Category Archives: security

Fedora 29: php-twig Security Update

**Version 1.38.2** (2019-03-12) * added TemplateWrapper::getTemplateName() ---- **Version 1.38.1** (2019-03-12) * fixed class aliases ---- **Version 1.38.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array

Fedora 29: php-twig2 Security Update

**Version 2.7.2** (2019-03-12) * added TemplateWrapper::getTemplateName() ---- **Version 2.7.1** (2019-03-12) * fixed class aliases ---- **Version 2.7.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array keys when fill

Fedora 28: php-twig Security Update

**Version 1.38.2** (2019-03-12) * added TemplateWrapper::getTemplateName() ---- **Version 1.38.1** (2019-03-12) * fixed class aliases ---- **Version 1.38.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array

Fedora 28: php-twig2 Security Update

**Version 2.7.2** (2019-03-12) * added TemplateWrapper::getTemplateName() ---- **Version 2.7.1** (2019-03-12) * fixed class aliases ---- **Version 2.7.0** (2019-03-12) * fixed sandbox security issue (under some circumstances, calling the __toString() method on an object was possible even if not allowed by the security policy) * fixed batch filter clobbers array keys when fill

Insider Threats Pose the Biggest Security Risk

An anonymous reader shares a report: According to a new study 91 percent of IT and security professionals feel vulnerable to insider threats, and 75 percent believe the biggest risks lie in cloud applications like popular file storage and email solutions including Google Drive, Gmail and Dropbox. The report from SaaS operations management specialist BetterCloud also shows 62 percent of respondents believe the biggest security threat comes from the well-meaning but negligent end user. Among other findings are that 46 percent of IT leaders (heads of IT and above) believe that the rise of SaaS applications makes them the most vulnerable. In addition 40 percent of respondents believe they are most vulnerable to exposure of confidential business information such as financial information and customer lists. Only 26 percent of C-level executives say they've invested enough to mitigate the risk of insider threats, compared to 44 percent of IT managers.

Read more of this story at Slashdot.

PewDiePie ransomware forcing users to subscribe him on YouTube

By Waqas

T-Series – PewDiePie Battle Takes an Ugly Turn- PewDiePie Fans Launching PewDiePie ransomware to Get Followers. The battle between T-Series and PewDiePie for the top slot on YouTube is getting more fierce and dramatic day by day. Where T-Series fans are supporting the Indian music company, PewDiePie fans have resorted to extreme measures in making […]

This is a post from HackRead.com Read the original post: PewDiePie ransomware forcing users to subscribe him on YouTube

Medtronic defibrillators vulnerable to life threatening cyber attacks

By Waqas

Defibrillators are electronic devices manufactured to save the lives of people with life-threatening heart conditions such as Hypertrophic Cardiomyopathy (HCM). But now, according to the Department of Homeland Security (DHS), Medtronic defibrillators are vulnerable to cyber attacks allowing hackers to remotely control the device within “short-range access.” In total, 20 Medtronic products are vulnerable affecting over […]

This is a post from HackRead.com Read the original post: Medtronic defibrillators vulnerable to life threatening cyber attacks

Security Affairs: Cisco addresses High-Severity flaws in IP Phone 8800 and 7800 series

Cisco released security updates to address vulnerabilities in its IP Phone 7800 and 8800 series that could be exploited by remote, unauthenticated attackers.

Cisco released security patches to address vulnerabilities in its IP Phone 7800 and 8800 series that could be exploited by remote, unauthenticated attackers.

Cisco IP Phone 8800 series are business desk phones that supports HD video, while Cisco IP Phone 7800 series are designed for desktops and conference rooms in businesses. 

All the flaws affect the Cisco 8800 series, while just one DoS issue (CVE-2019-1716) impacts Cisco IP Phone 7800 series.

Cisco-IP-Phones-8800-Series-Product-Single-Image

The flaws result from improper validation of user-supplied input during the authentication process.

“A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code.” reads the security advisory published by Cisco.

“The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user.”

The Cisco IP Phone 8800 series is also affected by a file upload denial of service issue (CVE-2019-1766) that resides in the web-based management interface. The vulnerability could be exploited by a remote attacker to cause high disk utilization, resulting in a denial of service.

“The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system.” reads the security advisory published by Cisco. “A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition. “

Cisco also addressed an authorization bypass vulnerability, tracked CVE-2019-1763, in the authorization management interface of its 8800 IP phones.

“A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition.” reads the advisory published by Cisco.

“The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to critical services and cause a DoS condition.”

The most severe vulnerabilities in Cisco 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem.

The two issues rated with the highest severity score, 8.1 out of 10.

The CSRF flaw, tracked as CVE-2019-1764 affects the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series, it could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack.

“The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link.” reads the advisory. “A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. “

The path traversal flaw tracked as CVE-2019-1765 results from a combination of insufficient input validation and file-level permissions.

“The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device. A successful exploit could allow the attacker to write files in arbitrary locations on the filesystem. ” states Cisco.

It gives an authenticated adversary write access to the filesystem of Cisco’s 8800 series IP phones and permits writing files of the attacker’s choice to arbitrary locations on affected products.

There are no workarounds for any of the vulnerabilities addressed by Cisco. The good news is that Cisco is not aware of any attack exploiting the issues in the wild.

Pierluigi Paganini

(SecurityAffairs – Cisco, IP Phone 8800)

The post Cisco addresses High-Severity flaws in IP Phone 8800 and 7800 series appeared first on Security Affairs.



Security Affairs

Cisco addresses High-Severity flaws in IP Phone 8800 and 7800 series

Cisco released security updates to address vulnerabilities in its IP Phone 7800 and 8800 series that could be exploited by remote, unauthenticated attackers.

Cisco released security patches to address vulnerabilities in its IP Phone 7800 and 8800 series that could be exploited by remote, unauthenticated attackers.

Cisco IP Phone 8800 series are business desk phones that supports HD video, while Cisco IP Phone 7800 series are designed for desktops and conference rooms in businesses. 

All the flaws affect the Cisco 8800 series, while just one DoS issue (CVE-2019-1716) impacts Cisco IP Phone 7800 series.

Cisco-IP-Phones-8800-Series-Product-Single-Image

The flaws result from improper validation of user-supplied input during the authentication process.

“A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code.” reads the security advisory published by Cisco.

“The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user.”

The Cisco IP Phone 8800 series is also affected by a file upload denial of service issue (CVE-2019-1766) that resides in the web-based management interface. The vulnerability could be exploited by a remote attacker to cause high disk utilization, resulting in a denial of service.

“The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system.” reads the security advisory published by Cisco. “A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition. “

Cisco also addressed an authorization bypass vulnerability, tracked CVE-2019-1763, in the authorization management interface of its 8800 IP phones.

“A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition.” reads the advisory published by Cisco.

“The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to critical services and cause a DoS condition.”

The most severe vulnerabilities in Cisco 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem.

The two issues rated with the highest severity score, 8.1 out of 10.

The CSRF flaw, tracked as CVE-2019-1764 affects the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series, it could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack.

“The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link.” reads the advisory. “A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. “

The path traversal flaw tracked as CVE-2019-1765 results from a combination of insufficient input validation and file-level permissions.

“The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device. A successful exploit could allow the attacker to write files in arbitrary locations on the filesystem. ” states Cisco.

It gives an authenticated adversary write access to the filesystem of Cisco’s 8800 series IP phones and permits writing files of the attacker’s choice to arbitrary locations on affected products.

There are no workarounds for any of the vulnerabilities addressed by Cisco. The good news is that Cisco is not aware of any attack exploiting the issues in the wild.

Pierluigi Paganini

(SecurityAffairs – Cisco, IP Phone 8800)

The post Cisco addresses High-Severity flaws in IP Phone 8800 and 7800 series appeared first on Security Affairs.

This Week in Security News: Radio Frequency Technology and Telecom Crimes

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how radio frequency technology is putting industrial organizations at risk. Also, understand the threat landscape of telecommunications and how to prepare for future threats.

Read on:

How Radio Frequency Technology is Putting the Industrial Sector at Risk

Leaders of industrial organizations must understand that the devices and systems employees leverage to control processes could open their business up to specific vulnerabilities. 

Microsoft warns Windows 7 users of looming end to security updates

Microsoft has rolled out a patch that will warn Windows 7 users that security updates will come to an end on January 14, 2020. At that time, the software giant will no longer roll out fixes for security flaws and vulnerabilities.

Attackers Targeting Cloud Infrastructure for Their Cryptocurrency-Mining Operations

With the rise of cryptocurrency-mining malware over the past couple of years, cybercriminals are constantly trying different kinds of monetization schemes. 

Email Scammers Stole More Than $150K from Defense Contractors and a University, FBI Says

Cybercriminals defrauded two defense contractors and a university out of more than $150,000 through email scams last year, the FBI has warned companies.

Global Telecom Crime Undermining Internet Security: Cyber-Telecom Crime Report

As the field of telecommunication continues to evolve, so should its security. Understanding its current threat landscape can help reduce the impact of crimes and prepare us for future threats. 

Half of Organizations Lack the Security Talent Needed to Remain Secure

According to the latest Trend Micro figures, organizations worldwide are faced with an ‘ongoing and often detrimental’ shortage of cybersecurity talent.

New Mirai Botnet Variant Targets IoT TV, Presentation Systems

Trend Micro researchers found a new Mirai variant in the wild targeting smart signage TV and wireless presentation systems commonly used by businesses. 

Aluminum Maker Hydro Battles to Contain Ransomware Attack

Norsk Hydro, one of the world’s largest aluminum producers, battled to contain a cyber-attack that halted parts of its production.

What You Need to Know About the LockerGoga Ransomware

The systems of Norwegian aluminum manufacturing company Norsk Hydro were reportedly struck last Tuesday, March 19, by LockerGoga ransomware. 

Round 4: Hacker Returns and Puts 26 Million User Records for Sale on the Dark Web

A hacker who previously put more than 840 million user records up for sale has returned with a fourth round of hacked data from six companies, totaling 26.42 million user records. 

Trump’s Cybersecurity Budget Emphasizes DOD While Spreading Cuts Elsewhere

Federal cybersecurity spending would increase by about 5 percent overall in fiscal 2020 under President Donald Trump’s proposed budget, with the Department of Defense getting a big boost and many civilian agencies seeing small cuts or relatively flat funding.

Are you surprised with the growth and evolution of telecom technology? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Radio Frequency Technology and Telecom Crimes appeared first on .

Announcing Offensive Warfare 2.0 – Official Hacking and Security Community Launch

Dear blog readers, I wanted to let everyone know that I've recently launched a public hacking and cyber security community repository offering Security Directory Downloads Podcasts and Security Videos directory including a countless number of hacking and security resources including a possible hacking and security discussion including community-based services and products - to keep the spirit

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data.

Facebook stored 600m user passwords in plain text exposed to 20k employees

By Uzair Amir

The company says it discovered the issue in January and there is no need to change passwords. The social media giant Facebook has revealed that its internal data storage systems saved user passwords in plain text that could be accessed by employees. The social media said an ongoing investigation so far has revealed no sign that employees abused or accessed […]

This is a post from HackRead.com Read the original post: Facebook stored 600m user passwords in plain text exposed to 20k employees

Security Affairs: Facebook passwords stored in plain text, hundreds of millions users affected

News problems for Facebook that admitted to have stored the passwords of hundreds of millions of users in plain text.

Facebook revealed to have stored the passwords of hundreds of millions of users in plain text, including passwords of Facebook Lite, Facebook, and Instagram users.

“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems.” reads the announcement published by Facebook.

“This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable.”

The disconcerting discovery was made in January by Facebook IT staff as part of a routine security review. The passwords were stored in plain text on internal data storage systems, this means that they were accessible only by employees.

Facebook quickly fixed the issue and plans to notify the affected users.
Facebook estimated that hundreds of millions of people using Facebook Lite, tens of millions of other Facebook users, and tens of thousands of Instagram users are impacted.

“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” continues Facebook.

“In the course of our review, we have been looking at the ways we store certain other categories of information — like access tokens — and have fixed problems as we’ve discovered them,”

Facebook passwords

According to the popular investigator Brian Krebs that is investigating the incident, hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees. Krebs date some cases back to 2012, anyway he did not find an indication that employees have abused access to this data.

Krebs believes that the passwords of between 200 million and 600 million Facebook users may have been stored in plain text, and that over 20,000 Facebook employees may have been able to search those passwords.

Krebs cited a senior Facebook employee, who is familiar with the investigation and who spoke on condition of anonymity, that revealed the company is currently investigating a series of incidents regarding employees who built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers.

According to Krebs, who cited its informer, access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.

Even if no passwords were exposed outside the company, Facebook suggests the following steps to secure users’ accounts:

  • You can change your password in your settings on Facebook and Instagram. Avoid reusing passwords across different services.
  • Pick strong and complex passwords for all your accounts. Password manager apps can help.
  • Consider enabling a security key or two-factor authentication to protect your Facebook account using codes from a third party authentication app. When you log in with your password, we will ask for a security code or to tap your security key to verify that it is you.

Pierluigi Paganini

(SecurityAffairs – Facebook passwords, privacy)

The post Facebook passwords stored in plain text, hundreds of millions users affected appeared first on Security Affairs.



Security Affairs

Facebook passwords stored in plain text, hundreds of millions users affected

News problems for Facebook that admitted to have stored the passwords of hundreds of millions of users in plain text.

Facebook revealed to have stored the passwords of hundreds of millions of users in plain text, including passwords of Facebook Lite, Facebook, and Instagram users.

“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems.” reads the announcement published by Facebook.

“This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable.”

The disconcerting discovery was made in January by Facebook IT staff as part of a routine security review. The passwords were stored in plain text on internal data storage systems, this means that they were accessible only by employees.

Facebook quickly fixed the issue and plans to notify the affected users.
Facebook estimated that hundreds of millions of people using Facebook Lite, tens of millions of other Facebook users, and tens of thousands of Instagram users are impacted.

“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” continues Facebook.

“In the course of our review, we have been looking at the ways we store certain other categories of information — like access tokens — and have fixed problems as we’ve discovered them,”

Facebook passwords

According to the popular investigator Brian Krebs that is investigating the incident, hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees. Krebs date some cases back to 2012, anyway he did not find an indication that employees have abused access to this data.

Krebs believes that the passwords of between 200 million and 600 million Facebook users may have been stored in plain text, and that over 20,000 Facebook employees may have been able to search those passwords.

Krebs cited a senior Facebook employee, who is familiar with the investigation and who spoke on condition of anonymity, that revealed the company is currently investigating a series of incidents regarding employees who built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers.

According to Krebs, who cited its informer, access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.

Even if no passwords were exposed outside the company, Facebook suggests the following steps to secure users’ accounts:

  • You can change your password in your settings on Facebook and Instagram. Avoid reusing passwords across different services.
  • Pick strong and complex passwords for all your accounts. Password manager apps can help.
  • Consider enabling a security key or two-factor authentication to protect your Facebook account using codes from a third party authentication app. When you log in with your password, we will ask for a security code or to tap your security key to verify that it is you.

Pierluigi Paganini

(SecurityAffairs – Facebook passwords, privacy)

The post Facebook passwords stored in plain text, hundreds of millions users affected appeared first on Security Affairs.

Fedora 28: xen Security Update

xen: various flaws (#1685577) grant table transfer issues on large hosts [XSA-284] race with pass-through device hotplug [XSA-285] x86: steal_page violates page_struct access discipline [XSA-287] x86: Inconsistent PV IOMMU discipline [XSA-288] missing preemption in x86 PV page table unvalidation [XSA-290] x86/PV: page type reference counting issue with failed IOMMU update

Press Release: Guardian Digital Leverages the Power of Open Source to Combat Evolving Email Security Threats

Cloud-based email security solution utilizes the open source methodology for securing business email, recognized by many as the best approach to the problem of maintaining security in the relentlessly dynamic environment of the Internet.

PewCrypt Ransomware Locks Users’ Files and Won’t Offer a Decryption Key Until – and Unless – PewDiePie’s YouTube Channel Beats T-Series To Hit 100M Subscribers

The battle between PewDiePie, currently the most subscribed channel on YouTube, and T-Series, an Indian music label, continues to have strange repercussions. In recent months, as T-Series closes in on the gap to beat PewDiePie for the crown of the most subscribers on YouTube, alleged supporters of PewDiePie, in an unusual show of love, have hacked Chromecasts and printers to persuade victims to subscribe to PewDiePie's channel. Now ZDNet reports about a second strain of ransomware that is linked to PewDiePie. From the report: A second one appeared in January, and this was actually a fully functional ransomware strain. Called PewCrypt, this ransomware was coded in Java, and it encrypted users' files in the "proper" way, with a method of recovering files at a later date. The catch --you couldn't buy a decryption key, but instead, victims had to wait until PewDiePie gained over 100 million followers before being allowed to decrypt any of the encrypted files. At the time of writing, PewDiePie had around 90 million fans, meaning any victim would be in for a long wait before they could regain access to any of their files. Making matters worse, if T-Series got to 100 million subscribers before PewDiePie, then PewCrypt would delete the user's encryption key for good, leaving users without a way to recover their data. While the ransomware was put together as a joke, sadly, it did infect a few users, ZDNet has learned. Its author eventually realized the world of trouble he'd get into if any of those victims filed complaints with authorities, and released the ransomware's source code on GitHub, along with a command-line-based decryption tool.

Read more of this story at Slashdot.

SciLinux: Important: ghostscript on SL7.x x86_64

ghostscript: superexec operator is available (700585) (CVE-2019-3835) * ghostscript: forceput in DefineResource is still accessible (700576) (CVE-2019-3838) Bug Fix(es): * ghostscript: Regression: double comment chars '%%' in gs_init.ps leading to missing metadata SL7 x86_64 ghostscript-9.07-31.el7_6.10.i686.rpm ghostscript-9.07-31.el7_6.10.x86_64.rpm ghostscript-cups-9.07-31 [More...]

Panic after hackers take control of emergency tornado alarms in Texas

By Waqas

On March 12th, at around 2:30 a.m., residents of two Texas towns panicked after hearing tornado alarm that went off until 4:00 a.m. They were disturbed because the alarms repeatedly went on and off for about one and a half hours, thanks to hackers – Finally, related authorities were able to turn them off. See: […]

This is a post from HackRead.com Read the original post: Panic after hackers take control of emergency tornado alarms in Texas

Flaw in NSA’s GHIDRA leads to remote code execution attacks

By Waqas

GHIDRA is NSA’s reverse engineering tool released earlier this month. Earlier this month, Hackread.com posted about the National Security Agency’s (NSA) publicly releasing its decompiler and disassembler tool GHIDRA and make it open-source software. Now, it has been revealed that the generic reverse engineering tool has a flaw that can be exploited by cybercriminals for carrying […]

This is a post from HackRead.com Read the original post: Flaw in NSA’s GHIDRA leads to remote code execution attacks

For Years, Hundreds of Millions of Facebook Users Had Their Account Passwords Stored in Plain Text and Searchable By Thousands of Facebook Employees

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees -- in some cases going back to 2012, KrebsOnSecurity reported Thursday. From the report: Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data. Facebook is probing the causes of a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers. That's according to a senior Facebook employee who is familiar with the investigation and who spoke on condition of anonymity because they were not authorized to speak to the press. The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees. The source said Facebook is still trying to determine how many passwords were exposed and for how long, but so far the inquiry has uncovered archives with plain text user passwords in them dating back to 2012. Facebook has responded.

Read more of this story at Slashdot.

A new Windows vulnerability, exploited by cybercriminals

Windows vulnerability vulnerabilities

CVS (Common Vulnerabilities and Exposures) is a system that registers and provides information about known security vulnerabilities. According to CVS, 16,555 vulnerabilities have been discovered in the last year, of which, over 25% are of high or critical severity. In fact, the number of vulnerabilities discovered each year has shot up in the last two years: 6,447 vulnerabilities were discovered in 2016; in 2017 that figure rose to 14,714.

Vulnerabilities in IT systems have played a decisive role in some of the most serious security incidents of the last few years. A vulnerability called EternalBlue was used to carry out attacks such as WannaCry, which affected over 300,000 companies all over the world, and cost a total of around $4 billion. The malware NotPetya, which came to light just a month later, was able to get onto systems thanks to this vulnerability, stealing passwords in order to take control of the network that it accessed. A piece of malware called Adylkuzz also made use of EternalBlue in order to download a series of commands onto infected computers, which were then used to generate and extract cryptocurrencies.

Vulnerabilities also had a hand in some of the most significant data breaches in history: Equifax suffered one such breach that affected 145 million people. This breach was made possible by a vulnerability in its web application framework. In September last year, almost 50 million Facebook accounts were exposed to an attack that was carried out using a vulnerability in the social network.

The vulnerabilities in Windows

Even such a robust operating system as Windows can’t escape the far-reaching problems that vulnerabilities pose. Last year, in September and October, two zero-day vulnerabilities were discovered in the Windows 10. Both of these vulnerabilities allowed privilege escalation.

Now, on March 12 this year, a zero-day vulnerability was discovered that affected both Windows 8 and Windows 10. This vulnerability in the Microsoft Windows graphic subsystem allows a cybercriminal to introduce a piece of malware in the computer, and thus take control of the device.

More worrying than the discovery of the vulnerability is the fact that it seems to have already been used by at least two threat actors in real attacks. One of these threat actors could be FruityArmor, a group of cybercriminals known for exploiting zero-day vulnerabilities.

Patch possible vulnerabilities

Microsoft has already launched a patch to fix this vulnerability, and it should be installed as soon as possible. Besides this, it is also a very good idea to make sure that all programs are fully updated in order to avoid possible security problems.

In order to streamline the process of searching for and applying patches that are vital for your company’s security, Panda Security has launched Panda Patch Management. Patch Management, a complementary module of Panda Adaptive Defense, audits, monitors, and prioritizes updates on operating systems and applications.  In exploit and malicious program detections, it notifies you of pending patches. Installations are launched immediately, or scheduled from the console, isolating the computer if needed.

What’s more, Panda Adaptive Defense has another module that helps to keep your IT system safe: Panda Advanced Reporting Tool. This module automates the storage and correlation of the information related to process execution and its context extracted by Panda Adaptive Defense from endpoints. This way, Advanced Reporting Tool can generate security intelligence and provide tools that allow organizations to pinpoint attacks and unusual behaviors. This allows vulnerabilities that may exist in the company’s IT network to be detected early.

It is clear that vulnerabilities are a great risk for your company’s IT security. And if your company uses Windows 8 or 10, it is very likely that this latest vulnerability will directly affect you. As such, it is vital that you keep your systems updated at all times.

The post A new Windows vulnerability, exploited by cybercriminals appeared first on Panda Security Mediacenter.

Radware Blog: CISOs, Know Your Enemy: An Industry-Wise Look At Major Bot Threats

According to a study by the Ponemon Institute in December 2018, bots comprised over 52% of all Internet traffic. While ‘good’ bots discreetly index websites, fetch information and content, and perform useful tasks for consumers and businesses, ‘bad’ bots have become a primary and growing concern to CISOs, webmasters, and security professionals today. They carry […]

The post CISOs, Know Your Enemy: An Industry-Wise Look At Major Bot Threats appeared first on Radware Blog.



Radware Blog

Evidence mounts that Russian hackers are trying to disrupt the EU elections

Russian hackers are targeting government systems ahead of the EU parliament election, according to cybersecurity company FireEye. The firm says that two state-sponsored hacking groups -- APT28 (aka Fancy Bear) and Sandworm -- have been sending out authentic-looking phishing emails to officials in a bid to get hold of government information.

Via: CNBC

How to protect your privacy in a surveillance state

The Internet allows us to connect with virtually anyone, anywhere. For some governments, this connectivity is seen as a threat. Most countries use some form of electronic tracking to keep track of terrorists and criminals.

But for every criminal they monitor, governments also capture – and store – personal information belonging to millions of law-abiding citizens. In some countries, like China, this online surveillance is obvious. But in others like the USA and UK, the extent of civilian monitoring only became apparent after the PRISM spying program was revealed.

Privacy is your right – and there’s no reason you have to reveal your secrets to the government just because you want to use the Internet.

Here are some ways you can better protect yourself.

1. Use a VPN

A virtual private network (VPN) is used to encrypt traffic between your device and the websites and services you access online. The right VPN service, like that included with a Panda Dome Premium subscription, encrypts and anonymises traffic, making it much harder for government agencies to track you online.

2. Use encrypted chat apps

Instant messaging apps are now more important for person-to-person communications than SMS, email or social networking. Which is why government agencies spent so much time and effort on monitoring mobile communications.

SMS text messaging is relatively insecure, open to interception. Choosing an encrypted app like iMessage or Telegram will help to prevent your chats and picture messages from being captured by government surveillance programs.

3. Consider physical security

It’s not just your emails and text messages that government agencies are interested in. They also collect location data using the GPS system built into your phone so they can tell where you’ve been, where you are, and even to predict where you will go next. Obviously disabling your phone’s GPS can get round this tracking – but it means that your maps and weather apps won’t work.

That’s not enough on its own however. Your phone is constantly connecting to cell towers so you can make and receive calls – but those connections can be triangulated, to calculate your location again. The only way to prevent triangulation is to turn your phone off – or to store it in a special bag that can block radio signals.

The trouble is that you cannot make or receive calls while the phone is in the bag. And as soon as you take it out of the bag, your location will be revealed.

Use common sense

The reality is that you probably cannot be completely anonymous online – but you can minimise your exposure. Aside from using an anonymous VPN, your best protection is common sense. Before doing anything online, take a moment to think, ‘how might my privacy be compromised – and what can I do to reduce the risk?’

Answer those questions and you are well on your way to avoiding the most common forms of government surveillance.

To learn more about anonymous VPNs and how Panda Dome protects your privacy, you can download a free trial here.

The post How to protect your privacy in a surveillance state appeared first on Panda Security Mediacenter.

Fedora 28: python2-django1.11 Security Update

- CVE-2019-3498: Content spoofing possibility in the default 404 page - CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format() - Fixed a race condition in QuerySet.update_or_create() that could result in data loss - geo: Prevented repetitive calls to geos_version_tuple() in the WKBWriter class

SciLinux: Critical: firefox on SL7.x x86_64

This update upgrades Firefox to version 60.6.0 ESR. * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791) * Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value [More...]

RedHat: RHSA-2019-0623:01 Critical: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

RedHat: RHSA-2019-0622:01 Critical: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

Security Affairs: Putty users have to download a new release that fixes 8 flaws

PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws

The popular SSH client program PuTTY has released an important software update to address eight high-severity security vulnerabilities.

PuTTY is one of the most popular open-source software that allows users to access computers over SSH, Telnet, and Rlogin network protocols.
The popular SSH client program PuTTY has released an important software update (version 0.71) for Windows and Unix operating systems, to address eight high-severity security vulnerabilities.

The latest version released by Putty has dated back 20 months ago, anyway, all previous versions of the PuTTY client are vulnerable to multiple security flaws.

“This release has known security vulnerabilities. Consider using a later release instead, such as the latest version, 0.71.” reads the security advisory.

The vulnerabilities could be exploited by attackers to set up a malicious server or compromise a server to hijack the client’s system.

putty

“The known vulnerabilities in this release are:

PuTTY users are recommended to download and use the latest version of it.

Pierluigi Paganini

(SecurityAffairs – SSH, hacking )


The post Putty users have to download a new release that fixes 8 flaws appeared first on Security Affairs.



Security Affairs

Putty users have to download a new release that fixes 8 flaws

PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws

The popular SSH client program PuTTY has released an important software update to address eight high-severity security vulnerabilities.

PuTTY is one of the most popular open-source software that allows users to access computers over SSH, Telnet, and Rlogin network protocols.
The popular SSH client program PuTTY has released an important software update (version 0.71) for Windows and Unix operating systems, to address eight high-severity security vulnerabilities.

The latest version released by Putty has dated back 20 months ago, anyway, all previous versions of the PuTTY client are vulnerable to multiple security flaws.

“This release has known security vulnerabilities. Consider using a later release instead, such as the latest version, 0.71.” reads the security advisory.

The vulnerabilities could be exploited by attackers to set up a malicious server or compromise a server to hijack the client’s system.

putty

“The known vulnerabilities in this release are:

PuTTY users are recommended to download and use the latest version of it.

Pierluigi Paganini

(SecurityAffairs – SSH, hacking )


The post Putty users have to download a new release that fixes 8 flaws appeared first on Security Affairs.

Panda Adaptive Defense put to the test by SANS Institute

SANS Institute

In the past, we have discussed the idea that 100% protection is unattainable.  However, there exist defense strategies that combine protection solutions, managed services and artificial intelligence. These are capable of increasing an organization’s capacities to detect and stop attackers. In this battle, it is vital to focus on defending the place where organizations keep their assets: the endpoint

SANS Institute evaluates Panda Adaptive Defense

SANS Institute (SysAdmin Audit, Networking and Security Institute), one of the most influential institutions in the cybersecurity world, which reaches over 165,000 professionals in the sector, has published a review of the advanced solution, Panda Adaptive Defense 360.

“SANS found Panda Adaptive Defense 360 to be easily deployable, with instant results in preventing malware and identifying targeted attacks. Within the platform, we found that tasks associated with large amounts of labor investment, such as tuning and patching, instead are automated or minimal. The solution brings synergy and success with groundbreaking preventive and detective capabilities.”

With this evaluation, Panda Security’s corporate cybersecurity solution joins the group of technologies recognized and certified by SANS Institute in the IT security ambit.

The SANS Institute review, step by step

In order to survive in a world where attackers deploy automatized malware and carry out targeted attacks, organizations need to secure their endpoints with platforms that provide automatized protection and mechanisms.

SANS Institute used Panda Adaptive Defense 360 for a month in order to evaluate its cybersecurity capacities. According to SANS, the evolution of malware requires better solutions, not more solutions. This is where Panda Adaptive Defense 360 comes in: it combines groundbreaking techniques designed to stop attacks immediately and provide detailed analytics to identify the most advanced attacks.

You can find out more about the how this study was carried out, as well as its findings, in the webcast on March 27 at 15:00 UTC.

Register for the webcast

Agent deployment and management capabilities

For SANS, it is vital that a platform of this type adjust to the organization that uses it, and not the other way round. This is exactly what Panda Adaptive Defense 360 did; it returned no false positives, saving the IT team a lot of time.

SANS was impressed with the capability of the Patch Management module to schedule the installation of necessary patches: “Endpoint suites that do not include patch management forget that a key control for the prevention of malware execution is to patch software vulnerabilities.”

Endpoint prevention capabilities

Another reality that we are facing is the fact that it is important – and often tricky – to find a balance between automatizing the protection/detection and how easy it is to maintain the solution.

Panda Adaptive Defense 360’s 100% Attestation service classifies all processes, and depending on this classification, allows it to run, or not, on the endpoint. To do this, the service applies machine learning techniques and gathers over 1000 data points in order to classify the files.

If it cannot be identified this way, the file is sent to Panda’s expert malware analysts, who are part of what makes the platform so special: the managed threat hunting service. This only happens in 0.015% of cases.

How were Panda Adaptive Defense 360’s capabilities tested? By launching malware samples; from ransomware and rootkits, to traditional viruses. All of these samples were deleted or failed to run. One of the samples used was Petya; it failed to run successfully, and was also registered correctly.

Endpoint detection and visibility

There is a big difference between dealing with malware and dealing with a malwareless attack. More and more companies suffer attacks that use a combination of malware and techniques that are resident in the memory – that is, that don’t use malware. To fight this, SANS praises Panda Adaptive Defense 360’s EDR capabilities, which are added to EPP – a combination that, when it was created, was a milestone in endpoint protection.

Taming the endpoint chaos within: A review of Panda Adaptive Defense 360

To find out more, we invite you to register for the live webcast on March 27 at 15:00 UTC. In this webcast, Justin Henderson (SANS Institute analyst) and James Manning  (Panda Security Pre-Sales Engineering team manager in North America) will discuss in detail the advanced cybersecurity solution.

In this link you can find more information about the webcast and a form to register.

You will learn about:

  • The importance of using endpoint protection, detection and response capabilities jointly in order to stop attackers before they can get a foothold on an endpoint.
  • The value of certifying 100% in order to reduce the number of incidents that need to be investigated.
  • How to understand the progression of endpoint protection, from auditing to blocking.
  • How to investigate attacks on endpoints via visualization tools.

Register  today to be among the first to receive the whitepaper written by Justin Henderson, SANS analysts and expert in endpoint security.

Register for the webcast

The post Panda Adaptive Defense put to the test by SANS Institute appeared first on Panda Security Mediacenter.

Radware Blog: The Intersections between Cybersecurity and Diversity

Cybersecurity and diversity are high-value topics that are most often discussed in isolation. Both topics resonate with individuals and organizations alike. However, the intersections between cybersecurity and diversity are often overlooked. As nations and organizations seek to protect their critical infrastructures, it’s important to cultivate relationships between the two areas. Diversity is no longer only […]

The post The Intersections between Cybersecurity and Diversity appeared first on Radware Blog.



Radware Blog

Third Party Testing of Security is a Very Big Deal for Customers

User Reviews + Test Results

Peer reviews are an important part of product selection. Everything I buy on Amazon and most other things I buy I check for reviews first. That’s the “do I like it” or the test-drive part of the selection.  But the “how well does it work” part is lab testing. I’m not expecting crash test results from folks who have taken a new Honda for a test drive. Independent lab testing is the other half.

The power cable of the laptop I’m writing this on has a 3rd party lab test label on it, and no one expects user reviews to do kind of function and safety testing.

Security function of our security products isn’t something that can be well tested except by a few really big buyers, and that isn’t usually shared or applicable to other environments (because the testing is for one environment).

3rd Party AND Independent

Every parent thinks their baby is the most beautiful, so no buyer should rely on a vendor’s own testing no matter how well documented. And the 3rd party test must be independent – not a test-for-hire.

We view earned third party testing as an important component of a healthy competitive landscape and we confidently make our products fully available for analysis.

Testing has to change to keep up with buyer reality. The endpoint security industry is going through some big changes:

  • Customers want to transition to the cloud;
  • New forms of malware challenge detection capabilities;
  • Endpoint Detection and Response (EDR) has emerged as a panacea; and
  • Every endpoint vendor claims their solution keeps out the bad guys more than other vendors.

But all the above in the context of reality – what is tested must be the most important security function to support risk reduction, not testing only a single fad or single use case or function. As security product makers, we take good test lab feedback very seriously and use it as one of the feedback loops in product design and threat research.

Beware Paid Endorsements

Comedian Judah Friedlander always wears a hat that has “World Champion” printed on it. The gag is that he self-proclaims himself to be a world champion, and it doesn’t matter what he is a champion of because it’s just a hat he bought for himself.  Trend Micro’s goal is to work with independent test labs that do not depend on “fees” to perform tests or custom evaluations. These aren’t independent or useful to buyers. Rather than leveraging these “pay for play” tests, we work with testing labs that evaluate vendors objectively using real-world environments and a level playing field. While other vendors may “sponsor” a test, provide their own sample malware for customers to test, or provide their own test results, we won’t buy a World Champion hat and expect you to take comfort in that. Trend Micro is committed to independent testing, helping us to provide the most objective information to our customers and the best feedback to our product teams.

Two Labs Say Our Baby is Beautiful

We’re proud to  share that we’ve been recently recognized by two separate testing organizations for our endpoint protection platform.

NSS Labs, Inc. has just released the 2019 edition of their Advanced Endpoint Protection testing. Trend Micro’s endpoint solutions have performed very well, resulting in the desired  “Recommended” rating. We had strong performance on “Security Effectiveness,” meaning that we detected and blocked threats very effectively. What’s more, we also had a low total cost of ownership, relative to most other vendors in the test.

AV-Test.org has also recently awarded Trend Micro the Best Protection Award for 2018.  According to av-test.org:

“With this award, the independent test institute honors only the most effective security products that have shown outstanding performance during a one-year test phase and thus set new standards for the IT security industry. Trend Micro continuously demonstrated top performance throughout the entire 2018 test season, and therefore receives the AV-TEST Award 2018 in the test categories of “Best Protection” and “Best Performance.”

Further details on Trend’s performance is here.

The post Third Party Testing of Security is a Very Big Deal for Customers appeared first on .

HACKMAGEDDON: 16-28 February 2019 Cyber Attacks Timeline

It's time to publish the second timeline of February (first one here). Despite this month had only 28 business days, the number of recorded events continues to grow: I have collected 70 events (plus 4 that slipped from the previous period). So Gnosticplayers is on a roll...

HACKMAGEDDON

SN 706: Open Source eVoting

  • Last week's Patch Tuesday March Madness
  • Win7 SHA256 Windows Update... Update
  • Many attacks leveraging the recently discovered WinRAR vulnerability
  • What happens when Apple, Google, and GoDaddy all drop a bit?
  • A big recent jump in Mirai Botnet Capability
  • Compromised Counter-Strike gaming servers
  • Privacy enhancements coming in Android Q
  • A pair of very odd web browser extensions for Chrome and Firefox from Microsoft
  • A VERY exciting and encouraging project to create an entirely open eVoting system

Hosts: Leo Laporte and Steve Gibson

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Sponsors:

Israeli fintech firms hit by Cardinal RAT malware

By Waqas

The IT security researchers at Palo Alto Networks’ Unit 42 have discovered a malware that has been targeting Israeli cyberspace especially those dealing with technology and financial sector. Dubbed Cardinal RAT (remote access Trojan) by researchers; the malware is currently targeting two Israeli fintech companies developing forex and cryptocurrency trading related software. The malware has been around since April 2017 […]

This is a post from HackRead.com Read the original post: Israeli fintech firms hit by Cardinal RAT malware

99% Of SMEs Do Not Have Sufficient Skills To Prevent Cyberattacks.

An alarming cybersecurity skills shortage has been exposed with just one in five companies revealed to have sufficient in-house capability to protect critical assets from attack, a study has found. 96% of those hit by a data breach in the last year report that inadequate security testing was at least somewhat responsible for the issue.

SMEs with between 100 and 250 employees are the most vulnerable, according to research from AVORD – a new security testing platform – which found that only 1% of small companies have the knowledge to fully protect data and assets against cyberattacks. Shockingly 4% of small businesses do not security test their products or infrastructure on a regular basis.

Cyberattacks On The Increase

The cybersecurity skills shortage is being blamed for a 93% increase in data breaches seen by businesses of all sizes over the last five years. According to the Financial Conduct Authority (FCA)[1], UK-based financial institutions have witnessed a near fivefold increase in cyberattacks last year compared to 2017, with major attacks on global brands like Uber and Marriott suggesting that the increase is widespread across other sectors.

Impact On Businesses Of All Sizes

The impact of cyberattacks on small businesses can be the fatal: 48% of SME executives in the USA said a data breach would likely shut down their businesses permanently[2]. Similarly, one in three (34%) UK SMEs battled a security breach that directly hit their bottom line in 2018, with 81% reporting a loss of customers.

While larger companies may have the financial resources to mitigate against the effects of a cyberattack, the skills gap should be a cause for concern to corporations relying on smaller companies as hackers can identify weak spots in the supply chain to reach valuable data and cause disruption.

Brian Harrison, founder and CEO of AVORD, commented:

“Our research suggests that there is a lack of skills across businesses of all sizes, but it is smaller companies who are struggling most without proper expertise to fight against potential cyberthreats, and it’s these businesses who will suffer most as a result of a data breach. According to Radware, the average cyberattacks costs £855,000 which is a cost that many SMEs simply cannot afford. To survive in the digital economy, companies must find a way to effectively protect their critical assets from attack.”

Bridging The Gap

AVORD is bridging the skills shortage gap for businesses by connecting small, medium-sized and major businesses with highly experienced independent security testers and employ them based on their individual skillset. The business aims to reduce the cost of outsourcing testing by 40%.

For more information visit www.AVORD.com.

The post 99% Of SMEs Do Not Have Sufficient Skills To Prevent Cyberattacks. appeared first on IT Security Guru.

Over Half Of European Organisations Have Suffered Consequences Caused By At Least One Cyberattack In The Last Two Years.

With the complexity of IT business infrastructure on the rise and the continuously evolving threat landscape, IT decision makers find it increasingly challenging to safeguard their organisations from cyberattacks – more than half of European businesses (54%) have faced at least one cyberattack in the last 24 months which resulted in some sort of disruption in their activities. It is also worth noting that 20% of IT decision makers (ITDMs) say that the attackers left no clue to their identity in the most recent cyberattack to their organisation, which draws attention once again to the difficult task of cyber investigators – these and other findings are covered in Kaspersky Lab’s latest survey[1], which takes the pulse of European organisations from a cybersecurity perspective.

More attacks, less confidence

According to IT decision makers from businesses in Europe, more than half (54%) of organisations faced cyberattacks and their consequences in the last 24 months. The most common outcomes of the attacks were: service disruption (31%), data integrity issues (18%) and data loss (15%).

Organisations in UK and Spain are facing the highest risks, with 64% of respondents confirming such experiences in the past two years. Despite traditionally having bigger IT budgets compared to SMBs – 64% of enterprises faced a cyberattack which lead to the above-mentioned outcomes, versus 45% of SMBs.

This threat is not diminishing: over one in five respondents (21%) say that the number of cyberattacks on their business has increased within the past 12 months, compared to the previous year, while for 42% it roughly stayed the same. Furthermore, the complexity of cyberattacks is increasing too, with one-in-five IT decision makers saying that the threat actors attacking them left no clue to their identity during the most recent on their business.

The sooner, the better

With the amount of sensitive data flooding the business world, it is vital for organisations to discover a data breach immediately, in order to take the most effective incident response measures. While it is good that over two thirds (72%) of the surveyed organisations find out about a breach in eight hours or less, there is still a shocking 25% of businesses who fail to take action during the first hours after the attack as they do not realise they have been breached until later. As previous research found, the detection speed is crucial to lowering the financial impact of an attack – immediate detection means £456K cost of recovery, as compared to £1.2 million for enterprises that take more than a week to detect a threat that entered their perimeter.

David Emm, principal security researcher at Kaspersky Lab UK, said: “It is alarming that more than half of businesses across Europe have suffered cyberattacks recently, which managed to disrupt their operations or cause other kids of damage. The fact that the odds of a business falling victim have increased dramatically should act as a stark warning for business owners and ITDMs to strengthen their defences.

“The results of the survey also confirm another trend that we, from the cybersecurity industry, have been pointing out for a while – that attackers sneak throughout the organisation and sometimes leave few or no traces, making the challenge for investigators increasingly difficult, as well as underlining the importance of cooperation among cybersecurity professionals.”

Advanced security tools like Kaspersky Anti Targeted Attack Platform (KATA) can protect companies even from the most sophisticated threats, based on machine-learning models, sandbox and other advanced techniques.

Kaspersky Lab’s Global Research and Analysis Team (GReAT) is an unrivalled team of talented security professionals mastering the art of uncovering advanced targeted attacks, major malware, ransomware, cyber-espionage campaigns and sneaky underground cybercriminals thus making the world a safer place for organisations and individuals. GReAT has investigated hundreds of cyber-attacks, helping organisations and law enforcement agencies to deal with incident impact, response and investigations.

The post Over Half Of European Organisations Have Suffered Consequences Caused By At Least One Cyberattack In The Last Two Years. appeared first on IT Security Guru.

Aluminum producer Norsk Hydro hit by a massive cyber attack

The giant of aluminum producers, Norway’s Norsk Hydro, announced on Tuesday that it had been hit by a cyber-attack of unknown origin.

One of the biggest Aluminum producer, the Norwegian Norsk Hydro, suffered an extensive cyber attack.

“Hydro became victim of an extensive cyberattack in the early hours of Tuesday, impacting operations in several of the company’s business areas,” reads a statement issued by the company.

The cyber attack caused production outages and affected operations across Europe and the U.S. The news of the incident caused a drop in the share price of 2.0 percent in early trading on the Oslo Stock Exchange.

The company defined the situation “quite severe,” its systems were infected with ransomware and the experts are still working to contain the threat.

Norsk Hydro

According to the company spokesman Halvor Molland, it was too early to determine the full extent of the attack, at the time the source of the attack is still unknown.

“Our IT department is working to contain the impact” of the attack, the spokesman told AFP.

Norsk Hydro is assessing the affected systems, at the time it only confirmed that its potlines, which process molten aluminum and need to be kept running 24 hours a day, were forced to operate in manual mode.

“Some operations at plants where metal is fashioned into finished products for use in cars, planes and other manufactured goods, have been temporarily stopped, said spokesman Halvor Molland.” reported Bloomberg. “The company is doing everything possible to fix the problem, but isn’t ready to give any forecasts yet, he said by phone. Aluminum futures were little changed on the London Metal Exchange.”

The website of the company was down on Tuesday morning.

Norway’s National Security Authority (NSM) announced it is assisting Norsk Hydro.

“We are obviously trying to identify whether it will spread, but we have not detected anything yet,” NSM’s communications director Mona Strom Arnoy said.

Pierluigi Paganini

(SecurityAffairs – Norsk Hydro, cybersecurity)

The post Aluminum producer Norsk Hydro hit by a massive cyber attack appeared first on Security Affairs.

Security Affairs: Aluminum producer Norsk Hydro hit by a massive cyber attack

The giant of aluminum producers, Norway’s Norsk Hydro, announced on Tuesday that it had been hit by a cyber-attack of unknown origin.

One of the biggest Aluminum producer, the Norwegian Norsk Hydro, suffered an extensive cyber attack.

“Hydro became victim of an extensive cyberattack in the early hours of Tuesday, impacting operations in several of the company’s business areas,” reads a statement issued by the company.

The cyber attack caused production outages and affected operations across Europe and the U.S. The news of the incident caused a drop in the share price of 2.0 percent in early trading on the Oslo Stock Exchange.

The company defined the situation “quite severe,” its systems were infected with ransomware and the experts are still working to contain the threat.

Norsk Hydro

According to the company spokesman Halvor Molland, it was too early to determine the full extent of the attack, at the time the source of the attack is still unknown.

“Our IT department is working to contain the impact” of the attack, the spokesman told AFP.

Norsk Hydro is assessing the affected systems, at the time it only confirmed that its potlines, which process molten aluminum and need to be kept running 24 hours a day, were forced to operate in manual mode.

“Some operations at plants where metal is fashioned into finished products for use in cars, planes and other manufactured goods, have been temporarily stopped, said spokesman Halvor Molland.” reported Bloomberg. “The company is doing everything possible to fix the problem, but isn’t ready to give any forecasts yet, he said by phone. Aluminum futures were little changed on the London Metal Exchange.”

The website of the company was down on Tuesday morning.

Norway’s National Security Authority (NSM) announced it is assisting Norsk Hydro.

“We are obviously trying to identify whether it will spread, but we have not detected anything yet,” NSM’s communications director Mona Strom Arnoy said.

Pierluigi Paganini

(SecurityAffairs – Norsk Hydro, cybersecurity)

The post Aluminum producer Norsk Hydro hit by a massive cyber attack appeared first on Security Affairs.



Security Affairs

How Radio Frequency Technology is Putting the Industrial Sector at Risk

Each industry has its own unique security risks. The banking and health care sectors, for example, deal with some considerably sensitive financial and client data, and therefore must put robust protections in place to ensure its safety.

The industrial sector, however, is a bit different. For many years, security-conscious experts focused on other industries, but now that connected devices and intelligent technology are in place within industrial settings to support a wide array of machinery and tasks, new data protection risks are emerging that deserve attention.

Leaders of industrial organizations must understand that the devices and systems employees leverage to control processes like construction, manufacturing, mining and logistics could open their business up to specific vulnerabilities. One such device is the radio frequency controller used to direct machinery. While these may appear to be simple endpoints similar to consumer-level garage door remote openers, these RF controllers could provide the perfect entryway for malicious activity.

RF controllers: Uses abound

Those working within the industrial sector are no doubt familiar with all the different potential ways in which RF controllers – including small, handheld models and belt-pack styles controllers with buttons and joysticks – are used:

  • Within construction activity, controllers can be used to operate cranes and other large machinery.
  • RF remotes are used in the mining sector to control drills and pumps.
  • In shipping and logistics, RF controls are used for trolleys and cranes to enable the movement of sizeable shipment loads across different modes of transportation.
  • In manufacturing settings, they can control robotic fabrication machinery, conveyor belts and more.

Some RF controllers enable machines to be turned on an operated, others enable emergency stop features, and some more advanced models are capable of all of the above. As large-scale, intelligent robotics become increasingly prevalent across the industrial sector, RF controllers are more widely distributed to support machinery systems.

Where the risk comes in

Although RF controllers are typically more basic endpoints compared with elements like smartphones or software dashboards, this hardware can still introduce considerable risk. According to new research from Trend Micro, these issues appear due to several different facts involving RF controller use:

  • Because these endpoints use radio frequency to support operation, as opposed to wireless or other standard connections, it’s easier for malicious actors to break into these systems and take control.
  • RF protocols used to enable the controllers are often proprietary, and several decades old. These outdated modes create further risks.
  • Often, RF remotes are used for much longer than their intended lifespan due to the cost to replace or upgrade them.

“The core of the problem lies in how, instead of depending on wireless, standard technologies, these industrial remote controllers rely on proprietary RF protocols, which are decades old and are primarily focused on safety at the expense of security,” Trend Micro researchers explained. “In our research and vulnerability discoveries, we found that weaknesses in the controllers can be (easily) taken advantage of to move full-sized machines such as cranes used in construction sites and factories.”

In addition to taking over operation of an industrial machine or system, this lack of security within the RF controls can even enable a malicious actor to override onboard emergency stop capabilities, and switch a machine back on.

Millions of RF controllers are at risk of attach.

How malicious actors could potentially leverage RF controller weaknesses

As Trend Micro pointed out in its report, A Security Analysis of Radio Remote Controllers for Industrial Applications, there are several different types of attacks that are possible through vulnerable, industrial-level RF controllers.

One of the first and most obvious issues involves sabotage, either to support extortion or other malicious pursuits. A sabotage attack may involve using an RF controller to damage or destroy machinery or products or cause delays in production. As researchers noted, even short delays can lead to considerable costs, and can affect not only the business that owns the machinery systems but also its partners across the supply chain.

Other attacks may be less focused on destruction and more centered around theft. RF controllers used within the logistics industry, for example, can be used by attackers to enable the theft of goods within shipping containers on barges.

“Even traditional harbors and logistics facilities are filled with radio-controlled lifting and handling machines to move containers and loads,” Trend Micro’s report stated. “Attackers can interfere with the lifting operations to facilitate theft or hijacking of in-transit goods.”

Attackers could also potentially carry out damaging extortion plans, supported by weak RF controllers. Similar to a ransomware attack, where strong encryption is utilized to lock users out of data and files until a digital ransom is paid, attackers could prevent industrial employees from using a machine or simulate a malfunction, ceasing regular operations until the business pays a ransom.

Overall, these are just general types of attacks, and only scratch the surface when it comes to the malicious potential of targeting RF controller vulnerabilities. Attackers could also carry out such actions as preventing emergency stop capabilities to cause damage, maliciously re-pairing the device so that it does not control the intended device, or reprogramming it to malfunction. As noted, such instances could have far-reaching consequences.

How pervasive is this issue?

Researchers discovered that while preventive safety features including specific codes to support device pairing, password protection and virtual fencing can help prevent an attack, these capabilities cannot stop malicious activity that’s already taking place.

In addition to this issue, of the seven RF remote controller vendors Trend Micro analyzed for its report, none utilized the proper security measures. Reporting on Trend Micro’s findings, ComputerWeekly security editor Warwick Ashford pointed out that this means that literally millions of RF controllers are currently at risk of attack, utilized within industrial sectors across the globe.

How to address RF controller vulnerabilities

As Trend Micro noted, one of the main purposes of its report is to raise awareness of this issue among vendors that provide RF controllers. These manufacturers must work to establish and support the proper security features on new devices, and to design and provide the necessary firmware updates to help eliminate existing vulnerabilities. What’s more, researchers urge more vendors to adopt protocols like Bluetooth Low Energy, which includes built-in security functions.

RF controller users can also do their part by understanding the basics of the remotes, including reading the manual to ensure devices can handle pairing codes. In addition, these codes should be changed from default factory settings and updated on a regular basis. It’s also important for industrial businesses to consider next-generation devices, when possible, that include infrared communications as well as RF, and those that use standard wireless technologies as opposed to “custom” wireless.

To find out more, check out Trend Micro’s report today.

The post How Radio Frequency Technology is Putting the Industrial Sector at Risk appeared first on .

Radware Blog: Bots 101: This is Why We Can’t Have Nice Things

In our industry, the term bot applies to software applications designed to perform an automated task at a high rate of speed. Typically, I use bots at Radware to aggregate data for intelligence feeds or to automate a repetitive task. I also spend a vast majority of time researching and tracking emerging bots that were […]

The post Bots 101: This is Why We Can’t Have Nice Things appeared first on Radware Blog.



Radware Blog

Security Affairs: EU adopts EU Law Enforcement Emergency Response Protocol for massive cyberattacks

Europol announced the EU Law Enforcement Emergency Response Protocol new protocol for law enforcement agencies in the European Union and abroad to handle major cross-border cyberattacks.

Europol announced the adoption of a new protocol for law enforcement bodies in the EU and abroad to respond to major cyber cross-border cyberattacks.

The protocol dubbed EU Law Enforcement Emergency Response Protocol aims at handling major attacks such as massive WannaCry and NotPetya attacks.

“To prepare for major cross-border cyber-attacks, an EU Law Enforcement Emergency Response Protocol has been adopted by the Council of the European Union.” reads the press release published by the Europol. “The Protocol gives a central role to Europol’s European Cybercrime Centre (EC3) and is part of the EU Blueprint for Coordinated Response to Large-Scale Cross-Border Cybersecurity Incidents and Crises.”

The protocol supports the EU law enforcement authorities rapidly respond to major cross-border cyberattacks. The protocol promotes a rapid assessment, the secure and timely sharing of critical information, and the coordination of investigations is a multinational context.

The Protocol is adopted to only respond to cyber security events caused by both nation-state actors and cybercriminals, incidents caused by natural disasters or ones resulting from human error or system failure are out of the scope of the protocol.

The EU Law Enforcement Emergency Response Protocol is a multi-stakeholder process and is composed of the following stages:

  • early detection and identification of a major cyberattack;
  • classification of the threat;
  • establishing a coordination center for emergency response;
  • early warning notifications;
  • an operational action plan for law enforcement;
  • investigation of the incident;
  • emergency response protocol closure.
EU Law Enforcement Emergency Response Protocol

“The EU Law Enforcement Emergency Response Protocol determines the procedures, roles and responsibilities of key players both within the EU and beyond; secure communication channels and 24/7 contact points for the exchange of critical information; as well as the overall coordination and de-confliction mechanism,” Europol said.

“It is of critical importance that we increase cyber preparedness in order to protect the EU and its citizens from large scale cyber-attacks”,  Wil van Gemert, Deputy Executive Director of Operations at Europol, said. “Law enforcement plays a vital role in the emergency response to reduce the number of victims affected and to preserve the necessary evidence to bring to justice the ones who are responsible for the attack.”

Pierluigi Paganini

(SecurityAffairs – EUROPOL, major cyberattacks)

The post EU adopts EU Law Enforcement Emergency Response Protocol for massive cyberattacks appeared first on Security Affairs.



Security Affairs

EU adopts EU Law Enforcement Emergency Response Protocol for massive cyberattacks

Europol announced the EU Law Enforcement Emergency Response Protocol new protocol for law enforcement agencies in the European Union and abroad to handle major cross-border cyberattacks.

Europol announced the adoption of a new protocol for law enforcement bodies in the EU and abroad to respond to major cyber cross-border cyberattacks.

The protocol dubbed EU Law Enforcement Emergency Response Protocol aims at handling major attacks such as massive WannaCry and NotPetya attacks.

“To prepare for major cross-border cyber-attacks, an EU Law Enforcement Emergency Response Protocol has been adopted by the Council of the European Union.” reads the press release published by the Europol. “The Protocol gives a central role to Europol’s European Cybercrime Centre (EC3) and is part of the EU Blueprint for Coordinated Response to Large-Scale Cross-Border Cybersecurity Incidents and Crises.”

The protocol supports the EU law enforcement authorities rapidly respond to major cross-border cyberattacks. The protocol promotes a rapid assessment, the secure and timely sharing of critical information, and the coordination of investigations is a multinational context.

The Protocol is adopted to only respond to cyber security events caused by both nation-state actors and cybercriminals, incidents caused by natural disasters or ones resulting from human error or system failure are out of the scope of the protocol.

The EU Law Enforcement Emergency Response Protocol is a multi-stakeholder process and is composed of the following stages:

  • early detection and identification of a major cyberattack;
  • classification of the threat;
  • establishing a coordination center for emergency response;
  • early warning notifications;
  • an operational action plan for law enforcement;
  • investigation of the incident;
  • emergency response protocol closure.
EU Law Enforcement Emergency Response Protocol

“The EU Law Enforcement Emergency Response Protocol determines the procedures, roles and responsibilities of key players both within the EU and beyond; secure communication channels and 24/7 contact points for the exchange of critical information; as well as the overall coordination and de-confliction mechanism,” Europol said.

“It is of critical importance that we increase cyber preparedness in order to protect the EU and its citizens from large scale cyber-attacks”,  Wil van Gemert, Deputy Executive Director of Operations at Europol, said. “Law enforcement plays a vital role in the emergency response to reduce the number of victims affected and to preserve the necessary evidence to bring to justice the ones who are responsible for the attack.”

Pierluigi Paganini

(SecurityAffairs – EUROPOL, major cyberattacks)

The post EU adopts EU Law Enforcement Emergency Response Protocol for massive cyberattacks appeared first on Security Affairs.

RedHat: RHSA-2019-0600:01 Moderate: CloudForms 4.6.9 security,

An update is now available for CloudForms Management Engine 5.9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

MySpace loses 12 years worth of photos, songs & video files

By Waqas

MySpace says it happened during a server migration project. Last time the once prominent social network website MySpace made headlines in 2016 after it suffered a massive data breach in which personal data of 427 million users including emails and passwords was stolen and leaked online. Now, it has been revealed that MySpace has lost another trove of […]

This is a post from HackRead.com Read the original post: MySpace loses 12 years worth of photos, songs & video files

Slack Launched Encryption Key Addon For Businesses

Slack announced today to launch encryption keys that will help businesses to protect their data.
Slack announced today to launch encryption keys that will help businesses to protect their data.

Staying safe is the toughest job in this risky online world. With the exponential growth of online threats, companies are working days and nights to fight with the hackers, snoopers, cybercriminals and other bad guys. One of the main reason why companies are launching security centric features is, they value their customer’s data, privacy and security.

Slack announced today to launch encryption keys that will help businesses to protect their data. The team introduced Slack Enterprise Key Management (Slack EKM) add-on feature to its Enterprise Grid, that allows businesses to create their own security keys and control encryption and decryption of conversations, files, and the data they share using their chat platform. With this key management feature, the Slack team hopes to give customers more control over sensitive data.

Using Slack EKM, IT admins can revoke access to data within a particular Slack channel, for example, rather than disrupting all users on the entire platform. The Chief Security Officer Slack, Geoff Belknap said, “Organizations that are security-minded, especially in highly regulated markets—such as financial services, health care and government—are typically underserved in terms of which collaboration tools they can use, so we wanted to design an experience that catered to their particular security needs.”

What is the purpose of Enterprise Key Management if Slack really encrypts the data?

Slack currently encrypts your data in transit and at rest. But the purpose of EKM is just to give an extra layer of protection to its customers. This tool adds an extra layer of protection without interfering with the operation of Slack apps. It can be beneficial especially for those those who are in regulated industries. They can share chats, files and other data, all while still meeting their own risk mitigation requirements.

Is Slack safe to use?

Slack is a great platform to have conversations around the world. According to Forbes, more than six million people use Slack daily, spending on average more than two hours each day inside the chat app. Organizations and people use this because they simply trust this platform as it is secure and have strong encryption. As long as you take the right security precautions, there’s no reason why it can’t be used to its full potential on your team, whether you’re a small shop or a multinational enterprise.

What information does Slack collect?

As mentioned in their privacy policy, Customers or individuals granted access to a Workspace by a Customer (“Authorized Users”) routinely submit Customer Data to Slack when using the Services.

What are the security risks of Slack?

Slack is a completely safe and secure platform but the risks can be occur from user end. If you are a slack user, you must have the clear understanding of the risks involved. Here are the top 3 security risks if your organization uses slack.

  1. Admin Roles

Granting admin rights to one or two users can be beneficial, as it prevents only one employee being responsible for creating, moderating and managing user groups. When employees left the the company or when their contract has ended with the company, they may retain access to the confidential or sensitive information.

To prevent this, businesses needs to ask Admin that handles creating and deleting Slack user accounts. That individual must know exactly when to on-board and off-board slack user and guest accounts.

2. Third Party Apps

There are millions of third party app available on the internet that needs permission, integration and access to your personal data.

Be extra careful when linking Slack to third-party apps, especially those that contain other types of sensitive information (such as your CRM, Google Drive, etc). As a general rule, avoiding third-party app integrations is a safer approach.

3. System Vulnerabilities

Hackers are always hungry to hunt organization’s systems and infrastructure. Make sure that your system is up to date and have necessary security tools installed in your system, such as virtual private network, antivirus and others. Using these tools can be a added security layer to your system.

As with any other tool, the shared responsibility model is key. Take responsibility for your half of the security equation, and you’ll be well on your way to a secure Slack implementation.

About the Author:

Susan Alexandra is an independent contributor at Securitytoday and Tripwire. She is a small business owner, traveler and investor of cryptocurrencies. Susan’s inbox is open for new ideas and stories, you can share the story idea to susanalexandra67@gmail.com.

Staying safe is the toughest job in this risky online world. With the exponential growth of online threats, companies are working days and nights to fight with the hackers, snoopers, cybercriminals and other bad guys. One of the main reason why companies are launching security centric features is, they value their customer’s data, privacy and security.

Slack announced today to launch encryption keys that will help businesses to protect their data. The team introduced Slack Enterprise Key Management (Slack EKM) add-on feature to its Enterprise Grid, that allows businesses to create their own security keys and control encryption and decryption of conversations, files, and the data they share using their chat platform. With this key management feature, the Slack team hopes to give customers more control over sensitive data.

Using Slack EKM, IT admins can revoke access to data within a particular Slack channel, for example, rather than disrupting all users on the entire platform. The Chief Security Officer Slack, Geoff Belknap said, “Organizations that are security-minded, especially in highly regulated markets—such as financial services, health care and government—are typically underserved in terms of which collaboration tools they can use, so we wanted to design an experience that catered to their particular security needs.”

What is the purpose of Enterprise Key Management if Slack really encrypts the data?

Slack currently encrypts your data in transit and at rest. But the purpose of EKM is just to give an extra layer of protection to its customers. This tool adds an extra layer of protection without interfering with the operation of Slack apps. It can be beneficial especially for those those who are in regulated industries. They can share chats, files and other data, all while still meeting their own risk mitigation requirements.

Is Slack safe to use?

Slack is a great platform to have conversations around the world. According to Forbes, more than six million people use Slack daily, spending on average more than two hours each day inside the chat app. Organizations and people use this because they simply trust this platform as it is secure and have strong encryption. As long as you take the right security precautions, there’s no reason why it can’t be used to its full potential on your team, whether you’re a small shop or a multinational enterprise.

What information does Slack collect?

As mentioned in their privacy policy, Customers or individuals granted access to a Workspace by a Customer (“Authorized Users”) routinely submit Customer Data to Slack when using the Services.

What are the security risks of Slack?

Slack is a completely safe and secure platform but the risks can be occur from user end. If you are a slack user, you must have the clear understanding of the risks involved. Here are the top 3 security risks if your organization uses slack.

  1. Admin Roles

Granting admin rights to one or two users can be beneficial, as it prevents only one employee being responsible for creating, moderating and managing user groups. When employees left the the company or when their contract has ended with the company, they may retain access to the confidential or sensitive information.

To prevent this, businesses needs to ask Admin that handles creating and deleting Slack user accounts. That individual must know exactly when to on-board and off-board slack user and guest accounts.

2. Third Party Apps

There are millions of third party app available on the internet that needs permission, integration and access to your personal data.

Be extra careful when linking Slack to third-party apps, especially those that contain other types of sensitive information (such as your CRM, Google Drive, etc). As a general rule, avoiding third-party app integrations is a safer approach.

3. System Vulnerabilities

Hackers are always hungry to hunt organization’s systems and infrastructure. Make sure that your system is up to date and have necessary security tools installed in your system, such as virtual private network, antivirus and others. Using these tools can be a added security layer to your system.

As with any other tool, the shared responsibility model is key. Take responsibility for your half of the security equation, and you’ll be well on your way to a secure Slack implementation.

About the Author:

Susan Alexandra is an independent contributor at Securitytoday and Tripwire. She is a small business owner, traveler and investor of cryptocurrencies. Susan’s inbox is open for new ideas and stories, you can share the story idea to susanalexandra67@gmail.com.

Pierluigi Paganini

(SecurityAffairs – Slack, encryption)


The post Slack Launched Encryption Key Addon For Businesses appeared first on Security Affairs.

Security Affairs: Slack Launched Encryption Key Addon For Businesses

Slack announced today to launch encryption keys that will help businesses to protect their data.
Slack announced today to launch encryption keys that will help businesses to protect their data.

Staying safe is the toughest job in this risky online world. With the exponential growth of online threats, companies are working days and nights to fight with the hackers, snoopers, cybercriminals and other bad guys. One of the main reason why companies are launching security centric features is, they value their customer’s data, privacy and security.

Slack announced today to launch encryption keys that will help businesses to protect their data. The team introduced Slack Enterprise Key Management (Slack EKM) add-on feature to its Enterprise Grid, that allows businesses to create their own security keys and control encryption and decryption of conversations, files, and the data they share using their chat platform. With this key management feature, the Slack team hopes to give customers more control over sensitive data.

Using Slack EKM, IT admins can revoke access to data within a particular Slack channel, for example, rather than disrupting all users on the entire platform. The Chief Security Officer Slack, Geoff Belknap said, “Organizations that are security-minded, especially in highly regulated markets—such as financial services, health care and government—are typically underserved in terms of which collaboration tools they can use, so we wanted to design an experience that catered to their particular security needs.”

What is the purpose of Enterprise Key Management if Slack really encrypts the data?

Slack currently encrypts your data in transit and at rest. But the purpose of EKM is just to give an extra layer of protection to its customers. This tool adds an extra layer of protection without interfering with the operation of Slack apps. It can be beneficial especially for those those who are in regulated industries. They can share chats, files and other data, all while still meeting their own risk mitigation requirements.

Is Slack safe to use?

Slack is a great platform to have conversations around the world. According to Forbes, more than six million people use Slack daily, spending on average more than two hours each day inside the chat app. Organizations and people use this because they simply trust this platform as it is secure and have strong encryption. As long as you take the right security precautions, there’s no reason why it can’t be used to its full potential on your team, whether you’re a small shop or a multinational enterprise.

What information does Slack collect?

As mentioned in their privacy policy, Customers or individuals granted access to a Workspace by a Customer (“Authorized Users”) routinely submit Customer Data to Slack when using the Services.

What are the security risks of Slack?

Slack is a completely safe and secure platform but the risks can be occur from user end. If you are a slack user, you must have the clear understanding of the risks involved. Here are the top 3 security risks if your organization uses slack.

  1. Admin Roles

Granting admin rights to one or two users can be beneficial, as it prevents only one employee being responsible for creating, moderating and managing user groups. When employees left the the company or when their contract has ended with the company, they may retain access to the confidential or sensitive information.

To prevent this, businesses needs to ask Admin that handles creating and deleting Slack user accounts. That individual must know exactly when to on-board and off-board slack user and guest accounts.

2. Third Party Apps

There are millions of third party app available on the internet that needs permission, integration and access to your personal data.

Be extra careful when linking Slack to third-party apps, especially those that contain other types of sensitive information (such as your CRM, Google Drive, etc). As a general rule, avoiding third-party app integrations is a safer approach.

3. System Vulnerabilities

Hackers are always hungry to hunt organization’s systems and infrastructure. Make sure that your system is up to date and have necessary security tools installed in your system, such as virtual private network, antivirus and others. Using these tools can be a added security layer to your system.

As with any other tool, the shared responsibility model is key. Take responsibility for your half of the security equation, and you’ll be well on your way to a secure Slack implementation.

About the Author:

Susan Alexandra is an independent contributor at Securitytoday and Tripwire. She is a small business owner, traveler and investor of cryptocurrencies. Susan’s inbox is open for new ideas and stories, you can share the story idea to susanalexandra67@gmail.com.

Staying safe is the toughest job in this risky online world. With the exponential growth of online threats, companies are working days and nights to fight with the hackers, snoopers, cybercriminals and other bad guys. One of the main reason why companies are launching security centric features is, they value their customer’s data, privacy and security.

Slack announced today to launch encryption keys that will help businesses to protect their data. The team introduced Slack Enterprise Key Management (Slack EKM) add-on feature to its Enterprise Grid, that allows businesses to create their own security keys and control encryption and decryption of conversations, files, and the data they share using their chat platform. With this key management feature, the Slack team hopes to give customers more control over sensitive data.

Using Slack EKM, IT admins can revoke access to data within a particular Slack channel, for example, rather than disrupting all users on the entire platform. The Chief Security Officer Slack, Geoff Belknap said, “Organizations that are security-minded, especially in highly regulated markets—such as financial services, health care and government—are typically underserved in terms of which collaboration tools they can use, so we wanted to design an experience that catered to their particular security needs.”

What is the purpose of Enterprise Key Management if Slack really encrypts the data?

Slack currently encrypts your data in transit and at rest. But the purpose of EKM is just to give an extra layer of protection to its customers. This tool adds an extra layer of protection without interfering with the operation of Slack apps. It can be beneficial especially for those those who are in regulated industries. They can share chats, files and other data, all while still meeting their own risk mitigation requirements.

Is Slack safe to use?

Slack is a great platform to have conversations around the world. According to Forbes, more than six million people use Slack daily, spending on average more than two hours each day inside the chat app. Organizations and people use this because they simply trust this platform as it is secure and have strong encryption. As long as you take the right security precautions, there’s no reason why it can’t be used to its full potential on your team, whether you’re a small shop or a multinational enterprise.

What information does Slack collect?

As mentioned in their privacy policy, Customers or individuals granted access to a Workspace by a Customer (“Authorized Users”) routinely submit Customer Data to Slack when using the Services.

What are the security risks of Slack?

Slack is a completely safe and secure platform but the risks can be occur from user end. If you are a slack user, you must have the clear understanding of the risks involved. Here are the top 3 security risks if your organization uses slack.

  1. Admin Roles

Granting admin rights to one or two users can be beneficial, as it prevents only one employee being responsible for creating, moderating and managing user groups. When employees left the the company or when their contract has ended with the company, they may retain access to the confidential or sensitive information.

To prevent this, businesses needs to ask Admin that handles creating and deleting Slack user accounts. That individual must know exactly when to on-board and off-board slack user and guest accounts.

2. Third Party Apps

There are millions of third party app available on the internet that needs permission, integration and access to your personal data.

Be extra careful when linking Slack to third-party apps, especially those that contain other types of sensitive information (such as your CRM, Google Drive, etc). As a general rule, avoiding third-party app integrations is a safer approach.

3. System Vulnerabilities

Hackers are always hungry to hunt organization’s systems and infrastructure. Make sure that your system is up to date and have necessary security tools installed in your system, such as virtual private network, antivirus and others. Using these tools can be a added security layer to your system.

As with any other tool, the shared responsibility model is key. Take responsibility for your half of the security equation, and you’ll be well on your way to a secure Slack implementation.

About the Author:

Susan Alexandra is an independent contributor at Securitytoday and Tripwire. She is a small business owner, traveler and investor of cryptocurrencies. Susan’s inbox is open for new ideas and stories, you can share the story idea to susanalexandra67@gmail.com.

Pierluigi Paganini

(SecurityAffairs – Slack, encryption)


The post Slack Launched Encryption Key Addon For Businesses appeared first on Security Affairs.



Security Affairs

Education and Science Giant Elsevier Left Users’ Passwords Exposed Online

The world's largest scientific publisher, Elsevier, left a server open to the public internet, exposing user email addresses and passwords. "The impacted users include people from universities and educational institutions from across the world," reports Motherboard. "It's not entirely clear how long the server was exposed or how many accounts were impacted, but it provided a rolling list of passwords as well as password reset links when a user requested to change their login credentials." From the report: "Most users are .edu [educational institute] accounts, either students or teachers," Mossab Hussein, chief security officer at cybersecurity company SpiderSilk who found the issue, told Motherboard in an online chat. "They could be using the same password for their emails, iCloud, etc." Motherboard verified the data exposure by asking Hussein to reset his own password to a specific phrase provided by Motherboard before hand. A few minutes later, the plain text password appeared on the exposed server. Elsevier secured the server after Motherboard approached the company for comment. Hussein also provided Elsevier with details of the security issue. An Elsevier spokesperson told Motherboard in an emailed statement that "The issue has been remedied. We are still investigating how this happened, but it appears that a server was misconfigured due to human error. We have no indication that any data on the server has been misused. As a precautionary measure, we will also be informing our data protection authority, providing notice to individuals and taking appropriate steps to reset accounts."

Read more of this story at Slashdot.

RedHat: RHSA-2019-0597:01 Moderate: cloud-init security update

An update for cloud-init is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

The Internet is at risk: why is ICANN pushing for the use of DNSSEC?

ICANN DNSSEC

In the world of cybersecurity, there’s a concept that is well known to most experts: man in the middle. This, generally speaking, is when an intruder places himself between two elements in order to deceive the user.

The expression is usually applied to DNS attacks. In this kind of attack, the cybercriminal attacks a domain’s DNS in order to change the address to which it redirects. This kind of DNS attack can take a user to a malicious website, when in fact, they believed they were visiting a trustworthy site. This method can be used to harm users’ cybersecurity in many ways, but the most common is to steal passwords.

Security agencies on alert

This kind of incident is on the up. And it’s not just isolated incidents happening to one or two people; whole organizations and institutions are being affected. Towards the end of 2018, several cybersecurity companies became aware of something seriously troubling: a group of cybercriminals, most likely from Iran, were orchestrating a series of DNS attacks. These attacks were designed to breach the IT security of bodies such as the Lebanese and UAE governments.

And these aren’t the only examples: according to the Cybersecurity and Infrastructure Security Agency (CISA), several agencies in the United States have also been attacked with this method, putting them in a constant state of alert.

And this situation isn’t a passing trend. The Government of the United States, via the Department of Homeland Security, has acknowledged that it has detected “a pattern of multifaceted attacks that use different methodologies.” This includes DNS attacks where, by changing the digital signature, different websites are redirected to malicious portals.

The importance of DNSSEC

Given the current situation, the Internet Corporation for Assigned Names and Numbers (ICANN) has called on all large public and private organizations to reinforce their DNS security by using the Domain Name System Security Extensions (DNSSEC).

This protection system digitally signs data to assure its validity via verifiable chains of trust. It has been in development for around 20 years, and is one of the most effective measures when it comes to fighting this kind of cyberattack. However, its success in the business world and in the ambit of public administrations is more limited; it is estimated that only around 20% of organizations use this system, while among Fortune 1000 companies this figure falls to just 3%.

This data is rather worrying if we bear in mind the fact that the consequences of an attack of this kind can be extremely serious. In cases where similar large-scale cyberattacks have been carried out, the repercussions were serious enough to cause grave crises for those who were affected. We need look no further that 2016, when Dyn suffered the largest DNS attack in recent history. As a result, tech giants such as Twitter, Tumblr, Spotify, The New York Times and CNN all became unavailable for a period of time. In 2017, the power supply in Ukraine was brought down by a similar attack. As we can see, it is not just a case of the Internet going down in people’s houses; incidents of this kind can bring down a huge range of digitalized services, many of which are essential in the day-to-day of our companies. And even in the best case scenario, companies that have been attacked in this way will face million euro losses.

The implementation of DNSSEC and the kind of protection that it provides is therefore absolutely vital, especially for large organizations, be they public or private. The fact is that, as ICANN reminds us, having this kind of protection doesn’t guarantee 100% that a website won’t suffer any kind of attack. What it does guarantee, however, is that DNS attacks are impossible. As such, although there is never going to be total security against cybercriminal activity, the better protected corporate cybersecurity is, the harder it will be to break in. To this end, DNSSEC has become a vital layer of security in 2019.

The post The Internet is at risk: why is ICANN pushing for the use of DNSSEC? appeared first on Panda Security Mediacenter.

RedHat: RHSA-2019-0580:01 Low: openstack-ceilometer security and bug fix

An update for openstack-ceilometer is now available for Red Hat OpenStack Platform 14.0 (Rocky). Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which

BBC Visits ‘Hated and Hunted’ Ransomware Expert

In "Hated and hunted," a BBC reporter describes visiting a ransomware expert "who has devoted himself, at huge personal cost, to helping victims of ransomware around the world." They hate him so much that they leave him angry threats buried deep inside the code of their own viruses... "I was shocked but I also felt a real sense of pride," says Fabian. "Almost like, a little bit cocky. I'm not going to lie, yeah, it was nice...." He works remotely for a cyber security company, often sitting for hours at a time working with colleagues in different countries. When he's "in the zone", the outside world becomes even less important and his entire existence focuses on the code on his screen. He once woke up with keyboard imprints all over his face after falling asleep during a 35-hour session. All of this to create anti-ransomware programs that he and his company usually give away free. Victims simply download the tools he makes for each virus, follow the instructions and get their files back... According to research from Emsisoft, the cyber security company Fabian works for, a computer is attacked every two seconds. Their network has managed to prevent 2,584,105 infections in the past 60 days -- and that's just one anti-virus firm of dozens around the world.... "It's pretty much an arms race," says Fabian. "They release a new ransomware virus, I find a flaw in its code and build the decryption tool to reverse it so people can get their files back. Then the criminals release a new version which they hope I can't break... It escalates with them getting more and more angry with me...." Fabian accepts that moving around and restricting his life and circle of friends is just a part of the sacrifice for his hobby-turned-profession... He earns a very good salary but looking around his home and at his life it's hard to see how he spends it. He estimates that he's "upset or angered" 100 different ransomware gangs (based on his analysis of the Bitcoin wallets where they collect their ransoms.) One group had collected about $250,000 (£191,000) in three months -- until Fabian created a countering anti-ransomware program -- which is one reason he carefully hids his identity. "I know how much money they make and it would be literally nothing for them to drop 10 or 20,000 for like some Russian dude to turn up to my house and beat the living hell out of me."

Read more of this story at Slashdot.

ONS Evolution: Cloud, Edge, and Technical Content for Carriers and Enterprise

The first Open Networking Summit was held in October 2011 at Stanford University and described as a premier event about OpenFlow and Software-Defined Networking (SDN)". Here we are seven and half years later and I'm constantly amazed at both how far we've come since then, and at how quickly a traditionally slow-moving industry like telecommunications is embracing change and innovation powered by open source.

Counter-Strike 1.6 game client 0-day exploited to spread Belonard trojan

By Waqas

Dr. Web’s cybersecurity researchers have identified an attacker is trying to exploit zero-day vulnerabilities in Counter-Strike 1.6 game specifically to distribute Belonard Trojan. Reportedly, about 39% of all the active servers of the game on Steam have been manipulated and compromised to hack the computers of gamers from a remote location. Counter-Strike 1.6, released around […]

This is a post from HackRead.com Read the original post: Counter-Strike 1.6 game client 0-day exploited to spread Belonard trojan

Fedora 29: php Security Update

**PHP version 7.2.16** (07 Mar 2019) **Core:** * Fixed bug php#77589 (Core dump using parse_ini_string with numeric sections). (Laruence) * Fixed bug php#77630 (rename() across the device may allow unwanted access during processing). (Stas) **EXIF:** * Fixed bug php#77509 (Uninitialized read in exif_process_IFD_in_TIFF). (Stas) * Fixed bug php#77540 (Invalid Read on

Hackers are using 19-year-old WinRAR bug to install nasty malware

By Waqas

By using the bug, hackers are desperately dropping persistent malware through generic trojan on systems using the old version of WinRar. McAfee security firm’s researcher Craig Schmugar has identified that the world famous and commonly used compression software WinRar is plagued with code execution vulnerability for the past nineteen years. Resultantly, over 100 exploits have surfaced that […]

This is a post from HackRead.com Read the original post: Hackers are using 19-year-old WinRAR bug to install nasty malware

SciLinux: Important: kernel on SL7.x x86_64

kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972) * kernel: Faulty computation of numberic bounds in the BPF verifier (CVE-2018-18445) Bug Fix(es) and Enhancement(s): * kernel fuse invalidates cached attributes during reads * [NetApp-FC-NVMe] SL7.6: nvme reset gets hung i [More...]

It is the first time in the history that civic groups hold a protest against a national CERT

Demonstration in front of the National CERT of Philippines for failing to act on cyber attacks targeting regime critical media and civil society organizations

On March 12, the World Day Against Cyber-Censorship, media and civil
society organizations in Philippines held a demonstration in front of
NCERT (National Computer Emergency Response Team) to protest against the negligence of the NCERT to support the investigation of the three
months’ long Distributed Denial of Service attacks against regime
critical media and civil society organizations in the Philippines.

It is the first time in history that civic groups hold a protest against a national CERT for not performing their duties. For more than three months, cyber attacks have targeted Philippine independent media such as BulatlatKodao ProductionsPinoy WeeklyManila TodayAltermidya and  the National Union of Journalists of the Philippines.

Since the attacks only target regime critical sources, they are likely to be politically motivated and perhaps even state supported.

Qurium Media Foundation, a non-profit digital solutions provider, is assisting the organizations that are under persistent and intense DDoS attacks and is hosting a handful of them.  As a member of CiviCERT, a Computer Incident Response Center for Civil Society, Qurium has reached out to NCERT (the national CERT of the Philippines) to request assistance to investigate the attacks, which were sourced from Philippine infrastructure. Despite three attempts from CiviCERT to reach NCERT by email, no response has been received.  According to NCERT’s operations manual, they are required to notify an international reporter (like CiviCERT) within 48h if a request is regarded as “false alarm”. If the request is deemed as valid, a forensics analysis must  be initiated.

Due to the lack of response from NCERT, Qurium has opened a digital forensic investigation to attribute the attacks. The investigation has not yet been published, but is expected to be released later this month.

“These attacks are in fact part of a series of attempts to stifle press freedom here as seen in the recent arrest of long-time journalist Maria Ressa and several threats that no less than the president himself issued against dominant news agencies Philippine Daily Inquirer and ABS-CBN” says Bulatlat.

On 13 February Maria Ressa, one of  TIME Magazine’s Person of the Year 2018 and CEO of the news site Rappler, was arrested on charges of cyber libel, stemming from a story that linked a businessman, in illegal drugs and human trafficking, to former Supreme Court Justice Renato Corona. Ressa was released on 14 February.

Bulatlat adds in its statement; “Statistics, too, can speak for itself on the dire situation of press freedom in the Philippines. There are now 12 journalists killed under President Duterte. The National Union of Journalists in the Philippines has documented 85 cases of threats and intimidation against journalists as of November 2018.”

It is the first time in history that civic groups hold a protest against
a national CERT for not performing their duties. For more than three
months, cyber attacks have targeted Philippine independent media such as
Bulatlat, Kodao Productions, Pinoy Weekly, Manila Today, Altermidya and
the National Union of Journalists of the Philippines.

NCERT protest1-1170x300

Since the attacks only target regime critical sources, they are likely
to be politically motivated and perhaps even state supported.

Qurium Media Foundation, a non-profit digital solutions provider, is
assisting the organizations that are under persistent and intense DDoS
attacks and is hosting a handful of them. As a member of CiviCERT, a
Computer Incident Response Center for Civil Society, Qurium has reached
out to NCERT (the national CERT of the Philippines) to request
assistance to investigate the attacks, which were sourced from
Philippine infrastructure. Despite three attempts from CiviCERT to reach
NCERT by email, no response has been received. According to NCERT’s
operations manual, they are required to notify an international reporter
(like CiviCERT) within 48h if a request is regarded as “false alarm”. If
the request is deemed as valid, a forensics analysis must be initiated.

Due to the lack of response from NCERT, Qurium has opened a digital
forensic investigation to attribute the attacks. The investigation has
not yet been published, but is expected to be released later this month.

These attacks are in fact part of a series of attempts to stifle press
freedom here as seen in the recent arrest of long-time journalist Maria
Ressa and several threats that no less than the president himself issued
against dominant news agencies Philippine Daily Inquirer and ABS-CBN,
says Bulatlat.

On 13 February Maria Ressa, one of TIME Magazine’s Person of the Year
2018 and CEO of the news site Rappler, was arrested on charges of cyber
libel, stemming from a story that linked a businessman, in illegal drugs
and human trafficking, to former Supreme Court Justice Renato Corona.
Ressa was released on 14 February.

Bulatlat adds in its statement; “Statistics, too, can speak for itself
on the dire situation of press freedom in the Philippines. There are now
12 journalists killed under President Duterte. The National Union of
Journalists in the Philippines has documented 85 cases of threats and
intimidation against journalists as of November 2018.”

About the author Clara Zid
Outreach and Media – Investigative journalist
Qurium Media Foundation | Virtualroad.org

Pierluigi Paganini

(SecurityAffairs – National CERT of Philippines, hacking)

The post It is the first time in the history that civic groups hold a protest against a national CERT appeared first on Security Affairs.

Javier Diéguez (BCSC): “To increase their cyber-resilience, companies first need to find a reliable partner”

Javier Diéguez

One thing that has become quite clear over the last few years is the fact that cybersecurity goes beyond the purely technological: it is a set of practices. According to Javier Diéguez, director of the Basque Cybersecurity Centre, we now understand that cybersecurity involves an element of best practices and enterprise risk management. This has given our discipline a much more transversal role. Security is now taken into accou-nt as a critical factor at a managerial level in businesses, and not just as a concern for the IT department.

Javier Diéguez
Javier Diéguez

Javier has over 15 years’ experience in the corporate and industrial security sector, and was chosen to set up the Basque Cybersecurity Centre. Diéguez also makes up part of the team of experts that collaborated with the National Center for the Protection of Critical Infrastructures (CNPIC) to help define the sectoral strategic plans for the electricity sector. Here’s what he had to say:

  • What does your job as the director of the Basque Cybersecurity Centre entail?

I was hired to create the BCSC from scratch, managing a series of short-term objectives such as organizing the centre itself and establishing relationships with other national and European agencies. I was also tasked with constructing basic services to increase the maturity of the Basque cybersecurity industry, fostering a corporate culture of protection and defense.

As well as having a particular awareness of how important it is to protect industry and to encourage competitiveness, the Basque Country has a rather important emerging cybersecurity sector. There’s no other place with such a high concentration of cybersecurity startups and technology products. At the BCSC, it’s our obligation to develop that ecosystem and encourage it to grow, to search for international connections and opportunities; as it is a digital business, it can’t remain merely at a local level.

  • In your opinion, what are the most serious threats around these days?

The majority of complaints that we receive are related to all kinds of different fraud: from indiscriminate phishing to highly targeted attacks, like impersonating the CEO. In a more industrial environment, as is the economic core of the Basque Country, there are another two important types of attack. The first of these is sabotage: disrupting operations, which is less common, but can take on a lot of different forms in an industrial environment. And a second threat, one that is far more difficult to spot, is cyber espionage. This kind of attack is mainly about stealing intellectual property in order to get a competitive advantage and endanger a potential business rival, as well as stealing information about commercial strategies

  • A lot of your career has been dedicated to critical infrastructures, especially electrical infrastructures. What are the most common risks that affect that industry?

Attacks on businesses were considered nigh on impossible, or at least extremely difficult, until just a few years ago. However, nowadays the systems used by critical infrastructures are increasingly connected to the Internet, opening up more points of contact with the outside, especially for maintenance work. There needs to be a high level of surveillance to make sure that the perimeter, that surface that is exposed to the Internet, is properly protected. It is also important to make sure that networks are separated within the company, differentiating between critical networks and those that are less important. In this area, there’s still a lot of work to do: segmentation isn’t always as it should be, perimeters aren’t always well defined, and nor are they well protected against unauthorized access, either intentional or accidental.

There is also a series of problems related to the longevity and diversity of the systems and lifecycles of the systems that support critical infrastructures. The lifecycles of the systems in electrical infrastructures last decades. We see cases where systems from entirely different generations work side by side; many of them are legacy systems. It’s not uncommon, for example, to come across a Windows NT 4.0 operating system, which is from 1996. Maintenance for this software just doesn’t exist, and patches for these systems are no longer manufactured.

A third problem comes from the nature of the technology and the support policy that the manufacturers of the equipment have. A company like Siemens or Honeywell usually sets limitations so that their customers, the infrastructure operators, can add independent or external control mechanisms to the package of solutions that the manufacturer has sold. This limits the evolution of the protections in our environment.

  • How can a company increase its cyber-resilience?

Organizations need to diagnose their risk profile, and give themselves a check-up. To do this, the first thing that a company must do is to find a trustworthy partner. It is in the company’s interest to choose a cybersecurity partner that is independent of the organization, guided by the company’s managers, who know the business’s priorities. This means that they are able to establish priorities and determine the most important assets and processes that need to be protected. Once this profile and these priorities have been defined, a company can start to take steps. There are also many basic measures that need to be applied.

The post Javier Diéguez (BCSC): “To increase their cyber-resilience, companies first need to find a reliable partner” appeared first on Panda Security Mediacenter.

This Day in History: Nazis Invade Czechoslovakia

Radio Praha remembers this dark day in history with a post including some poetry. It begins… Eighty years ago today, on March 15 1939, Hitler gave Czechoslovak President Emil Hácha a stark choice: accept becoming a protectorate or face destruction. There was no choice, really, as Hácha was tortured and literally manipulated by Nazi “doctors” … Continue reading This Day in History: Nazis Invade Czechoslovakia

This Week in Security News: Security Vulnerabilities

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn what critical approaches can protect your enterprise business from software vulnerabilities. Also, learn about vulnerabilities in IoT alarms that let hackers hijack cars.

Read on:

How to get Ahead of Vulnerabilities and Protect your Enterprise Business

There are several critical approaches today’s businesses and IT teams can take to safeguard their organization from software vulnerabilities.

 

Researchers Find Critical Backdoor in Swiss Online Voting System

Researchers have found a severe issue in the new Swiss internet voting system that they say would let someone alter votes undetected. They say it should put a halt to Switzerland’s plan to roll out the system in real elections this year.

New SLUB Backdoor Uses GitHub, Communicates via Slack

Trend Micro recently came across a previously unknown malware that piqued interest in finding how the malware was spread via water hole attacks and was connecting to the slack Platform.

Navy, Industry Partners Are ‘Under Cyber Siege’ by Chinese Hackers, Review Asserts

The Navy and its industry partners are “under cyber siege” by Chinese hackers and others who have stolen national security secrets in recent years, exploiting critical weaknesses that threaten the U.S.’s standing as the world’s top military power. 

A Machine Learning Model to Detect Malware Variants

When malware is difficult to discover, Trend Micro proposes a machine learning model that uses adversarial autoencoder and semantic hashing to find what bad actors try to hide. 

Trend Micro: IoT Brings Innovation, But Also Threats

The growth of 5G and the Internet of Things may be helping to bring smarter and more connected experiences and services around the world, but may also be exposing users to more security worries.

Vulnerabilities in Smart Alarms Can Let Hackers Hijack Cars

Vulnerabilities in third-party car alarms managed via their mobile applications were uncovered and seem to affect around 3 million cars that use these “smart” internet-of-things (IoT) devices.

Facebook Sues Ukrainian Hackers Who Stole User Info Via Personality Quizzes

Facebook filed a lawsuit against two Ukrainian nationals who allegedly used personality quizzes to steal user information from 63,000 people between 2016 and 2018, mostly in Russia. 

StackStorm DevOps Software Vulnerability CVE-2019-9580 Allows Remote Code Execution

Popular open-source DevOps automation software StackStorm was reported to have a critical vulnerability that could allow remote attackers to perform arbitrary commands on targeted servers.

Do you think vulnerabilities in IoT car devices will decrease throughout the year? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Security Vulnerabilities appeared first on .

Cyberfort Group Acquires Defensive Cyber Specialist Auriga Consulting.

The Cyberfort Group has strengthened its end-to-end data security proposition with the acquisition of Auriga Consulting for an undisclosed sum.

As a centre of excellence in cyber security, assurance and monitoring services, Auriga offers bespoke solutions in risk and compliance management, cyber design and implementation and cyber monitoring and intelligence. With a track record of supporting high profile international government departments, it will also add considerable experience in working with public sector organisations to the Cyberfort Group.

Auriga brings with it an internally developed Security Operations Centre (SOC) and Security Information and Event Management (SIEM) solution, operating under the Compass and Cybergator brands, that will form the fourth and final strategic area of capability, completing Cyberfort Group’s four-pillared approach to data security: protect, detect, advise and shield.

As the fourth business to join the Cyberfort Group, Auriga will join ultra-secure cloud and managed services provider, The Bunker, penetration testing specialist, Arcturus, and cyber security consultancy, Agenci.

Andy Hague, CEO at Cyberfort Group said: “Cyberfort Group was established to bring together best-in-breed businesses from across the data security landscape, with a clear focus on world-class talent and exceptional infrastructure. As a recognised leader in the cyber security field with a recognised pedigree in both the public and private sectors, Auriga was a natural fit.

“As part of our mission to deliver total data assurance, it’s vital that all of our businesses can adapt and evolve with the changing risk and regulatory environment. Auriga’s tailored, defensive offering means that it will easily integrate with the services provided by our other businesses.”

Louise Dunne, CEO at Auriga Consulting added: “Since launching in 2012, our client-focused approach has seen us evolve from a micro company to a recognised SME delivering high-end cyber consultancy services to UK HMG departments, agencies and industry corporations alike. Our acquisition by Cyberfort Group will take Auriga Consulting to the next level and we look forward to combining our defensive services with those provided by The Bunker, Arcturus and Agenci to deliver a unique end to end security proposition to our customers.”

Tony Dickin, Partner at Palatine Private Equity, said: “Auriga marks the second bolt-on acquisition we’ve made for the Cyberfort Group, and demonstrates the scalability of the firm as we complete its four-pillar approach. In a little under two years, we’ve established a truly end-to-end data security provider, which offers clients a full scope of services to protect vital information. We are confident this acquisition will provide a platform for significant further growth in the future.”

The post Cyberfort Group Acquires Defensive Cyber Specialist Auriga Consulting. appeared first on IT Security Guru.

Media Alert: Proofpoint Research Reveals 65% Increase In Cloud Application Attacks In Q1 2019; 40% Of Attacks Originating From Nigeria.

Proofpoint, Inc., a leading cybersecurity and compliance company, today released its Cloud Application Attack Snapshot: Q1 2019 research, which examined over one hundred thousand cloud application attacks aimed at global organizations between September 2018 and February 2019. Overall, targeting attempts increased by 65 percent during that time period with 40 percent originating in Nigeria. China was the second most prevalent country of origin, with 26 percent of attacks originating from Chinese IP addresses.

Cloud application attacks use intelligence driven brute-force techniques (to crack passwords) and sophisticated phishing methods to lure victims into clicking and revealing their authentication credentials to break into cloud applications including Microsoft Office 365 and Google G Suite. If successful, attackers often increase their foothold in organizations by spreading laterally through internal phishing messages to infect additional users, access confidential information, and fraudulently route funds.

“As organizations continue to move their mission-critical business functions to the cloud, cybercriminals are taking advantage of legacy protocols that leave individuals vulnerable when using cloud applications,” said Ryan Kalember, executive vice president of Cybersecurity Strategy for Proofpoint. “These attacks are laser-focused on specific individuals, rather than infrastructure, and continue to grow in sophistication and scope. As a best practice, we recommend that organizations establish a cloud-first approach to security that prioritizes protecting employees and educates users to identify and report these advanced techniques and methods.”

Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts. This industry, and students especially, are highly vulnerable due to their remote nature.

Additional Proofpoint Cloud Application Attack Research Findings

Brute-Force Cloud App Attack Findings:

· IMAP-based password spraying attacks are the most popular and extensive technique used to compromise Microsoft Office 365 accounts. These attacks occur when cybercriminals attempt common or recently leaked credentials across many different accounts at the same time.

· Most brute-force attacks originated in China (53%), followed by Brazil (39 percent), and the U.S. (31 percent).

· Over 25 percent of examined Office 365 tenants experienced unauthorized logins and over 60 percent were actively targeted. Overall, the success ratio in Q1 2019 was 44 percent.

Phishing Cloud App Attack Findings:

· Most phishing cloud app attacks originate from Nigeria (63 percent), followed by South Africa (21 percent), and the United States via VPNs (11 percent).

· Attackers will often modify email forwarding rules or set email delegations to maintain access. They will also use conspicuous VPN services to bypass conditional access and geolocation-based authentication.

To access Proofpoint’s Cloud Application Attack Snapshot: Q1 2019 research, please visit: https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols

The post Media Alert: Proofpoint Research Reveals 65% Increase In Cloud Application Attacks In Q1 2019; 40% Of Attacks Originating From Nigeria. appeared first on IT Security Guru.

Fedora 28: php Security Update

**PHP version 7.2.16** (07 Mar 2019) **Core:** * Fixed bug php#77589 (Core dump using parse_ini_string with numeric sections). (Laruence) * Fixed bug php#77630 (rename() across the device may allow unwanted access during processing). (Stas) **EXIF:** * Fixed bug php#77509 (Uninitialized read in exif_process_IFD_in_TIFF). (Stas) * Fixed bug php#77540 (Invalid Read on

SimBad malware on Play Store infected millions of Android devices

By Waqas

Most of the applications infected by SimBad malware are simulator games. The IT security researchers at Check Point have discovered a sophisticated malware campaign that has been targeting Android users through Google Play Store on a global level and so far more than 150 million users have fallen prey to it. Dubbed SimBad by researchers; the malware disguises […]

This is a post from HackRead.com Read the original post: SimBad malware on Play Store infected millions of Android devices

Mageia 2019-0108: gnupg2 security update

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to