility of all endpoint activity, absolute control of all running processes, and the reduction of the attack surface.

According to Iratxe Vázquez: “We are one of the few endpoint security vendors that use advanced machine learning and deep learning techniques to classify threats via thousands of static, contextual, and behavioral attributes. All of this is done from the cloud, which provides a virtually infinite processing capacity, in real time and without cost to our customers.”

If you would like more information, get in touch with us.

More information

About NSS Labs:

NSS Labs, Inc. is recognized globally as the most trusted source for independent, fact-based cybersecurity guidance. Our mission is to advance transparency and accountability within the cybersecurity industry. Our unmatched foundation in security testing, along with our extensive research and global threat analysis capabilities, provide the basis for NSS Labs’ Cloud Platform for Continuous Security Validation.

This cloud platform empowers enterprises with objective, empirical data and allows them to gain continuous visibility, gather actionable insights, and rationalize investments in their cyber programs. The cloud platform lets enterprises know where they stand by continuously validating the effectiveness of their security products and assessing the impact of unmitigated risks to the enterprise stack. This gives business leaders the relevant information they need to substantiate their security investments.

CISOs, Chief Security Architects, SOC and Threat Analysts, and information security professionals from many of the world’s largest and most demanding enterprises rely on trusted information from NSS Labs.

The post Panda Security, earns “Recommended Rating” in NSS Labs’ 2019 AEP Group Test appeared first on Panda Security Mediacenter.

Cyber Security Week in Review (Feb. 22)



Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. For more news delivered to your inbox every week, sign up for our Threat Source newsletter here.

Top headlines this week


  • U.S. officials charged a former member of the Air Force with defecting in order to help an Iranian cyber espionage unit. The Department of Justice say the woman collected information on former colleagues, and then the Iranian hackers attempted to target those individuals and install spyware on their computers.
  • The U.S. Department of Justice is dismantling two task forces aimed at protecting American elections. The groups were originally created after the 2016 presidential election to prevent foreign interference but after the 2018 midterms, the Trump administration shrunk their sizes significantly. 
  • Facebook and the U.S. government are closing in on a settlement over several privacy violations. Sources familiar with the discussions say it will likely result in a multimillion-dollar fine, likely to be the largest the Federal Trade Commission has ever imposed on a technology company. 

From Talos


  • There’s been a recent uptick in the Brushaloader infections. While the malware has been around since mid-2018, this new variant makes it more difficult than ever to detect on infected machines. New features include the ability to evade detection in sandboxes and the avoidance of anti-virus protection. 
  • New features in WinDbg makes it easier for researchers to debug malware. A new JavaScript bridge brings WinDbg in line with other modern programs. Cisco Talos walks users through these new features and shows off how to use them. 

Malware roundup


  • Google says it’s stepping up its banning of malicious apps. The company says it’s seen a 66 percent increase in the number of apps its banned from the Google Play store over the past year. Google says it scans more than 50 billion apps a day on users’ phones for malicious activity. 
  • A new campaign using the Separ malware is attempting to steal login credentials at large businesses. The malware uses short scripts and legitimate executable files to avoid detection. 
  • A new ATM malware called "WinPot" turns the machines into "slot machines." This allows hackers to essentially gamify ATM hacking, randomizing how much money the machine dispenses. 

The rest of the news


  • The U.S. is reviving a secret program to carry out supply-chain attacks against Iran. The cyber attacks are targeted at the country’s missile program. Over the past two months, two of Iran’s efforts to launch satellites have failed within minutes, though it’s difficult to assign those failures to the U.S. 
  • Australia says a “sophisticated state actor” carried out a cyber attack on its parliament. The ruling Liberal-National coalition parties say their systems were compromised in the attack. Since then, the country says it’s put “a number of measures” in place to protect its election system. 
  • Cisco released security updates for 15 vulnerabilities. Two critical bugs could allow attackers to gain root access to a system, and a third opens the door for a malicious actor to bypass authentication altogether. 
  • Facebook keeps a list of users that it believes could be a threat to the company or its employees. The database is made up of users who have made threatening posts against the company in the past. 


Offensive Security Appoints Ning Wang as CEO to Lead Organization’s Next Stage of Growth

Today we all constantly read about data breaches that could have been prevented if the impacted organization had just done what they were supposed to do. The unfortunate reality is that cyberattacks are now a matter of 'when' and not 'if' for the average enterprise. Yet the landscape is changing and protecting your environment is actually getting more challenging not less.

Cyber adversaries are more organized and talented than ever, so an effective cyber defense now requires more than just following the right processes. Today's enterprises need defenders who perform their jobs with an adversarial mindset. While this need is becoming more acute every day, we are also presently in the midst of an enormous cybersecurity skills shortage. These two forces are diametrically opposed and there is only one way toward resolution – practical security training.

This being the case, I couldn't be happier to join Offensive Security as the company's next CEO.

OODA: Observe Orient Decide Act Faster Than Your Adversaries

OODA is the famous fast-paced decision-making model that emphasizes out-thinking your adversaries. First captured by Colonel John Boyd to articulate fighter pilot success models, it has been applied to international business, cyber security and just about any competitive environment.

Applying OODA methodologies to your business can help accelerate your products to market and help you beat the competition. This is especially important in the age of ubiquitous computing we all find ourselves in.

OODA is also the name of a new consultancy designed to optimize your actions.

The consultancy OODA helps clients identify, manage, and respond to global risks and uncertainties while exploring emerging opportunities and developing robust and adaptive strategies for the future.

OODA is comprised of a unique team of international experts lead by co-founders Matt Devost and Bob Gourley. Matt and Bob have been collaborating for two decades on advanced technology, intelligence, and security issues.  Our team is capable of providing advanced intelligence and analysis, strategy and planning support, investment and due diligence, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.

For more see: OODA.com

 

The post OODA: Observe Orient Decide Act Faster Than Your Adversaries appeared first on The Cyber Threat.

Win With The @Crucial Point and @CTOvision Product Lineup

For 10 years, Crucial Point and CTOvision have supported business and government decision-makers with action oriented research, consulting and advisory services. We have continually provided insights on our research via products under our CTOvision and ThreatBrief brands. The current newsletter lineup includes:
  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities. This is our largest distribution list with over 32000 members. As its name implies, it is published once a month.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

 

The post Win With The @Crucial Point and @CTOvision Product Lineup appeared first on The Cyber Threat.

Insurance Occurrence Assurance?

You may have seen my friend Brian Krebs’ post regarding the lawsuit filed last month in the Western District of Virginia after $2.4 million was stolen from The National Bank of Blacksburg from two separate breaches over an eight-month period. Though the breaches are concerning, the real story is that the financial institution suing its insurance provider for refusing to fully cover the losses.

From the article:

In its lawsuit (PDF), National Bank says it had an insurance policy with Everest National Insurance Company for two types of coverage or “riders” to protect it against cybercrime losses. The first was a “computer and electronic crime” (C&E) rider that had a single loss limit liability of $8 million, with a $125,000 deductible.

The second was a “debit card rider” which provided coverage for losses which result directly from the use of lost, stolen or altered debit cards or counterfeit cards. That policy has a single loss limit of liability of $50,000, with a $25,000 deductible and an aggregate limit of $250,000.

According to the lawsuit, in June 2018 Everest determined both the 2016 and 2017 breaches were covered exclusively by the debit card rider, and not the $8 million C&E rider. The insurance company said the bank could not recover lost funds under the C&E rider because of two “exclusions” in that rider which spell out circumstances under which the insurer will not provide reimbursement.

Cyber security insurance is still in its infancy and issues with claims that could potentially span multiple policies and riders will continue to happen – think of the stories of health insurance claims being denied for pre-existing conditions and other loopholes. This, unfortunately, is the nature of insurance. Legal precedent, litigation, and insurance claim issues aside, your organization needs to understand that cyber security insurance is but one tool to reduce the financial impact on your organization when faced with a breach.

Cyber security insurance cannot and should not, however, be viewed as your primary means of defending against an attack.

The best way to maintain a defensible security posture is to have an information security program that is current, robust, and measurable. An effective information security program will provide far more protection for the operational state of your organization than cyber security insurance alone. To put it another way, insurance is a reactive measure whereas an effective security program is a proactive measure.

If you were in a fight, would you want to wait and see what happens after a punch is thrown to the bridge of your nose? Perhaps you would like to train to dodge or block that punch instead? Something to think about.

Free SANS Webinar: I Before R Except After IOC

Join Andrew Hay on Wednesday, July 25th, 2018 at 10:30 AM EDT (14:30:00 UTC) for an exciting free SANS Institute Webinar entitled “I” Before “R” Except After IOC. Using actual investigations and research, this session will help attendees better understand the true value of an individual IOC, how to quantify and utilize your collected indicators, and what constitutes an actual incident.

Overview
Just because the security industry touts indicators of compromise (IOCs) as much needed intelligence in the war on attackers, the fact is that not every IOC is valuable enough to trigger an incident response (IR) activity. All too often our provided indicators contain information of varying quality including expired attribution, dubious origin, and incomplete details. So how many IOCs are needed before you can confidently declare an incident? After this session, the attendee will:

  • Know how to quickly determine the value of an IOC,
  • Understand when more information is needed (and from what source), and
  • Make intelligent decisions on whether or not an incident should be declared.

Register to attend the webinar here: https://www.sans.org/webcasts/108100.

The Daily Threat Brief: The President Gets A Daily Brief, Shouldn’t You?

The Daily Threat Brief is our version of the President’s Daily Brief (PDB),  focused on cyber threats and tips on being as secure as possible. We provide actionable insights into threat actors and their motivations and also dive into their tactics in ways that will inform your business decisions.

To sign up for the Daily Threat Brief see: CTOvision Newsletter Signups

Our full array of newsletters includes:

  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

 

 

The post The Daily Threat Brief: The President Gets A Daily Brief, Shouldn’t You? appeared first on The Cyber Threat.

The CTOvision Cyberwar and Cybersecurity Weekly

The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. We help you defend your piece of cyberspace at home and at work.

To sign up for the CTOvision Cyberwar and Cybersecurity Weekly see: CTOvision Newsletter Signups

Our full array of newsletters includes:

  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

The post The CTOvision Cyberwar and Cybersecurity Weekly appeared first on The Cyber Threat.

The CTOvision Artificial Intelligence, Big Data and Analytics Weekly

The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.

To sign up for the Weekly AI, Big Data and Analytics Newsletter see: CTOvision Newsletter Signups

Our full array of newsletters includes:

  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

The post The CTOvision Artificial Intelligence, Big Data and Analytics Weekly appeared first on The Cyber Threat.

The CTOvision Weekly Tech Review

The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts for the executive in need of actionable insights which can drive decisions and lead to victory in the market place.

We report on: on Cloud Computing, Artificial Intelligence, Mobility, Big Data, Robotics, Internet of Things, Cybersecurity and Blockchain and Cryptocurrencies.

We also provide focus on high interest topics, including Science Fiction, Entertainment, Cyber War, Tech Careers, Training and Education and Tech Tips.

To sign up for the CTOvision Pro IT Report see: CTOvision Newsletter Signups

Our full array of newsletters includes:

  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

The post The CTOvision Weekly Tech Review appeared first on The Cyber Threat.

The CTOvision Daily: Keep your finger on the pulse of the tech world

The Daily CTOvision.com is produced for the technology executive who needs to stay in the loop on the latest in technology and concepts for applying IT to address business and mission needs. Our daily provides summaries of all reporting.  If we don’t publish it does not go out, but it is never more than once a day.

We report on: on Cloud Computing, Artificial Intelligence, Mobility, Big Data, Robotics, Internet of Things, Cybersecurity and Blockchain and Cryptocurrencies.

We also provide focus on high interest topics, including Science Fiction, Entertainment, Cyber War, Tech Careers, Training and Education and Tech Tips.

To sign up for the CTOvision Daily see: CTOvision Newsletter Signups

Our full array of newsletters includes:

  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

The post The CTOvision Daily: Keep your finger on the pulse of the tech world appeared first on The Cyber Threat.

The CTOvision Monthly Report

CTOvision writes for the enterprise technologist. We provide CTOs, CIOs, CISOs, data scientists and other technologists with insights into emerging tech trends and concepts for making the most of advanced technologies. We organize events focused on thought leadership and provide research insights through a portfolio of newsletters.

Our premier publication is our monthly technology review, sent to over 32,000 technology thought leaders. This monthly summarizes reporting from the CTOvision.com blog as well as tech trends from the IT industry. The monthly also provide links to our technology assessments. The result: readers are provided with deep and actionable insights into the dynamic tech world.

To sign up for the Monthly CTOvision.com Tech Review see: CTOvision Newsletter Signups

Our full array of newsletters includes:

  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

The post The CTOvision Monthly Report appeared first on The Cyber Threat.

Inform your decisions with exquisite intelligence from CTOvision and ThreatBrief

For 10 years, Crucial Point, the consultancy formed by The Cyber Threat author Bob Gourley, has supported business and government decision-makers with action oriented research, consulting and advisory services. We have continually provided insights on our research via products under our CTOvision and ThreatBrief brands.
The current newsletter lineup includes:
  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities. This is our largest distribution list with over 32000 members. As its name implies, it is published once a month.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

The post Inform your decisions with exquisite intelligence from CTOvision and ThreatBrief appeared first on The Cyber Threat.

Interviewed on RSAC TV

I had the pleasure of being interviewed by Eleanor Dallaway, Editor and Publisher – Infosecurity Magazine, on RSA Conference Television (RSAC TV) last week at the annual RSA Security Conference.

In the interview, we spoke of what I had observed on the show floor, the state of the security industry, and I describe my perfect customer in information security.

Windows 10 Update Disrupts Pen Input; Microsoft Offers Potentially Dangerous Fix

A recent Microsoft security update – according to Wacom’s support pages, the OS build 16299.334 – has had a rather unexpected side-effect. Many users of have been experiencing issues where drawing apps, such as Photoshop, no longer function correctly. For example, pressing the pen to the tablet device does not “draw” as it should, but […]

Why the Cyber Criminals at Synack need $25 Million to Track Down Main Safety Faults

The enormous number of hacks in 2014 have propelled information safety into the front of the news and the brains of many companies. Cyber attacks on big enterprises like Target, Sony, and Home Depot lately caused President Obama to call for partnership amongst the two sectors (private and public) in order to share the information

The post Why the Cyber Criminals at Synack need $25 Million to Track Down Main Safety Faults appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Three Hacking Groups You Definitely Need to Know About

Hacker groups began to flourish in the early 1980s with the emergence of computer. Hackers are like predators that can access your private data at any time by exploiting the vulnerabilities of your computer. Hackers usually cover up their tracks by leaving false clues or by leaving absolutely no evidence behind. In the light of

The post Three Hacking Groups You Definitely Need to Know About appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Want to have a VPN Server on Your Computer (Windows) Without setting up Any Software?

Windows has the added facility to work as a VPN server, even though this choice is undisclosed. This can work on both versions of Windows – Windows 8 and Windows 7. To enable this, the server makes use of the point-to-point tunneling protocol (PPTP.) This could be valuable for linking to your home system on

The post Want to have a VPN Server on Your Computer (Windows) Without setting up Any Software? appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Anonymous wants to further its engagement in the exploration of space – ‘Unite as Species’

The hack – tivist cyber criminal group Anonymous, more often than not related with cyber campaigns in opposition to fraudulent government administrations and terrorist organizations, has now set its sights on space. They posted a video on the group’s most important You Tube channel on the 18th of March, and called on to everyone through

The post Anonymous wants to further its engagement in the exploration of space – ‘Unite as Species’ appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Microsoft Remote Desktop Connection Manager

Imagine having the access and control to your computer to any place in the world from your iPhone. That would be really futuristic, no? Actually, this is not because there are applications available that can let you tap into your computer from on your mobile. These remote control applications do more than simply allow you

The post Microsoft Remote Desktop Connection Manager appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Vanished in 60 seconds! – Chinese cyber criminals shut down Adobe Flash, Internet Explorer

Associates of two Chinese cyber crime teams have hollowed out the best prizes at a main yearly hacking competition held in Vancouver, Canada. Cyber attackers at Pwn2Own, commenced in 2007, were triumphant in violating the security of broadly -used software including Adobe Flash, Mozilla’s Firefox browser, Adobe PDF Reader and Microsoft’s freshly – discontinued Internet

The post Vanished in 60 seconds! – Chinese cyber criminals shut down Adobe Flash, Internet Explorer appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Researcher makes $225,000, legally, by cyber attacking browsers

A single researcher who is actually a cyber criminal made $225,000 this week  – that too all by legal means! This cyber research hacker cyber criminally attacked browsers this past week. For the past two days, safety researchers have tumbled down on Vancouver for a Google – sponsored competition called Pwn – 2 – Own,

The post Researcher makes $225,000, legally, by cyber attacking browsers appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Political analysts caution air plane connections systems that are susceptible to cyber attacks

Marketable and even martial planes have an Achilles heel that could abscond them as susceptible to cyber criminals on the ground, who specialists say could possibly seize cockpits and generate disorder in the skies. At the present, radical groups are thought to be short of the complexity to bring down a plane vaguely, but it

The post Political analysts caution air plane connections systems that are susceptible to cyber attacks appeared first on Hacker News Bulletin | Find the Latest Hackers News.

The Health insurance Company – Premera Blue Cross – of the United States of America was cyber criminally attacks and 11 million records were accessed

Pemera Blue Cross, a United States of America – based health insurance corporation, has confided in that its systems were infringed upon and their security and associability was breached when  cyber criminals hacked the company and made their way in 11 million of their customers’ records. It is the second cyber attack in a row

The post The Health insurance Company – Premera Blue Cross – of the United States of America was cyber criminally attacks and 11 million records were accessed appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Security Beyond The Perimeter

Whether we like it or not, the way we architect, utilize, and secure the networks and systems under our control has changed. When servers were safely tucked away behind corporate firewalls and perimeter-deployed intrusion prevention controls, organizations became complacent and dependent on their host security. Unfortunately, inadequately architected security controls that rely solely on broad network-based protection can make the migration of an organization’s systems to private, public, and hybrid cloud hosting even more exposed to attackers than they were before.

Everyone has heard the “defense in depth” analogy relating security to a medieval castle with controlled access to different locations of the castle and a defensive moat around the perimeter. This “hard outside” and “soft inside” model was designed to make it as difficult as possible to get past the perimeter. However, once inside the walls, the trusted individual had elevated access to resources within the network.

Unsurprisingly, the medieval defense analogy has lost much of its relevance in a world where systems and users move effortlessly from within the confines of a walled corporation, to a local coffee shop, and perhaps even to a different country as part of normal business operations.

Securing the next generation of hosting platforms requires a new approach that not every organization is ready for. Some industry analyst firms promote the idea of a “cloud first strategy” for all technology deployments. Though not a bad idea, per se, this doesn’t mean that forklifting your entire architecture into cloud or containerized environments should be your number one priority – especially if you’re being forced to choose between a new architecture and the traditional security controls that you depend upon.

Thankfully, technology has evolved to allow for more seamless security in environments that need to span traditional datacenters, virtualization, and cloud environments. This has allowed organizations to grow their capabilities without the need to choose between having security and having new technology stacks.

So how do we, as security professionals and business owners, decide what mitigating controls should be deployed to future-proof our security? It’s actually much easier than it sounds. To learn more about how to perform security beyond the perimeter please read my full post on https://www.juniper.net/us/en/dm/security-beyond-the-perimeter/.

The Hay CFP Management Method

By Andrew Hay, Co-Founder and CTO, LEO Cyber Security.

I speak at a lot of conferences around the world. As a result, people often ask me how I manage the vast number of abstracts and security call for papers (CFPs) submissions. So I thought I’d create a blog post to explain my process. For lack of a better name, let’s call it the Hay CFP Management Method. It should be noted that this method could be applied to any number of things from blog posts to white papers and scholastic articles to news stories. I have successfully proven this methodology for both myself and my teams at OpenDNS, DataGravity, and LEO Cyber Security. Staying organized helped manage the deluge of events, submitted talks, and important due dates in addition to helping me keep track of where in the world my team was and what they were talking about.

I, like most people, started managing abstracts and submissions by relying on email searches and documents (both local and on Google Drive, Dropbox, etc.). Unfortunately, I didn’t find this scaled very well as I kept losing track of submitted vs. accepted/rejected talks and their corresponding dates. It certainly didn’t scale when it was applied to an entire team as opposed to a single individual.

Enter Trello, a popular (and freemium) web-based project management application that utilizes the Kanban methodology for organizing projects (boards), lists (task lists), and tasks (cards). In late September I start by creating a board for the upcoming year (let’s call this board the 2018 Conference CFP Calendar) and, if not already created, a board to track my abstracts in their development lifecycle (let’s call this board Talk Abstracts).

Within the Talk Abstracts board, I create several lists to act as swim lanes for my conference abstracts and other useful information. These lists are:

* Development: These are talks that are actively being developed and are not yet ready for prime time.
* Completed: These are talks that have finished development and are ready to be delivered at an upcoming event.
* Delivered: These are talks that have been delivered at least once.
* Misc: This list is where I keep my frequently requested form information such as my short bio (less than 50 characters), long bio (less than 1,500 characters), business mailing address (instead of browsing to your corporate website every time), and CISSP number (because who can remember that?).
* Retired: As a personal rule, I only use a particular talk for one calendar year. When I feel as though the talk is stale, boring, or stops being accepted, I move the card to this list. That’s not to say you can’t revive a talk or topic in the future as a “version 2.0”. This is why keeping the card around is valuable.

Within the 2018 Conference CFP Calendar board, I create several lists to act as swim lanes for my various CFPs. These lists are:

* CFP open: This is where I put all of the upcoming conference cards that I know about even if I do not yet know the exact details (such as location, CFP open/close, etc.).
* CFP closes in < 30 days: This is where I put the upcoming conference cards that have a confirmed closing date within the next 30 days. Note, it is very important to record details in the cards such as closing date, conference CFP mechanism (e.g. email vs. web form), and any related URLs for the event.
* Submitted: These are the conferences that I have submitted to and the associated cards. Note, I always provide a link to the abstract I submitted as a way to remind myself what I’m talking about.
* Accepted: These are the accepted talk cards. Note, I always put a copy of the email (or link to) acceptance notification to record any details that might be important down the road. I also make sure to change the date on the card to that of the speaking date and time slot to help keep me organized.
* Attending but not presenting: This is really a generic catch-all for events that I need to be at but may not be speaking at (e.g. booth duty, attending training, etc.). The card and associated dates help keep my dance card organized.
* Accepted but backed out: Sometimes life happens. This list contains cards of conference submissions that I had to back out of for one reason or another. I keep these cards in their own column to show me what was successfully accepted and might be a fit for next year in addition to the reason I had to back out (e.g. conflict, personal issue, alien abduction, etc.).
* Completed: This list is for completed talk cards. Again, I keep these to reference for next year’s board as it provides some ballpark dates for when the CFP opens, closes, as well as the venue and conference date.
* Rejected: They’re not all winners and not everybody gets every talk accepted. In my opinion, keeping track of your rejected talks is as (if not more) important as keeping track of your accepted talks. Not only does it allow you to see what didn’t work for that particular event, but it also allows you to record reviewer feedback on the submission and maybe submit a different style or type of abstract in the future.
* Not doing 2018: This is the list where I put conference cards that I’ve missed the deadline on (hey, it happens), cannot submit to because of a conflict, or simply choose to not submit a talk to.

It should be noted that I keep the above lists in the same order every year to help minimize my development time against the Trello API for my visualization dashboard (which I will explain in a future blog post). This might sound like a lot of work but once you’ve set this board up you can reuse it every year. In fact, it’s much easier to copy last year’s board than starting fresh every year, as it brings the cards and details over. Then all you need to do is update the old cards with the new venue, dates, and URLs.

Now that we have our board structure created we need to start populating the lists with the cards – which I’ll explain in the next blog post. In addition to the card blog post, I’ll explain two other components of the process in subsequent posts. For reference, here are the upcoming blog posts that will build on this one:

* Individual cards and their structure
* Moving cards through the pipeline
* Visualizing your board (and why it helps)

The post The Hay CFP Management Method appeared first on LEO Cyber Security.

Detect and Prevent Data Exfiltration Webinar with Infoblox

Please join SANS Institute Instructor and LEO Cyber Security Co-Founder & CTO Andrew Hay and Infoblox Security Product Marketing’s Sam Kumarsamy on Thursday, August 17th, 2017 at 1:00 PM EDT (17:00:00 UTC) as they present a SANS Institute webinar entitled Detect & Prevent Data Exfiltration: A Unique Approach.

Overview

Data is the new currency in the modern digital enterprise and protecting data is a strategic imperative for every organization. Enterprises must protect data whether it resides in a data center, an individual’s laptop that is used on premise or off premise and across the global distributed enterprise. Effective data exfiltration prevention requires protecting DNS, the most commonly used channels to steal data and combining reputation, signatures and behavioral analytics. The detection and prevention of loss of data requires analysis of vast amounts of network data and require a solution that can scale to examine this data. In this webinar you will also learn about the Infoblox’s unique approach to detecting and preventing data exfiltration.

To register for the webinar, please visit: https://www.sans.org/webcasts/detect-prevent-data-exfiltration-unique-approach-infoblox-104985

You can now also attend the webcast using your mobile device!

 

The post Detect and Prevent Data Exfiltration Webinar with Infoblox appeared first on LEO Cyber Security.

Petya Ransomware: What You Need to Know and Do

By: Andrew Hay

Unless you’ve been away from the Internet earlier this week, you’ve no doubt heard by now about the global ransomware outbreak that started in Ukraine and subsequently spread West across Western Europe, North America, and Australia yesterday. With similarities reminiscent to its predecessor WannaCry, this ransomware attack shut down organizations ranging from the Danish shipping conglomerate Maersk Line to a Tasmanian-based Cadbury chocolate factory.

I was asked throughout the course of yesterday and today to help clarify exactly what transpired. The biggest challenge with any surprise malware outbreak is the flurry of hearsay, conjecture, speculation, and just plain guessing by researchers, analysts, and the media.

At a very high level, here is what we know thus far:

  • The spread of this campaign appears to have originated in Ukraine but has migrated west to impact a number of other countries, including the United States where pharmaceutical giant Merck and global law firm DLA Piper were hit
  • The initial infection appears to involve a software supply-chain threat involving the Ukrainian company M.E.Doc, which develops tax accounting software, MeDoc
  • This appears to be a piece of malware utilizing the EternalBlue exploit disclosed by the Shadow Brokers back in April 2017 when the group released several hacking tools obtained from the NSA
  • Microsoft released a patch in March 2017 to mitigate the discovered remote code execution vulnerabilities that existed in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handled certain requests
  • The malware implements several lateral movement techniques:
    • Stealing credentials or re-using existing active sessions
    • Using file-shares to transfer the malicious file across machines on the same network
    • Using existing legitimate functionalities to execute the payload or abusing SMB vulnerabilities for unpatched machines
  • Experts continue to debate whether or not this is a known malware variant called Petya but several researchers and firms claim that this is a never before seen variant that they are calling GoldenEye, NotPetya, Petna, or some other random name such as Nyetya
  • The jury is still out on whether or not the malware is new or simply a known variant

 

Who is responsible?

The million dollar question on everyone’s mind is “was this a nation-state backed campaign designed to specifically target Ukraine”? We at LEO believe that to be highly unlikely for a number of reasons. The likelihood that this is an opportunistic ransomware campaign with some initial software package targets is far more likely scenario than a state-sponsored actor looking to destabilize a country.

Always remember the old adage from Dr. Theodore Woodward: When you hear hoofbeats, think of horses not zebras.

If you immediately start looking for Russian, Chinese, or North Korean state-sponsored actors around every corner, you’ll inevitably construct some attribution and analysis bias. Look for the facts, not the speculation.

What does LEO recommend you do?

We recommend customers that have not yet installed security update MS17-010 to do so as soon as possible. Until you can apply the patch, LEO also recommends the following steps to help reduce the attack surface:

  • Disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547
  • Block incoming SMB traffic from the public Internet on port 445 and 139, adding a rule on your border routers, perimeter firewalls, and any intersecting traffic points between a higher security network zone to a lower security network zone
  • Disable remote WMI and file sharing, where possible, in favor of more secure file sharing protocols
  • Ensure that your logging is properly configured for all network-connected systems including workstations, servers, virtualized guests, and network infrastructure such as routers, switches, and firewalls
  • Ensure that your antimalware signatures are up-to-date on all systems (not just the critical ones)
  • Review your patch management program to ensure that emergency patches to mitigate critical vulnerabilities and easily weaponized attacks can be applied in an expedited fashion
  • Finally, consider stockpiling some cryptocurrency, like Bitcoin, to reduce any possible transaction downtime should you find that your organization is forced to pay the ransom. Attempting to acquire Bitcoin during an incident may be time-prohibitive

 

Should your organization need help or clarification on any of the above recommendations, please don’t hesitate to reach out to LEO Cyber Security for immediate assistance.

Further reading

The post Petya Ransomware: What You Need to Know and Do appeared first on LEO Cyber Security.

Diving into the Issues: Observations from SOURCE and AtlSecCon

Last week I had the pleasure of presenting three times, at two conferences, in two different countries: SOURCE in Boston, MA and at the Atlantic Security Conference (AtlSecCon) in Halifax, NS, Canada.

The first event of my week was SOURCE Boston. This year marked the tenth anniversary of SOURCE Conference and it continues to pride itself on being one of the only venues that brings business, technology and security professionals together under one roof to focus on real-world, practical security solutions for some of todays toughest security issues. Though I was only there for the first day, I was able to catch up with friends, play some Hacker Movie Trivia with Paul Asadoorian (@securityweekly), and chat with attendees on some of the biggest challenges we face around detecting and mitigating ransomware attacks.

After my presentation, I rushed off to Logan Airport to sit in, on what I now choose to call, the “Air Canada Ghetto” – a small three gate departure area segregated from the rest of the airport and its amenities. A minor four hour delay later, I was on my way to Halifax for AtlSecCon.

Between meetings and casual conversations I was enlightened by several presentations. Raf Los (@Wh1t3Rabbit), managing director of solutions research & development at Optiv, discussing Getting Off the Back Foot – Employing Active Defence which talked about an outcome-oriented and capabilities-driven model for more effective enterprise security.

After his talk, Aunshul Rege (@prof_rege), an assistant professor with the Criminal Justice department at Temple University, gave a very interesting talk entitled Measuring Adversarial Behavior in Cyberattacks. With a background in criminology, Aunshul presented her research from observations and interviews conducted at the Industrial Control Systems Computer Emergency Response Team’s (ICS-CERT) Red/Blue cybersecurity training exercise held at Idaho National Laboratory. Specifically, she covered how adversaries might engage in research and planning, offer team support, manage conflict between group members, structure attack paths (intrusion chains), navigate disruptions to their attack paths, and how limited knowledge bases and self-induced mistakes can possibly impact adversaries.

The last presentation was Mark Nunnikhoven’s (@marknca) highlighting Is Your Security Team Set up To Fail? Mark, the VP of cloud research at Trend Micro and a personal friend, examined the current state of IT security programs and teams…delving into the structure, goals, and skills prioritized by the industry.

The second day of the conference was filled with meetings for me but I was able to sit through Michael Joyce’s talk entitled A Cocktail Recipe for Improving Canadian Cybersecurity.  Joyce described the goals and objectives of The Smart Cybersecurity Network (SERENE-RISC) – a federally funded, not-for-profit knowledge mobilization network created to improve the general public’s awareness of cybersecurity risks and to empower all to mitigate them through knowledge. He was an excellent presenter and served as a call to action for those looking to help communicate the need for cybersecurity to all Canadians.

At both conferences I presented my latest talk entitled The Not-So-Improbable Future of Ransomware which explored how thousands of years of human kidnap and ransom doctrine have served as a playbook for ransomware campaign operators to follow. It was well received by both audiences and sparked follow-up conversations and discussions throughout the week. The SOURCE version can be found here and the AtlSecCon version here.

The conversation was received some early praise on the SOURCE session in addition to written pieces by Bill Brenner (@billbrenner70) from Sophos:


And Taylor Armerding (@tarmerding2) from CSO:


At AtlSecCon I joined a panel entitled Security Modelling Fundamentals: Should Security Teams Model a SOC Around Threats or Just Build Layers? Chaired by Tom Bain (@tmbainjr1), VP of marketing at CounterTack, the session served as a potpourri of security threats and trends ranging from ransomware, to regulation, to attack mitigation. It was quite fun and a great way to end the day.

Though it was a long series of flights home to the Bay Area I thoroughly enjoyed both conferences. I would highly recommend attending and/or speaking at both next year if you are provided with the opportunity.

Next up, (ISC)² CyberSecureGov 2017 in Washington, D.C. and the Rocky Mountain Information Security Conference (RMISC) in Denver, CO. Perhaps I’ll see some of our readers there!

The post Diving into the Issues: Observations from SOURCE and AtlSecCon appeared first on LEO Cyber Security.