Category Archives: News

Windows 10 October Update Brings Back Old Mapped Drives Bug

After a lot of chaos and problems, Microsoft has resumed the Windows 10 1809 rollout. While the recent October update

Windows 10 October Update Brings Back Old Mapped Drives Bug on Latest Hacking News.

Adobe Patch Tuesday November Fixed Multiple Information Disclosure Vulnerabilities

This week, Adobe released its monthly scheduled update bundle addressing vulnerabilities within its different products. The Adobe patch Tuesday November

Adobe Patch Tuesday November Fixed Multiple Information Disclosure Vulnerabilities on Latest Hacking News.

Litecoin Price Analysis: LTC/USD Has Fallen Through Vital Support; Where Next?

  Critical support for LTC/USD was breached just under the $50 area, leaving the door open to further downside pressure. LTC/USD is moving within a range/consolidation block, subject to another explosive move. LTC/USD has remained firmly within a downside trend, showing no signs of that shifting anytime soon. Out of the last ten sessions, LTC/USD […]

The post Litecoin Price Analysis: LTC/USD Has Fallen Through Vital Support; Where Next? appeared first on Hacked: Hacking Finance.

Latest Hacking News Podcast #165

Kids miSafes watch vulnerabilities put children at risk, Firefox to display a warning on sites with data breaches and Japan's cybersecurity minister says he's never used a computer on episode 165 of our daily podcast.

Latest Hacking News Podcast #165 on Latest Hacking News.

New infosec products of the week: November 16, 2018

Cequence Security announces application security platform to stop bot attacks Cequence ASP is an application security platform that provides a scalable defense against the growing number of bot attacks affecting today’s hyper-connected organizations. Cequence ASP was built not only as a distributed, extensible, open software platform, but also as automated solution leveraging a patent-pending analytics engine (CQAI), which combines applied artificial intelligence, machine learning, and behavioral analysis. Cryptowerk introduces blockchain-based technology to certify data integrity … More

The post New infosec products of the week: November 16, 2018 appeared first on Help Net Security.

Vaporworms: New breed of self-propagating fileless malware to emerge in 2019

WatchGuard Technologies’ information security predictions for 2019 include the emergence of vaporworms, a new breed of fileless malware with wormlike properties to self-propagate through vulnerable systems, along with a takedown of the internet itself and ransomware targeting utilities and industrial control systems. “Cyber criminals are continuing to reshape the threat landscape as they update their tactics and escalate their attacks against businesses, governments and even the infrastructure of the internet itself,” said Corey Nachreiner, CTO … More

The post Vaporworms: New breed of self-propagating fileless malware to emerge in 2019 appeared first on Help Net Security.

Online shoppers continue to engage in risky behavior

Findings from a new McAfee survey reveal the risky habits of online shoppers, including using unsecured Wi-Fi for online shopping and purchasing items from online retailers they are not fully confident are genuine (51 percent). This highlights the need for consumers to slow down and consider the risks of unsafe purchasing behavior that could lead to identity theft or financial loss. Last year consumers spent $453.46 billion on the web for retail purchases, which was … More

The post Online shoppers continue to engage in risky behavior appeared first on Help Net Security.

What senior finance executives think about payments security

A WEX survey of more than 1,000 CFOs and senior financial executives from the U.S., Europe and Asia/Oceana revealed that for this group, security is paramount in payments solutions or platforms. Security – both of information and settlements – is raised by executives as a concern in multiple aspects of payments processing. In fact, according to those surveyed, security of transactions is the single most important attribute of payments. More than half of American executives—53 … More

The post What senior finance executives think about payments security appeared first on Help Net Security.

Cloud interoperability and app mobility outrank cost and security for primary hybrid cloud benefits

Enterprises plan to increase hybrid cloud usage, with 91% stating hybrid cloud as the ideal IT model, but only 18% stating they have that model today, according to Nutanix. Application mobility across any cloud is a top priority for 97% of respondents – with 88% of respondents saying it would “solve a lot of my problems.” IT decision makers ranked matching applications to the right cloud environment as a critical capability, and 35% of organizations … More

The post Cloud interoperability and app mobility outrank cost and security for primary hybrid cloud benefits appeared first on Help Net Security.

Organizations unable to achieve business resilience against cyber threats

The Resilience Gap study, which surveyed over 4,000 business decision makers across the United States, United Kingdom, France, Germany and Japan found that while 96% of the global business decision makers believe that making technology resilient to business disruptions should be core to their firm’s wider business strategy, the reality is very different. In fact, only 54% of respondents claim that it definitely is. Barriers to achieving business resilience Despite 96% of respondents claiming that … More

The post Organizations unable to achieve business resilience against cyber threats appeared first on Help Net Security.

Law firms are increasingly investing in cybersecurity programs

Logicforce released the results of its most recent Law Firm Cybersecurity Scorecard, a periodic study designed to assess cybersecurity preparedness across the legal industry and educate law firms on data protection best practices. Results of the study indicate that law firms are increasingly investing in cybersecurity programs, but most law firms are not implementing many of the protocols that will comprehensively protect them and their clients over time. Many firms’ clients and potential clients are … More

The post Law firms are increasingly investing in cybersecurity programs appeared first on Help Net Security.

TRON Price Analysis: TRX/USD Moves Within Proven Buying Area

  TRX/USD flirting with a huge buying area, historically proven to see buyers swoop in. Justin Sun sings praises on 100 million $TRX trading volume for Tron DEX. TRX/USD has been suffering heavily, in line with a large bearish reversal seen across the board. The price is running sharply lower, closing on the daily in […]

The post TRON Price Analysis: TRX/USD Moves Within Proven Buying Area appeared first on Hacked: Hacking Finance.

Man Sends Bomb to Cryptopay for Denying a Password Change Request

Last week a Swedish Man was sentenced to a term of 7 years for trying to murder two employees of

Man Sends Bomb to Cryptopay for Denying a Password Change Request on Latest Hacking News.

iPhone X explodes after iOS 12.1 Update

Recently Apple Support has responded to a report of an exploding iPhone X, where the victim is claiming that while he was installing the new iOS 12.1 update the phone went hot and exploded.

The news is from the city of Federal Way (Washington) where a guy named “Rahel Mohamad” twitted about the incident.

He said that “This year early January I bought the iPhone and have been using it normally.” The iPhone X was in process of getting new iOS 12.1 update and when Mohamad put it on charging at a later stage, he observed a “Dark grey smoke started coming from the phone.

The update was completed and as soon as the phone turned on it immediately started to smoke and caught fire.”

He also said that he was using the official bundled Apple Lightning cable and a wall adapter to charge his iPhone(see the image below).

iphone x

However due to some reason he had to stop the charging of his iPhone which is just before the explosion.

Mohamad said, “When I held the phone it was very hot and I drop the phone immediately on the floor. Then it started to smoke.” he added.”

He reached out Apple which wishes to investigate the incident further by getting Mohamad to ship the iPhone X to them. In reply to his tweet, Apple Support also said that this is definitely not expected behavior and would wish to resolve it soon.

This is not the first incident of smartphones exploding. A few years back Samsung had to recall its Galaxy Note 7 after several of its units exploded while in use.

Just to recall, Apple’s iPhone X was launched last year and its design change marked the tenth anniversary of the company’s legendary iPhone range. Now, let’s see how soon they respond with the report of the actual reason for the incident.

Stay tuned for more. 

The post iPhone X explodes after iOS 12.1 Update appeared first on TechWorm.

Google Went Down After Facing BGP Mishap

On Monday, numerous Internet users in the USA faced trouble after Google went down for over an hour. Upon scratching

Google Went Down After Facing BGP Mishap on Latest Hacking News.

Unpatched Microsoft Word Video Feature Vulnerability is Being Exploited In The Wild

Last month, researchers from a cybersecurity firm shared their findings on a bug in Microsoft Word online’s video feature that

Unpatched Microsoft Word Video Feature Vulnerability is Being Exploited In The Wild on Latest Hacking News.

Online shopping fraud to surge during Black Friday and Cyber Monday

New benchmark data from ACI Worldwide revealed a projected 14 percent increase in fraud attempts during the upcoming 2018 peak holiday season. Based on hundreds of millions of merchant transactions, the data shows that fraud attempts are going to be at their highest across the Black Friday and Cyber Monday weekend. Principal findings from the data include: Fraud attempts expected to increase 14% during 2018 peak holiday season Cross Channel fraud continues to grow: In … More

The post Online shopping fraud to surge during Black Friday and Cyber Monday appeared first on Help Net Security.

IoT related security missteps cost enterprises millions

Enterprises have begun sustaining significant monetary losses stemming from the lack of good practices as they move forward with incorporating the IoT into their business models, according to a new study from DigiCert. Among companies surveyed that are struggling the most with IoT security, 25 percent reported IoT security-related losses of at least $34 million in the last two years. These findings come amid a ramping up of IoT focus within the typical organization. Eighty-three … More

The post IoT related security missteps cost enterprises millions appeared first on Help Net Security.

Container strategies don’t take security seriously enough

Most organizations do not feel prepared to adequately secure cloud-native applications, despite the surging adoption of containers and Kubernetes, according to StackRox. Notable findings: More than a third of organizations with concerns about their container strategy worry that their strategies don’t adequately address container security An additional 15 percent believe their strategies don’t take seriously enough the threat to containers and Kubernetes deployments More than one-third of respondents haven’t started or are just creating their … More

The post Container strategies don’t take security seriously enough appeared first on Help Net Security.

What’s keeping Europe’s top infosec pros awake at night?

As the world adapts to GDPR and puts more attention on personal privacy and security, Europe’s top information security professionals still have doubts about the industry’s ability to protect critical infrastructure, corporate networks, and personal information. Black Hat Europe’s new research report entitled, Europe’s Cybersecurity Challenges, details the thoughts that are keeping Europe’s top information security professionals awake at night. The report includes new insights directly from more than 130 survey respondents and spans topics … More

The post What’s keeping Europe’s top infosec pros awake at night? appeared first on Help Net Security.

60% of firms believe a major security event will hit in the next few years

Only 30 percent of 1,250 senior executives, management and security practitioners in the U.S., U.K. and Canada are confident their business will avoid a major security event in the coming two years and 60 percent believe an attack will hit in the next few years, according to eSentire. In terms of cyberattack preparedness in global organizations, the research also uncovered gaps between the C-suite, board and technical leaders. Among CEO and board members surveyed, 77 … More

The post 60% of firms believe a major security event will hit in the next few years appeared first on Help Net Security.

Employees aren’t taking the proper steps to keep information safe while traveling

Employees aren’t taking the proper steps to keep their organizations’ information safe while traveling. ObserveIT surveyed more than 1,000 U.S. employees ages 18 – 65+ who have traveled with corporate devices in the past year and found that the majority are putting connectivity and efficiency above security; using public Wi-Fi and unauthorized devices to access work email and/or files on the go. While they may not have malicious intent, the negligent actions of employees caused … More

The post Employees aren’t taking the proper steps to keep information safe while traveling appeared first on Help Net Security.

Latest Hacking News Podcast #164

More Spectre and Meltdown attacks discovered, new US cybersecurity agency bill moves forward and Google and Target Twitter accounts hijacked for Bitcoin scam on the Latest Hacking News Podcast.

Latest Hacking News Podcast #164 on Latest Hacking News.

Chinese APT Group Exploit Fixed Critical Adobe ColdFusion Vulnerability On Unpatched Servers

In September, Adobe patched numerous critical vulnerabilities in ColdFusion. However, a couple of weeks after Adobe released the patches, researchers

Chinese APT Group Exploit Fixed Critical Adobe ColdFusion Vulnerability On Unpatched Servers on Latest Hacking News.

Red Dead Redemption 2 Glitch Lets You Get Any Horse Randomly

In a game set up in the Westernized era of the late 19th century, the main charm for the players

Red Dead Redemption 2 Glitch Lets You Get Any Horse Randomly on Latest Hacking News.

Nigerian ISP Hijacks Google Traffic, Sends It Through Russia and China

A small Nigerian Internet service provider (ISP) hijacked traffic meant for Google data centers on Monday, re-routing local traffic through China and Russia and making some hosted services temporarily unavailable for users.

The post Nigerian ISP Hijacks Google Traffic, Sends It Through Russia and China appeared first on The Security Ledger.

Related Stories

Facebook is the least-trusted major tech company- study

Facebook Is the Least Trusted Major Tech Company Among Americans For Protecting Personal Data, Suggests Polls

Facebook, the social networking giant, has been voted as the least trustworthy tech company, according to a recent survey conducted by Fortune. Thanks to Facebook’s increasing scrutiny for its handling of data privacy, ad targeting, and propaganda that has made its users trust the company the least.

According to the survey, only 22 percent of Americans trust Facebook with their personal information out of all major tech companies. On the other hand, Amazon with 49 percent ranks the highest in terms of trust, followed by Google (41 percent), Microsoft (40 percent), and Apple (39 percent).

“Facebook is in the bottom in terms of trust in housing your personal data,” said Harris Poll CEO John Gerzema. “Facebook’s crises continue rolling in the news cycle.” The poll was carried out by Harris Poll on behalf of Fortune in mid-October that surveyed over 2,000 U.S. adults.

This obvious lack of trust is bad news for Facebook, which is mainly due to factors such as leadership, ethics, trust, and image. Also, the Cambridge Analytica scandal earlier this year where up to 87 million Facebook users data was shared without their permission, along with the September data breach in which roughly 50 million of its users’ data was exposed through an attack on its network, has only attributed to Facebook’s low rankings.

Additionally, 48 percent of those who took the survey admitted to viewing Facebook more negatively than six months ago.

According to the survey, only 59 percent of respondents said they were “at least somewhat confident” in Zuckerberg’s leadership in the ethical use of data and privacy information. With 77 percent, Amazon CEO Jeff Bezos came in first, followed by Apple’s CEO Tim Cook at 72 percent, Microsoft’s CEO Satya Nadella at 71 percent, and Google’s CEO Sundar Pichai at 68 percent.

“That would be a C or D in grade school,” Gerzema said about Zuckerberg.

Facebook declined to comment on the poll. The company instead pointed to recent remarks made by Zuckerberg where he said that Facebook continues to invest in security and that its defenses are improving.

Not only the Facebook users, but some of the company’s major investors too are disappointed by Zuckerberg. Last month, several major public investment funds had proposed removing Zuckerberg as the company’s chairman of the board.

Source: PYMTS

The post Facebook is the least-trusted major tech company- study appeared first on TechWorm.

Panda Security and the Paris Call: a commitment to trust and security in cyberspace

Panda Security and the Paris Call: a commitment to trust and security in cyberspace

On November 12, coinciding with the Internet Governance Forum (IGF) in the UNESCO headquarters, president macron launched the Paris call, in the context of the Paris Peace Forum, to increase trust and security in cyberspace. The date chosen is more than significant, being as it is a homage to the centenary of the end of the First World War and the fragile peace that followed. The initiative is clear: international cooperation is the key to tackling global challenges and ensuring durable peace.

At a time when international cooperation and collective governance are threatened by constant tensions among countries, the Paris Peace Forum aims to strengthen and improve time-tested solutions that work towards this desired world peace: multilateral institutions, norms and standards, and collective action.

In this framework of collaboration, Panda Security – as a private company and signatory of the Cybersecurity Tech Accord – supports this high level declaration in favour of shared principles that aim to provide cyberspace with greater security.

Conscious that in order to achieve world peace these days, it is vital to protect our digital world, last month Panda Security joined the Cybersecurity Tech Accord, a key agreement among over 61 leading companies from all over the world that have come together in the interest of the cyberdefense of online users.

Thus, as a member of the Cybersecurity Tech Accord, Panda is now joining the list of over 300 governments, civil society organizations, groups, and industry representatives in a commitment to stability, security, and trust in cyberspace.

Hence, those that support the Paris Call commit to work together in order to:

  • Intensify prevention and resilience in light of malicious online activities .
  • Protect the accessibility and integrity of the Internet.
  • Cooperate in order to prevent interference in electoral processes.
  • Work together to combat intellectual property violations via the Internet.
  • Prevent the proliferation of malicious online programmes and techniques.
  • Improve the security of digital products and services.
  • Take measures against cybercriminal activity and attacks carried out by state and non-state actors.
  • Reinforce international norms and create corresponding standards.

Support for the Paris Call highlights the commitment undertaken by Panda Security and the Cybersecurity Tech Accord in favour of a dialogue among multiple interested parties in order to ensure advancement in such a critical area as cybersecurity, which affects not only the signatories, but every citizen of the world.

The post Panda Security and the Paris Call: a commitment to trust and security in cyberspace appeared first on Panda Security Mediacenter.

Emotet, the global threat to banking, arrives in Chile

Emotet, the global threat to banking, arrives in Chile

The banking Trojan, known to be the nightmare of global banking, has compromised the network of the bank Consorcio de Chile in the last few days.

A new case of electronic fraud against a Chilean banking institution, which has taken place in the last few days, has once more placed cybersecurity in the spotlight. Without a doubt, cybercriminals have professionalized the tactics with which they aim to compromise real safes containing large sums of money: financial institutions.

The bank itself confirmed the news, while at the same time reporting that no clients have been directly affected by this attack: “no client accounts, information, or funds have been affected, although at the moment, there are funds belonging to the bank that have yet to be recovered”.

The latest victim of Emotet, the banking Trojan known as the nightmare of global banking, is the Chilean bank, Consorcio. The Trojan gained access to the network using a common phishing attack, although its polymorphism is what has made it so popular.

Getting to know EMOTET

Emotet is the most widely used and most dangerous banking Trojan known today. It affects a large number of banking institutions all over the world. As well as infecting and acting as a bot, it is able to steal passwords and to spread like a worm. Emotet can get onto computers via email, a link, phishing, as an entry in an Excel spreadsheet, in a Word document, as an update request, etc.

Criminal record

After the attack experienced by Banco de Chile in May, with a total of $10 million USD stolen, cybersecurity made headlines all over the country. In this new case, Consorcio has been compromised by an as yet unidentified gang, and is trying to recover close to $2 million USD.

How did it get into Banco Consorcio?

According to PandaLabs, once Emotet gets onto a network, it infects all the computers connected to it in minutes, and these computers then await orders from the Trojan’s C&C. It is normally used to steal credentials and to send out spam, but it can also be used to encrypt the entire network.

On this occasion, it made its way into the bank with a supposed Word update, which was executed by an employee after receiving it in an email. Inside this ‘update’ was hidden the Trojan, using the Emotet botnet.

Advanced cybersecurity solutions, the best protection against Emotet

What makes this Trojan truly dangerous is its capacity to automatically change the code that it contains, making it more difficult for an antivirus to detect the signature that it leaves.

Panda Security, with its advanced cybersecurity solution, Panda Adaptive Defense, has technology specifically developed to detect this banking Trojan. “It is important to bear in mind that, without advanced protection, the client will be infected. There are constant campaigns with this Trojan, and a traditional antivirus isn’t going to detect them,” states Pedro Uría, Director of PandaLabs.

At Panda Security, we recommend the installation of Panda Adaptive Defense in lock mode to combat this Trojan, which belongs to the largest Trojan distribution network in the world.

The post Emotet, the global threat to banking, arrives in Chile appeared first on Panda Security Mediacenter.

New York City to battle cybercrime with an app

New York City launched its first-of-its-kind mobile threats detection app – it is called NYC Secure.

The app is free, and it is currently available for both Android and iOS. It comes as a result of a cybersecurity initiative that was started earlier this year by New York City’s mayor Bill de Blasio. The city-funded mobile application is meant to provide cybersecurity and privacy protections for the people of the most populous city in the US. Our research shows the app is not restricted only for residents of the Big Apple and is freely available on the Apple Store and Google Play.

The new app is a solution for the New Yorkers who are not able to afford high-quality cyber security tools and resources. The new smartphone-protection app is supposed to be able to identify and defend against mobile threats, stop you from connecting to malicious Wi-Fi networks, prevent you from installing malicious software on your smartphone, and send you notifications should you try to access malicious websites. The city says the app even works when the user is offline. The app helps the government increase the cybersecurity awareness among the residents of the Big Apple.

PRIVACY CONCERNS

NYC press office confirmed that the app does not collect or transmit any sensitive data and they believe people should be able to protect themselves without sacrificing their private information to do so. Developers are only able to see a randomly generated device ID, the OS, and the version of the app. However, the app is managed by NYC Cyber Command (NYC3) – Business Insider calls it one of the most important government agencies in America’s biggest city.

The agency is currently leading the city’s cyber defense efforts and is collaborating with more than 100 agencies that aim to prevent, detect, respond, and recover from cyber threats. Even though that the city claims the app does not collect information that can be used to trace your identity, it still gathers data about your device and the information might one day be shared with third parties.

Government surveillance tool or not, the new app is made by the city to protect New Yorkers from cyber threats. Even though the app lacks the sophisticated capabilities of modern antivirus apps and comes with a plain interface, it is a layer of security that every low-income resident of the Big Apple should have on their smartphone. And for the rest, there are other more effective ways to protect your connected devices.

Panda Mobile Security

Whether you live outside or inside the Big Apple, we remind you that with Panda Mobile Security you can protect all your mobile devices and locate them in case of loss or theft.

In addition, the integrated VPN network adds a further layer of security so that your privacy is not at risk.

Download Panda Mobile Security

The post New York City to battle cybercrime with an app appeared first on Panda Security Mediacenter.

How is the U.S. going to combat foreign influence in the upcoming midterm elections?

The U.S. midterm elections are approaching and one of the highest priorities for the federal government at the moment is to prevent foreign interference. On Friday, some of the biggest security agencies set on the alarm by confirming that Russia, China, Iran, and other foreign states are actively trying to hack and meddle with the upcoming elections. They are trying to hack the networks and databases of state and local governments and are executing misleading campaigns on various digital platforms. The news came as a joint statement released by a few government agencies including the Department of Justice, Federal Bureau of Investigation, and the Department of Homeland Security.

The authorities highlighted that foreign states might seek to influence voter perceptions and decision making not only in the upcoming 2018 midterms, but their actions might also be preparing the ground for interference in the 2020 U.S. elections.

Facebook is making efforts to combat foreign states from interfering. The company’s headquarters in Menlo Park has a new department known as the ‘war room.’ Mark Zuckerberg’s new task force predominantly consists of data engineers, developers, data scientists, and policymakers. They are in place to help the tech giant battle misinformation and decrease foreign influence. While Facebook’s actions are certainly a move in the right direction for the social network, government agencies are not leaving the faith of the 2018 midterm elections in the hands of Mark Zuckerberg’s new team.

The authorities are actively trying to take matters into their own hands. Last week we saw the first charge for meddling in the midterm elections. Elena Khusyaynova, a Russian citizen, was charged over alleged intentions to interfere in this year’s elections. The Russia-based accountant is allegedly associated with an organization that actively interfered with the presidential elections in 2016. Back in 2016, the organization participated in purchasing political advertisements on various social networks in the names of U.S. persons and entities. Members of the same Russia-based company were posing as Americans and were failing to disclose their Russian identities while soliciting and compensating real U.S. citizens to promote or disparage candidates. According to the criminal complaint against the Russian charged with electoral interference, over the last ten months, Elena has been participating in a scheme to spend more than $10 million on targeted social media campaigns aiming “to sow division and discord in the U.S. political system.”

What are the elements of these misleading campaigns and how to stay away from them?

According to the Director of National Intelligence Dan Coats, the content of these campaigns might reach you in many forms, including using social media to amplify divisive issues, sponsored specific content in the English-language press like RT and Sputnik, or through sympathetic spokespersons discussing political candidates. One of the best ways to prevent foreign states from using you as a tool that causes harm to the U.S. democracy is to avoid sketchy websites and always get your information from trusted media outlets. Gathering information from unknown sources might not only lead to misinformation but may also hurt your personal life – malicious websites can steal sensitive data from your connected devices. It is always a good idea to have antivirus software that can stop you and your loved ones from accessing websites known to cause harm.

Download your Antivirus

The post How is the U.S. going to combat foreign influence in the upcoming midterm elections? appeared first on Panda Security Mediacenter.

Symantec, IBM, FireEye Named Among Threat Intelligence Leaders

Looking Glass Cyber Solutions

Threat intelligence presents a massive growth opportunity for the channel as the global market is expected to more than double, reaching nearly $13 billion by 2023.

That’s according to a new report by MarketsandMarkets, which expects a compound annual growth rate of almost 20 percent. The market’s value is $5.3 billion today.

Major threat-intelligence providers include such companies as Symantec, IBM, FireEye, Check Point Software Technologies, Trend Micro, Dell Technologies, McAfee, LogRhythm, LookingGlass Cyber Solutions and Proofpoint.

The key factors driving the market include the rise in interconnectivity due to IoT and bring your own device (BYOD), an increasing number of targeted attacks and pervasive advanced persistent threats (APTs), the need for organizations to deploy next-generation cybersecurity, and stringent directives for data protection.

With the increasing instances of cyberattacks, IoT and connected device vulnerabilities, and growing pressure from cybersecurity regulations, the security information and event management (SIEM) segment is expected to garner the most revenue during the forecast period.

Cloud-based threat intelligence is gaining traction among small and medium enterprises, as they are cost-efficient and don’t require purchasing, installing and maintaining hardware or software. Scalability, easier operations and attractive pricing are boosting the adoption of cloud-based services.

The banking, financial services and insurance (BFSI) vertical is expected to maintain the leading position in terms of revenue generation through 2023. The industry is a major target for cybercriminals, as it holds sensitive information of employees, customers, assets, offices, branches and operations. Also, with stricter regulations, and increasing instances of fraud and cyberattacks, the need for real-time detection and protection from advanced threats is driving growth in this segment.

North America is expected to maintain the largest share of the overall market through 2023. The presence of many threat-intelligence vendors, as well as widespread awareness about the services they offer, will continue to account for the region’s dominance.

 

Source: https://www.channelpartnersonline.com/2018/11/02/symantec-ibm-fireeye-named-among-threat-intelligence-leaders/

The post Symantec, IBM, FireEye Named Among Threat Intelligence Leaders appeared first on LookingGlass Cyber Solutions Inc..

New platform helps enterprises manage third-party cyber risks

BetaNews

BetaNews, Ian Barker, October 30, 2018
Source: https://betanews.com/2018/10/30/third-party-risk-platform/


Moving to digital transformation means that companies frequently have a host of vendors, suppliers, providers, and subsidiaries, all connected to their network or data and each with the potential to publicly expose customer information, intellectual property, or heavily regulated data.

Without continuous insight into these other networks third-party risks can be hard to assess, leaving businesses open to the possibility of data breaches.

Intelligence-driven security company LookingGlass is launching a new subscription-based monitoring service. This uses threat data along with a team of expert security and intelligence analysts to mitigate risks and provide continuous visibility into potential exposure.

“When it comes to risk, companies have more than just their own perimeters to consider. Every new or existing vendor increases the possibility for exposure that could lead to a breach and impact revenue, brand, and reputation,” says Eric Olson, senior vice president of product at LookingGlass Cyber Solutions. “Changing regulations that require organizations to demonstrate effective identification and management of third party relationships and associated cyber risk add even more layers of complexity to the already time-consuming task of keeping networks secure from a constant barrage of evolving inbound threats. Our Third Party Risk Monitoring service empowers security teams to effectively manage their company’s security posture by delivering the efficient, reliable analysis essential to making strategic, proactive risk management decisions.”

The LookingGlass Third Party Risk Monitoring service can be delivered as a shared or hosted service via LookingGlass or from select partners in the company’s worldwide Cyber Guardian Network. It includes round-the-clock support along with on-boarding and provisioning. In addition to continuous monitoring of third parties, it also performs perpetual scanning of the surface, social, deep, and dark web for both structured and unstructured data, including phishing activity, compromised account credentials, and vulnerabilities in vendor products.

You can find out more on the LookingGlass website.

Savannah Young
Media Associate
703-877-8111

The post New platform helps enterprises manage third-party cyber risks appeared first on LookingGlass Cyber Solutions Inc..

2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past

the cyberwire

LookingGlass Cyber Solutions Software Platform Proactively Manages Third Party Cyber Risks to Business Data and Operations

ScoutPrime™ Capability Delivers Continuous Monitoring and Real-Time Discovery of Elevated Breach Risks, Helping Decision-Makers Take Action and Manage Their Expanded Cyber Attack Surface

October 30th, 2018 – RESTON, Va.–(BUSINESS WIRE)–LookingGlass™ Cyber Solutions, a leader in threat intelligence-driven security, today announced the general availability of its advanced Third Party Risk Monitoring offering. Built on the powerful ScoutPrime platform, the LookingGlass subscription service offering leverages the industry’s most comprehensive threat data along with a team of expert security and intelligence analysts to mitigate risks, provide continuous visibility into potential vendor exposure, and significantly reduce time to action with negligible false positives.

Source: https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_30.html

The post 2017 cyberattacks proved more numerous, sophisticated, and ruthless than in years past appeared first on LookingGlass Cyber Solutions Inc..

Security newsround: October 2018

We round up interesting research and reporting about security developments from around the web. This month: data breaches are up (again), help with hacks, incident response, attacks on trust providers and a numbers game.

Breach over troubled water

More than 4.5 billion data records were compromised in the first half of 2018. That’s a 133 per cent increase from last year and a staggering 1,751 per cent up on the first half of 2015. And if those stats aren’t scary enough, try this one: the total number of breached records equates to 291 every second, on average.

The findings come from Gemalto’s 2018 Breach Level Index. The company also found that the average records per incident is growing at an alarming rate. In 2015, the average was 276,936 records; by this year, the average stands at 4.8 million records per incident. The arrival of GDPR has cast a fresh spotlight on the risk of data breaches.

Common hacks and how to stop them

A new report throws the spotlight on commonly used hacking tools and ways of stopping them. The report is a joint collaboration between the cybersecurity authorities of Australia, Canada, New Zealand, the UK, and the US. The report gives an overview of tools that attackers are known to have used in recent incidents. They give the ability to plant backdoors or exfiltrate data, gain remote admin control of web servers or move laterally in compromised networks.

“The intel is designed to give enterprises a better awareness of what they’re up against so they are better positioned to prepare defences,” The Register reported. The report is for network and systems administrators, and anyone involved in incident response. It’s available free here.

Best practice incident response

Stuck for ideas to develop an incident response plan? The cybersecurity unit at the US Department of Justice might be able to help. It has updated its guide to best practice for victim response and reporting cyber incidents. The 25-page document includes sections covering pre- and post-event actions, as well as advice on what not to do. Also included: threat education for senior management, plus advice on engaging with law enforcement and with incident response specialist firms. It’s available to download at this link.

Breakdown of trust

ENISA has published its first full-year annual report about significant security incidents at trust service providers in the EU. The document covers all of the incidents during 2017 involving services that make electronic transactions more secure, like digital signatures and certificates, or electronic seals and timestamps. The report found that half of the security incidents rated as ‘severe’ and a similar number had impact across borders. The most affected services were e-signatures and e-seals. System failures and third-party failures were the most common root causes, each with 36 per cent. The report summary is here and the full report is free to download here.

Security’s search for meaningful metrics

Better security starts with knowing what you need to defend against; data beats anecdotes every time. The problem is, cybersecurity metrics suffer from inconsistency. An article in Defense One reports that NATO member governments have different ways of counting what constitutes a cyber attack. That’s a problem, says the article’s author Stefan Soesanto. “Without published standards and discernable metrics … warnings are of no real value to the public. We simply do not know whether 6,000 annual attacks against NATO’s infrastructure is a lot or whether any of the 24,000 attacks against the French MoD were serious.”

John Pescatore of SANS Institute compared this to the retail sector, which uses revenue loss from shrinkage as a more reliable figure than the number of attempted thefts. “That is why reports looking at actual damage like the Verizon Data Breach Investigation Report and Microsoft’s Security Intelligence report [well, parts of it], are much more useful than the numerous ‘billions and billions of attacks are being observed’ reports,” he wrote.

Better security through privacy audits?

Here’s one interesting fact to emerge from the news that Google was finally killing off Google+. (Not counting the fact that Google+ still existed, surprising many of us who assumed it disappeared years ago). Up to 500,000 Google+ user accounts were potentially at risk of exposing their data to external developers. Here’s the kicker: Google reportedly discovered the exposure during GDPR and privacy checks as part of its Project Strobe initiative.

Some reports led with Google’s decision not to disclose the flaw because the company feared it would lead to closer regulatory scrutiny. But would this have actually happened? Stripe’s Tommy Collison noted that although the data was exposed, it’s not technically a breach since Google claims no-one has misused the information.

Things we liked

ISACA has introduced a new programme to help people to acquire and prove skills in auditing cybersecurity processes, policies and tools. MORE

Why return on investment calculations might not tell the whole story when it comes to cybersecurity investments. MORE

Brian Krebs interviews Tony Sager, former NSA bug hunter and now VP at the Center for Internet Security about a very timely subject: supply chain security. MORE

Finland’s data protection authority has some great guides for data subjects, including this English-language document about how to make a subject access request. MORE

A new Irish initiative aims to put 5,000 people to work in the field of cybersecurity over the next three years by upskilling them. MORE

IBM launched a free cybersecurity learning resource aimed at girls, called ‘’Securing the Internet of Things’. MORE

 

 

The post Security newsround: October 2018 appeared first on BH Consulting.

Win With The @Crucial Point and @CTOvision Product Lineup

For 10 years, Crucial Point and CTOvision have supported business and government decision-makers with action oriented research, consulting and advisory services. We have continually provided insights on our research via products under our CTOvision and ThreatBrief brands. The current newsletter lineup includes:
  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities. This is our largest distribution list with over 32000 members. As its name implies, it is published once a month.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

 

The post Win With The @Crucial Point and @CTOvision Product Lineup appeared first on The Cyber Threat.

Insurance Occurrence Assurance?

You may have seen my friend Brian Krebs’ post regarding the lawsuit filed last month in the Western District of Virginia after $2.4 million was stolen from The National Bank of Blacksburg from two separate breaches over an eight-month period. Though the breaches are concerning, the real story is that the financial institution suing its insurance provider for refusing to fully cover the losses.

From the article:

In its lawsuit (PDF), National Bank says it had an insurance policy with Everest National Insurance Company for two types of coverage or “riders” to protect it against cybercrime losses. The first was a “computer and electronic crime” (C&E) rider that had a single loss limit liability of $8 million, with a $125,000 deductible.

The second was a “debit card rider” which provided coverage for losses which result directly from the use of lost, stolen or altered debit cards or counterfeit cards. That policy has a single loss limit of liability of $50,000, with a $25,000 deductible and an aggregate limit of $250,000.

According to the lawsuit, in June 2018 Everest determined both the 2016 and 2017 breaches were covered exclusively by the debit card rider, and not the $8 million C&E rider. The insurance company said the bank could not recover lost funds under the C&E rider because of two “exclusions” in that rider which spell out circumstances under which the insurer will not provide reimbursement.

Cyber security insurance is still in its infancy and issues with claims that could potentially span multiple policies and riders will continue to happen – think of the stories of health insurance claims being denied for pre-existing conditions and other loopholes. This, unfortunately, is the nature of insurance. Legal precedent, litigation, and insurance claim issues aside, your organization needs to understand that cyber security insurance is but one tool to reduce the financial impact on your organization when faced with a breach.

Cyber security insurance cannot and should not, however, be viewed as your primary means of defending against an attack.

The best way to maintain a defensible security posture is to have an information security program that is current, robust, and measurable. An effective information security program will provide far more protection for the operational state of your organization than cyber security insurance alone. To put it another way, insurance is a reactive measure whereas an effective security program is a proactive measure.

If you were in a fight, would you want to wait and see what happens after a punch is thrown to the bridge of your nose? Perhaps you would like to train to dodge or block that punch instead? Something to think about.

Free SANS Webinar: I Before R Except After IOC

Join Andrew Hay on Wednesday, July 25th, 2018 at 10:30 AM EDT (14:30:00 UTC) for an exciting free SANS Institute Webinar entitled “I” Before “R” Except After IOC. Using actual investigations and research, this session will help attendees better understand the true value of an individual IOC, how to quantify and utilize your collected indicators, and what constitutes an actual incident.

Overview
Just because the security industry touts indicators of compromise (IOCs) as much needed intelligence in the war on attackers, the fact is that not every IOC is valuable enough to trigger an incident response (IR) activity. All too often our provided indicators contain information of varying quality including expired attribution, dubious origin, and incomplete details. So how many IOCs are needed before you can confidently declare an incident? After this session, the attendee will:

  • Know how to quickly determine the value of an IOC,
  • Understand when more information is needed (and from what source), and
  • Make intelligent decisions on whether or not an incident should be declared.

Register to attend the webinar here: https://www.sans.org/webcasts/108100.

The Daily Threat Brief: The President Gets A Daily Brief, Shouldn’t You?

The Daily Threat Brief is our version of the President’s Daily Brief (PDB),  focused on cyber threats and tips on being as secure as possible. We provide actionable insights into threat actors and their motivations and also dive into their tactics in ways that will inform your business decisions.

To sign up for the Daily Threat Brief see: CTOvision Newsletter Signups

Our full array of newsletters includes:

  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

 

 

The post The Daily Threat Brief: The President Gets A Daily Brief, Shouldn’t You? appeared first on The Cyber Threat.

The CTOvision Cyberwar and Cybersecurity Weekly

The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. We help you defend your piece of cyberspace at home and at work.

To sign up for the CTOvision Cyberwar and Cybersecurity Weekly see: CTOvision Newsletter Signups

Our full array of newsletters includes:

  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

The post The CTOvision Cyberwar and Cybersecurity Weekly appeared first on The Cyber Threat.

The CTOvision Artificial Intelligence, Big Data and Analytics Weekly

The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.

To sign up for the Weekly AI, Big Data and Analytics Newsletter see: CTOvision Newsletter Signups

Our full array of newsletters includes:

  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

The post The CTOvision Artificial Intelligence, Big Data and Analytics Weekly appeared first on The Cyber Threat.

The CTOvision Weekly Tech Review

The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts for the executive in need of actionable insights which can drive decisions and lead to victory in the market place.

We report on: on Cloud Computing, Artificial Intelligence, Mobility, Big Data, Robotics, Internet of Things, Cybersecurity and Blockchain and Cryptocurrencies.

We also provide focus on high interest topics, including Science Fiction, Entertainment, Cyber War, Tech Careers, Training and Education and Tech Tips.

To sign up for the CTOvision Pro IT Report see: CTOvision Newsletter Signups

Our full array of newsletters includes:

  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

The post The CTOvision Weekly Tech Review appeared first on The Cyber Threat.

The CTOvision Daily: Keep your finger on the pulse of the tech world

The Daily CTOvision.com is produced for the technology executive who needs to stay in the loop on the latest in technology and concepts for applying IT to address business and mission needs. Our daily provides summaries of all reporting.  If we don’t publish it does not go out, but it is never more than once a day.

We report on: on Cloud Computing, Artificial Intelligence, Mobility, Big Data, Robotics, Internet of Things, Cybersecurity and Blockchain and Cryptocurrencies.

We also provide focus on high interest topics, including Science Fiction, Entertainment, Cyber War, Tech Careers, Training and Education and Tech Tips.

To sign up for the CTOvision Daily see: CTOvision Newsletter Signups

Our full array of newsletters includes:

  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

The post The CTOvision Daily: Keep your finger on the pulse of the tech world appeared first on The Cyber Threat.

The CTOvision Monthly Report

CTOvision writes for the enterprise technologist. We provide CTOs, CIOs, CISOs, data scientists and other technologists with insights into emerging tech trends and concepts for making the most of advanced technologies. We organize events focused on thought leadership and provide research insights through a portfolio of newsletters.

Our premier publication is our monthly technology review, sent to over 32,000 technology thought leaders. This monthly summarizes reporting from the CTOvision.com blog as well as tech trends from the IT industry. The monthly also provide links to our technology assessments. The result: readers are provided with deep and actionable insights into the dynamic tech world.

To sign up for the Monthly CTOvision.com Tech Review see: CTOvision Newsletter Signups

Our full array of newsletters includes:

  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

The post The CTOvision Monthly Report appeared first on The Cyber Threat.

Inform your decisions with exquisite intelligence from CTOvision and ThreatBrief

For 10 years, Crucial Point, the consultancy formed by The Cyber Threat author Bob Gourley, has supported business and government decision-makers with action oriented research, consulting and advisory services. We have continually provided insights on our research via products under our CTOvision and ThreatBrief brands.
The current newsletter lineup includes:
  • The Monthly CTOvision.com Tech Review provides a recap of the most significant trends sweeping the technology community in the prior month, plus insights into coming events and activities. This is our largest distribution list with over 32000 members. As its name implies, it is published once a month.
  • The Daily CTOvision.com Update provides a summary of posts we publish on our blog.  If we don’t publish it does not go out, but it is never more than once a day to 6,000 readers. All posts on the site are also shared with the over 14,500 CTOvision twitter followers and over 12,000 of Bob Gourley’s connections on LinkedIn.
  • The CTOvision Pro IT Report  summarizes enterprise IT developments and concepts. Transmitted to a select list of 700 CTOs and other tech professionals every Tuesday.
  • The Weekly Artificial Intelligence, Big Data and Analytics Newsletter is a weekly review of hot topics on the theme of Big Data. This is our fastest growing list with over 1,500 readers receiving the newsletter every Wednesday.
  • The Weekly Cyberwar and Cybersecurity Review summarizes enterprise IT security technologies and concepts and the issues you need to track regarding the high end threat actors. Over 6,000 readers receive this report every Thursday.
  • The Daily Threat Brief Our version of the President’s Daily Brief (PDB) focused on cyber threats and tips on being as secure as possible. Sent daily to a list of over 4,500 executives seeking insights into threats to business growth. Reports are also shared with over 10,000 Twitter followers of ThreatBrief.

For more and to sign up see: Crucial Point and CTOvision Newsletter Signups

The post Inform your decisions with exquisite intelligence from CTOvision and ThreatBrief appeared first on The Cyber Threat.

Interviewed on RSAC TV

I had the pleasure of being interviewed by Eleanor Dallaway, Editor and Publisher – Infosecurity Magazine, on RSA Conference Television (RSAC TV) last week at the annual RSA Security Conference.

In the interview, we spoke of what I had observed on the show floor, the state of the security industry, and I describe my perfect customer in information security.

Windows 10 Update Disrupts Pen Input; Microsoft Offers Potentially Dangerous Fix

A recent Microsoft security update – according to Wacom’s support pages, the OS build 16299.334 – has had a rather unexpected side-effect. Many users of have been experiencing issues where drawing apps, such as Photoshop, no longer function correctly. For example, pressing the pen to the tablet device does not “draw” as it should, but […]

Why the Cyber Criminals at Synack need $25 Million to Track Down Main Safety Faults

The enormous number of hacks in 2014 have propelled information safety into the front of the news and the brains of many companies. Cyber attacks on big enterprises like Target, Sony, and Home Depot lately caused President Obama to call for partnership amongst the two sectors (private and public) in order to share the information

The post Why the Cyber Criminals at Synack need $25 Million to Track Down Main Safety Faults appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Three Hacking Groups You Definitely Need to Know About

Hacker groups began to flourish in the early 1980s with the emergence of computer. Hackers are like predators that can access your private data at any time by exploiting the vulnerabilities of your computer. Hackers usually cover up their tracks by leaving false clues or by leaving absolutely no evidence behind. In the light of

The post Three Hacking Groups You Definitely Need to Know About appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Vanished in 60 seconds! – Chinese cyber criminals shut down Adobe Flash, Internet Explorer

Associates of two Chinese cyber crime teams have hollowed out the best prizes at a main yearly hacking competition held in Vancouver, Canada. Cyber attackers at Pwn2Own, commenced in 2007, were triumphant in violating the security of broadly -used software including Adobe Flash, Mozilla’s Firefox browser, Adobe PDF Reader and Microsoft’s freshly – discontinued Internet

The post Vanished in 60 seconds! – Chinese cyber criminals shut down Adobe Flash, Internet Explorer appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Researcher makes $225,000, legally, by cyber attacking browsers

A single researcher who is actually a cyber criminal made $225,000 this week  – that too all by legal means! This cyber research hacker cyber criminally attacked browsers this past week. For the past two days, safety researchers have tumbled down on Vancouver for a Google – sponsored competition called Pwn – 2 – Own,

The post Researcher makes $225,000, legally, by cyber attacking browsers appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Political analysts caution air plane connections systems that are susceptible to cyber attacks

Marketable and even martial planes have an Achilles heel that could abscond them as susceptible to cyber criminals on the ground, who specialists say could possibly seize cockpits and generate disorder in the skies. At the present, radical groups are thought to be short of the complexity to bring down a plane vaguely, but it

The post Political analysts caution air plane connections systems that are susceptible to cyber attacks appeared first on Hacker News Bulletin | Find the Latest Hackers News.

The Health insurance Company – Premera Blue Cross – of the United States of America was cyber criminally attacks and 11 million records were accessed

Pemera Blue Cross, a United States of America – based health insurance corporation, has confided in that its systems were infringed upon and their security and associability was breached when  cyber criminals hacked the company and made their way in 11 million of their customers’ records. It is the second cyber attack in a row

The post The Health insurance Company – Premera Blue Cross – of the United States of America was cyber criminally attacks and 11 million records were accessed appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Want to have a VPN Server on Your Computer (Windows) Without setting up Any Software?

Windows has the added facility to work as a VPN server, even though this choice is undisclosed. This can work on both versions of Windows – Windows 8 and Windows 7. To enable this, the server makes use of the point-to-point tunneling protocol (PPTP.) This could be valuable for linking to your home system on

The post Want to have a VPN Server on Your Computer (Windows) Without setting up Any Software? appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Anonymous wants to further its engagement in the exploration of space – ‘Unite as Species’

The hack – tivist cyber criminal group Anonymous, more often than not related with cyber campaigns in opposition to fraudulent government administrations and terrorist organizations, has now set its sights on space. They posted a video on the group’s most important You Tube channel on the 18th of March, and called on to everyone through

The post Anonymous wants to further its engagement in the exploration of space – ‘Unite as Species’ appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Microsoft Remote Desktop Connection Manager

Imagine having the access and control to your computer to any place in the world from your iPhone. That would be really futuristic, no? Actually, this is not because there are applications available that can let you tap into your computer from on your mobile. These remote control applications do more than simply allow you

The post Microsoft Remote Desktop Connection Manager appeared first on Hacker News Bulletin | Find the Latest Hackers News.

Security Beyond The Perimeter

Whether we like it or not, the way we architect, utilize, and secure the networks and systems under our control has changed. When servers were safely tucked away behind corporate firewalls and perimeter-deployed intrusion prevention controls, organizations became complacent and dependent on their host security. Unfortunately, inadequately architected security controls that rely solely on broad network-based protection can make the migration of an organization’s systems to private, public, and hybrid cloud hosting even more exposed to attackers than they were before.

Everyone has heard the “defense in depth” analogy relating security to a medieval castle with controlled access to different locations of the castle and a defensive moat around the perimeter. This “hard outside” and “soft inside” model was designed to make it as difficult as possible to get past the perimeter. However, once inside the walls, the trusted individual had elevated access to resources within the network.

Unsurprisingly, the medieval defense analogy has lost much of its relevance in a world where systems and users move effortlessly from within the confines of a walled corporation, to a local coffee shop, and perhaps even to a different country as part of normal business operations.

Securing the next generation of hosting platforms requires a new approach that not every organization is ready for. Some industry analyst firms promote the idea of a “cloud first strategy” for all technology deployments. Though not a bad idea, per se, this doesn’t mean that forklifting your entire architecture into cloud or containerized environments should be your number one priority – especially if you’re being forced to choose between a new architecture and the traditional security controls that you depend upon.

Thankfully, technology has evolved to allow for more seamless security in environments that need to span traditional datacenters, virtualization, and cloud environments. This has allowed organizations to grow their capabilities without the need to choose between having security and having new technology stacks.

So how do we, as security professionals and business owners, decide what mitigating controls should be deployed to future-proof our security? It’s actually much easier than it sounds. To learn more about how to perform security beyond the perimeter please read my full post on https://www.juniper.net/us/en/dm/security-beyond-the-perimeter/.

The Hay CFP Management Method

By Andrew Hay, Co-Founder and CTO, LEO Cyber Security.

I speak at a lot of conferences around the world. As a result, people often ask me how I manage the vast number of abstracts and security call for papers (CFPs) submissions. So I thought I’d create a blog post to explain my process. For lack of a better name, let’s call it the Hay CFP Management Method. It should be noted that this method could be applied to any number of things from blog posts to white papers and scholastic articles to news stories. I have successfully proven this methodology for both myself and my teams at OpenDNS, DataGravity, and LEO Cyber Security. Staying organized helped manage the deluge of events, submitted talks, and important due dates in addition to helping me keep track of where in the world my team was and what they were talking about.

I, like most people, started managing abstracts and submissions by relying on email searches and documents (both local and on Google Drive, Dropbox, etc.). Unfortunately, I didn’t find this scaled very well as I kept losing track of submitted vs. accepted/rejected talks and their corresponding dates. It certainly didn’t scale when it was applied to an entire team as opposed to a single individual.

Enter Trello, a popular (and freemium) web-based project management application that utilizes the Kanban methodology for organizing projects (boards), lists (task lists), and tasks (cards). In late September I start by creating a board for the upcoming year (let’s call this board the 2018 Conference CFP Calendar) and, if not already created, a board to track my abstracts in their development lifecycle (let’s call this board Talk Abstracts).

Within the Talk Abstracts board, I create several lists to act as swim lanes for my conference abstracts and other useful information. These lists are:

* Development: These are talks that are actively being developed and are not yet ready for prime time.
* Completed: These are talks that have finished development and are ready to be delivered at an upcoming event.
* Delivered: These are talks that have been delivered at least once.
* Misc: This list is where I keep my frequently requested form information such as my short bio (less than 50 characters), long bio (less than 1,500 characters), business mailing address (instead of browsing to your corporate website every time), and CISSP number (because who can remember that?).
* Retired: As a personal rule, I only use a particular talk for one calendar year. When I feel as though the talk is stale, boring, or stops being accepted, I move the card to this list. That’s not to say you can’t revive a talk or topic in the future as a “version 2.0”. This is why keeping the card around is valuable.

Within the 2018 Conference CFP Calendar board, I create several lists to act as swim lanes for my various CFPs. These lists are:

* CFP open: This is where I put all of the upcoming conference cards that I know about even if I do not yet know the exact details (such as location, CFP open/close, etc.).
* CFP closes in < 30 days: This is where I put the upcoming conference cards that have a confirmed closing date within the next 30 days. Note, it is very important to record details in the cards such as closing date, conference CFP mechanism (e.g. email vs. web form), and any related URLs for the event.
* Submitted: These are the conferences that I have submitted to and the associated cards. Note, I always provide a link to the abstract I submitted as a way to remind myself what I’m talking about.
* Accepted: These are the accepted talk cards. Note, I always put a copy of the email (or link to) acceptance notification to record any details that might be important down the road. I also make sure to change the date on the card to that of the speaking date and time slot to help keep me organized.
* Attending but not presenting: This is really a generic catch-all for events that I need to be at but may not be speaking at (e.g. booth duty, attending training, etc.). The card and associated dates help keep my dance card organized.
* Accepted but backed out: Sometimes life happens. This list contains cards of conference submissions that I had to back out of for one reason or another. I keep these cards in their own column to show me what was successfully accepted and might be a fit for next year in addition to the reason I had to back out (e.g. conflict, personal issue, alien abduction, etc.).
* Completed: This list is for completed talk cards. Again, I keep these to reference for next year’s board as it provides some ballpark dates for when the CFP opens, closes, as well as the venue and conference date.
* Rejected: They’re not all winners and not everybody gets every talk accepted. In my opinion, keeping track of your rejected talks is as (if not more) important as keeping track of your accepted talks. Not only does it allow you to see what didn’t work for that particular event, but it also allows you to record reviewer feedback on the submission and maybe submit a different style or type of abstract in the future.
* Not doing 2018: This is the list where I put conference cards that I’ve missed the deadline on (hey, it happens), cannot submit to because of a conflict, or simply choose to not submit a talk to.

It should be noted that I keep the above lists in the same order every year to help minimize my development time against the Trello API for my visualization dashboard (which I will explain in a future blog post). This might sound like a lot of work but once you’ve set this board up you can reuse it every year. In fact, it’s much easier to copy last year’s board than starting fresh every year, as it brings the cards and details over. Then all you need to do is update the old cards with the new venue, dates, and URLs.

Now that we have our board structure created we need to start populating the lists with the cards – which I’ll explain in the next blog post. In addition to the card blog post, I’ll explain two other components of the process in subsequent posts. For reference, here are the upcoming blog posts that will build on this one:

* Individual cards and their structure
* Moving cards through the pipeline
* Visualizing your board (and why it helps)

The post The Hay CFP Management Method appeared first on LEO Cyber Security.

Detect and Prevent Data Exfiltration Webinar with Infoblox

Please join SANS Institute Instructor and LEO Cyber Security Co-Founder & CTO Andrew Hay and Infoblox Security Product Marketing’s Sam Kumarsamy on Thursday, August 17th, 2017 at 1:00 PM EDT (17:00:00 UTC) as they present a SANS Institute webinar entitled Detect & Prevent Data Exfiltration: A Unique Approach.

Overview

Data is the new currency in the modern digital enterprise and protecting data is a strategic imperative for every organization. Enterprises must protect data whether it resides in a data center, an individual’s laptop that is used on premise or off premise and across the global distributed enterprise. Effective data exfiltration prevention requires protecting DNS, the most commonly used channels to steal data and combining reputation, signatures and behavioral analytics. The detection and prevention of loss of data requires analysis of vast amounts of network data and require a solution that can scale to examine this data. In this webinar you will also learn about the Infoblox’s unique approach to detecting and preventing data exfiltration.

To register for the webinar, please visit: https://www.sans.org/webcasts/detect-prevent-data-exfiltration-unique-approach-infoblox-104985

You can now also attend the webcast using your mobile device!

 

The post Detect and Prevent Data Exfiltration Webinar with Infoblox appeared first on LEO Cyber Security.

Petya Ransomware: What You Need to Know and Do

By: Andrew Hay

Unless you’ve been away from the Internet earlier this week, you’ve no doubt heard by now about the global ransomware outbreak that started in Ukraine and subsequently spread West across Western Europe, North America, and Australia yesterday. With similarities reminiscent to its predecessor WannaCry, this ransomware attack shut down organizations ranging from the Danish shipping conglomerate Maersk Line to a Tasmanian-based Cadbury chocolate factory.

I was asked throughout the course of yesterday and today to help clarify exactly what transpired. The biggest challenge with any surprise malware outbreak is the flurry of hearsay, conjecture, speculation, and just plain guessing by researchers, analysts, and the media.

At a very high level, here is what we know thus far:

  • The spread of this campaign appears to have originated in Ukraine but has migrated west to impact a number of other countries, including the United States where pharmaceutical giant Merck and global law firm DLA Piper were hit
  • The initial infection appears to involve a software supply-chain threat involving the Ukrainian company M.E.Doc, which develops tax accounting software, MeDoc
  • This appears to be a piece of malware utilizing the EternalBlue exploit disclosed by the Shadow Brokers back in April 2017 when the group released several hacking tools obtained from the NSA
  • Microsoft released a patch in March 2017 to mitigate the discovered remote code execution vulnerabilities that existed in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handled certain requests
  • The malware implements several lateral movement techniques:
    • Stealing credentials or re-using existing active sessions
    • Using file-shares to transfer the malicious file across machines on the same network
    • Using existing legitimate functionalities to execute the payload or abusing SMB vulnerabilities for unpatched machines
  • Experts continue to debate whether or not this is a known malware variant called Petya but several researchers and firms claim that this is a never before seen variant that they are calling GoldenEye, NotPetya, Petna, or some other random name such as Nyetya
  • The jury is still out on whether or not the malware is new or simply a known variant

 

Who is responsible?

The million dollar question on everyone’s mind is “was this a nation-state backed campaign designed to specifically target Ukraine”? We at LEO believe that to be highly unlikely for a number of reasons. The likelihood that this is an opportunistic ransomware campaign with some initial software package targets is far more likely scenario than a state-sponsored actor looking to destabilize a country.

Always remember the old adage from Dr. Theodore Woodward: When you hear hoofbeats, think of horses not zebras.

If you immediately start looking for Russian, Chinese, or North Korean state-sponsored actors around every corner, you’ll inevitably construct some attribution and analysis bias. Look for the facts, not the speculation.

What does LEO recommend you do?

We recommend customers that have not yet installed security update MS17-010 to do so as soon as possible. Until you can apply the patch, LEO also recommends the following steps to help reduce the attack surface:

  • Disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547
  • Block incoming SMB traffic from the public Internet on port 445 and 139, adding a rule on your border routers, perimeter firewalls, and any intersecting traffic points between a higher security network zone to a lower security network zone
  • Disable remote WMI and file sharing, where possible, in favor of more secure file sharing protocols
  • Ensure that your logging is properly configured for all network-connected systems including workstations, servers, virtualized guests, and network infrastructure such as routers, switches, and firewalls
  • Ensure that your antimalware signatures are up-to-date on all systems (not just the critical ones)
  • Review your patch management program to ensure that emergency patches to mitigate critical vulnerabilities and easily weaponized attacks can be applied in an expedited fashion
  • Finally, consider stockpiling some cryptocurrency, like Bitcoin, to reduce any possible transaction downtime should you find that your organization is forced to pay the ransom. Attempting to acquire Bitcoin during an incident may be time-prohibitive

 

Should your organization need help or clarification on any of the above recommendations, please don’t hesitate to reach out to LEO Cyber Security for immediate assistance.

Further reading

The post Petya Ransomware: What You Need to Know and Do appeared first on LEO Cyber Security.

Diving into the Issues: Observations from SOURCE and AtlSecCon

Last week I had the pleasure of presenting three times, at two conferences, in two different countries: SOURCE in Boston, MA and at the Atlantic Security Conference (AtlSecCon) in Halifax, NS, Canada.

The first event of my week was SOURCE Boston. This year marked the tenth anniversary of SOURCE Conference and it continues to pride itself on being one of the only venues that brings business, technology and security professionals together under one roof to focus on real-world, practical security solutions for some of todays toughest security issues. Though I was only there for the first day, I was able to catch up with friends, play some Hacker Movie Trivia with Paul Asadoorian (@securityweekly), and chat with attendees on some of the biggest challenges we face around detecting and mitigating ransomware attacks.

After my presentation, I rushed off to Logan Airport to sit in, on what I now choose to call, the “Air Canada Ghetto” – a small three gate departure area segregated from the rest of the airport and its amenities. A minor four hour delay later, I was on my way to Halifax for AtlSecCon.

Between meetings and casual conversations I was enlightened by several presentations. Raf Los (@Wh1t3Rabbit), managing director of solutions research & development at Optiv, discussing Getting Off the Back Foot – Employing Active Defence which talked about an outcome-oriented and capabilities-driven model for more effective enterprise security.

After his talk, Aunshul Rege (@prof_rege), an assistant professor with the Criminal Justice department at Temple University, gave a very interesting talk entitled Measuring Adversarial Behavior in Cyberattacks. With a background in criminology, Aunshul presented her research from observations and interviews conducted at the Industrial Control Systems Computer Emergency Response Team’s (ICS-CERT) Red/Blue cybersecurity training exercise held at Idaho National Laboratory. Specifically, she covered how adversaries might engage in research and planning, offer team support, manage conflict between group members, structure attack paths (intrusion chains), navigate disruptions to their attack paths, and how limited knowledge bases and self-induced mistakes can possibly impact adversaries.

The last presentation was Mark Nunnikhoven’s (@marknca) highlighting Is Your Security Team Set up To Fail? Mark, the VP of cloud research at Trend Micro and a personal friend, examined the current state of IT security programs and teams…delving into the structure, goals, and skills prioritized by the industry.

The second day of the conference was filled with meetings for me but I was able to sit through Michael Joyce’s talk entitled A Cocktail Recipe for Improving Canadian Cybersecurity.  Joyce described the goals and objectives of The Smart Cybersecurity Network (SERENE-RISC) – a federally funded, not-for-profit knowledge mobilization network created to improve the general public’s awareness of cybersecurity risks and to empower all to mitigate them through knowledge. He was an excellent presenter and served as a call to action for those looking to help communicate the need for cybersecurity to all Canadians.

At both conferences I presented my latest talk entitled The Not-So-Improbable Future of Ransomware which explored how thousands of years of human kidnap and ransom doctrine have served as a playbook for ransomware campaign operators to follow. It was well received by both audiences and sparked follow-up conversations and discussions throughout the week. The SOURCE version can be found here and the AtlSecCon version here.

The conversation was received some early praise on the SOURCE session in addition to written pieces by Bill Brenner (@billbrenner70) from Sophos:


And Taylor Armerding (@tarmerding2) from CSO:


At AtlSecCon I joined a panel entitled Security Modelling Fundamentals: Should Security Teams Model a SOC Around Threats or Just Build Layers? Chaired by Tom Bain (@tmbainjr1), VP of marketing at CounterTack, the session served as a potpourri of security threats and trends ranging from ransomware, to regulation, to attack mitigation. It was quite fun and a great way to end the day.

Though it was a long series of flights home to the Bay Area I thoroughly enjoyed both conferences. I would highly recommend attending and/or speaking at both next year if you are provided with the opportunity.

Next up, (ISC)² CyberSecureGov 2017 in Washington, D.C. and the Rocky Mountain Information Security Conference (RMISC) in Denver, CO. Perhaps I’ll see some of our readers there!

The post Diving into the Issues: Observations from SOURCE and AtlSecCon appeared first on LEO Cyber Security.

Security is Not, and Should not be Treated as, a Special Flower

My normal Wednesday lunch yesterday was rudely interrupted by my adequate friend and reasonable security advocate Javvad calling me to ask my opinion on something. This in itself was surprising enough, but the fact that I immediately gave a strong and impassioned response told me this might be something I needed to explore further… The UK … Read More