Forewarned is forearmed: The critical importance of threat Intelligence

Botnets, malspam, zero-day vulnerabilities, and remote access trojans: as COVID-19 continues to ramp up the cyber threatscape, and work-from-home vulnerabilities raise new demands, it’s tempting to bury our heads in the sand. The smarter move, however, is to invest in reliable and actionable threat intelligence. The world may have changed dramatically, but knowledge is still…

The post Forewarned is forearmed: The critical importance of threat Intelligence first appeared on IT World Canada.

Safari, other mobile browsers affected by address bar spoofing flaws

Security researcher Rafay Baloch has discovered address bar spoofing vulnerabilities in several mobile browsers, which could allow attackers to trick users into sharing sensitive information through legitimate-looking phishing sites. “With ever growing sophistication of spear phishing attacks, exploitation of browser-based vulnerabilities such as address bar spoofing may exacerbate the success of spear phishing attacks and hence prove to be very lethal,” he noted. “First and foremost, it is easy to persuade the victim into stealing … More

The post Safari, other mobile browsers affected by address bar spoofing flaws appeared first on Help Net Security.

Cloud computing will power pandemic recovery in 2021

In the coming year, cloud will power how companies adapt to the “new, unstable normal.” It’s still uncertain how far into 2021 we’ll continue to work from home, shop primarily online, or avoid air travel -- it’s clear though that becoming more agile, responsive, and adaptive than ever before is inevitable for every enterprise.

Chrome 86.0.4240.111 fixes actively exploited CVE-2020-15999 zero-day

Google has released Chrome version 86.0.4240.111 that also addresses the CVE-2020-15999 flaw which is an actively exploited zero-day.

Google has released Chrome version 86.0.4240.111 that includes security fixes for several issues, including a patch for an actively exploited zero-day vulnerability tracked as CVE-2020-15999.

The CVE-2020-15999 flaw is a memory corruption bug that resides in the FreeType font rendering library, which is included in standard Chrome releases.

White hat hackers from the Google Project Zero team spotted attacks exploiting the vulnerability in the wild.

The researchers did not disclose technical details about the attacks exploiting the CVE-2020-15999 in the wild to avoid mass exploitation from threat actors.

Google Project Zero is recommending other app development teams who use the same FreeType library to update their software as well.

The FreeType version 2.10.4 address this issue.

Chrome users can update their install to v86.0.4240.111 via the browser’s built-in update function.

Experts pointed out that since the patch for this zero-day is visible in the source code of the FreeType open-source library, threat actors will be able to make a reverse-engineering of the code and develop working exploits for the issue.

In the recent twelve months, Google addressed another two zero-day vulnerabilities tracked as CVE-2019-13720 (Oct. 2019) and CVE-2020-6418 (Feb. 2020) respectively

Pierluigi Paganini

(SecurityAffairs – hacking, Chrome)

The post Chrome 86.0.4240.111 fixes actively exploited CVE-2020-15999 zero-day appeared first on Security Affairs.

#InfosecurityOnline: Consider Flexible Training for Different Skill Sets

#InfosecurityOnline: Consider Flexible Training for Different Skill Sets

An employee improvement strategy should include scalable and practical training, an understanding of the employee’s skill set and certifications to validate that practical training.

Speaking as part of the Infosecurity Online event, Hack the Box technical account manager Sam Nye, and business development manager Katerina Tasiopoulou, said there are “major shifts rippling through the cybersecurity training sector,” especially as training has forced a move to online learning. Nye said some businesses and users are “suited to handle this” and while online training is not new, the way in which content is presented and interacted with has changed.

“Also the way we deliver training is important,” added Tasiopoulou. “In our industry, experience is useful in hardening skill set and learning skills like coding.”

Both speakers agreed that the pace of change of cybersecurity, especially in how exploits and vulnerabilities are introduced, demonstrates the need for adaptability, and that comes from ongoing training and for practical skills “throughout the year, and not just on a short course,” said Nye.

Tasiopoulou said there can be no such thing as “one size fits all” training, as all businesses have diverse skill sets and experience among their employees. “How can training be the same? It cannot, so understand that you need to give appropriate training to get the most out of your employees,” she stated.

“Although security can be consistent as a topic and some organizations have hundreds of employees and some have a handful, some are defensive, some offensive and some more consultative “so there is no training that can be beneficial to all of these use cases simultaneously.”

Tasiopoulou said training needs to be tailored, and also that certifications are important as a baseline for validating skills and for employees. However, the speakers acknowledged that certifications can become outdated. Therefore, the ideal scenario is to implement training that combines hands-on experience, acknowledges the varied skill set of your workforce and recognizes their certifications “to validate practical training.”

Election 2020: Make Sure Your Voice is Heard with These Tips

U.S. Elections

Election 2020: Make Sure Your Voice is Heard with These Tips & Best Practices

Last year, India exercised one of the greatest feats of democracy, trying to enable over 900 million people to vote in their general election. My mom lives in India, and I remember talking with her about their ambitious plans to reach every voter, no matter how remote their location. They sent poll workers deep into the jungle, and across rivers, to reach just a handful of voters. The result: a record turnout at over 67%.

In the United States, we too have an opportunity to fulfill our civic duties, with various options available to us to make sure our votes are heard. While many people choosing to mail in their votes for the very first time, there’s also a lot of confusion around election rules and security, not to mention a flood of misinformation online to be wary of.

Here at McAfee, we want to help you vote with confidence in this critical election. That’s why we’ve put together a number of tools, resources, and best practices to empower voters. Our hope is that every voice can be heard.

Demystifying Mail-In Voting

Let’s start with some questions you may have around mail-in voting, since twice as many people plan to mail in their ballots this year, compared to 2016. Of course, with the COVID-19 pandemic still active, it’s understandable that many people, especially the vulnerable, would prefer to mail their ballot, rather than go to a polling station. I personally got my mail-in ballot and am ready to mail it this week. If you haven’t decided on how to vote, you still have time to decide.

To get accurate information on mail-in voting, go directly to your state and local websites for guidance, including how to fill out your ballot, and when to turn it in. Rules vary state to state, but one thing we do know is that mail-in voting has proven to be a reliable and secure way to have your voice heard.

It’s great to see long lines to vote in some states already. If you are still concerned about election security and online scams, my colleague Judith Bitterli has written a great guide for locating reliable sources and protecting your vote (Key tip: always look for a .gov domain name).

She also has advice for making sure that your mail-in ballot counts.

Safe Election Surfing

When looking online for election resources, be aware that scammers and cybercriminals are always trying to take advantage of trending topics to misdirect users to dangerous websites and links. In fact, the FBI recently warned that bad actors have been setting up fake election websites, in an attempt to steal voters’ personal information, or get them to download dangerous files.

The Bureau suggests that you visit the U.S. Election Assistance Commission website for accurate information in a variety of languages. If you are concerned about clicking on risky links during the election or year-round, one smart action you can take is to install McAfee WebAdvisor, which warns you of risky sites before you click on them.

Although it can be tempting to believe election information posted on social media, especially by friends and family members, know that business school MIT Sloan says “fake news is at its peak” during online presidential years, and even your loved ones can be fooled.

But whether information is clickbait, or legitimate, it can still be posted to risky websites designed to steal your information, or download malware. That’s why McAfee released a new social media protection tool as part of WebAdvisor. Using color codes, the tool shows you which links are safe or risky right in your social feed, and can be used across all six major social media platforms. This makes it easier to avoid dangerous links posted on social channels. Given the increase in phishing we’ve observed in the last few months across PC and mobile platforms, a comprehensive security solution like McAfee® Total Protection can help keep your personal information and devices safe.

In-Person Voting

If you still plan to vote in person, or even better, volunteer as a poll worker, make sure that you have reliable information on voting times and locations. You’ll probably also want to look into local rules on health and safety precautions, so you are well prepared.

False and misleading information about COVID 19 has been swirling since the start of the pandemic, so it’s important that you seek verified information about the virus. Here again are some great tips from Judith on how to keep COVID misinformation from suppressing your vote.

 Exercise Your Right

Now that you know how to sidestep misinformation, find trusted resources, and plan your vote — either through the mail or in person— I hope that you will exercise your right, with confidence.

 

The post Election 2020: Make Sure Your Voice is Heard with These Tips appeared first on McAfee Blogs.

Maintaining Data Privacy in the Age of COVID

As the world continues to struggle with the impacts of the COVID-19 pandemic, data and data privacy have never been more critical. Our health status; our test results; our physical locations; our contacts with others – these are exactly the types of information that governments want to collect from individuals to control the spread of the virus, and that companies need to ensure safe working environments. But these are also the types of deeply personal information that people are concerned about sharing and that privacy regulations seek to protect on their behalf.

National or global emergencies are often accompanied by an erosion of individual rights as citizens willingly trade privacy for a sense of security, as anyone who flew before and after the 9/11 attacks can attest. As the COVID-19 virus spread across the world earlier this year, many predicted it would signal the end of data privacy. But consumers don’t see it that way.

The Cisco 2020 Consumer Privacy Survey, released today, explores how individuals around the world are balancing the need to share their information with the need for privacy in the current environment, as well as the ongoing importance of data privacy and privacy regulation. The report, which is our second annual look at consumer privacy issues, draws on responses from a double-blind survey of more than 2600 adults in 12 countries worldwide.

Here are a few highlights of the survey findings:

  1. Despite the pandemic, consumers continue to want their information protected. Most respondents (63%) want no changes to privacy laws or only limited exceptions. And while 57% support an employer’s need to check health information to ensure a safe workplace, only 37% support sharing information about infected neighbors or coworkers. Interestingly, with so many people working and learning remotely, 60% of them are concerned about the privacy protections associated with the tools they are being asked to use for collaborating and transacting remotely.
  2. Nearly a third of consumers are “Privacy Actives” – those who have stopped doing business with organizations over data privacy concerns. Consumers are taking matters into their own hands when they don’t trust how their data is used. The types of companies they have abandoned aren’t just online services, such as social media and ISPs, but traditional brick-and-mortar companies like retail stores, banks, and credit card companies. And once trust is broken, many of these customers are not likely to return.
  3. Consumers expect their governments to take the lead in protecting their data, and residents of all countries surveyed view their privacy laws very favorably. Consumers don’t always trust companies to adhere to their own privacy policies, so they think the primary responsibility should fall to national and local governments.  Given this need, it’s interesting that in every country surveyed, respondents who were aware of their country’s privacy laws overwhelmingly saw those laws as having a positive impact (e.g., respondents in Australia were 58% positive vs. 4% negative; in France, 43% positive vs. 1% negative).
  4. Consumers want more transparency on how their data is being used. Nearly half of all respondents don’t believe they are able to effectively protect their personal data today. The number one reason by far was the issue of transparency: consumers believe that companies simply make it too hard to figure out exactly what they are doing with their customers’ data.

This research suggests that privacy is not only a regulatory issue, but a consumer priority and a business imperative as well. At Cisco, we also believe that privacy is a fundamental human right. Based on that belief and our experience in protecting the data privacy of our customers, employees, and partners, we recommend that organizations do the following:

  • Provide as much transparency as possible to customers on what data you collect, how you use it, and how you protect it. Cisco publishes privacy data sheets and data maps that provide this information for many of our most popular products and services.
  • Ensure that your tools are safe and privacy-ready, and consider privacy issues early and throughout the design process. Cisco follows a privacy-by-design approach with our Secure Development Lifecycle.
  • Drive awareness of privacy regulations in each of the countries where you do business. When consumers understand what protections they have, they are more confident in sharing their data when requested.

 Additional Resources:

Consumer Privacy Infographic

Cisco 2020 Data Privacy Benchmark Study

Cisco Data Privacy

Cisco Trust Portal

The post Maintaining Data Privacy in the Age of COVID appeared first on Cisco Blogs.

Building trust through transparency and privacy by design

Privacy by design and default are principles that have been in the privacy engineering lexicon for decades, but only recently have come more broadly to light. These principles aren’t just recommendations or best practices anymore. Privacy by design and default are legally required of companies building products and services in or for the European Union market and other jurisdictions around the world.

Simply put, privacy by design and default demands that developers consider the privacy implications at the ideation phase and embed privacy protections and functionality into products and services from the start. And, to the extent there are optional configurations and user settings, the default settings should be the most privacy protective.

Privacy professionals have known – and the Cisco 2020 Consumer Privacy Survey provides supporting evidence – that consumers care deeply about privacy. Nearly one third of respondents, identified as “Privacy Actives,” said they stopped doing business with a company over data privacy concerns. Their biggest concern? Transparency. Nearly half did not know what companies were doing with their data and felt they were unable to effectively protect their privacy. Most respondents wanted more transparency in how their data is being used.

Cisco’s privacy program is anchored around three strategic considerations – compliance, ethics, and privacy as a business imperative. We believe that organizations of all types and sizes must address all three when collecting, using, and processing personal data. Transparency regarding how privacy is respected and protected is critical to workforce, customer, and public trust. Ultimately, when choosing and doing business with a vendor, customers consider one fundamental question: “Do I trust you?” If they don’t trust how you handle their data, you won’t get or keep their business.

The Pandemic Effect: Why more people demand privacy

COVID-19 has raised the general public’s awareness of privacy on multiple fronts. For one, governments, employers, and the people around us are all suddenly interested in our sensitive health information – how we’re feeling, what’s our COVID-19 status, where we’ve been, and with whom we’ve been in contact. Contact tracing, while an important tool for containing the pandemic, is incredibly intrusive. According to our study, less than half (49%) of respondents supported contact tracing, with just 37% in favor of sharing COVID-19 status-related information. This is where privacy by design and default address: How do we design a privacy respectful method for contact tracing?

Enabling confidence through transparency

At Cisco, we’ve been working on a way to provide contact tracing and proximity tracking capabilities to enable the economy to reopen. Using the Wi-Fi-based technology of our DNA Spaces platform, we have developed a way to enable our customers to better monitor their campuses or worksites. By using Wi-Fi and data related to access-point proximity, we collect and log location data only while the person is onsite, but nowhere else. Moreover, the person is invisible to DNA Spaces unless and until their device Wi-Fi is turned on, mitigating the privacy risks of stealth monitoring and mass surveillance by design.

We also have partnered with ServiceNow to help ensure data is securely handled with tight access controls and auto-expiry. With ServiceNow, the data is only available on a strict need-to-know basis for a limited time, with logging and audit capabilities to detect and prevent misuse. DNA Spaces will allow offices, schools, and other sites to better manage their facilities, understand utilization and density, and facilitate contact tracing and notification of potential exposure – all while minimizing privacy impact.

As Cisco prepares to re-open our offices and facilities, we will be using DNA Spaces as well. To validate and ensure privacy risks are appropriately addressed and meet local labor law requirements, we worked with several EU-based works councils (i.e., internal labor unions) to obtain feedback and suggestions on product design, disclosures, and user experience. Designing with privacy in mind and being transparent about how we respect and protect privacy builds and maintains trust with our workforce, customers, and users.

Transparency opens the door to trust

Being transparent – especially when we’re in unusual and evolving circumstances as we find ourselves in today – not only gives our customers and workforce the confidence to trust us, it helps us to continually learn and improve. At Cisco, we post privacy data sheets and data maps on the Cisco Trust Portal and publicly explain how our products and services process, manage, and protect personal data.

In return for this transparency, we not only meet our legal obligations, we also get crowd-sourced advice on how to do better. The general public, media, and customers have not been shy about telling us how to improve – what we can do to explain things more clearly, what questions they want answered upfront, and what information they want to see. We appreciate their guidance and incorporate their feedback – after all, they are who we are here to serve.

Today, privacy is much more than just a compliance obligation. It is a fundamental human right and business imperative that is critical to building and maintaining trust. The core privacy and ethical principles of transparency, fairness, and accountability will guide us in this new, digital-first world.

The post Building trust through transparency and privacy by design appeared first on Cisco Blogs.

Security at the Heart of the ‘New Normal’ Workforce

The overnight transition to remote working arrangements caught many businesses off guard and propelled organizations into a new way of working that needs to be both seamless and secure.

Although many organizations had already made their transitions to cloud-first and remote-first strategies even before COVID-19, this is a process that requires significant time and investment. Businesses around the world are at different stages in their journey but what is clear is that cybersecurity needs to be at the heart of this transformation for businesses to operate effectively in this new post-pandemic world.

To better understand the challenges that organizations faced with this sudden transition and how they are adapting their cybersecurity approaches to better prepare for the hybrid workforce of the future, we went to those at the front line – surveying over 3,000 IT decision makers across 21 markets in the Americas, Asia Pacific and Europe from June to September this year in our newly launched report titled Future of Secure Remote Work. 

Here are some highlights from our report.

Transformation at pace 

As organizations prepare for whatever our next normal will bring, it is clear that a flexible and hybrid work environment is here to stay. Remote working reached unprecedented levels at the start of the COVID-19 in March, where two-thirds (62%) of organizations globally had more than half of their workforce working remotely, compared to only 19% before the pandemic.

However, our research reveals that at the pandemic’s outset less than half had sufficient cybersecurity in place to support this sudden shift. 53% were only somewhat prepared and a further 6% said they were not prepared at all to make the accelerated transition to a remote work environment.

We know that bad actors are always looking for opportunities to take advantage of human vulnerabilities, so it comes as no surprise to find that globally, companies are seeing a big increase in cyber threats or alerts amid the shift to mass remote working. In fact, 61% of organizations globally have experienced a jump of 25% or more in cyber threats and alerts since the start of COVID-19. Eight percent of businesses globally did not know whether they have experienced an increase or decrease in cyber threats.

Protecting an increasing number of endpoints

Employees are connecting to corporate resources with more personal, unmanaged devices, creating a blind spot for security teams. One in two respondents stated that office laptops/desktops (56%) and personal devices (54%) are a challenge to protect in a remote environment. This was followed by customer information and cloud applications both at 46%.

Secure access – or the ability to securely enable access to the enterprise network and applications for any user, from any device, at any time – was cited as the biggest cybersecurity challenge faced by nearly two thirds (62%) of global organizations when supporting remote workers. Other cybersecurity concerns raised by organizations globally include data privacy (55%), which has implications for the overall security posture.

The rush to solve these cybersecurity issues has led to IT departments working around the clock. However, with this new set of challenges has also come an opportunity for transformation. The vast majority of IT leaders (85%) say cybersecurity is now extremely important or more important than before COVID-19 at their organization, with two thirds saying this will result in an increase in cybersecurity investments.

Preparing for the future of secure remote work

With over a third of organizations globally expecting more than half of their workforces to continue working remotely beyond the pandemic, cybersecurity approaches must adapt and change for good to support a secure future for hybrid and flexible workplaces.

Below are our key recommendations for IT leaders:

#1 The future of work is dynamic: cybersecurity must meet the need of a distributed workforce.

Policies and controls that once resided in headquarters must now follow the worker wherever and whenever they choose to require access.

Businesses must create a flexible, safe, and secure hybrid work environment with employees moving on and off the network with similar levels of protection. As business and IT leaders deliver significant changes to their technology and business priorities, cybersecurity should be the bridge that enables organizations to reach their full potential.

#2 The success of a flexible hybrid workforce hinges upon preparation, collaboration and empowerment

Network and security teams need to provide seamless and secure access to applications and services, anywhere and anytime. Security, networking and collaboration can no longer be seen in silos, they must work hand in hand.

Leaders must put in place additional enforcement protocols and enhanced cybersecurity policies. Solid employee education programs around cybersecurity are critical to build a healthy security culture.

#3 Simpler and more effective cybersecurity is critical to building business resilience

Security cannot be an afterthought – it should be the foundation behind the success of any digitalization effort. To reduce the likelihood and impact of a cybersecurity breach, organizations need to look for ways to reduce the complexity of their cybersecurity measures.

The future of work has arrived, and it may not be exactly as we imagined it. We welcome you to download Cisco’s Future of Secure Remote Work Report today and learn how cybersecurity can help to build resilient enterprises.

The post Security at the Heart of the ‘New Normal’ Workforce appeared first on Cisco Blogs.

Cyber Security Today – Twitter criticized by regulator, NSA ranks vulnerabilities, cybercrooks pretend to be good guys, and more

Today's podcast reports on a regulator's report on the Twitter celebrity account hack, the NSA ranks vulnerabilities Chinese attackers favour, a ransomware gang tries to give stolen money to charity and more

The post Cyber Security Today - Twitter criticized by regulator, NSA ranks vulnerabilities, cybercrooks pretend to be good guys, and more first appeared on IT World Canada.

The Recorded Future Express browser extension – elite security intelligence for zero cost

Many thanks to the fab folks at Recorded Future, who are sponsoring my writing this week. Recorded Future empowers your organization, revealing unknown threats before they impact your business, and helping your teams respond to alerts 10 times faster. How does it do this? By automatically collecting and analyzing intelligence from technical, open web, and … Continue reading "The Recorded Future Express browser extension – elite security intelligence for zero cost"

Montréal Public Transport Agency Discloses Ransomware Attack

A public transport agency operating in Montréal announced that a ransomware attack had affected its website and other systems. The Société de transport de Montréal (STM) disclosed the infection on a web page it created to keep customers updated about its services while its main site remains offline: Since the afternoon of October 19, the […]… Read More

The post Montréal Public Transport Agency Discloses Ransomware Attack appeared first on The State of Security.

DarkSide Ransomware Group Donates $10,000 to Charities

DarkSide Ransomware Group Donates $10,000 to Charities

A ransomware group has reportedly donated thousands of dollars stolen from corporate victims to charities.

The DarkSide group claimed to have made a $10,000 donation in Bitcoins to two charities: The Water Project and Children International. The latter has already said it will not be keeping the money, which by law it has to do as the funds are technically the proceeds of crime.

Ironically, if the ransomware group had kept quiet about the donation then the organizations would likely have been none the wiser. Instead, it wrote a press release on its dark web site crowing that “no matter how bad you think our work is, we are pleased to know that we helped change someone’s life,” according to The Guardian.

The group, which is said also to steal victims’ data in order to force them to pay up, apparently used legitimate US-based digital donation platform The Giving Block to channel the funds to the charities.

Brian Higgins, a Comparitech security specialist, argued that the group may be trying to test out a new method of laundering funds.

“However, it's more probable that DarkSide clearly has too much time on its hands and too much stolen money knocking about in its Bitcoin wallets,” he added. “If they were really serious about ‘making the world a better place’ they'd all sell their laptops and stay off the internet."

DarkSide claims not to attack schools, hospitals, governments or charities and to “carefully analyze” target organizations' accounts to ensure they have enough cash to pay.

However, Javvad Malik, security awareness advocate at KnowBe4, questioned its assertion that this is a victimless crime.

“Whenever an organization is extorted via ransomware or other means, that money impacts actual individuals. Many people have lost their jobs over the years and there have been organizations that have ceased to exist,” he argued. "Criminals need to understand that there is a very real impact of their actions, and simply giving an amount to charity cannot make up for that."

25 vulnerabilities exploited by Chinese state-sponsored hackers

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a list of 25 vulnerabilities Chinese state-sponsored hackers have been recently scanning for or have exploited in attacks. “Most of the vulnerabilities […] can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks. The majority of the products are either for remote access or for external web services, and … More

The post 25 vulnerabilities exploited by Chinese state-sponsored hackers appeared first on Help Net Security.

#InfosecurityOnline: Prepare for the Worst-Case Scenario to Build Resiliency

#InfosecurityOnline: Prepare for the Worst-Case Scenario to Build Resiliency

Speaking in the opening keynote session of day two of the Infosecurity Online event Lee Howard, head of IT security, risk and shared services at N Brown Group, discussed the current cyber-threat landscape and explained, in a world of unpredictable cyber-risks, organizations must be prepared for the worst-case scenario in order to be resilient.

“We can’t possibly know every single threat that’s going to affect us – it’s unpredictable. Therefore, we need to go through a mindset change; instead of trying to identify each and every threat methodically, we should be prepared for all threats, whenever they throw themselves at us.”

Most importantly, organizations must be prepared for the worst-case scenario from a cyber-threat perspective, Lee said.

If we can’t assess all the threats and we don’t know the frequency of threats, then organizations must take a “prescribed preparation” approach to the worst-case cyber-scenario.

“Being able to prepare allows you then to absorb the impact of a situation as it unfolds. Preparing for the worst-case scenario makes you really think about what’s valuable. What we do a lot in cybersecurity is focus on certain technologies, areas, initiatives, programs and projects to get things over the line. The reality is, we sometimes forget that we’ve been put in these positions to preserve operations, asses a situation and make ourselves as resilient as possible.”

We are moving into a new phase of technology now and a new era, and the likelihood of an event occurring is very high.

“We’re getting to a point in time where, in having a cyber-incident, we’re not measured in did it or did it not happen,” we’re measured in how we respond and how well the business is able to maintain operations as the incident unfolds.

“That’s the mindset we need to get to; to accept incidents are going to happen,” and respond effectively, Lee concluded.

Cybersecurity 101: How to Protect Yourself from Hackers

The internet has changed a lot of things; some for the better and others for the worst. Everything that we use in our homes, from mobile devices to the Internet of Thing (IoT) products, rely on the internet. The extensive use of these products have the potential to erode our privacy. When it comes to privacy, it is under attack from all sides. Whether we realize it or not, hackers are always trying to gain information about us so that they can control our lives. In order to make your devices, online identity, and everything that you do online more secure, you have to follow a few things. In this article, I am going to highlight five cybersecurity tips that you need to know.

Install an Antivirus

The first thing you have to do is make use of an antivirus that will protect you against malicious programs. With so many different kinds of viruses and malware, you need to ensure that you prevent these attacks. Once you have installed antivirus, update it regularly so that its security patch is fool-proof. However, installing an antivirus doesn’t mean that you can browse any site you want to. You will still have to be very careful as hackers can still find ways to get into your system.

Use Unique Passwords for Login

One of the easiest and most prevalent ways hackers get access to your information is by getting hold of your passwords. You must use a unique password for different platforms so that even if one account gets hacked, the hacker can’t access the rest of your accounts. Moreover, you should use a strong password for every account that contains a combination of numbers, upper-case and lower-case letters, special signs, etc. Every little thing that you do to make your password more secure goes a long way.

Get a VPN and Use It

You might have heard about using a VPN when browsing the internet, but most people don’t fully understand what a VPN does. Say that you go to a coffee shop and want to connect to its Wi-Fi. You can never be sure that the network you are using is secure. Whether you are using your home network or a public network, someone can easily steal data from your computer if he bypasses your network security. The best way to prevent that is by using a VPN as it encrypts all your data. Here are some best value VPNs that you can use to secure your computer files.

Use Two Factor Authentication

While I agree that using two-factor authentication can take a lot of time, but let me tell you that it is worth it. Two-factor authentication adds an extra layer of security in case someone bypasses the first one. For example, even if the hacker gets access to your password, he will never be able to access your account without bypassing the second level of authentication.

Protect Your Social Media Privacy

Last but not least, you have to pay some attention to how you use social media. Social media scams are at the peak nowadays as hackers fish for information through these platforms. You have to be extremely careful when using platforms like Facebook as you voluntarily give out your information and present it publically. Make sure that you have configured every social media platform and think twice before revealing any personal information. Once you give out your personal information yourself, you can blame it on anyone but you. After all, regardless of how many security protocols we put into place, the weakest link in the security chain is humans themselves.

The post Cybersecurity 101: How to Protect Yourself from Hackers appeared first on CyberDB.

NSA: Patch These 25 CVEs Exploited by Chinese Attackers

NSA: Patch These 25 CVEs Exploited by Chinese Attackers

The NSA has published a list of the top 25 vulnerabilities currently being exploited by Chinese state-backed hackers to target US organizations.

These attackers work as most cybercrime groups typically would: by identifying and gathering information on a target, identifying any vulnerabilities and then launching an exploitation operation using homegrown or reused exploits, the NSA explained.

The advisory urged organizations to apply publicly available patches as soon as possible to mitigate the threats.

“This advisory provides Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks,” it noted.

“Most of the vulnerabilities listed below can be exploited to gain initial access to victim networks using products that are directly accessible from the internet and act as gateways to internal networks. The majority of the products are either for remote access (T1133) or for external web services (T1190), and should be prioritized for immediate patching.”

Some of the most widely publicized CVEs in the list include Zerologon (CVE-2020-1472), Bluekeep (CVE-2019-0708), SIGRed (CVE-2020-1350), and flaws in Pulse Secure VPNS (CVE-2019-11510) and Citrix ADC and Gateway systems (CVE-2019-19781, CVE-2020-8193, CVE-2020-8195, CVE-2020-8196).

Jake Moore, cybersecurity specialist at ESET, argued that some organizations find it operationally difficult to patch immediately, which might store up problems for later.

“This year’s increase in remote working has also brought additional difficulties with updating machines, highlighting certain problems that were not previously apparent,” he added.

“It is always worth patching at your earliest convenience to help protect each device. Although administrators now have a tougher task in protecting their devices, this list from the NSA could be used to highlight to directors just how important a proactive approach to cybersecurity is.”

The shift to mass remote working has indeed created new opportunities for cyber-atatckers to exploit. In research from Tanium earlier this year 43% of IT ops leaders reported patching problems on users’ personal devices.

#InfosecurityOnline: Beware of Malicious URLs and Rogue Redirects

#InfosecurityOnline: Beware of Malicious URLs and Rogue Redirects

Attackers are using techniques to alter URLs and send victims to rogue and potentially malicious domains.

Speaking at the Infosecurity Online event, Javvad Malik, security advocate at KnowBe4 recommended listeners to look for rogue URLs and “lookalike domains” in phishing messages as it is all too common for a URL to be changed.

Malik said: “A URL can be represented not in how we see it, but use IP addresses and special characters to hide what the real domain name is.” This can include percent encoding, and the URL can be directed elsewhere.

“One technique attackers use is to use a very long URL as people open on their phone and even if they try to expand it, they won’t expand whole thing and click on it anyway,” he said.

Some of the common tactics in phishing include a fake file attachment that is actually an image, which contains a URL, as well as open redirect URL attacks where you think you’re going to one site, “and it could be chain of redirects and it is quite scary.”

If you do need to open a URL, Malik recommended opening it in a safe virtual machine, or turn it over to a forensic expert who will have the right equipment and tools to do so. He also suggested researching the lifespan of the domain, as if it is younger it can be more risky. “Also see if it is on a blacklist,” he said, admitting that most bad domains have short lifespans as attackers remove them when they are detected as being bad.

Malik recommended the best defense for this issue as education, as if a user “hovers” over URLs they can see what the URL is. For business defenses, he also recommended the following:

  • Stay Patched
  • Don’t Knowingly Allow Code to Execute
  • Don’t Download Unexpected Files
  • Investigate or Ignore Suspicious URLs
  • Execute Suspicious URLs in a Virtual Machine
  • Submit to a Malware Inspection Service

Meanwhile for business defenses, he recommended the following:

  • Anti-Malware Defenses
  • Content Filtering
  • Reputation Services
  • Make sure Defenses Decode Encoding Before Inspecting
  • Make sure Defenses Expand Short URLs
  • Keep up to date on the Latest Malicious URL Trends

Updates to MariaDB SkySQL bring distributed SQL to the MariaDB cloud

MariaDB announced a major expansion of MariaDB SkySQL cloud database. With this update, SkySQL now runs the latest version of MariaDB Platform X5, which most notably added distributed SQL capabilities for global scale. With the ability to be deployed as clustered or distributed, MariaDB SkySQL addresses customers’ specific needs all within one powerful, indestructible cloud database. “We built MariaDB SkySQL to reduce the complexities introduced by first-generation cloud databases,” said Michael Howard, CEO, MariaDB Corporation. … More

The post Updates to MariaDB SkySQL bring distributed SQL to the MariaDB cloud appeared first on Help Net Security.

More Effective Security Awareness: 3 Tips for NCSAM

It’s often said that humans are the weakest link in cybersecurity. Indeed, I’d have a hard time arguing that a computer that was sealed in a box, untouched by human hand, poses much of a security risk. But a computer that is unused has no purpose. It behooves security practitioners to get smarter about how […]… Read More

The post More Effective Security Awareness: 3 Tips for NCSAM appeared first on The State of Security.

Pfizer Exposes Data on Hundreds of Prescription Drug Users

Pfizer Exposes Data on Hundreds of Prescription Drug Users

Pharma giant Pfizer exposed the personal information of hundreds of prescription drug takers for over two months due to a cloud misconfiguration, according to new research from vpnMentor.

A team led by Noam Rotem and Ran Locar discovered the Google Cloud Storage bucket containing the data as part of an ongoing web mapping project. It was completely unsecured and unencrypted when found on July 9, 2020.

The bucket apparently contained transcripts between users of Pfizer drugs and the firm’s interactive voice response (IVR) customer support software, as well as “escalations” to support agents.

Each transcript included full names, home and email addresses, phone numbers and partial health and medical status. The drugs in question included anti-cancer treatments, medication for epilepsy and hormone therapy, treatment for nicotine addiction and Viagra.

VpnMentor argued that any cyber-criminals able to get hold of this data could have used it to craft highly convincing phishing campaigns with victims referencing the call transcripts. Some customers were calling for prescription refills, which could have provided an opportunity for scammers to request credit card details, for example.

“At the time of the data breach, Coronavirus was still surging across the US,” vpnMentor added. “If cyber-criminals had successfully robbed from or defrauded someone taking medication for anxiety in any way, the potential impact on their mental health is immeasurable.”

Unfortunately, the pharmaceutical giant’s response to the findings wasn’t great. It apparently took over two months to respond, and then only with the following: “From the URL you gave, I failed to see how it is important Pfizer data (or even an important data at all).”

The researchers were then forced to share a file with a sample of customers’ personally identifiable information (PII) for the firm to take action, on September 23—although it never responded to them again.

5G and the IoT: A Look Ahead at What’s Next for Your Home and Community

5G

5G and the IoT: A Look Ahead at What’s Next for Your Home and Community

October is Cybersecurity Awareness Month, which is led by the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness. McAfee is pleased to announce that we’re a proud participant.

Imagine it’s 20 years ago and someone at a dinner party predicts that one day you could pop down to the appliance store and buy an internet-connected fridge. Your year 2000 self might have shook that off and then then asked, “Why would someone ever do that?”

Yet here we are.

Today, so much is getting connected. Our appliances, security systems, and even our coffeemakers too.  So far this month, we’ve talked about protecting these connected things and securing these new digital frontiers as Internet of Things (IoT) devices transform not only our homes, but businesses and communities as well.

To wrap up Cybersecurity Awareness Month, let’s take a look ahead at how the next wave of connected devices could take shape by taking a look at the network that billions of them will find themselves on: 5G networks.

5G is the key

You’ve no doubt seen plenty of commercials from the big mobile carriers as they tout the rollout of their new, more powerful 5G networks. And more powerful they are. For starters, 5G is expected to operate roughly 10 times faster than the 4G LTE networks many of us enjoy now—with the potential to get yet faster than that over time.

While mention of faster speeds continues to be the top selling point in ads and the like, 5G offers another pair of big benefits: greater bandwidth and lower latency. Taken together, that means 5G networks can host more devices than before and with a near-instantaneous response time.

The implication of these advances is that billions and billions of new devices will connect to mobile networks directly, at terrific speeds, rather than to Wi-Fi networks. Of those, many billions will be IoT devices. And that means more than just phones.

What will those devices look like?

One answer is plenty more of what we’re already starting to see today—such as commercial and industrial devices that track fleet vehicles, open locks on tractor trailer deliveries based on location, monitor heating and air conditioning systems, oversee supply chains. We’ll also see more devices that manage traffic, meter utilities, and connect devices used in healthcare, energy, and agriculture. That’s in addition to the ones we’ll own ourselves, like wearables and even IoT tech in our cars.

All together, we’ll add about 15 billion new IoT devices to the 26 billion IoT devices already in play today for a total of an expected 41 billion IoT devices in 2025.

Securing 5G and the IoT

Citing those examples of IoT applications underscores the critical need for safety and security in the new 5G networks. This is a network we will count on in numerous ways. Businesses will trust their operations to the IoT devices that operate on it. Cities will run their infrastructure on 5G IoT devices. And we, as people, will use 5G networks for everything from entertainment to healthcare. Not only will IoT devices themselves need protection, yet the networks will need to be hardened for protection as well. And you can be certain that increased network security, and security in general, is a part of our future forecast.

The GSMA, an industry group representing more than 750 operators in the mobile space, calls out the inherent need for security for 5G networks in their 5G Reference Guide for Operators. In their words, “New threats will be developed as attackers are provided live service environment to develop their techniques. 5G is the first generation that recognizes this threat and has security at its foundation.” When you consider the multitude of devices and the multitude of applications that will find their way onto 5G, a “square one” emphasis on security makes absolute sense. It’s a must.

While standards and architectures are taking shape and in their first stages of implementation, we can expect operators to put even more stringent defenses in place, like improved encryption, ways of authenticating devices to ensure they’re not malicious, creating secure “slices” of the network, and more, which can all improve security.

Another consideration for security beyond the oncoming flood of emerging devices and services that’ll find their way onto 5G networks is the sheer volume of traffic and data they’ll generate. One estimate puts that figure of 5G traffic at 79.4 zettabytes (ZB) of data in 2025. (What’s a zettabyte? Imagine a 10 followed by 21 zeroes.) This will call for an evolution in security that makes further use of machine learning and AI to curb a similarly increased volume of threats—with technologies much like you see in our McAfee security products today.

The newest IoT devices making their way into your home

“Siri/Alexa/Cortana/Google, play Neko Case I Wish I Was the Moon.”

We’ve all gotten increasingly comfy with the idea of connected devices in our homes, like our smart assistants. Just in 2018, Juniper Research estimated that there’d be some 8 billion digital voice assistants globally by 2023, thanks in large part to things like smart TVs and other devices for the home. Expect to see more IoT devices like those available for use in and around your house.

What shape and form might they take? Aside from the voice-activated variety, plenty of IoT devices will help us automate our homes more and more. For example, you might have smart sensors in your garden that can tell when your tomatoes are thirsty and activate your soaker hoses for a drink—or other smart sensors placed near your water heater that will text you when they detect a leak.

Beyond that, we’re already purchasing connected lights and smart thermostats, yet how about connecting these things all together to create presets for your home? Imagine a setting called “Movie Night,” where just a simple voice command draws the shades, lowers the lights, turns on the gas fireplace, and fires up the popcorn maker. All you need to do is get your slippers.

Next, add in a degree of household AI, which can learn your preferences and habits. Aspects of your home may run themselves and predict things for you, like the fact that you like your coffee piping hot at 5:30am on Tuesdays. Your connected coffeemaker will have it ready for you.

These scenarios were once purely of the George Jetson variety (remember him?), yet more and more people will get to indulge in these comforts and conveniences as the technology becomes more pervasive and affordable.

Technology for All

One point of consideration with any emerging technology like the IoT on 5G is access.

This year drove home a hard reality: access to high-speed internet, whether via mobile device or a home network is no longer a luxury. It’s a utility. Like running water. We need it to work. We need it to study. We need it to bank, shop, and simply get things done.

Yet people in underserved and rural communities in the U.S. still have no access to broadband internet in their homes. Nearly 6 in 10 of U.S. parents with lower incomes say their child may face digital obstacles in schoolwork because of reduced access to devices and quality internet service. And I’ve heard anecdotes from educators about kids taking classes online who have to pull into their school’s parking lot to get proper Wi-Fi, simply because they don’t have a quality connection at home.

The point is this: as these IoT innovations continue to knit their way into our lives and the way the world works, we can’t forget that there’s still a digital divide that will take years of effort, investment, and development before that gap gets closed. And I see us closing that gap in partnership, as people and communities, businesses and governments, all stand to benefit when access to technology increases.

So as we look to the future, my hope is that we all come to see high-speed internet connections for what they are—an absolute essential—and take the steps needed to deliver on it. That’s an advance I’d truly embrace.

Stay Updated 

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

 

 

 

The post 5G and the IoT: A Look Ahead at What’s Next for Your Home and Community appeared first on McAfee Blogs.

Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks

Graphic for illustration Cybersecurity researchers on Tuesday disclosed details about an address bar spoofing vulnerability affecting multiple mobile browsers, such as Apple Safari and Opera Touch, leaving the door open for spear-phishing attacks and delivering malware. Other impacted browsers include UCWeb, Yandex Browser, Bolt Browser, and RITS Browser. The flaws were discovered by Pakistani

Hackers are targeting CVE-2020-3118 flaw in Cisco devices

Cisco warns of attacks attempting to exploit the CVE-2020-3118 vulnerability that affects multiple carrier-grade routers running Cisco IOS XR Software.

Cisco is warning of attacks targeting the CVE-2020-3118 high severity vulnerability that affects multiple carrier-grade routers running the Cisco IOS XR Software.

The flaw resides in the Cisco Discovery Protocol implementation for Cisco IOS XR Software and could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload an affected device.

“The vulnerability is due to improper validation of string input from certain fields in Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device.” reads the advisory. “A successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device.”

Cisco experts pointed out that the flaw can be exploited by unauthenticated adjacent attackers (Layer 2 adjacent) in the same broadcast domain as the vulnerable devices.

It is listed in top 25 vulnerabilities, shared by the NSA, exploited by Chinese state-sponsored hacking groups in attacks in the wild.

The IOS XR Network OS runs on several Cisco router families including NCS 540 & 560, NCS 5500, 8000, and ASR 9000 series routers.

The vulnerability also impacts third-party white box routers and Cisco products that have the Cisco Discovery Protocol enabled both on at least one interface and globally. Below the list of impacted devices:

  • ASR 9000 Series Aggregation Services Routers
  • Carrier Routing System (CRS)
  • IOS XRv 9000 Router
  • Network Convergence System (NCS) 540 Series Routers
  • Network Convergence System (NCS) 560 Series Routers
  • Network Convergence System (NCS) 1000 Series Routers
  • Network Convergence System (NCS) 5000 Series Routers
  • Network Convergence System (NCS) 5500 Series Routers
  • Network Convergence System (NCS) 6000 Series Routers

Cisco addressed the CVE-2020-3118 flaw in February 2020, along with four other severe issues collectively tracked as CDPwn.

“In October 2020, the Cisco Product Security Incident Response Team (PSIRT) received reports of attempted exploitation of this vulnerability in the wild,” states the updated advisory.

“Cisco recommends that customers upgrade to a fixed Cisco IOS XR Software release to remediate this vulnerability.”

The following table reports the fixed release for this flaw:

Cisco IOS XR Software ReleaseFirst Fixed Release for This Vulnerability
Earlier than 6.6Appropriate SMU
6.616.6.3 or appropriate SMU
7.07.0.2 (Mar 2020) or appropriate SMU
7.1Not vulnerable

The advisory includes mitigation to address the flaw, the company suggests disabling Cisco Discovery Protocol Globally and on an Interface for customers who can immediately apply the security updates.

Pierluigi Paganini

(SecurityAffairs – hacking, Cisco CVE-2020-3118 flaw)

The post Hackers are targeting CVE-2020-3118 flaw in Cisco devices appeared first on Security Affairs.

Microsoft took down 120 of 128 Trickbot servers in recent takedown

Microsoft brought down TrickBot infrastructure last week, but a few days later the botmasters set up a new command and control (C&C) servers.

Microsoft’s Defender team, FS-ISACESETLumen’s Black Lotus LabsNTT, and Broadcom’s cyber-security division Symantec joined the forces and announced last week a coordinated effort to take down the command and control infrastructure of the infamous TrickBot botnet.

Even if Microsoft and its partners have brought down the TrickBot infrastructure TrickBot operators attempted to resume the operations by setting up new command and control (C&C) servers online.

TrickBot botnet

Microsoft provided an update on its takedown efforts and announced a new wave of takedown actions against TrickBot.

According to the IT giant, the operation conducted last week has taken down 94% of the servers composing the Trickbot infrastructure. Trickbot enables ransomware attacks which have been identified as one of the biggest threats to the upcoming U.S. elections. 

“We initially identified 69 servers around the world that were core to Trickbot’s operations, and we disabled 62 of them. The seven remaining servers are not traditional command-and-control servers but rather internet of things (IoT) devices Trickbot infected and was using as part of its server infrastructure; these are in the process of being disabled. As expected, the criminals operating Trickbot scrambled to replace the infrastructure we initially disabled. We tracked this activity closely and identified 59 new servers they attempted to add to their infrastructure.” said Tom Burt, CVP of Customer Security and Trust at Microsoft. “We’ve now disabled all but one of these new servers. In sum, from the time we began our operation until October 18, we have taken down 120 of the 128 servers we identified as Trickbot infrastructure around the world.”

Microsoft has taken down 120 of the 128 servers that were composing the Trickbot infrastructure.

Microsoft announced to have taken down 62 of the original 69 TrickBot C&C servers, seven servers that could not be brought down last week were Internet of Things (IoT) devices.

Microsoft also revealed that operators tried to resume the operations, The company brought down 58 of the 59 servers the operators attempted to bring online after the recent takedown.

Burt praised the role of Microsoft’s lawyers who quickly requested new court orders to take down the new servers set up by the Trickbot operators in response to the takedown.

“We have identified new Trickbot servers, located their respective hosting provider, determined the proper legal methodology to take action, and completely disabled those servers in less than three hours. Our global coordination has allowed a provider to take quick action as soon as we notify them – in one case, in less than six minutes.” continues the expert. “What we’re seeing suggests Trickbot’s main focus has become setting up new infrastructure, rather than initiating fresh attacks, and it has had to turn elsewhere for operational help.”

Currently, a few Trickbot C2 servers are still active and operators are using them to control the botnet. Researchers from cyber-security firm Intel 471 reported that these servers are based in Brazil, Colombia, Indonesia, and Kyrgyzstan, and that they still are able to respond to Trickbot bot requests.

“This small number of working control servers was not listed in the most recent distributed Trickbot sample.” states Intel 471.

Burt pointed out that TrickBot operators are working to restore their infrastructure instead of conducting new attacks.

“We fully expect that Trickbot’s operators will continue looking for ways to stay operational, and we and our partners will continue to monitor them and take action.” Microsoft concludes. “We encourage others in the security community who believe in protecting the elections to join the effort and share their intelligence directly with hosting providers and ISPs that can take Trickbot’s infrastructure offline.”

Pierluigi Paganini

(SecurityAffairs – hacking, botnet)

The post Microsoft took down 120 of 128 Trickbot servers in recent takedown appeared first on Security Affairs.

Moving to the cloud with a security-first, zero trust approach

Many companies tend to jump into the cloud before thinking about security. They may think they’ve thought about security, but when moving to the cloud, the whole concept of security changes. The security model must transform as well. Moving to the cloud and staying secure Most companies maintain a “castle, moat, and drawbridge” attitude to security. They put everything inside the “castle” (datacenter); establish a moat around it, with sharks and alligators, guns on turrets; … More

The post Moving to the cloud with a security-first, zero trust approach appeared first on Help Net Security.

Preventing cybersecurity’s perfect storm

Zerologon might have been cybersecurity’s perfect storm: that moment when multiple conditions collide to create a devastating disaster. Thanks to Secura and Microsoft’s rapid response, it wasn’t. Zerologon scored a perfect 10 CVSS score. Threats rating a perfect 10 are easy to execute and have deep-reaching impact. Fortunately, they aren’t frequent, especially in prominent software brands such as Windows. Still, organizations that perpetually lag when it comes to patching become prime targets for cybercriminals. Flaws … More

The post Preventing cybersecurity’s perfect storm appeared first on Help Net Security.

Researchers open the door to new distribution methods for secret cryptographic keys

Researchers from the University of Ottawa, in collaboration with Ben-Gurion University of the Negev and Bar-Ilan University scientists, have been able to create optical framed knots in the laboratory that could potentially be applied in modern technologies. Top view of the framed knots generated in this work Their work opens the door to new methods of distributing secret cryptographic keys – used to encrypt and decrypt data, ensure secure communication and protect private information. “This … More

The post Researchers open the door to new distribution methods for secret cryptographic keys appeared first on Help Net Security.

CISOs split on how to enable remote work

CISOs are conflicted about how their companies can best reposition themselves to address the sudden and rapid shift to remote work caused by the pandemic, a Hysolate research reveals. The story emerging from the data in the study is clear: COVID-19 has accelerated the arrival of the remote-first era. Legacy remote access solutions such as virtual desktop infrastructure (VDI), desktop-as-a-service (DaaS), and virtual private networks (VPN), among others, leave much to be desired in the … More

The post CISOs split on how to enable remote work appeared first on Help Net Security.

Global spending on cloud services to surpass $1 trillion in 2024

The COVID-19 pandemic has largely proven to be an accelerator of cloud adoption and extension and will continue to drive a faster conversion to cloud-centric IT. Global spending on cloud services to rise According to IDC, total global spending on cloud services, the hardware and software components underpinning cloud services, and the professional and managed services opportunities around cloud services will surpass $1 trillion in 2024 while sustaining a double-digit compound annual growth rate (CAGR) … More

The post Global spending on cloud services to surpass $1 trillion in 2024 appeared first on Help Net Security.

Webinar: How to think about cybersecurity the way executives think about business

It’s time to change the way we think about cybersecurity and risk management. Cybersecurity is no longer an IT problem to solve or a “necessary evil” to cost manage. Rather, cybersecurity has rapidly stormed the boardroom as a result of high-profile and costly data breaches. Get the following insights from this webinar: Recent events have changed our focus from protecting the perimeter Risk management is a formula based on the cost of an undesirable outcome … More

The post Webinar: How to think about cybersecurity the way executives think about business appeared first on Help Net Security.

Agile1 Predictive Analytics Risk Scoring helps orgs identify, prioritize and quantify cybersecurity risks

Agile1 has launched Predictive Analytics Risk Scoring to provide technology executives the foresight to understand cyber risk exposure. The platform is designed to help organizations identify, prioritize and quantify cybersecurity risks with 78% fewer false positives. Agile1’s Predictive Risk Scoring is a tremendously accurate predictive security score because the platform aggregates and analyzes all consolidated security data in an organization. This includes the cloud, devices, network, SaaS applications, API’s and anomalous human behavior. Measuring cyber … More

The post Agile1 Predictive Analytics Risk Scoring helps orgs identify, prioritize and quantify cybersecurity risks appeared first on Help Net Security.

SlashNext launches on-device AI mobile phishing defense for iOS and Android

SlashNext announced the on-device AI mobile phishing defense for iOS and Android with natural language and link-based detection to protect users from the exponential increase in mobile-based SMS phishing (‘SMishing’) attacks. Now SlashNext, customers and partners can benefit from the industry’s fastest and most accurate, 2.0 mobile AI phishing defense, protecting users from all forms of phishing across all their communication channels – SMS, email, social networking, gaming, collaboration and search – without compromising user … More

The post SlashNext launches on-device AI mobile phishing defense for iOS and Android appeared first on Help Net Security.

SureView Operations: A hosted service for running security command centers

SureView Systems is launching SureView Operations (Ops), a subscription-based version of its respected command center management system. The Ops platform optimizes operational processes and team response to radically improve the coordination and management of security events, creating better security outcomes. “Over the last few months, our customers have shared with us how Covid-19 has caused a rethink in their security operations. Overwhelmingly, they are looking for flexible solutions that can be implemented immediately, to support … More

The post SureView Operations: A hosted service for running security command centers appeared first on Help Net Security.

Blackpoint Cyber launches Blackpoint RISK, a cyber liability insurance solution for existing and new clients

Blackpoint Cyber launched Blackpoint RISK – a cyber liability insurance solution created specifically for its partners and their customers. Blackpoint RISK is available to existing and new clients and provides an additional layer of protection against cyber incidents, including cyber-crime, ransomware, and malicious attacks. A common phrase in cyber security is, “It’s not a question of if, but when.” Cyber security programs traditionally focus on awareness, prevention, and response – but many are unprepared for … More

The post Blackpoint Cyber launches Blackpoint RISK, a cyber liability insurance solution for existing and new clients appeared first on Help Net Security.

Splunk helps security teams modernize and unify their security operations in the cloud

Splunk announced a series of new product innovations designed to help security teams around the world modernize and unify their security operations in the cloud. Led by new, cloud-centric updates to Splunk Enterprise Security, Splunk Mission Control and the newly announced Splunk Mission Control Plug-In Framework, Splunk’s security operations suite enables Splunk customers to secure their cloud journey and solve their toughest cloud security challenges with data. The dawn of the Data Age has sped … More

The post Splunk helps security teams modernize and unify their security operations in the cloud appeared first on Help Net Security.

NetApp helps orgs easily develop applications in the cloud with updates to its data management software

NetApp announced enhancements to industry-leading cloud-connected NetApp ONTAP data management software. The company also announced a more flexible NetApp Keystone Flex Subscription service and a new NetApp SolidFire Enterprise SDS solution. With these updates, NetApp helps organizations everywhere unlock the best of cloud. Organizations can now optimize performance and security, reduce costs, easily extend data management from on premises to any cloud, and consume hybrid cloud infrastructure as a service. “Digital transformation has accelerated to … More

The post NetApp helps orgs easily develop applications in the cloud with updates to its data management software appeared first on Help Net Security.

CyberSaint adds automation functionality to its CyberStrong platform to reduce manual intervention

CyberSaint announced new updates to the CyberStrong platform allowing customers to drastically reduce manual intervention previously necessary to assess, manage, and communicate cyber and IT compliance and risk posture. Unexpected disruptions and the increasing focus on digital transformation have heightened organizations’ need to seek innovative solutions that deliver advanced levels of automation. Simultaneously, information security and risk leaders are challenged to have clear visibility into cyber risk and optimize resources across risk and compliance projects. … More

The post CyberSaint adds automation functionality to its CyberStrong platform to reduce manual intervention appeared first on Help Net Security.

CTERA 7.0: Unifying local file sharing with cloud hyperscale storage

CTERA released version 7.0 of its Enterprise File Services Platform, delivering ultra-fast edge-to-cloud synchronization, secure geo-segmentation, embedded antivirus, and built-in data discovery and migration from legacy file storage. The release sets a new bar for multi-cloud global file systems, offering the most feature-rich, fast and secure platform in the industry. The CTERA Enterprise File Services Platform unifies local file sharing with cloud hyperscale storage, allowing enterprises to modernize every aspect of their distributed file services … More

The post CTERA 7.0: Unifying local file sharing with cloud hyperscale storage appeared first on Help Net Security.

Semtech LoRa Edge platform now eliminates design complexity for IoT applications

Semtech has announced two new enabling solutions for its LoRa Edge platform: LoRa Basics Modem-E, a software modem leveraging the LoRaWAN protocol for the LoRa Edge platform that runs inside the LoRa Edge transceiver, and the LoRa Edge Tracker Reference Design, a device-to-Cloud commercial grade reference solution for asset tracking applications. LoRa Basics Modem-E, which forms part of the LoRa Basics library of software tools and solution accelerators, is fully compliant with the LoRaWAN protocol … More

The post Semtech LoRa Edge platform now eliminates design complexity for IoT applications appeared first on Help Net Security.

Sequitur Labs joins NVIDIA Partner Network to address data and device security needs of the IoT

Sequitur Labs announced it has officially joined the NVIDIA Partner Network with full support for the NVIDIA Jetson platform and protection of IP at the edge. The NVIDIA Jetson edge AI platform powers a range of industrial IoT applications that require various performance levels and prices – from AI-powered network video recorders (NVRs) to automated optical inspection (AOI) in high-precision manufacturing to autonomous mobile robots (AMRs). The Jetson platform supports cloud-native capabilities across the full … More

The post Sequitur Labs joins NVIDIA Partner Network to address data and device security needs of the IoT appeared first on Help Net Security.

Seclore and McAfee integrate to provide continuous protection of data in the cloud

Seclore announced that it will now provide a joint offering, combining its data-centric security technology with McAfee MVISION Cloud. This integration brings together the best of breed technologies in their respective fields. This integrated offering helps discover, tag, protect, and track confidential information within the enterprise and outside. Together, Seclore and McAfee have answered the most common question for enterprises adopting the cloud with a distributed workforce and external agencies, i.e., “What happens to my … More

The post Seclore and McAfee integrate to provide continuous protection of data in the cloud appeared first on Help Net Security.

Innodisk and ASUS partner to bring reliable remote management to IoT solutions

Innodisk and ASUS announced a new strategic partnership between the two companies. As part of the partnership, ASUS is equipping its ASUS PE200U edge computer with Innodisk’s next-generation flash storage, the out-of-band management-enabled Innodisk InnoAGE SSD. This solution allows customers to roll out more reliable and secure edge devices and IoT infrastructure than ever before. Ready for 500 billion IoT devices and beyond Cisco projects that there will be 500 billion IoT devices in the … More

The post Innodisk and ASUS partner to bring reliable remote management to IoT solutions appeared first on Help Net Security.

Windstream Enterprise promotes Brad Smith to head of Strategic Channels

Windstream Enterprise (WE) announced organizational changes to its channel partner program. Brad Smith, currently vice president – Indirect Sales at Windstream Enterprise, has been promoted to head of Strategic Channels. “Brad has led award-winning national sales teams for large communications companies. His promotion to Channel Chief ensures the significant momentum, gained through our Channel Integration initiative, will continue to grow and foster collaboration with Windstream Enterprise sales,” said Layne Levine, president of Windstream Enterprise. Smith, … More

The post Windstream Enterprise promotes Brad Smith to head of Strategic Channels appeared first on Help Net Security.

Virtru expands executive team with the appointment of Dana Morris and Will Peppo

Virtru announced the addition of two executives charged with advancing the open Trusted Data Platform and further accelerating the adoption of data encryption solutions for secure collaboration – which has more than doubled since March. Dana Morris, Virtru’s Senior Vice President of Product, will lead the company’s product and platform strategy, focused on accelerating Virtru’s open source roadmap, increasing developer adoption and driving frictionless user experience for key products such as Virtru for Email. Will … More

The post Virtru expands executive team with the appointment of Dana Morris and Will Peppo appeared first on Help Net Security.

Adlumin appoints Jim Adams as Vice President, Worldwide Channels

Adlumin announced the appointment of Jim Adams as Vice President, Worldwide Channels. Adams is based out of the Boston area and will be responsible for building and executing partner strategies across all partner types including global system integrators, MSSPs, value-added resellers, distributors and services partners. Adams brings over 25 years of IT experience, principally at Cisco Systems, focusing on the monetization of global partnerships as well as channel programs and execution. He has extensive experience … More

The post Adlumin appoints Jim Adams as Vice President, Worldwide Channels appeared first on Help Net Security.

Wickr launches Federal Advisory Board to provide strategic guidance on the company’s federal strategy

Wickr announced the launch of its Federal Advisory Board to provide strategic guidance on the company’s federal strategy to connect end users with secure collaboration for mission-critical needs. Members of the Wickr Federal Advisory Board include (in alphabetical order): John Carlin, Partner, Morrison Forrester; former Assistant Attorney General for the U.S. Department of Justice’s National Security Division and former Chief of Staff to then-FBI Director Robert S. Mueller, III Sean Corbett, CEO and Founder, IntSight … More

The post Wickr launches Federal Advisory Board to provide strategic guidance on the company’s federal strategy appeared first on Help Net Security.

SK Hynix acquires Intel NAND flash memory division for $9 billion

South Korean semiconductor company SK Hynix is acquiring Intel’s NAND flash memory division for US$9 billion.

The acquisition, announced on Oct. 20, will see SK Hynix absorb Intel’s NAND SSD-associated IP and employees, as well as Intel’s NAND fab in Dalian, China. Although the purchase would undoubtedly expand SK Hynix’s NAND storage portfolio, SK Hynix will also gain Intel’s current customer base.

“I am proud of the NAND memory business we have built and believe this combination with SK Hynix will grow the memory ecosystem for the benefit of customers, partners and employees,” said Bob Swan, CEO of Intel, in a press release. “For Intel, this transaction will allow us to further prioritize our investments in differentiated technology where we can play a bigger role in the success of our customers and deliver attractive returns to our stockholders.”

The SK Hynix press release also explained that Intel intends to focus on AI, 5G, but the move to sell its NAND production can be seen as a move to focus on its core products like processors. With that said, Intel will retain its Optane 3D XPoint storage-class memory technology and stay in the storage business. 

Intel’s Non-Volatile Memory Solutions Group (NSG) has fallen on hard times. In Intel’s Q1 2019 earnings call, Swan noted that its memory business fell 12 per cent due to NAND’s pricing pressures, low demand, and deteriorating average sale price.

“We got to generate more attractive returns on the NAND side of the business,” Swan said in the call. “And the team is very focused on making that a reality. And to the extent there is a partnership out there that’s going to increase the likelihood and/or accelerate the pace, we’re going to evaluate those partnerships along the way so it can be enhancing to the returns of what we do in the memory space.”

SK Hynix will receive an initial US$7 billion payment. The remaining US$2 billion will be paid upon the final closing in March 2025. Intel will retain all IPs related to the manufacturing and design of NAND flash wafers until the final closing.

A trip down the memory lane

Intel first partnered with Micron Technologies in 2006 to produce solid-state drives under Intel Micron Flash Technologies (IMFT) banner. As part of their partnership, Intel purchased Micron’s NAND at cost. Products from their partnership included SSDs for both enterprises and consumers.

In 2015, Intel and Micro created 3D XPoint flash storage-class memory,  a non-volatile memory that was much faster and durable than traditional NAND flash storage. The technology was sold under the Optane and QuantX SSD brands. In the same year, Intel announced that it would build its own NAND fabrication plants in Dalian, digressing from Micron’s NAND division. The pair continued to collaborate on 3D XPoint. 

Intel and Micron eventually ended their 3D XPoint partnership in July 2018. Soon after, Micron expressed interest in purchasing Intel’s final IM Flash fab in Utah to produce 3D XPoint chips in October 2018. The deal closed in late 2019. As a part of the deal, Micron had promised to sell 3D XPoint chips to Intel while it figures out a transition plan.

There could be a good reason why Intel didn’t turn its Dalian 3D NAND fab into a 3D XPoint fab. In a comment to Blocks & Files, analyst Jim Handly said Intel’s 3D XPoint is very unprofitable to produce. He estimated that Intel lost $2 billion on 3D XPoint in 2017 and 2018, and $1.5 billion in 2019. That’s unsurprising, however, as 3D XPoint memory production is nowhere near as mature as 3D NAND.

Given Micron and Intel’s extensive history, Micron’s seeming disinterest in Intel’s NAND business came as a surprise.

Intel and Micron were not immediately available for comment.

The post SK Hynix acquires Intel NAND flash memory division for billion first appeared on IT World Canada.

NSA details top 25 flaws exploited by China-linked hackers

The US National Security Agency (NSA) has shared the list of top 25 vulnerabilities exploited by Chinese state-sponsored hacking groups in attacks in the wild.

The US National Security Agency (NSA) has published a report that includes details of the top 25 vulnerabilities that are currently being exploited by China-linked APT groups in attacks in the wild.

The knowledge of these vulnerabilities could allow IT and security staffs at organizations worldwide to protect their infrastructure against Chinese state-sponsored hacking campaigns.

The report includes well known vulnerabilites that have been already addressed by their vendors.

“This advisory provides Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks. Most of the vulnerabilities listed below can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks.” reads the report. “The majority of the products are either for remote access (T1133)1 or for external web services (T1190), and should be prioritized for immediate patching.”

The report includes a description of the vulnerability and the recommended mitigations.

The exploits for many of these vulnerabilities are publicly available and are employed by multiple threat actors, including China-linked hackers, in attacks in the wild.

The majority of the vulnerabilities can be exploited to gain initial access to the target networks, they affect systems that are directly accessible from the Internet, such as firewalls and gateways.

NSA confirmed that it is aware that National Security Systems, Defense Industrial Base, and Department of Defense networks are consistently scanned, targeted, and exploited by Chinese state-sponsored cyber actors. The US agency recommends that critical system owners will address the above vulnerabilities to mitigate the risk of loss of sensitive information that could have a significant impact on U.S. policies, strategies, plans, and competitive advantage.

The

These include:

1) CVE-2019-11510 – In Pulse Secure VPNs, ® 7 an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability. This may lead to exposure of keys or passwords.

2) CVE-2020-5902– In F5 BIG-IP® 8 proxy / load balancer devices, the Traffic Management User Interface (TMUI) – also referred to as the Configuration utility – has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

3) CVE-2019-19781 – An issue was discovered in Citrix® 9 Application Delivery Controller (ADC) and Gateway. They allow directory traversal, which can lead to remote code execution without credentials.

4+5+6) CVE-2020-8193CVE-2020-8195CVE-2020-8196– Improper access control and input validation, in Citrix® ADC and Citrix® Gateway and Citrix® SDWAN WAN-OP, allows unauthenticated access to certain URL endpoints and information disclosure to low-privileged users

7) CVE-2019-0708 (aka BlueKeep) – A remote code execution vulnerability exists within Remote Desktop Services®10 when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests

8) CVE-2020-15505 – A remote code execution vulnerability in the MobileIron®13 mobile device management (MDM) software that allows remote attackers to execute arbitrary code and take over remote company servers.

9) CVE-2020-1350 (aka SIGRed– A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests.

10) CVE-2020-1472 (aka Netlogon) – An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller using the Netlogon Remote Protocol (MS-NRPC).

11) CVE-2019-1040 – A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection.

12) CVE-2018-6789 – Sending a handcrafted message to an Exim mail transfer agent may cause a buffer overflow. This can be used to execute code remotely and take over email servers.

13) CVE-2020-0688 – A Microsoft Exchange® validation key remote code execution vulnerability exists when the software fails to properly handle objects in memory

14) CVE-2018-4939 – Certain Adobe ColdFusion versions have an exploitable Deserialization of Untrusted Data vulnerability. Successful exploitation could lead to arbitrary code execution.

15) CVE-2015-4852 – The WLS Security component in Oracle WebLogic 15 Server allows remote attackers to execute arbitrary commands via a crafted serialized Java object

16) CVE-2020-2555 – A vulnerability exists in the Oracle Coherence product of Oracle Fusion Middleware. This easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence systems.

17) CVE-2019-3396– The Widget Connector macro in Atlassian Confluence 17 Server allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.

18) CVE-2019-11580 – Attackers who can send requests to an Atlassian Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution.

19) CVE-2020-10189 – Zoho ManageEngine Desktop Central allows remote code execution because of deserialization of untrusted data.

20) CVE-2019-18935 – Progress Telerik UI for ASP.NET AJAX contains a .NET deserialization vulnerability. Exploitation can result in remote code execution.

21) CVE-2020-0601 (aka CurveBall) – A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear that the file was from a trusted, legitimate source.

22) CVE-2019-0803– An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

23) CVE-2017-6327– The Symantec Messaging Gateway can encounter a remote code execution issue.

24) CVE-2020-3118 – A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload an affected device.

25) CVE-2020-8515 – DrayTek Vigor devices allow remote code execution as root (without authentication) via shell metacharacters.

Pierluigi Paganini

(SecurityAffairs – hacking, NSA)

The post NSA details top 25 flaws exploited by China-linked hackers appeared first on Security Affairs.

Bitcoin ‘Mixer’ Fined $60 Million

FinCEN: Helix and Coin Ninja Sites Violated Anti-Money Laundering Laws
The Treasury Department has fined the owner of two bitcoin "mixing" sites $60 million for violating anti-money laundering laws. It's the first time the department's Financial Crimes Enforcement Network has issued a civil monetary penalty against the operator of a cryptocurrency site.

Tom Kellermann on the Price of Digital Transformation

Analysis of Latest Global Incident Response Threat Report
VMware Carbon Black is out with its latest Global Incident Response Threat Report, which describes "the perfect storm" for increasingly sophisticated attacks heading into 2021. Cybersecurity strategist Tom Kellermann discusses what that means - and how these trends should inform our defensive strategies.

Major Data Breach at Ohio School District

Major Data Breach at Ohio School District

Cyber-criminals have exfiltrated data from an Ohio school district and published personal information of faculty, staff, and students online.

According to 13abc news, nearly 9GB of sensitive data belonging to Toledo Public Schools (TPS) has been exposed. Information leaked by attackers includes names, addresses, dates of birth, phone numbers, and Social Security numbers. 

The data's appearance online follows a Distributed Denial of Service (DDoS) attack that was carried out against the TPS system at the beginning of September 2020. The attack on the district's system forced administrators to temporarily take it offline, disrupting virtual classes. 

Since data is not typically stolen in a DDoS attack, it seems that the TPS system was also the victim of another cyber-attack in which malware was introduced that exfiltrated data. Ransomware attacks have occurred at around 70 school districts and colleges this year, according to Emsisoft's Brett Callow. 

On September 14, ransomware gang Maze claimed to have attacked the Toledo Public School System, but the data dumped as proof of the hit related to a construction firm. However, a subsequent data dump carried out earlier this month by Maze has been confirmed to 13abc by several TPS staff members to contain data that belongs to TPS.

The full extent of the data breach is unclear, as Maze claims to have only published a small portion of the information it has exfiltrated from TPS. 

Deputy Superintendent Jim Gant said that TPS had not received any communication or ransom demand from cyber-criminals. The district said it was also not aware of any misuse of the data that it hadn't even realized had been swiped until contacted by several media outlets on Friday.

Representatives for TPS have pledged to notify and support those affected by the incident and provide credit monitoring services to those affected at some point in the near future. Gant said that administrators would be contacting impacted faculty and staff to notify them of the breach and advise them regarding next steps.

In an email sent to faculty and staff on Monday afternoon, employees were urged by district leaders to monitor their accounts and credit reports for suspicious or fraudulent activity.

6 Takeaways: Russian Spies Accused of Destructive Hacking

Experts Say Day of Reckoning Overdue; How Might Moscow Respond?
U.S. officials have accused the Russian government of behaving "maliciously or irresponsibly" by taking steps such as crashing Ukraine power grids in the dead of winter and causing more than $10 billion in damages via NotPetya malware. But why make the accusations now? And how might Moscow respond?

Making a Difference: Accor

 

The PCI Security Standards Council (PCI SSC) recently announced the nomination period for the next PCI SSC Board of Advisors. The Board of Advisors represents PCI SSC Participating Organizations worldwide to ensure global industry involvement in the development of PCI Security Standards. As strategic partners, they bring industry, geographical and technical insight to PCI Council plans and projects. In this post, we talk with 2018 - 2020 PCI SSC Board of Advisor Member Marie-Christine Vittet, Vice President Compliance, at Accor about the role of the PCI SSC Board of Advisors in shaping payment security globally.

Facebook: A Top Launching Pad For Phishing Attacks

Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks - including a recent strike on a half-million Facebook users.

#InfosecurityOnline: Tackling the Growing Scourge of Insider Threats

#InfosecurityOnline: Tackling the Growing Scourge of Insider Threats

Insider threats, both borne out of malicious intent and through mistakes, is a growing security problem for organizations, according to a panel speaking at the Infosecurity Online event.

This is due to a number of factors that have emerged in recent years, one of which is the sheer volume of data now filtering around organizations. Stuart Hirst, principal cloud security engineer at Just Eat, explained: “Most employees have got access to much more data than they might have had in years gone by and then the mechanisms for that data to either be maliciously taken or mistakes has grown as well.

Another factor is the fact that people tend to change jobs far more regularly, including to rival firms. Marina Krotofil, cybersecurity lead, energy industries at ABB, noted: “People tend to change jobs more frequently and try to get ahead so they take information that will be useful for them to advance their careers.”

Krotofil also highlighted how insider threats have become an especially big problem in the critical infrastructure sector, which she has spent a large portion of her career in. A major aspect of this is the growth of outsourcing, expanding an organization’s border. “We suddenly have so many subcontractors, who for the duration of the project become an internal part of the organization, and we share a lot of confidential proprietary information with them,” she commented.

The issue of insider threats has been further exacerbated by the shift to home working brought about by COVID-19 lockdown restrictions this year. Deryck Mitcheson, director of information security at NHS National Services Scotland, highlighted the dangers posed by common staff behaviors that take place whilst home working, such as screens being left unattended and personal devices being used for work purposes.

Having a robust approach to combatting insider threats is therefore critical for a modern organization, and the most important things is buildinf a strong internal cybersecurity culture, which in turn should lead to greater investment in this area. In Mitcheson’s view, the most effective way to achieve this is to clearly outline to board members the business impact of data breaches, such as on shareholder value and financial losses. “Try and speak in business terms to business people around the opportunity of getting good cyber-hygiene and cyber-awareness,” he advised. “When they see it in these terms, they’ll start to invest.”

Hirst agreed, adding: “If you’re going to very senior people, you need to articulate what’s at stake and almost need to scaremonger a little at that level.”

Another important element in building a strong cybersecurity culture is the willingness to communicate openly and transparently when incidents occur, a practice that is still not commonplace. Krotofil explained: “In the majority of organizations I’ve worked in, the incidents are kept secret. So it’s a very limited number of people who are aware of the incident."

She added: “As a result, it’s very difficult to raise awareness and levels of concern that we have to be careful or that we have a problem.”

The panel also discussed how to reduce the risk of insider errors by making user awareness training more engaging for all staff. Mitcheson highlighted how interactive exercises such as gamification and simulation can be highly effective in this regard. “Do it in a fun and engaging way,” he said.

Tailoring training to different teams, especially those that are non-technical is also recommended. Making security relatable to everyday life is something Hirst has found to be effective at Just Eat: “We always try and relate it to real life, so we don’t just want your security mindset to finish at 5 o’clock, we try to help you secure things in your personal life as well and when you take people on that journey and they understand that you get a lot of buy in.”

Iranian Millionaire Jailed for Violating US Sanctions

Iranian Millionaire Jailed for Violating US Sanctions

The United States has imprisoned the CEO of a financial services company that helped Iranian nationals conduct financial transactions in violation of US sanctions. 

Iranian millionaire Seyed Sajjad Shahidian, 33, pleaded guilty in June to one count of conspiracy to defraud and commit offenses against the United States. On Thursday, a district court in Minneapolis sentenced Shahidian to 23 months in prison. 

Shahidian founded and ran Payment24.ir, an online platform that helped Iranian nationals circumvent US sanctions prohibiting financial transactions with businesses based in the United States. Users of the platform paid a fee to get around American sanctions so they could purchase computer software, software licenses, and computer servers from US companies. 

Payment24 had offices in Tehran, Shiraz, and Isfahan, Iran, and employed approximately 40 people. To Iranian clients seeking to make online purchases from United States-based businesses, the company sold a package that included a PayPal account, a fraudulent “ID card and address receipt,” a remote IP address from the United Arab Emirates, and a Visa gift card. 

Clients were advised by Payment24 on how to create accounts with a foreign identity and were instructed "never attempt logging into a foreign website with an Iranian IP address."

To achieve the transactions, Shahidian obtained payment-processing accounts from United States-based companies like PayPal using fraudulent passports and other fake residency documentation to make it appear as though his clients resided outside of Iran. Shahidian admitted to opening hundreds of PayPal accounts on behalf of his resident Iranian customers and to unlawfully bringing millions of US dollars into the economy of Iran. 

Shahidian was arrested in London, UK, in November 2018 after being observed visiting a number of tourist spots, including the London Eye and Madame Tussauds. He was extradited to the US in May 2020.  

The UK's National Crime Agency cybercrime investigators stated that they believe Payment24 had previously been used "by international cyber-criminals seeking to target the UK."

“In Iran, based on his illegal business, Mr. Shahidian had been a high-profile executive and a millionaire," said US Attorney Erica MacDonald. "He is now a convicted felon who has lost everything."

Data-Centric Security for the Cloud, Zero Trust or Advanced Adaptive Trust?

Over the last few months, Zero Trust Architecture (ZTA) conversations have been top-of-mind across the DoD. We have been hearing the chatter during industry events all while sharing conflicting interpretations and using various definitions. In a sense, there is an uncertainty around how the security model can and should work. From the chatter, one thing is clear – we need more time. Time to settle in on just how quickly mission owners can classify a comprehensive and all-inclusive, acceptable definition of Zero Trust Architecture.

Today, most entities utilize a multi-phased security approach. Most commonly, the foundation (or first step) in the approach is to implement secure access to confidential resources. Coupled with the shift to remote and distance work, the question arises, “are my resources and data safe, and are they safe in the cloud?”

Thankfully, the DoD is in the process of developing a long-term strategy for ZTA. Industry partners, like McAfee, have been briefed along the way. It has been refreshing to see the DoD take the initial steps to clearly define what ZTA is, what security objectives it must meet, and the best approach for implementation in the real-world. A recent DoD briefing states “ZTA is a data-centric security model that eliminates the idea of trusted or untrusted networks, devices, personas, or processes and shifts to a multi-attribute based confidence levels that enable authentication and authorization policies under the concept of least privilege access”.

What stands out to me is the data-centric approach to ZTA. Let us explore this concept a bit further. Conditional access to resources (such as network and data) is a well-recognized challenge. In fact, there are several approaches to solving it, whether the end goal is to limit access or simply segment access. The tougher question we need to ask (and ultimately answer) is how to do we limit contextual access to cloud assets? What data security models should we consider when our traditional security tools and methods do not provide adequate monitoring? And is securing data, or at least watching user behavior, enough when the data stays within multiple cloud infrastructures or transfers from one cloud environment to another?

Increased usage of collaboration tools like Microsoft 365 and Teams, SLACK and WebEx are easily relatable examples of data moving from one cloud environment to another. The challenge with this type of data exchange is that the data flows stay within the cloud using an East-West traffic model. Similarly, would you know if sensitive information created directly in Office 365 is uploaded to a different cloud service? Collaboration tools by design encourage sharing data in real-time between trusted internal users and more recently with telework, even external or guest users. Take for example a supply chain partner collaborating with an end user. Trust and conditional access potentially create a risk to both parties, inside and outside of their respective organizational boundaries. A data breach whether intentional or not can easily occur because of the pre-established trust and access. There are few to no limited default protection capabilities preventing this situation from occurring without intentional design. Data loss protection, activity monitoring and rights management all come into question. Clearly new data governance models, tools and policy enforcement capabilities for this simple collaboration example are required to meet the full objectives of ZTA.

So, as the communities of interest continue to refine the definitions of Zero Trust Architecture based upon deployment, usage, and experience, I believe we will find ourselves shifting from a Zero Trust model to an Advanced Adaptive Trust model. Our experience with multi-attribute-based confidence levels will evolve and so will our thinking around trust and data-centric security models in the cloud.

 

 

The post Data-Centric Security for the Cloud, Zero Trust or Advanced Adaptive Trust? appeared first on McAfee Blogs.

Morgan Stanley Fined $60m Over Data Disposal

Morgan Stanley Fined $60m Over Data Disposal

American multinational investment bank and financial services company Morgan Stanley has been fined $60m for improperly disposing of personal data. 

The substantial fine was imposed on Morgan Stanley Bank, N.A., and Morgan Stanley Private Bank, N.A. by the US Office of the Comptroller of Currency (OCC), which discovered deficiencies in the banks' data decommissioning practices.  

The federal banking agency found that in 2016, the banks "failed to exercise proper oversight of the decommissioning of two Wealth Management business data centers located in the United States."

Among the issues flagged by the OCC were inadequate risk assessment and monitoring of third-party vendors and a failure to keep track of customer information. 

consent order for the assessment of a civil money penalty states that the banks "failed to effectively assess or address the risks associated with the decommissioning of its hardware; failed to adequately assess the risk of using third party vendors, including subcontractors; and failed to maintain an appropriate inventory of customer data stored on the devices."

Morgan Stanley, which is headquartered in New York City, was also found to have failed to exercise adequate due diligence in selecting the third-party vendor engaged by Morgan Stanley and failed to adequately monitor the vendor’s performance.

Three years on from the decommissioning of the two data centers, the OCC found data disposal at the banks was still not as it should be.

"In 2019, the banks experienced similar vendor management control deficiencies in connection with decommissioning other network devices that also stored customer data," stated the comptroller.

Morgan Stanley, at the OCC’s direction, notified potentially impacted customers of the 2016 incident, and voluntarily notified potentially impacted customers of the 2019 incident. The bank has undertaken initial corrective actions, and the OCC states that it "is committed to taking all necessary and appropriate steps to remedy the deficiencies."

The OCC found the noted deficiencies constitute "unsafe or unsound practices" and resulted in noncompliance with 12 CFR Part 30, Appendix B, "Interagency Guidelines Establishing Information Security Standards."

The $60m civil money penalty will be paid to the United States Treasury.

Pharma Giant Pfizer Leaks Customer Prescription Info, Call Transcripts

Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and more are now vulnerable to phishing, malware and identity fraud.

Cybersecurity’s Inconvenient Truth: The Nation-State Threat

Curry, Kellermann and King on Why You Should Be Outraged by Adversaries' Cyber Assaults
Has the nation-state threat become like the weather - something everyone talks about, but no one can do anything about? It's time for a strategic change. A panel of experts offers a frank discussion of nation-state actors, their ongoing intrusions and what "taking off the gloves" might look like.

Twitter slammed by U.S. regulator over bitcoin scam

A New York state regulator has slammed Twitter for poor cybersecurity protection that allowed young hackers to seize control of several celebrities’ accounts in July to run a  “double your bitcoin” scam.

“Given that Twitter is a publicly-traded, US$37 billion technology company, it was surprising how easily the hackers were able to penetrate Twitter’s network and gain access to internal tools allowing them to take over any Twitter user’s account,” said the report by the Department of Financial Services.

“Indeed, the hackers used basic techniques more akin to those of a traditional scam artist: phone calls where they pretended to be from Twitter’s Information Technology department. The extraordinary access the Hackers obtained with this simple technique underscores Twitter’s cybersecurity vulnerability and the potential for devastating consequences. Notably, the Twitter Hack did not involve any of the high-tech or sophisticated techniques often used in cyberattacks–no malware, no exploits, and no backdoors.”

In particular, it slammed the company for not having a CISO for seven months before the attack. “A lack of a CISO sends the message that cybersecurity is not a top priority from senior leadership,” says the report.

The hackers — who are facing criminal charges — took over the Twitter accounts of politicians, celebrities, and entrepreneurs, including Barack Obama, Kim Kardashian West, Jeff Bezos, and Elon Musk, as well as Twitter accounts of several cryptocurrency companies regulated by the New York State Department of Financial Services.

What worries the regulator is there are well-documented examples of social media being used to manipulate markets and interfere with elections, often with the simple use of a single compromised account or a group of fake accounts.

“The Twitter Hack demonstrates the need for strong cybersecurity to curb the potential weaponization of major social media companies. But our public institutions have not caught up to the new challenges posed by social media. While policymakers focus on antitrust and content moderation problems with large social media companies, their cybersecurity is also critical. In other industries that are deemed critical infrastructure, such as telecommunications, utilities, and finance, we have established regulators and regulations to ensure that the public interest is protected. With respect to cybersecurity, that is what is needed for large, systemically important social media companies.”

Related:

Twitter attack shows need to better protect admin accounts [Full story]

 

The attack started on the afternoon of July 14 when one or more hackers called several Twitter employees and claimed to be from the company’s help desk responding to a reported problem the staffer was having with Twitter’s virtual private network. Since switching to remote working, VPN problems were common at Twitter. The hackers then tried to direct the employee to a phishing website that looked identical to the real Twitter VPN website and was hosted by a similarly named domain. As the employee entered their credentials into the phishing website, they would simultaneously enter the information into the real Twitter website.

For protection, Twitter strengthens logins by making employees use multi-factor authentication. However, because the hackers were logging into the real site, if a staffer entered their MFA code on the fake site, the attackers could copy it into the real site.

To aid the attack, the hackers used personal information about the employees to convince them that the callers were real Twitter staff and could, therefore, be trusted. The report doesn’t say how the attackers got this information other than speculating it did research to identify staffers and their titles.

Some were suspicious

While some employees were suspicious and reported the calls to Twitter’s internal fraud monitoring team, at least one employee fell for the scam. Getting into this person’s corporate account didn’t get the attackers what they wanted, which was the ability to take over celebrity Twitter accounts. They took the time to wander around Twitter’s internal websites and learn more about the company’s systems. That gained them information about how to access other internal applications.

On July 15, the hackers targeted Twitter employees who had access to certain internal tools to help take over accounts. Some of them were part of the department responsible, in part, for responding to sensitive global legal requests, such as court orders or content removal requests, as well as for developing and enforcing policies to prohibit abusive online behaviour.

Initially, the hackers went after valuable so-called “original gangster” (“OG”) Twitter usernames, which are usually designated by a single word, letter, or number and adopted by Twitter’s early users.  Access to a hijacked OG account could be resold for bitcoin. To show off their prowess, the hackers tweeted screenshots of one of the internal tools from some of the accounts.

Next, the hackers upped their game, going after “verified” accounts of well-known people who want the blue verified badge as a source of authenticity. But a hacked verified account would make fraudulent demands for bitcoin appear more legitimate. The first hijacked verified account belonged to a cryptocurrency trader—direct messages sent from that account asking for 0.01 bitcoin for trading information. After hijacking Twitter accounts of cryptocurrency exchanges, the hackers sent tweets suggesting a bitcoin giveaway, with a link to a scam address. Finally, the attackers gained access to verified accounts of celebrities and fired tweets with the scam offer to millions of their followers.

Exchanges moved quickly

Overall, 130 Twitter user accounts were compromised. Of those, 45 accounts were used to send tweets. Hackers also downloaded data from seven of those accounts through Twitter’s “Your Twitter Data” (“YTD”) tool, which provides a summary of a Twitter account’s details and activity.

The report says the hackers stole approximately US$118,000 worth of bitcoin through the scam.

The report credits cryptocurrency exchanges whose Twitter accounts were hacked with responding quickly to block impacted addresses after being notified by the regulator. Still, Gemini, Square, and Coinbase said that a handful of customers fell for the scam and transferred $22,000 in bitcoin to the hackers’ accounts.

But it came down hard on Twitter, particularly for not having a CISO for seven months before the hack. “A lack of strong leadership and senior-level engagement is a common source of cybersecurity weaknesses. Strong leadership is especially needed in 2020 when the COVID-19 pandemic has created a host of new challenges for IT and cybersecurity. Like many organizations, in March, Twitter transitioned to remote working due to the pandemic. This transition made Twitter more vulnerable to a cyberattack and compounded existing weaknesses.”

‘Didn’t implement significant compensating controls”

Early in the year, the department issued guidance to its regulated firms to identify and assess the new security risks created by remote working because of the pandemic, the report indicated. But Twitter was dragging its heels.

“Twitter did not implement any significant compensating controls after March to mitigate this heightened risk to its remote workforce, and the hackers took advantage.

“To its credit, Twitter has advised the Department that it is now implementing additional security controls to prevent similar attacks in the future, such as improved MFA and additional training on cybersecurity awareness, and in late September 2020, it announced the hire of a new CISO. But the consequences of the Twitter Hack show why it is critical for Twitter and other social media companies to implement robust controls before they experience a cyber incident, not after.”

Among the report’s recommendations are that cryptocurrency exchanges have to proactively identify and quickly block addresses known to be used by fraudsters. It also says that — where possible — some companies are restricting cryptocurrency asset transfers only to addresses that have already been approved. However, adding a new address can take a day or more.

“Twitter’s access management and authentication failed to prevent unsophisticated hackers from getting to the powerful internal tools,” the report notes. While Twitter limit access to the internal tools, over 1,000 employees still had access to them for job functions, user account maintenance and support, content review, and responses to reports of Twitter Rules violations. Since the hack, Twitter has further limited the number of employees with access to internal tools, even though it caused a slowdown of some job functions.

The report also says Twitter has abandoned application-based MFA in favour of a physical security key.

Finally, the report suggests a U.S. federal regulator be created to oversee social media platforms. “The risks posed by social media to our consumers, economy, and democracy are no less grave than the risks posed by large financial institutions,” it argues. “The scale and reach of these companies, combined with the ability of adversarial actors who can manipulate these systems, require a similarly bold and assertive regulatory approach.”

The post Twitter slammed by U.S. regulator over bitcoin scam first appeared on IT World Canada.

CISO Spotlight: How diversity of data (and people) defeats today’s cyber threats

This year, we have seen five significant security paradigm shifts in our industry. This includes the acknowledgment that the greater the diversity of our data sets, the better the AI and machine learning outcomes. This diversity gives us an advantage over our cyber adversaries and improves our threat intelligence. It allows us to respond swiftly and effectively, addressing one of the most difficult challenges for any security team. For Microsoft, our threat protection is built on an unparalleled cloud ecosystem that powers scalability, pattern recognition, and signal processing to detect threats at speed, while correlating these signals accurately to understand how the threat entered your environment, what it affected, and how it currently impacts your organization. The AI capabilities built into Microsoft Security solutions are trained on 8 trillion daily threat signals from a wide variety of products, services, and feeds from around the globe. Because the data is diverse, AI and machine learning algorithms can detect threats in milliseconds.

All security teams need insights based on diverse data sets to gain real-time protection for the breadth of their digital estates. Greater diversity fuels better AI and machine learning outcomes, improving threat intelligence and enabling faster, more accurate responses. In the same way, a diverse and inclusive cybersecurity team also drives innovation and diffuses group think.

Jason Zander, Executive Vice President, Microsoft Azure, knows firsthand the advantages organizations experience when embracing cloud-based protections that look for insights based on diverse data sets. Below, he shares how they offer real-time protection for the breadth of their digital estates:

How does diverse data make us safer?

The secret ingredient lies in the cloud itself. The sheer processing power of so many data points allows us to track more than 8 trillion daily signals from a diverse collection of products, services, and the billions of endpoints that touch the Microsoft cloud every month. Microsoft analyzes hundreds of billions of identity authentications and emails looking for fraud, phishing attacks, and other threats. Why am I mentioning all these numbers? It’s to demonstrate how our security operations take petabytes’ worth of data to assess the worldwide threat, then act quickly. We use that data in a loop—get the signals in, analyze them, and create even better defenses. At the same time, we do forensics to see where we can raise the bar.

Microsoft also monitors the dark web and scans 6 trillion IoT messages every day, and we leverage that data as part of our security posture. AI, machine learning, and automation all empower your team by reducing the noise of constant alerts, so your people can focus on meeting the truly challenging threats.

Staying ahead of the latest threats

As the pandemic swept the globe, we were able to identify new COVID-19 themed threats—often in a fraction of a second—before they breached customers’ networks. Microsoft cyber defenders determined that adversaries added new pandemic-themed lures to existing and familiar malware. Cybercriminals are always changing their tactics to take advantage of recent events. Insights based on diverse data sets empower robust real-time protection as our adversaries’ tactics shift.

Microsoft also has the Cyber Defense Operations Center (CDOC) running 24/7. We employ over 3,500 full-time security employees and spend about $1 billion in operational expenses (OPEX) every year. In this case, OPEX includes all the people, equipment, algorithms, development, and everything else needed to secure the digital estate. Monitoring those 8 trillion signals is a core part of that system protecting our end users.

Tried and proven technology

If you’re part of the Microsoft ecosystem—Windows, Teams, Microsoft 365, or even Xbox Live—then you’re already benefitting from this technology. Azure Sentinel is built on the same cybersecurity technology we use in-house. As a cloud-native security information and event management (SIEM) solution, Azure Sentinel uses scalable machine learning algorithms to provide a birds-eye view across your entire enterprise, alleviating the stress that comes from sophisticated attacks, frequent alerts, and long resolution time frames. Our research has shown that customers who use Azure Sentinel achieved a 90 percent reduction in alert fatigue.

Just as it does for us, Azure Sentinel can work continuously for your enterprise to:

  • Collect data across all users, devices, applications, and infrastructure—both on-premises and in multiple clouds.
  • Detect previously undetected threats (while minimizing false positives) using analytics and threat intelligence.
  • Investigate threats and hunt down suspicious activities at scale using powerful AI that draws upon years of cybersecurity work at Microsoft.
  • Respond to incidents rapidly with built-in orchestration and automation of common tasks.

Diversity equals better protection

As Jason explained, Microsoft is employing AI, machine learning, and quantum computing to shape our responses to cyber threats. We know we must incorporate a holistic approach that includes people at its core because technology alone will not be enough. If we don’t, cybercriminals will exploit group preconceptions and biases. According to research, gender-diverse teams make better business decisions 73 percent of the time. Additionally, teams that are diverse in age and geographic location make better decisions 87 percent of the time. Just as diverse data makes for better cybersecurity, the same holds true for the people in your organization, allowing fresh ideas to flourish. Investing in diverse teams isn’t just the right thing to do—it helps future proof against bias while protecting your organization and customers.

Watch for upcoming posts on how your organization can benefit from integrated, seamless security, and be sure to follow @Ann Johnson and @Jason Zander on Twitter for cybersecurity insights.

To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post CISO Spotlight: How diversity of data (and people) defeats today’s cyber threats appeared first on Microsoft Security.

What Cybersecurity and Traveling Have in Common

My favorite thing about my career in cybersecurity has been a constant opportunity to learn new topics. Cybersecurity weaves itself through every aspect of our lives: the phone in your pocket, the smart TV in your home, and on and on. And the idea that each of these devices allows me to gain new knowledge is fascinating. It can also be daunting when there is always so much to learn. I want to share a learning method I’ve developed to help you quickly learn new concepts. I have been using this mental model since I started in the industry. It works equally well whether you are new to the field or if you are adding to years of experience.

Exploring a new city

When I first moved to the Bay area, I picked an area I thought I would like (the Redwoods), I would walk in my neighborhood and explore the streets and restaurants. As I did this, I built up a mental map of the area. Eventually, I wanted to explore new neighborhoods.

I discovered that this way of navigation allowed me to grow my knowledge of a new area and anchor it in my existing understanding. First, I would learn a little bit about a new neighborhood. Then each time I would go back, I would learn a bit more about that area or a new way to get there. The first time I would visit a new area, the map was small and the connections were weak. But over time, I would learn new connections and discover interesting areas to explore.

Eventually, I would build a better map of my neighborhood and others close by.

Applying to security

There are many parallels between different security domains and learning a new city. Learning about cybersecurity starts with picking an area of interest. Then you start exploring that area until you feel comfortable. You understand the tools, know the leaders in the space, and have read the books. Once you feel comfortable in one area, you may branch out to an adjacent area. Your connection to the new topic will be tenuous at first, but if you find it interesting, you will keep returning until you know the second area well.

As you continue to explore new areas it gets easier. Sometimes you can use the same tools or maps, or it is simply that the tools and maps become easier to understand because you have a frame of reference based on all the other things you have used.

If you walk the streets of Rome, Italy after growing up in Los Angeles, United Sates you may find yourself easily disoriented, like jumping from network security to cyber operations, but once you have learned enough new things about the neighborhoods it become easier.

Seeing how each neighborhood is connected from a bird’s eye view and how security is applied at the street level makes new topics easier to understand.

Broad awareness first, then go deep

I love learning about a new city’s hidden gems, but often I will start with the “must-see” landmarks. I use standard methods of travel like walking or trains to move between neighborhoods. Once I have spent some time in a new area, I will start to explore more deeply. When I am in a new city, I first look for parallels or how it’s like what I have seen before.

The same is true for learning cybersecurity. First, try to apply things you already know.. Next, look for the landmarks or recognizable features. Ask yourself, ‘what unique concepts make this domain uniquely different and memorable?’ Finally, explore deeply.

I hope this method of learning will help you frame your new challenges. A career in cybersecurity truly gives you a passport to travel the world. And the skills you learn are globally recognized yet locally relevant in any country you choose to visit or explore.

Interested in learning more about cybersecurity? Start exploring here.

The post What Cybersecurity and Traveling Have in Common appeared first on Cisco Blogs.

How Automation can help you in Managing Data Privacy

The global data privacy landscape is changing and everyday we can see new regulations emerge.

These regulations are encouraging organizations to be better custodians of the consumers data and create a healthier space for data privacy. In order to do so organizations will need to rework their operations and revamp their processes in order to comply with these regulations.

According to a report by the International Association of Privacy Professionals, 33% of respondents have considered revamping their technology solutions around data privacy. This is where data privacy comes into play and organizations are looking for data privacy management softwares that can fulfill their data privacy needs, while complying with data regulations in order to avoid fines.

Tracking Personal Data

Data is stored in a plethora of internal and external systems in structured or unstructured form all across the organization. These systems can even spread over a geographical area depending on the size of the organization. In order to retrieve information, manual methods can be seen as tedious and time-consuming, not to mention the factor of human error.

According to Aoife Harney, Compliance Manager at AON, “One of the most important aspects of any data protection program is having an in-depth and documented knowledge of the what, the why, the where, the who, and the how.”

Different data privacy softwares that incorporate data intelligence serve various purposes in the organization. Certain softwares deal with cookies and consent, while others could focus on breach notification.

Now a days, organizations need all in one privacy management software platform that can address all these requirements and integrate data privacy within all their operations:

Compliance Requirements

Data privacy regulations such as the CCPA and GDPR require organizations to take responsibility for their consumers’ data. All data privacy regulations impose obligations on businesses for the protection of privacy of consumers by restricting data capture mechanisms, providing privacy rights to consumers on their personal data and introducing accountability in businesses data policies. Furthermore it imposes responsibilities on data controllers who store and hold data to protect it from unauthorized disclosures and to inform consumers when and if their data is breached.

In order to comply with these obligations organizations need to revamp the following practices to stay in compliance with global data privacy regulations.

  • DSR Fulfillment: Organizations will be met with a plethora of Data Subject requests and will be required to fulfill them all in a specific time frame based on the regulations they are required to comply with. In order to make this process swift and seamless, organizations will have to automate their DSR fulfillment process.
  • Data Mapping: Organizations have stored immense amounts of data over their internal and external systems that can spread across on a geographic level. In order to quickly link this data to the owner to avoid any delays, data mapping automation plays a quintessential part in complying with any data privacy regulation.
  • Vendor Assessment: Manually assessing your third-party vendors and your own organization can be a tedious task that can present several bottlenecks and lack in collaboration. Whether you want to collaborate with key stakeholders or third-party vendors, there needs to be an automated system that can bring about this automation while simplifying the assessment process.
  • Consent Management: Regulations such as the CCPA and GDPR require organizations to take freely given consent from their consumers before processing their data. Doing this task manually leaves room for human error and also the use of time and resources. Organizations need to create a universal consent capture system that can make this process faster while freeing up resources as well.
  • Breach Notification: Privacy regulations require organizations to send a notification in case of a breach. Under the GDPR, for example,an obligatory 72-hour data breach notice for unauthorized access to systems and data, use and distribution of data is mandatory (Article 33). Recognizing a breach and then sending out a notification through manual means makes it virtually impossible to comply with the time frame given. Automating your breach notification system can save organizations thousands in fines.
  • Privacy Policy Management: One of the core parts of any regulation is the need to revamp an organization’s privacy policies. These policies need to be in line with the data privacy regulations in order to comply. Organizations will need to revisit their privacy policies and change them according to the guidelines provided by these privacy regulations.

Automation: the Future of Compliance

The future beckon the arrival of automation and organizations will have to quickly adopt this if they hope to improve their chances at complying with global privacy regulations. Irrespective of the current state of the globe, data regulations are still going into effect and being enforced. If an organization hopes to comply with these regulations they need to find a solution that will automate their operations and manage all the aforementioned privacy requirements.

Aoife Harney says “Being able to clearly see when a client’s personal data was collected, what legal basis is relied upon for that activity, who accesses that information, and when it’s appropriate to erase is incredibly useful to any organization,” 

Organizations need to find a solution that will help them with their compliance requirements. The ideal situation would be to get this solution from an organization that allows flexibility and customization, as well as one that considers your suggestions from early adopters.

Organizations can also consider SECURITI.ai which is reputed as the Privacy Leader that offers a one-stop data privacy solution to businesses.

Authors:

Ramiz Shah, Digital Content Producer at SECURITI.ai

Anas Baig, Team Lead at SECURITI.ai

Pierluigi Paganini

(SecurityAffairs – hacking, automation)

The post How Automation can help you in Managing Data Privacy appeared first on Security Affairs.

Dynamic Data Resolver – Version 1.0.1 beta

Cisco Talos is releasing a new beta version of Dynamic Data Resolver (DDR) today. This release comes with a new architecture for samples using multi-threading. The process and thread tracing has been completely reimplemented.

We also fixed a few bugs and memory leaks. Another new feature is that the DDR backend now comes in two flavors: a release version and a debugging version. The latter will improve code quality and bug hunting. It helps to detect memory leaks and minor issues which are silently handled by the underlying DynamoRIO framework in the release version. We also improved the installer and the IDA plugin is now installed to the user plugin directory instead to the IDA installation directory under Program Files. The IDA plugin and all its dependencies are also now automatically installed by a script.

Fantastic news! DDR has won the HexRays IDA plugin contest 2020

READ MORE>>

The post Dynamic Data Resolver – Version 1.0.1 beta appeared first on Cisco Blogs.

Trust in Yourself and the Process: Key Guidance for Forging a Successful Cybersecurity Career

Those in cybersecurity are keenly aware of the concept, “imposter syndrome.” Some think they don’t know enough to succeed in the industry. Others believe they don’t have the right experience to contribute anything meaningful.

In actuality, many people suffer from imposter syndrome at some point in their cybersecurity careers. This reality suggests that many of us are too hard on ourselves when starting off in the industry. Cisco found this to be the case after asking numerous cybersecurity experts the following question: “If given the chance, what advice would you give yourself when you first joined the industry?”

These experts’ responses are presented below.

Jihana Barrett |  Senior Threat Intelligence Analyst, Verizon Enterprise Solutions | @iamjihana | (LinkedIn)

That’’s a good question. For me, I didn’t feel like I had much guidance. There was no woman that I’d seen doing what I was doing. There was a steep learning curve because cybersecurity was still very new to me. I didn’t see myself reflected in those spaces. So I felt lost a lot of the time, and I didn’t have much direction or any mentors to turn to because there were so many men, and not that many women.

If I could go back and tell myself anything, it would have been to pace myself. I would have reassured myself that I was on the right track, that things would turn out the way they’re supposed to. And I would encourage myself to learn as much as I could but to be patient with my learning. A lot of times, newbies want to be experts, and they don’t give themselves the chance to take the steps to get to that point. Having been in the industry for about 11 years now, I totally see that even if you have all the books behind it, you still don’t have the experience when starting out. That experience is what helps me execute my tasks and examine a problem the way that I do. If you’re new, you don’t even know how to think that way. You wouldn’t think that way. I wouldn’t want to shortchange education, but I know how necessary experience is.

So I would have just told myself to be patient. You’re on the right track. You’re doing all the right things. You’re learning. You’re getting the foundations and fundamentals. And every aspect of that industry is going to involve learning. The learning never stops. Basically, I would have taken the pressure off of myself to know everything in the beginning so that I could add value to a space and just know that it was going to come with time.

Tazin Khan Norelius | Founder, Cyber Collective | @techwithtaz | (LinkedIn)

The advice that I would give myself when I first joined the industry would be to trust the process. I don’t necessarily know if I would give my past self any new advice because I’m thankful for the journey that led me to where I am. But trusting the process has been something that I tell everyone and myself often. You can only do what you can do. The rest is up to the process of contributions and reaping the benefit of the work that you put in. So if you trust the process and stay disciplined, great things can happen for you.

 

 

 

Ben Nahorney | Threat Intelligence Analyst at Cisco Security |  @benn333  | (LinkedIn)

I would remind my younger self not to internalize criticism. I am a  threat intelligence analyst, and also a writer. You can’t be a writer without having a thick skin. If you’re a writer, your work is going to be critiqued. Nine out of ten times it’ll be stronger for it.

This goes double for the cybersecurity industry. Conflict between attackers and defenders features heavily here, especially in the response-related corners of the field. In cybersecurity, personal feelings sometimes take a backseat to quickly responding to an issue. It has definitely changed for the better over time, but there is an above-average number of plain-spoken and direct people in this industry.

When coming from a non-computer related field, not everyone will immediately see the value of what you bring, and you’ll have to spend extra time proving your worth. Stand your ground when necessary, but pin your ears back for other ideas and perspectives. You’ll pick up some very valuable information.

So ultimately, my advice to myself would be to learn to take things in stride. That, and don’t get too attached to that hairline.

Noureen Njoroge | Cybersecurity Consulting Engineer, Cisco | @EngineerNoureen | (LinkedIn)

Looking back, I would advise myself as follows:

  1. BE PATIENT with yourself, as it takes time to grasp the vast domains of cybersecurity.
  2. EMBRACE CHANGE, as this industry is constantly evolving, and you have to constantly learn to adapt.
  3. GET A MENTOR ASAP to help answer your discrete career questions and provide you with tailored career advice.
  4. Do not rush into certifications, as they can be costly. Instead, gain some experience, and then consider which specific domain certificate you’d like to pursue, if necessary.
  5. Network with others in the industry by attending local meetups, chapters, and social media platform group gatherings.
  6. Lastly, don’t be too hard on yourself. Cybersecurity is indeed a journey, not a destination.

 

Fareedah Shaheed | CEO and Founder, Sekuva | @CyberFareedah | (LinkedIn)

When I first joined the industry, I wasn’t aware of all the options and diversity of paths, so I got sucked into the “you MUST be technical to be worthy of anything” world.

If I were to go back, I would tell myself to not worry about how technical I was or wasn’t. I would put more focus on knowing my strengths, interests, and hobbies. I would then spend time figuring out how I could combine them all to make a difference in someone’s life.

Not everyone gets to do that, but if you can find that combination, it can be life-changing. I eventually found it, but I would definitely tell myself to stop stressing over grades, certifications, job titles, compensation, and technical abilities because it doesn’t matter. It didn’t for my journey, at least.

I would tell myself that the impact I was called on to make in this world was bigger than any of that, and that I didn’t have to squeeze myself into a box of degrees, certs, job titles, and career paths.

 

Omar Santos | Principal Engineer – Product Security Incident Response Team, Cisco | @santosomar | (LinkedIn)

I would basically say to pace yourself and to understand that you’re not going to be able to learn everything overnight. Cybersecurity is very broad. You have things from ethical hacking, pen testing, digital forensics and incident response, exploit development, etc.

So yes, become familiar with all the different domains and the ones that you want to specialize in and that attract you the most. Then dive deeply into it while always recognizing that you will never be an expert in every single area in cybersecurity. Pick your niche and concentrate on it.

 

 

Sophia McCall | Junior Security Consultant | @spookphia | (LinkedIn)

The advice I always give to those new to the industry is to network. Networking is so important; had I not done it, I would not be where I am today. By attending a huge amount of conferences and events over the years, I have been able to build a network of professional connections and friends who have helped to support me along my security journey.

If I could turn back time, I definitely would have told myself to not be afraid and to start networking earlier! At first, I was scared to attend events and I didn’t start doing so until nearly the end of my first year at university.

In my opinion, it’s never too early to start networking. The earlier you start, the sooner you can grow your network and utilize it as a stepping stone to help you kick-start your career.

Jane Frankland | CEO, KnewStart | @JaneFrankland | (LinkedIn)

If I could go back to the point when I was just joining information security, which was more than 20 years ago, I would tell myself to not shy away from being visible. I would urge myself to use my voice and network. Visibility is the most important thing that a woman needs to focus on in order to advance her career.

When I talk about visibility, I mean it in a sense of using your voice so that people know about you. You need to get yourself out there. They need to be able to see and understand the work that you are doing. So it’s really important that women build their visibility.

When I came into the industry, I was building my own company. I was leading that company, so visibility to me was important from a leadership perspective. But if there was an opportunity for me to be a spokesperson for my company or to go and speak, I would always avoid it. I would push everyone else forward. Except me. I was absolutely petrified. I was very fearful of the press. I thought they would manipulate my words, which isn’t the case. (Not always, anyway.)

So that would be my advice. Get out there. Be visible. Use your voice, demonstrate your value visibly, really focus on building your network and use all of the tools around you. Nowadays, it’s a different kettle of fish. We’ve got social media and things like that. When I started my career, we didn’t have those. And there weren’t any networking groups for women in those days. That’s the advice I would give myself.

Finally, don’t worry about your age. Don’t worry about how young you look, and don’t worry about not being considered technical. For me, I had a great big hang-up about being really young. I wasn’t actually bothered about being a woman. I didn’t see that as being a disadvantage at all, but I was really concerned that I looked so young and that I wasn’t technical. So I would go back and tell myself to not worry about looking young and to not worry about not being technical. I was able to do my job and to do it really well even though I wasn’t technical in those days.

 

Rebecca Herold | CEO, The Privacy Professor | @PrivacyProf | (LinkedIn)

There are two pieces of advice I’d give myself from lessons I’ve learned over the years.

The first piece of advice is from a lesson that came from me being too naïve and idealistic early in my career during a time when I was building and managing an information assurance program for a large multinational corporation. The information security and privacy policies I had drafted for the corporation were approved the previous year and lauded and supported by the top executives. They applied to all employees, and they clearly indicated a range of non-compliance penalties to those who chose not to follow the requirements.

During an audit, it was discovered that one of the business unit Senior VPs regularly shared his ID/password with his staff so they could log in to the corporate network on his behalf to do their own time cards, etc. We also learned that he had been sharing his ID/password with his daughter, who used his work computer at home to go online during the early days of the internet so that she could visit chat rooms and do shopping in the few online stores that were then available.

When the audit director, who was much lower in the organization’s chart than the Senior VP, confronted him about this, he stated that he saw no reason to stop since it saved him time and made his daughter happy. I met with my manager, the Sr. VP and CIO, who reported directly to the CEO. I thought he would be outraged at the flaunting of security requirements as much as I. However, he told me that while he admired my egalitarian beliefs, he thought that it just wasn’t practical in a large corporation such as ours to have a high-performing senior executive held to the same standards as everyone else, even if they were security standards.

I did not like that one bit. That made me realize that I needed to do more to understand executive and other management views of information security and privacy.  I could then take those perspectives, and use them in effective ways to raise awareness of all levels in the organization chart about the need for strong security. That was the only way to obtain executive buy-in.

It was around that time that I realized that a one-size-fits-all training session was not going to compel those who already had great latitude in their decision-making for the actions they take to follow sound security practices. I covered this issue of customizing awareness in the two editions of my book, “Managing an Information Security and Privacy Awareness and Training Program.” Even so, I could write an entire book on just this type of situation alone.

Another piece of advice to myself would be to not wait until I feel I am confident I know and can do everything related to information security and privacy before offering ideas or being proactive with actions. Early in my career, I did not speak up with my ideas that likely would have propelled me much further and more quickly in my career if I had. No one will ever know, though.

We need to have confidence and faith in our own capabilities as well as to always approach issues logically. We also need to be aware that others who may be less knowledgeable and/or experienced than you will advance more quickly because they didn’t wait to be 100% knowledgeable or fit 100% of an advertised position within which they ultimately excelled.

Mary Aiken | Professor Forensic Cyberpsychology, University of East London | @maryCyPsy | (LinkedIn)

I don’t really agree with the “if you could go back in time and give yourself advice” post hoc-type question. It evokes the construct of regret, which arguably negatively impacts decision-making processes. At any point in time, you make a decision based on the available facts and advice, whether these are educational choices, career choices, work choices, or life choices. From my perspective, the ground rules are pretty straightforward. Were you ‘compos mentis’ (of sound mind) when you made a choice? If yes, then you should respect your decision. Regret simply serves to undermine decision making not just in the past but importantly going forward, as well.

Bottom line: don’t second guess your own judgement, that is, the ability to make considered decisions and come to a sensible conclusion. My only advice to those who seek a career in cybersecurity is to do what I did and don’t view opportunity through the myopic lens of a singular discipline. Try to adopt a transdisciplinary approach, and don’t underestimate the incredible value of the arts. In terms of decision making, Robert Frost’s “The Road Not Taken” sums it up:

Two roads diverged in a wood, and I—

 I took the one less traveled by,

And that has made all the difference.

Ken Westin | Head of Competitive Intelligence, Elastic | @kwestin | (LinkedIn)

When I was a kid, I was diagnosed with Dysgraphia, a learning disorder related to Dyslexia. This didn’t happen until rather late in my childhood. Up until that point, I believed I was “stupid and lazy,” as that is what many teachers told me. My handwritten work was illegible no matter how hard I tried. Even though I was a creative kid who loved reading and who read at a college level, I could not communicate my ideas on paper.

When I received my diagnosis, it made a huge difference. My parents bought a computer. I took typing classes. I started playing guitar (to help with motor skills). I ended up being the first in my family to graduate from college, and since then, I have built things that many people didn’t think were possible.

The impact on my self-esteem is something I carry even today. If I could go back and tell myself about my disorder, tell myself I wasn’t stupid and to get into computers sooner, I think it would help my confidence throughout all of my life.

Christine Izuakor | CEO of Cyber Pop-up | @Stineology |  (LinkedIn)

The one thing that stands out for me is asking questions and being brave about asking questions. I still remember early in my career how I often found myself being the only woman in the room, the only person of color in the room and/or the youngest person in the room. And on top of that, I already had a very shy and timid personality. Bundled together with asking questions, it was a nightmare for me sometimes.

What I would do is I would take out a notepad every time I heard something I didn’t know or every time there was a concept that I couldn’t quite grasp. I’d go home and do a ton of researching and studying to figure it out. That worked for me.

Sure. I learned things. But I can’t help but reflect that had I been more intentional about asking those questions in the moment, and more open, I could have gotten that feedback and gotten those answers then and there and been able to apply that information and learn more quickly. But then the other piece to that is I was surrounded by people who had so much rich experience, so much talent and so much knowledge.

With that said, I think being able to ask those questions and really get that information and soak that in, as well as to build those relationships with the people around you is an added plus. Don’t be afraid to ask questions. No matter how “beginner level” those questions might sound in your head or how stupid you think some people might think they are, all of that doesn’t matter at the end of the day. When you get answers to those questions, that is helping you to evolve and grow into the best version of you and the best professional that you can be. That is what matters. That’s exactly what I would tell myself. And that’s exactly what I still tell myself today.

Jelena Milosevic | Registered Nurse |  @_j3lena_  | (LinkedIn)

As a beginner, I didn’t know where to start, and I didn’t know what was important. The healthcare system has all kinds of security aspects to consider, and I wanted to know all of them. Over time, I realized that I can’t know everything in this field; nor do I need to. This helped me learn to take a breath, to take a look around, and have more patience with learning step-by-step instead of all at once.

There are many sources of information and free courses/training packages that we can find on the Internet for learning more about security. There are also many companies that will give you a chance to start working even if you don’t have your diploma. Reach out to them to show your initiative! The information security community is awesome. It’s full of people who will help and support you when they see that you’re moving forward with your heart and that you want to learn. If you don’t understand something, they will be there to help. Just be respectful of their time.

Earlier in life, I took a chance to find my place in the security world without losing faith and trust in myself. Thanks to some people and their trust in me, I was able to find my place. I now find what I want and do what I can to produce change for the better. So here I am, a nurse in the information security world.

 

Want to learn more about the beginning of these experts’ careers in cybersecurity? Download Cisco’s eBook, Diversity in Cybersecurity: Mosaic of Career Possibilities

The post Trust in Yourself and the Process: Key Guidance for Forging a Successful Cybersecurity Career appeared first on Cisco Blogs.

MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability

Researchers discovered that MMO game Street Mobster is leaking data of 1.9 million users due to SQL Injection critical vulnerability.

Attackers could exploit the SQL Injection flaw to compromise the game’s database and steal user data.

Original Post: https://cybernews.com/street-mobster-game-leaking-data-of-2-million-players

The CyberNews.com Investigation team discovered a critical vulnerability in Street Mobster, a browser-based massively multiplayer online game created by Bulgarian development company BigMage Studios.

Street Mobster is a free to play, browser-based online game in the mafia empire genre where players manage a fictional criminal enterprise. The game boasts a 1.9+ million player base and stores a user record database that can be accessed by threat actors by committing an SQL Injection (SQLi) attack on the game’s website.

The records that can be compromised by exploiting the SQLi vulnerability in Street Mobster potentially include the players’ usernames, email addresses, and passwords, as well as other game-related data that is stored on the database.

Fortunately, after we reported the vulnerability to BigMage Studios, CERT Bulgaria, and the Bulgarian data protection authority, the issue has been fixed by the developers and the user database is no longer accessible to potential attackers.

Street Mobster

What is SQL Injection?

First found back in 1998, SQLi is deemed by the Open Web Application Security Project (OWASP) as the number one web application security risk.

Even though this vulnerability is relatively easy to fix, researchers found that 8% of websites and web applications are still vulnerable to SQLi attacks in 2020. Which, from a security perspective, is inexcusable. So much so, in fact, that UK internet service provider TalkTalk was hit with a record £400,000 fine over succumbing to a cyberattack that involved SQLi.

The vulnerability works by injecting an unexpected payload (a piece of code) into the input box on the website or in its URL address. Instead of reading the text as part of the URL, the website’s server reads the attacker’s payload as code and then proceeds to execute the attacker’s command or output data that would otherwise be inaccessible to unauthorized parties. Attackers can exploit SQLi even further by uploading pieces of code or even malware to the vulnerable server.

The fact that Street Mobster is susceptible to SQLi attacks clearly shows the disappointing and dangerous neglect of basic security practices on the part of the developers at BigMage Studios.

How we found this vulnerability

Our security team identified an SQL Injection vulnerability on the Street Mobster website and were able to confirm the vulnerability by performing a simple command injection test on the website URL. The CyberNews team did not extract any data from the vulnerable Street Mobster database.

What’s the impact of the vulnerability?

The data in the vulnerable Street Mobster database can be used in a variety of ways against the players whose information was exposed:

  • By injecting malicious payloads on Street Mobster’s server, attackers can potentially gain access to said server, where they can install malware on the game’s website and cause harm to the visitors – from using the players’ devices to mine cryptocurrency to redirecting them to other malicious websites, installing malware, and more.
  • The 1.9 million user credentials stored on the database can net the attackers user email addresses and passwords, which they can potentially use for credential stuffing attacks to hack the players’ accounts on other gaming platforms like Steam or other online services.
  • Because Street Mobster is a free-to-play game that incorporates microtransactions, bad actors could also make a lot of money from selling hacked player accounts on gray market websites.

What to do if you’ve been affected?

If you have a Street Mobster account, make sure to change your password immediately and make it as complex as possible. If you’ve been using your Street Mobster password on any other websites or services, change that password as well. This will prevent potential attackers from accessing your accounts on these websites in case they try to reuse your password for credential stuffing attacks. 

However, it’s ultimately up to BigMage Studios to completely secure your Street Mobster account against attacks like SQLi.

Disclosure and lack of communication from BigMage Studios

Following our vulnerability disclosure guidelines, we notified the BigMage Studios about the leak on August 31, 2020. However, we received no reply. Our follow-up emails were left unanswered as well. 

We then reached out to CERT Bulgaria on September 11 in order to help secure the website. CERT contacted the BigMage Studios and informed the company about the misconfiguration. 

Throughout the disclosure process, BigMage Studios stayed radio silent and refused to get in touch with CyberNews.com. Due to this reason, we also notified the Bulgarian data protection agency about the incident on October 9 in the hopes that the agency would be able to pressure the company into fixing the issue. 

Eventually, however, BigMage Studios appear to have fixed the SLQi vulnerability on streetmobster.com, without informing either CyberNews.com or CERT Bulgaria about that fact.

Pierluigi Paganini

(SecurityAffairs – hacking, Street Mobster)

The post MMO game Street Mobster leaking data of 1.9 million users due to critical vulnerability appeared first on Security Affairs.

Windows GravityRAT Malware Now Also Targets macOS and Android Devices

A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users' data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware — dubbed "GravityRAT" — now masquerades as legitimate Android and macOS apps to capture device data, contact

#InfosecurityOnline: How to Implement Effective Cloud Security

#InfosecurityOnline: How to Implement Effective Cloud Security

A range of strategies and practices to address security in the cloud were outlined by Stuart Hirst, principal cloud security engineer at Just Eat during a session at the Infosecurity Online event.

Hirst began by outlining the increasing importance of the cloud, stating that all companies are in one of two camps: “you’re either thinking of going to cloud or you’re already there.”

This has become increasingly relevant this year due to the shift to remote working during the COVID-19 pandemic.

Yet, securing the cloud environment is currently proving problematic for many organizations. Hirst said: “If you are already in the cloud, you’ll likely be in one of two camps. They are either: it’s already really hard and there’s a lot to fix, or total chaos – lots of accounts, historic problems to fix, lots of behaviors to change and culture to embed.”

Hirst went on to outline the main threats to the cloud, highlighting that breaches caused by cloud misconfigurations in 2018/19 exposed nearly 33.4 billion records. One is crytojacking/Bitcoin mining, which has become one of the main threats in recent years. Hirst noted that this has largely been driven by bots trauling the internet constantly for IPs and credentials. “Gone are the days where we have days and weeks to respond – these kind of attacks are happening in seconds and they’re automated, so you can’t wait to deal with it. You’ve got to build protection in place,” he said.

Others include data breaches through open buckets and databases and Denial of Service (DDoS) attacks, the latter of which “have got much bigger over the last few years.”

Another major area of concern are insider threats that lead to data breaches, either through malicious intent or due to error.

Despite the vast range of threats, Hirst outlined practical steps to effectively protect against these that have emerged over the years.

First and foremost, it is critical to bring in strong protection for the cloud service’s root account. In particular, multi-factorial authentication (MFA) should be implemented and Hirst advised that the MFA token should be given to someone “non-technical” to store it. This is because, in the hands of someone with malicious intent and technical expertise, access to the root account can cause huge damage to a business.

Security groups, which act as a virtual firewall, are easy to misconfigure, according to Hirst. A few ways to avoid this occurring include restricting traffic to internal IPs for protocols such as SSH and using network access control lists (NACLs) to block ports.

Enhancing incident response strategies is another vital aspect in protecting the cloud environment. One basic step is to create playbooks to detail the stages of a response for staff. Hirst commented: “Even if they’re simple and tell you who to contact when something happens, then at least you have a repeatable process that you can build on.”

Ultimately though, Hirst said that the most important aspect of effective cloud security is getting the recruitment of security staff right. “I work with the most incredible team, they teach me things every day – it has been recruiting those people into the business that has really driven us to the point where we are at now,” he added.

Download Ultimate ‘Security for Management’ Presentation Template

There is a person in every organization that is the direct owner of breach protection. His or her task is to oversee and govern the process of design, build, maintain, and continuously enhance the security level of the organization. Title-wise, this person is most often either the CIO, CISO, or Directory of IT. For convenience, we'll refer to this individual as the CISO. This person is the

IoT Security Foundation Launches Vulnerability Disclosure Platform

IoT Security Foundation Launches Vulnerability Disclosure Platform

A platform to allow IoT vendors to simplify the reporting and management of vulnerabilities has been launched by the Internet of Things Security Foundation (IoTSF).

With the ETSI EN 303 645 specification requiring IoT vendors to publish a clear and transparent vulnerability disclosure policy, establish an internal vulnerability management procedure, make contact information for vulnerability reporting publicly available and continually monitor for and identify security vulnerabilities within their products, the IoTSF has launched VulnerableThings.com in order to help IoT vendors comply with legislation.

Designed to help IoT vendors receive, assess, manage and mitigate vulnerability reports, VulnerableThings.com aims to provide a vulnerability management tool to help IoT manufacturers prepare for emerging regulations and to maintain compliance. Access to VulnerableThings.com is available free until January 31 2021 and manufacturers that subscribe will have access to a dashboard that will guide them through the vulnerability resolution process and facilitate communication with the reporter.

Where a vulnerability is reported in a product from a vendor that hasn’t registered with the service, an alert will be sent to a public email address of the manufacturer who will then have the opportunity to securely access the details of the vulnerability report.

Vulnerabilities can be reported by any individual anonymously, or by registering, they are provided with a dashboard which allows them to monitor the progress towards resolving vulnerabilities they have reported to different manufacturers. The IoTSF said the intention is to promote dialogue between vendors and security researchers as without mechanisms to report, manage and resolve vulnerabilities, the security of consumer IoT products diminishes over time and the risk of attack or abuse increases.

John Moor, managing director of the IoT Security Foundation, said: “Vulnerability management is such a fundamental element to IoT cyber-hygiene that it is no surprise that governments and regulators around the world are making this a mandatory requirement.

“We therefore see the need to drive this vital security practice and aim to help make it as simple as possible with the launch of the Vulnerable Things platform – especially for the uninitiated and firms who may lack resources. The service brokers good communications between researchers and vendors and guides both through the process until complete.”

Matt Warman, the UK Government’s digital infrastructure minister, said: “I welcome this new initiative to help industry improve the security of internet of things devices and boost our burgeoning digital economy while protecting people online. We want everyone to have confidence that the internet-connected products they are buying have stronger security and we are working on legislation in this field to help make this a reality.”

ITWC Morning Briefing, October 20, 2020 – SK hynix acquires Intel NAND memory and storage business, Technicity is back, and more

To keep up with the firehose of news, we’ve decided to deliver some extra news to you on the side every Tuesday and Thursday morning. Some of it is an extension of our own reporting that didn’t make its way into a story, while others might be content we’ve bookmarked for later reading and thought…

The post ITWC Morning Briefing, October 20, 2020 - SK hynix acquires Intel NAND memory and storage business, Technicity is back, and more first appeared on IT World Canada.

Orgs Struggling to Secure SaaS Applications Following Shift to the Cloud

Orgs Struggling to Secure SaaS Applications Following Shift to the Cloud

Two-thirds (66%) of organizations believe their enterprise SaaS application would cause the greatest amount of disruption to their business above all others in the event an outage, according to a new study by AppOmni.

The survey of over 200 IT professionals also found that 66% have less time to effectively manage and secure SaaS applications, with 93% stating they have recently received additional responsibilities in light of the shift to remote working during COVID-19.

The move to work from home has substantially increased cloud adoption and other remote work technologies. This has led to organizations growing their use of SaaS applications to help enable this transition. However, managing and securing these applications effectively is proving difficult, according to the report, which found that 68% of IT professionals rely solely on manual efforts to detect data exposures.

In addition, more than half (52%) of respondents said the biggest challenge with existing cloud security solutions is their reactive nature, only alerting them to a problem once an incident has already been detected.

Brendan O’Connor, CEO at AppOmni, commented: “Due to COVID-19, IT teams are struggling to keep up with massive changes to day-to-day operations and the accelerated rate of cloud adoption associated with a remote and virtual workforces. This highlights the need for companies to work to better secure their current SaaS applications given that 90% of the respondents we surveyed noted that their usage of SaaS applications has increased in adoption since the beginning of the pandemic.”

He added: “These days, more organizations are investing in preventative solutions and gaining visibility into their cloud attack surface than ever before. Even post COVID-19, businesses will need to offer remote work opportunities to stay competitive. Now is the time to implement a hybrid working strategy that includes mission-critical SaaS applications. Companies that wait until it’s too late are going to find themselves behind the curve, making them easy targets for attackers.”

Modern Attacks Include Supply Chain “Hopping” and Reversing Agile Environments

Modern Attacks Include Supply Chain "Hopping" and Reversing Agile Environments

Cybercrime groups are becoming more creative and using tactics such as supply chain attacks against digitally transformed and agile environments.

According to a new report by VMware Carbon Black, which included a survey of 83 incident response and cybersecurity professionals, 82% of attacks now involve instances of “counter incident response” where victims claim attackers have the resources to “colonize” victims’ networks.

Speaking to Infosecurity, Tom Kellermann, head of cybersecurity strategy at VMware Carbon Black, said there has been a common “arrogance in how we conduct incident response” and this allows the adversary to know that the defender has spotted them, and attackers move into “a destructive attack mode” in response. This will involve them tampering with agents, dropping wiper malware and ransomware, and changing time stamps on logs whilst they are in the victim’s environment.

“We must do a better a job of how we react” Kellermann said, adding that there needs to be a “silent alarm” system on when an attacker is spotted in your environment, as we currently “make critically bad assumptions” on how to manage threat hunting and when reacting. “As we know, we are in a brave new world, and the greatest cybercrime crews are protected by regimes, and with a dramatic spike in social unrest, businesses have been forced to use digital transformation to exist in the pandemic,” he said. This means being less visible in the response and hunting efforts.

This has born the concept of “island hopping,” where an attacker infiltrates an organization’s network to launch attacks on other businesses along the supply chain. This is the concept of an attacker doing a series of compromises along a supply chain, hitting multiple victims. Kellermann said there has been a “dramatic escalation and punitive measures deployed from the adversary,” and this has resulted in 55% of attacks targeting the victim’s digital infrastructure for the purpose of island hopping. 

“Imagine when a corporate infrastructure pushes payloads to its constituency,” he said, stating that many businesses do not understand their supply chain, and attackers can “move from MSSP to cloud provider to marketing forum.” Kellermann said this concept of attack works in four steps:

  • The network is attacked and the attacker pushes malware code using your infrastructure and to all VPN tunnels
  • They add watering hole attacks, expand the attacks to mobile devices so common vulnerabilities are effective
  • Reverse access to Office 365 to scrape messages and use them to create context and for social engineering so fileless malware comes from you and your account
  • Target APIs

Kellermann said: “The rapid shift to a remote world combined with the power and scale of the dark web has fueled the expansion of e-crime groups. Now ahead of the election, we are at a cybersecurity tipping point, cyber-criminals have become dramatically more sophisticated and punitive focused on destructive attacks.”

Six Russian military officers indicted by U.S. grand jury for huge cyber attacks

Six members of Russia’s military intelligence unit have been accused of being behind some of the biggest known cyberattacks, including the NotPetya wiper, which caused over $1 billion in losses around the world, and malware that twice knocked out power to large parts of Ukraine.

The U.S. Justice Department said Monday that a federal grand jury in Pittsburg returned an indictment accusing the hackers and their co-conspirators of conspiracy, computer hacking, wire fraud, aggravated identity theft, and false registration of a domain name.

The alleged purpose of the attacks was to support Russian government efforts to undermine, retaliate against, or destabilize:

  • The neighbouring countries of Ukraine and Georgia;
  • The 2017 elections in France. It’s alleged the conspiracy included spearphishing campaigns and related hack-and-leak efforts targeting French President Macron’s “La République En Marche!” (En Marche!) political party, French politicians, and local French governments;
  • Efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, in the U.K. This relates to April 2018 spearphishing campaigns targeting investigations by the Organisation for the Prohibition of Chemical Weapons (OPCW) and the United Kingdom’s Defence Science and Technology Laboratory (DSTL) into the nerve agent poisoning of Sergei Skripal, his daughter, and several U.K. citizens;
  • The 2018 PyeongChang Winter Olympic Games in South Korea after Russian athletes were banned from participating under their nation’s flag as a consequence of Russian government-sponsored doping effort. This refers to cyberattacks, which culminated in the Feb. 9, 2018, destructive malware attack against the opening ceremony, spearphishing campaigns and malicious mobile applications targeting South Korean citizens and officials, Olympic athletes, and partners and visitors, and International Olympic Committee (IOC) officials.

The New York Times quoted the Russian Embassy in Washington as strongly denying the allegations. “It is absolutely obvious that such news breaks have no bearing on reality and are aimed at whipping up Russophobic sentiments in American society, at launching a ‘witch hunt’ and spy mania, which have been a distinctive feature of the political life in Washington for several years,” the embassy’s press office said.

The six allegedly were behind the KillDisk and Industroyer malware, which caused blackouts in Ukraine in December 2015 and December 2016; the NotPetya wiper worm, which caused nearly $1 billion in losses to three companies along; and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics.

All are alleged to be officers in Unit 74455 of the Russian Main Intelligence Directorate of the Russian army (GRU). They are believed to be in Russia and unlikely to ever face trial in the U.S.

Released in 2017, NotPetya is believed to have been originally aimed at people in Ukraine because those behind it began by compromising the update mechanism for a Ukrainian tax software called MEDoc. But experts believe it escaped to infect computers in 65 countries that hadn’t installed a Windows patch Microsoft had recently released. That led to many infosec pros arguing that good patch management could have stopped the spread of the worm.

Among the companies whose IT systems were badly battered by the worm were shipping company Maersk, FedEx’s TNT division in Europe and pharmaceuticals manufacturer Merck. Merck was quoted as initially estimating recovery costs would hit US$175 million, plus another $135 million in lost sales. FedEx initially claimed it lost US$400 million due to lost business.

Merck made a cyber insurance claim for US$1.3 billion to cover restoring or replacing servers and PCs and loss of business. However, its insurers have refused to pay, arguing the incident was an act of war. The dispute is still before U.S. courts.

Less than a year later, U.K. government cyber analysts pointed the finger at Russia, a conclusion Canada agreed with.

Cybersecurity researchers have the gang behind these attacks by various names, including “Sandworm Team,” “Telebots,” “Voodoo Bear,” and “Iron Viking.”

“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” National Security Assistant Attorney General John Demers said in a statement. “Today the department has charged these Russian officers with conducting the most disruptive and destructive series of computer attacks ever attributed to a single group, including by unleashing the NotPetya malware.  No nation will recapture greatness while behaving in this way.”

“The FBI has repeatedly warned that Russia is a highly capable cyber adversary, and the information revealed in this indictment illustrates how pervasive and destructive Russia’s cyber activities truly are,” said FBI deputy director David Bowdich.  “But this indictment also highlights the FBI’s capabilities. We have the tools to investigate these malicious malware attacks, identify the perpetrators, and then impose risks and consequences on them.  As demonstrated today, we will relentlessly pursue those who threaten the United States and its citizens.”

U.S. authorities thanked the governments of the U.K., Ukraine, Georgia, New Zealand and South Korea for their help, as well as Google, Cisco Systems, Facebook and Twitter.

The post Six Russian military officers indicted by U.S. grand jury for huge cyber attacks first appeared on IT World Canada.

eSentire launches automated detection and response solution for Microsoft Security products

eSentire unveiled eSentire Cloud Automation Security Assistant (CASA), the company’s automated detection and response solution for Microsoft Security products. With CASA, eSentire brings its MDR leadership and expertise from over 10 years of threat hunting to Microsoft users. CASA offers customers a single place within Microsoft Teams to actively manage alerts, engage eSentire experts on demand, and launch automated threat configurations for Microsoft Cloud Application Security, Microsoft 365, Microsoft Defender for Endpoint, Microsoft Azure, and … More

The post eSentire launches automated detection and response solution for Microsoft Security products appeared first on Help Net Security.

Ransomware Gang Donated Part of Ransom Demands to Charities

A budding ransomware group donated part of the ransom demands that it had previously extorted from its victims to two charities. On October 13, the Darkside ransomware group announced the donations in a blog post on its dark web portal. As quoted by ZDNet: As we said in the first press release – we are […]… Read More

The post Ransomware Gang Donated Part of Ransom Demands to Charities appeared first on The State of Security.

Cybersecurity Visuals

The Hewlett Foundation just announced its top five ideas in its Cybersecurity Visuals Challenge. The problem Hewlett is trying to solve is the dearth of good visuals for cybersecurity. A Google Images Search demonstrates the problem: locks, fingerprints, hands on laptops, scary looking hackers in black hoodies. Hewlett wanted to go beyond those tropes.

I really liked the idea, but find the results underwhelming. It’s a hard problem.

Hewlett press release.

US charges Sandworm hackers who mounted NotPetya, other high-profile attacks

The Sandworm Team hacking group is part of Unit 74455 of the Russian Main Intelligence Directorate (GRU), the US Department of Justice (DoJ) claimed as it unsealed an indictment against six hackers and alleged members on Monday. Sandworm Team attacks “These GRU hackers and their co-conspirators engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize: Ukraine; Georgia; elections in France; efforts to hold Russia accountable … More

The post US charges Sandworm hackers who mounted NotPetya, other high-profile attacks appeared first on Help Net Security.

Nefilim ransomware gang published Luxottica data on its leak site

The Nefilim ransomware operators have posted a long list of files that appear to belong to Italian eyewear and eyecare giant Luxottica.

Luxottica Group S.p.A. is an Italian eyewear conglomerate and the world’s largest company in the eyewear industry. As a vertically integrated company, Luxottica designs, manufactures, distributes and retails its eyewear brands, including LensCrafters, Sunglass Hut, Apex by Sunglass Hut, Pearle Vision, Target Optical, Eyemed vision care plan, and Glasses.com. Its best known brands are Ray-Ban, Persol, and Oakley. Luxottica also makes sunglasses and prescription frames for designer brands such as Chanel, Prada, Giorgio Armani, Burberry, Versace, Dolce and Gabbana, Miu Miu, and Tory Burch.

Luxottica employs over 80,000 people and generated 9.4 billion in revenue for 2019.

On September 18, the company was hit by a cyberattack, some of the web sites operated by the company were not reachable, including Ray-Ban, Sunglass Hut, LensCrafters, EyeMed, and Pearle Vision.

Italian media outlets reported that the operations at the plants of Luxottica in Agordo and Sedico (Italy) were disrupted due to a computer system failure. Union sources confirmed that the personnel at the plants received an SMS in which they were notified that “the second workshift of today 21 September is suspended” due to “serious IT problems”.

BleepingComputer website, citing the security firm Bad Packets, speculates that the Italian was using a Citrix ADX controller device vulnerable to the critical CVE-2019-19781 vulnerability in Citrix devices.

At the time Luxottica has yet to release any official statement on the attack.

Security experts believe that threat actor exploited the above flaw to infect the systems at the company with ransomware.

Now we have more information about the incident, that seems to be the result of a ransomware attack.

The popular Italian cyber security expert Odysseus first revealed on the web site “Difesa e Sicurezza” that the Nefilim ransomware operators have posted a long list of files that appear to belong to Luxottica.

The huge trove of files appears to be related to the personnel office and finance departments.

Luxottica

The analysis of the leaked files revealed that they contain confidential information regarding the recruitment process, professional resumes, and info about the internal structures of the Group’s human resource department.

The exposed financial data includes budgets, marketing forecast analysis, and other sensitive data.

Nefilim ransomware operators also published a message which accuses Luxottica of having failed the properly manage the attack.

In the past months, the number of ransomware attacks surged, numerous ransomware gangs made the headlines targeting organizations worldwide and threating the victims of releasing the stolen data if the ransom was not paid.

“Extortion it’s the “new deal” of the cybercrime: now, more than in the past, companies can’t “hide” the cyber attack anymore. Now it becomes mandatory “manage” the breach from the communication perspective: dissembling is useless and harmful.” explained Odysseus. “And again, defend the companies from the cyber attacks becomes even more strategic: data leaks damages can generate tremendus amount of costs for companies worldwide.”

One of the crews that adopted this double-extortion model is the Nefilim ransomware gang that targeted several organizations including the mobile network operator Orange,  the independent European leader in multi-technical services The SPIE Group, the German largest private multi-service provider Dussman Group.

Pierluigi Paganini

(SecurityAffairs – hacking, Luxottica)

The post Nefilim ransomware gang published Luxottica data on its leak site appeared first on Security Affairs.

6 Russians Indicted for Destructive NotPeyta Attacks

DOJ: Russian GRU Officers Targeted 2018 Olympics, French Elections and More
The U.S. Justice Department unsealed indictments against six Russian military officers on Monday, alleging that they carried out a series of major hacking operations, including deploying destructive NotPetya malware - tied to more than $10 billion in damages - and attacking the 2018 Olympics.

Pay it safe: Group-IB aids Paxful in repelling a series of web-bot attacks

Group-IB assisted Paxful, an international peer-to-peer cryptocurrency marketplace, in countering web-bot and social engineering attacks

Group-IB, a global threat hunting and intelligence company headquartered in Singapore, has assisted Paxful, an international peer-to-peer cryptocurrency marketplace, in countering a wave of web-bot and social engineering attacks, and customer account takeovers. Powered with Group-IB’s solution for online fraud prevention Secure Portal, the platform has managed to fight off over 220,000 requests from web-bots in just two months, shielding its 4.5 million customers against possible attacks. The figure suggests that bitcoin platforms remain of great interest to threat actors. 

Cryptocurrencies, in general, are the apple of cybercriminals’ eye: Group-IB has alerted cryptocurrency holders to various scams on numerous occasions: fake giveawaysnon-existent cryptocurrency investment platforms, as well as personal data-exposing schemes, have found hundreds of thousands of people as their victims.

The scope of online threats that Paxful faced before acquiring Secure Portal ranged from social engineering attacks to customer account takeover, which is not surprising given the popularity of cryptocurrencies. But it was the detection and prevention of bad bot activity that pushed Paxful to adopt an additional layer of cybersecurity and resort to Group-IB. Bots, which are reported to generate about a quarter of global Web traffic, are de facto programs that emulate the actions of a real device for the purposes needed. They are a big headache for eCommerce businesses today, with cybercriminals using them to steal money, brute-force user credentials or carry out DDoS attacks. 

The brute-forcing of user credentials was the case with Paxful. To successfully thwart bad-bot activity, Group-IB Secure Portal creates a unique fingerprint of a device that is based on over a dozen of indicators and metrics, including info on the user-agent, platform, operation system, the time zone from which the user operates, device language, and others. Based on this fingerprinting and behavioral analysis, Group-IB Secure Portal identifies and issues an alert for any suspicious activity in real-time, after which this detection is used by Paxful to block bad bots. 

Trojans have also been spotted in the attacks on the marketplace: Group-IB Secure Portal has identified at least 1,200 user devices infected with Trojans. The detection of malware is considerably facilitated by the fact that Secure Portal is fueled by the information on threat actors, different malware strains’ behavior, malicious IPs and compromised data, such as login credentials or bank card data, from Group-IB attribution-based Threat Intelligence, a proprietary system that holds the most up-to-date data on advanced attackers and their TTPs. 

Group-IB Secure Portal also managed to identify over 100,000 accounts with three or more logins from the same device. Some of these accounts were simply compromised, others were used to boost rank on the platform for further fraud activity or were just resold. 

“For Paxful, Group-IB was the perfect solution; we were particularly impressed by the accuracy of Group-IB’s device fingerprint technology,” comments Dmitry Moiseev, the Chief Information Security Officer at Paxful. “The unique technology that easily detects suspicious devices is exactly what we were looking for. Interactive graph visualization tools and strong API create a truly comprehensive experience when it comes to fraud investigation. With reliable and helpful technical support, Group-IB is a well-rounded cybersecurity solution that works for us.” 

With the deployment of Group-IB Secure Portal, Paxful is now even better equipped to mitigate fraud and prevent digital crimes well before they are even close to affecting the company’s multimillion customer base. 

“Businesses are struggling more than ever today and to ensure that their customers are safe from fraud when using online services is the new normal,” comments Group-IB International Business Development Director Nicholas Palmer. “Online fraud is one of the biggest hurdles on the path toward achieving a positive client experience. For online platforms, it is extremely important to ensure the safety of its users and the integrity of its cybersecurity, whose perimeter should extend to end-point devices and the protection of its clients. Group-IB Secure Portal is implementing this philosophy through its patented clientless detection technology, which protects clients’ customers without need for the latter to install any additional apps.”

About Group-IB Secure Portal

Group-IB Secure Portal is a client-side fraud prevention solution working across sessions, platforms, and devices in real time.

Group-IB Secure Portal effectively detects and prevents dangerous activities through behavior analysis, anomaly detection, daily automatic filter rule and signature updates based on unique data from Group-IB’s Threat Intelligence.

The combination of advanced anti-fraud technologies and intelligence protects both banking and retail customers. Moreover, it helps comply with legal requirements designed to protect funds belonging to individuals and companies against scammers.   

About Group-IB

Group-IB is a Singapore-based provider of solutions aimed at detection and prevention of cyberattacks and online fraud. The company also specializes in high-profile cyber investigations and IP protection services.

Group-IB is a partner of INTERPOL, Europol, and has been recommended by the OSCE as a cybersecurity solutions provider.

Pierluigi Paganini

(SecurityAffairs – hacking, Iran)

The post Pay it safe: Group-IB aids Paxful in repelling a series of web-bot attacks appeared first on Security Affairs.

6 Common Phishing Attacks and How to Protect Against Them

Phishing attacks continue to play a dominant role in the digital threat landscape. In its 2020 Data Breach Investigations Report (DBIR), for instance, Verizon Enterprise found that phishing was the second topmost threat action variety in security incidents and the topmost threat action variety in data breaches. It therefore comes as no surprise that more […]… Read More

The post 6 Common Phishing Attacks and How to Protect Against Them appeared first on The State of Security.

Albion Online Forum Breach Exposes User Info

Albion Online Forum Breach Exposes User Info

A popular online role-playing game (MMORPG) has revealed its user forum has been breached, exposing email addresses and encrypted passwords for the site.

Albion Online is a popular medieval fantasy game produced by Berlin-based Sandbox Interactive and said to have around 2.5 million players.

Its user forum operations account posted a note over the weekend warning that “a malicious actor gained access to parts of our forum’s user database.”

Although no payment information was hacked, users may be at risk of account takeover if they share the same log-ins across other sites.

“The intruder was able to access forum user profiles, which include the e-mail addresses connected to those forum accounts,” the notice explained.

“On top of that, the attacker gained access to encrypted passwords (in technical terms: hashed and salted passwords). These can NOT be used to log in to Albion Online, the website or the forum, nor can they be used to learn the passwords themselves. However, there is a small possibility they could be used to identify accounts with particularly weak passwords.”

Although the site uses the fairly secure Bcrypt hashing method, its admins urged users to change their passwords as a precaution, and across any other accounts that they may use the same log-ins for.

It’s unclear how many users were affected, although the forum boasted nearly 300,000 members at the time of writing.

It appears as if the online intruder exploited a bug in the site’s forum software, WoltLab Suite, which has since been patched.

“What organizations must learn from this incident is that vulnerabilities exist in every platform, far too many for organizations to manage by themselves, even those that have in-house security teams,” argued Bugcrowd CEO, Ashish Gupta.

“What’s needed is a layered security approach to find security vulnerabilities faster and gather actionable insights to increase resistance to cyber-attacks.”

#InfosecurityOnline: The Role of Data in Predicting Human Behaviors

#InfosecurityOnline: The Role of Data in Predicting Human Behaviors

Speaking in the opening keynote of the Infosecurity Online event, mathematician and broadcaster Dr Hannah Fry discussed the use of data-driven models to better identify, understand and predict human behaviors.

“Data has the power to send us on the right path,” Dr Fry said. “The big lesson we’ve learned in the last five to 10 years is that there is meaning hiding in the deluge of data that we see all around us, and sometimes, it can be very subtle clues in the data that can open out into much bigger insights into the real world.”

Furthermore, there are occasions when more data, and more technology, can make us feel more human, Dr Fry explained.

However, there are some important caveats to that, she warned. “More data isn’t always necessarily the answer.

“Sometimes you cannot get rid of uncertainties; sometimes there is irreducible randomness in the world which ultimately limits how far data can take you in describing what is going on around us,” which includes the ability to accurately predict human behaviors.

For that reason, it is practically impossible – even with large amounts of data at your disposal – to fully predict the future. “Sometimes, it is a bit too easy to fall into the trap of thinking that data has all the answers.”

It must be remembered that humans “really hate uncertainty” Dr Fry said, and when it comes to designing data-driven systems, if you shield people from uncertainty, that is something that can end in disaster because algorithms do not understand context.

“We’ve got a perfect storm – humans are flawed, and algorithms are flawed, and it’s when those flaws come together that problems can arise.

“Long into the future, we will be stuck with algorithms that are inevitably going to make mistakes, and when you clash that with the flaws that humans have in avoiding uncertainty, you can end up in real trouble, particularly when you are designing systems.”

So what can be done about it? “I think there are some genuine changes that can be made when designing data-driven systems and data-driven decision making,” Dr Fry said.

“Part of that is about wearing uncertainty with pride; rather than shielding humans from uncertainty, instead make it much clearer and plainer. Another aspect is that we need more intellectual humility, and the people I see implementing data in the most powerful ways are the ones willing to change their path based on what the evidence tells them.”