Saturday, March 31, 2018
Friday, March 30, 2018
Nation-state hackers are attacking our trust in critical systems
In the last few years, the lines between cyber criminals and nation-states have become increasingly blurry and it has become obvious that the private sector is not capable of handling cyber threats on its own, Chris Inglis, former deputy director of the National Security Agency, told the crowd at World Cyber Security Congress this week.
The WannaCry and NotPetya attacks – generally attributed to North Korea and Russia – have shown that an organization doesn’t even have to be the target to become a victim.
These and previous attacks targeting election systems (US), electric grids (Ukraine), and other critical infrastructure (UK NHS), should also be taken as evidence that there’s a larger game afoot: a contest of wills and a competition for strategic leverage fought by nation-states in cyberspace.
Collaboration between governments and the private sector
These attacks are largely aimed at undermining the trust users have in those critical systems and, as such, are attacks on the confidence and the psychology of a nation, Inglis noted.
This new reality will force the private sector to view the government as a partner in this battle and seek its assistance, especially because the government has the authority to impose consequences on adversaries and can take collective actions against nations-states and entities that act like nation-states.
At the same time and with the same goal in mind (safety of the nation/society and citizens), the government must also continue its work as regulator, to curb the apetites of those that might want to put the pursuit of profit before the need of imbuing software and hardware with resilience and robustness that will help defend critical services.
Inglis is of the opinion that the role of partner and defender must be a government’s primary obligation and that it should use a very light but necessary touch when it comes to applying regulation.
But it’s obvious that cooperation between the private sector and the government in fending off cyber attacks is crucial in this day and age, he says. They need to figure out how to collaborate effectively, to complement each other’s efforts and not duplicate them. Finding a balance between the need for privacy and confidentiality (on both sides) and the need for sharing is difficult, but mechanisms to reconcile those needs do exist.
Strategic defense
Most organizations have generally accepted that prevention and security is impossible, and they have turned our efforts towards assuring the defensibility of our data and core operations.
They have accepted that reacting to threats is no longer enough, and that constant situational awareness to detect problems in their incipient phase is needed – particularly to minimize the danger of insider threats. Also, that defense supported by data analytics and artificial intelligence is no longer just an option but a neccessity, and so is sharing at machine speed.
When it comes to strategy, though, it is firstly important to make plans. “In the absence of strategy nothing is strategic,” Inglis pointed out, so planning must be done at the individual level, corporate level, and government level.
Secondly, we know that we can’t defend everything against all perils, so we need to prioritize. Then we need to imbue hardware, software, protocols, procedures, and human capabilities with sufficient robustness and resilience to withstand some degree of attack. We also have to build a defensible system and we then actively defend it.
But while imposing consequences on adversaries for passing those barriers should be a viable option for discouraging future attacks, there is no sense in imposing them if we haven’t first ensured that our own infrastructure is somewhat robust and resilient against the imposition of consequences.
The same goes for taking the fight to the adversary, Inglis noted. “We’ve no business taking the fight to the adversary if we haven’t first defended our own town.”
from Help Net Security https://ift.tt/2IgzU6w
Earther This Rusty Old Shipyard Might Be the Greenest Place in Europe | News Lindsay Lohan loses leg
Earther This Rusty Old Shipyard Might Be the Greenest Place in Europe | News Lindsay Lohan loses legal battle over Grand Theft Auto character | The Takeout World’s hardest rapper Drake now endorsed by Canadian salad chain |
from Lifehacker https://ift.tt/2J3r50S
150 million MyFitnessPal accounts compromised – here’s what to do
Under Armour’s hugely popular fitness tracker, MyFitnessPal, has been hacked. If you’re one of the 150 million or so users of the app or website don’t panic, but do change your password.
If you use Facebook to log in to MyFitnessPal you do not need to change your Facebook password.
If you use your MyFitnessPal password on any other websites, change your password on those websites – choose a different, strong password for each one (consider using a password manager if that sounds too difficult).
Under Armour says it’s notifying users of MyFitnessPal about the breach. It’s possible that criminals will try to take advantage of this by sending malicious tweets or emails that look like they’ve come from Under Armour.
You can protect yourself by be being proactive: read Under Armour’s notice of data breach and check its account security FAQs.
Don’t click on links in emails that seem to have come from Under Armour or MyFitnessPal. The company has made a clear statement that it will not send emails with links or attachments about this issue:
Please note that the email from MyFitnessPal about this issue does not ask you to click on any links or contain attachments and does not request your personal data. If the email you received about this issue prompts you to click on a link, suggests you download an attachment, or asks you for information, the email was not sent by MyFitnessPal
If you need to visit MyFitnessPal use a browser bookmark if you have one, open your browser and type the address: https://www.myfitnesspal.com/ if you don’t, or just use the app on your phone.
The bad news
On 29 March 2018 Under Armour began informing users of MyFitnessPal that it has suffered a data breach at some point during the previous month:
On March 25, 2018, we became aware that during February of this year an unauthorized party acquired data associated with MyFitnessPal user accounts.
The data at risk are the credentials used to access MyFitnessPal accounts:
The affected information included usernames, email addresses, and hashed passwords – the majority with the hashing function called bcrypt used to secure passwords.
The affected data did not include government-issued identifiers (such as Social Security numbers and driver’s license numbers) because we don’t collect that information from users. Payment card data was not affected because it is collected and processed separately.
Crooks have therefore had at least a month to send targeted MyFitnessPal phishing emails, to crack the stolen password hashes, and to try any cracked passwords on other services (such as social media accounts).
That’s why it’s important that you change your password on your MyFitnessPal account, and any other accounts using the same password, without delay.
Since the information at risk can be used to log in to your MyFitnessPal account, all the data you see when you log in to your account is also at risk.
MyFitnessPal is a fitness tracker that knows your name, address and age, and tracks your diet and exercise. That data that might not seem very important (and losing it certainly isn’t as important as losing control of, say, your banking details) but it is the kind of information that can be used to make social engineering attacks, such as phishing, more convincing.
The not so bad news
People, processes and software are imperfect and beaches can happen to anyone, even companies that take every reasonable precaution to prevent them.
The damage caused by a breach is in large part a matter of how well it’s been planned for and how it’s handled when it happens.
It’s not uncommon for more facts to come to light in the weeks and months following a breach, not least because companies are often still investigating them when they first notify customers.
With that caveat, Under Armour appears to have done a lot right:
- The breach was identified reasonably quickly.
- The notification was fairly prompt, clear and unspun.
- The data affected by the breach is limited in scope.
- Most passwords seem to have been properly protected.
The storage of passwords is particularly important – by hashing your passwords with bcrypt MyFitnessPal has given you a fighting chance.
The crooks haven’t got your password – they’ve got a hash of your password that needs to be cracked.
Cracking costs money (because it takes time and computing power) and bcrypt is designed to make seriously heavy weather of it.
How much resistance bcrypt puts up depends on how its configured (on the number of iterations it uses) and Under Armour have not provided that information.
Dean Pierce is a blogger who decided to have some fun cracking hashes that were leaked during the Ashley Madison data breach. His experience is instructive of how well bcrypt can defend your password after a breach if the iterations are dialled up.
Pierce set out to crack six million hashes using oclHashcat running on a $1,500 bitcoin mining rig (a very efficient setup for cracking passwords).
After five days and three hours of continuous number crunching he turned off his rig. He had cracked just 4,000 of the very worst passwords.
There’s a good chance that your MyFitnessPal password is still unknown, even though it was leaked over a month ago, which is why what you do today matters.
Change it now and you aren’t just making your account safe, you’re making sure any the time and money the crooks have committed to cracking your password was wasted.
from Naked Security https://ift.tt/2pReJ4f
Apple puts privacy information screens in users’ line of sight
Apple has released the latest round of updates for its various products. They come with the usual security fixes, but also a new feature aimed at informing users about what information Apple-made apps collect about them and how that information is used.
The security fixes
Apple kas plugged a bucketload of vulnerabilities in WebKit, the layout engine software component for rendering web pages in Safari, most of which may lead to arbitrary code execution, as well as a buffer overflow bug that could allow a malicious application to elevate privileges. These fixes are included in all of the updates.
Among the other notable plugged vulnerabilities are:
- A state management issue that could allow a person with physical access to an iOS device to disable Find My iPhone without entering an iCloud password (great for thieves and finders of lost devices who are unburdened by conscience)
- A UI issue in Mail that could allow an attacker in a privileged network position to intercept the contents of S/MIME-encrypted email
- A vulnerability in the Safari login autofill feature that could allow a malicious website to exfiltrate autofilled data in Safari without explicit user interaction.
- A flaw in WindowServer that could allow an unprivileged application to log keystrokes entered into other applications even when secure input mode is enabled.
Data and privacy screens
Some of the updates – namely for iOS, tvOS and macOS – come with new information screens for Apple-made apps, which explain in a very plain language which data is collected by the app, how it’s used, with which third-parties it may be shared with, how some of this collection can be turned off, etc.
The option to view this information will appear when users open a new app for the first time.
The information can later be viewed and reviewed from the “Settings” menu of the specific apps, or via Apple’s “Our Approach to Privacy” web page.
The change has been introduced just before the EU’s General Data Protection Regulation (GDPR) takes effect on 25 May 2018.
Another change that’s been announced and will come in effect in the coming months is a revamp of Apple’s privacy controls for devices and cloud services.
The company will provide users with tools that will allow them to download a copy of all their data stored with the company, to correct personal information, temporarily deactivate their account or completely delete it.
This is a direct result of the upcoming GDPR, as it requires companies to enable EU citizens and residents to have control over their personal data and know what’s happening to it.
from Help Net Security https://ift.tt/2IgsgJa
Thursday, March 29, 2018
Earther This Rusty Old Shipyard Might Be the Cleanest Place in Europe | The A.V.
Earther This Rusty Old Shipyard Might Be the Cleanest Place in Europe | The A.V. Club Ben Affleck has bravely issued a public statement regarding his bad tattoo | The Takeout How to finally organize your spices like an expert |
from Lifehacker https://ift.tt/2pPsz6W
Boeing hit by WannaCry, reminding everyone the threat is still there
When senior Boeing engineer Mike VanderWel reportedly sent an “all hands on deck” internal memo yesterday warning that the dreaded WannaCry malware was on the loose inside the company’s networks, alarm quickly spread.
According to excerpts leaked to the media, his anxiety is palpable:
[The malware] is metastasizing rapidly out of North Charleston and I just heard 777 [production] may have gone down. We are on a call with just about every VP in Boeing.
To many in the company and beyond, this must have sounded worryingly reminiscent of the way WannaCry attacks unfolded across numerous large organisations during its first appearance last May.
Now, as then, WannaCry carries with it a feeling of helplessness, as if what is happening is unstoppable and therefore disruption is inevitable.
A few hours later, however, Boeing felt able to downplay the incident in various statements, including the following tweet:
Statement: A number of articles on a malware disruption are overstated and inaccurate. Our cybersecurity operations… twitter.com/i/web/status/9…
—
Boeing Airplanes (@BoeingAirplanes) March 28, 2018
Statement: A number of articles on a malware disruption are overstated and inaccurate. Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems. Remediations were applied and this is not a production or delivery issue.
Some in the media have talked up this up as WannaCry’s ‘return’, even though it never went away entirely.
One reason for this persistence is that WannaCry doesn’t just affect regular desktops, laptops and servers, but also spreads to and from unpatched Windows 7 systems of the sort widely used in manufacturing as Windows Embedded.
Applying patches for vulnerabilities on this platform isn’t always straightforward, which helps to explain why WannaCry was so devastating in the first place, despite Microsoft having offered a patch three months earlier for the vulnerabilities exploited by the malware.
The Boeing incident echoes the other big vulnerability story this week in which an entire US city, Atlanta, found itself driven back to paper systems after a major ransomware outbreak. This too, it has been suggested, was aided by known but unpatched vulnerabilities.
Far from being behind us, the Boeing outbreak is a woeful reminder that a fair part of the WannaCry story lies ahead and has yet to unfold.
Follow @JohnEDunn
Follow @NakedSecurity
Image of Boeing 777 from Wikimedia.
from Naked Security https://ift.tt/2pRj46t
Earther Americans’ Views on Global Warming Are a Hot Mess | News Onion Inc. has unionized | The Take
Earther Americans’ Views on Global Warming Are a Hot Mess | News Onion Inc. has unionized | The Takeout Chef with zero fucks left carves a deer leg in front of vegan protesters |
from Lifehacker https://ift.tt/2GGnho3
20 hackers arrested in EUR 1 million banking phishing scam
A two-year long cybercrime investigation between the Romanian National Police and the Italian National Police, with the support of Europol, its Joint Cybercrime Action Taskforce (J-CAT) and Eurojust, has led to the arrest of 20 suspects in a series of coordinated raids on 28 March.
9 individuals in Romania and 11 in Italy remain in custody over a banking fraud netted EUR 1 million from hundreds of customers of 2 major banking institutions. The Romanian authorities have conducted 3 house searches, while the Italian National Police ordered the execution of 10 home and computer searches, involving more than 100 Italian policemen.
The organised crime group (OCG), comprised essentially of Italian nationals, used spear phishing emails impersonating tax authorities to harvest the online banking credentials of their victims.
While the most common phishing scams blast out millions of generic e-mails, spear phishing emails are personally addressed to targeted stakeholders with content to make it appear from a reputable source, such as a bank. Recipients are encouraged to click on a link, which will lead to a fake version of a legitimate website where their account or contact details can be stolen.
The investigation which was initiated in 2016 uncovered how the criminals used the stolen online banking credentials to surreptitiously transfer money from the victims’ accounts into accounts under their control, and from there withdrew the money from ATMs in Romania with credit/debit cards linked to the criminal accounts.
The highly organised OCG pursued its criminal activity using encrypted chat applications. It established its power by applying intimidating and punitive methods towards affiliates and competitors. The OCG is also suspected of money laundering, drug and human trafficking, prostitution and participation in a criminal organisation.
from Help Net Security https://ift.tt/2J49lTl
Wednesday, March 28, 2018
How to Rock Your Personal Style in a Wheelchair
If you use a wheelchair, or other kinds of mobility aids or medical equipment, you might find people staring at your gear instead of looking at you. Elsie Tellier has two fantastic videos about how to dress up yourself and your gear, whether it’s to reorient people’s eyes or just to have fun.
In the video above, she gives tips on wheelchair fashion. A few things you’ll learn:
- Your feet are often more visible in a wheelchair than when you’re walking, so you have a great opportunity to wear fancy shoes, including heels that would be impractical if you had to walk all day.
- Skirts and shorts ride up when you sit, so plan hemlines accordingly.
- If you push your wheels by hand, leather gloves can save your hands, and rubber bracelets (Livestrong style) can give extra traction.
Her follow-up video expands on the idea of disability and chronic illness fashion to give advice for all your other equipment, whether you use a chair or not. (Tellier herself has cystic fibrosis and uses a chair part-time.)
Some things you’ll learn in this video:
- Where to find cute canes and crutches, and how to decorate the ones you have
- How to decorate your oxygen tank and cannula (she has a whole video of DIY cannula ideas, by the way)
- Where to find cute lingerie that holds an ostomy bag in place (she recommends Jasmine Stacey)
- How to dress when you’re bloated and don’t want people asking if you’re pregnant (high waisted pants and skirts help)
- How to cover a catheter in your chest while keeping it easy to access—wear a scoop or v-neck shirt with a scarf or shawl over the top
There’s more, so check out the whole thing for more tips and to see her links for where to buy some of the hard-to-find items she recommends.
from Lifehacker https://ift.tt/2GhWHxX
Unmasking Monero: stripping the currency’s privacy protection
Monero is a cryptocurrency designed for privacy, promising “all the benefits of a decentralized cryptocurrency, without any of the typical privacy concessions”.
It’s where Dark Web market AlphaBay, at the time the most popular site of its kind, looked in 2016 when it wanted to adopt a cryptocurrency that offered users more protection than Bitcoin.
It’s also where the authors of WannaCry, the infamous ransomware that went global in May 2017, turned when they wanted to transform their ill-gotten ransoms into something harder to trace.
But recently updated research on traceability in the Monero blockchain suggests that the currency’s privacy protections can be weakened, and in many cases stripped away entirely, leaving users exposed.
The researchers detail a pair of attacks, one that works on transactions up to the beginning of 2017 and one that still works today.
In this article we’ll examine the first of those attacks, but we’ll begin by looking at how Monero attempts to avoid the pitfalls of Bitcoin.
Exposing Bitcoin users
Bitcoin and Monero are both cryptocurrencies that rely on a blockchain, a cryptographically protected, decentralised ledger of transactions.
The robustness of each relies, in part, on transparency: there are thousands of copies of both the Bitcoin and Monero blockchains in existence and every copy carefully details every single transaction ever made in that currency.
Changing the history enshrined in those blockchains is effectively impossible. If you’ve ever spent a bitcoin or a monero then the proof that it happened is etched indelibly into that currency’s blockchain, forever.
In the Bitcoin blockchain each transaction points to a previous transaction, making it possible to see what any given Bitcoin wallet (and by extension, any given Bitcoin wallet owner) has spent and received.
That makes Bitcoin users pseudonymous – their privacy is protected by one or more false names, their wallet addresses.
Bitcoin users can be exposed if any one of a wallet’s transactions can be linked to a real identity.
If a Bitcoin user pays for something at an online market that requires personal information, such as a delivery address, then that one single transaction creates a link between the user’s real identity and every other transaction they’ve made with that Bitcoin wallet.
A similar link is created if a Bitcoin user signs up to an online exchange that requires an ID to open an account.
Even usernames can be used to unmask Bitcoin users if they’re reused across, say, a Dark Web site where bitcoins have been spent and a public site like Reddit or GitHub that requires a login.
Monero attempts to make users fully anonymous by obscuring the links between transactions. Unmasking the person behind a single transaction does not unmask their other transactions too.
It does this using decoy coins, known as mixins.
Whereas the Bitcoin paper trail clearly identifies the coin being spent in every transaction, Monero identifies a number of coins in every transaction, one real one and at least four mixins.
Anyone attempting to piece together a user’s transaction history from the Monero blockchain will find themselves running down blind alleyways.
However, if an attacker can find a way to tell the real coins from the decoys then Monero users are no better off than Bitcoin users and just as vulnerable to the tactics used to expose them.
And that’s exactly what the researchers did.
Exposing Monero users
Just like any software, cryptocurrencies can adapt and change over time. However, while the rules that govern transactions can evolve, old transactions made under older rules (including rules their writers may come to regret) cannot be erased.
There is a fee for adding mixins to a transaction and until a couple of years ago adding them wasn’t mandatory.
This created an incentive for users who weren’t particularly interested in Monero’s privacy protections to set them aside.
Because of this, at the time the research was conducted, about two thirds of the transactions in the Monero blockchain had been made without any mixins. These transactions can be linked to previous transactions in the same way as with Bitcoin transactions.
The people who did this didn’t care about their own anonymity enough to pay for mixins but inadvertently weakened the protection of people who did (my emphasis).
0-mixin transactions not only provide no privacy to the users that created them, but also present a privacy hazard if other users include the provably-spent outputs as mixins in other transactions. When the Monero client chooses mixins, it does not take into account whether the potential mixins have already been spent.
In other words, the potential pool of decoys includes coins that an attacker can prove have been spent elsewhere.
That’s a problem because if you’re presented with a Monero transaction that contains a number of coins (the ‘real’ one and a number of mixin phantoms) and you know for sure that some of the coins have been spent before, then they cannot be the real coin.
Given their prevalence, these zero-mixin transactions are actually very likely to be deployed as mixins in other transactions.
So, the researchers began by removing all of the decoys that they could prove had already been spent, stripping the camouflage from a number of previously obscured transactions.
Once the decoys had gone, these transactions were not only provably linked to previous transactions but also no longer useful as mixins either, which exposed another layer of transactions, which exposed another, which exposed another and so on.
According to the researchers, this recursive “chain-reaction analysis” can be used to remove all of the decoys from two thirds of the transactions that used them, prior to 2017.
We find that among Monero transaction inputs with one or more mixins, 63% of these are deducible, i.e. we can irrefutably identify the prior TXO that they spend.
Two changes, the last in early 2017, prevent this kind attack on more recent transactions.
From January 2016 all new Monero transactions required a minimum of two mixins. That was followed a year later by a hard fork that introduced a new type of transaction called RingCT that can only contain other RingCT transactions as mixins.
Since all RingCT transactions exist after the two mixin minimum was introduced, they form a separate pool of transactions without a zero-mixin foothold.
Without that foothold, the chain-reaction analysis doesn’t work.
That’s good news for people who are new to Monero (although the research details another, less effective, attack for them that we’ll cover in a later article) but cold comfort to anyone who used it for its anonymisation features prior to 10 January 2017, such as buyers on AlphaBay:
Users who made privacy-sensitive transactions prior to February 2017 are at significant risk of post hoc deanonymization.
The research shows that the transparency and immutability that make blockchains trustworthy may also leave users vulnerable to retrospective action.
The transactions inside them are artefacts frozen in time according to rules that were considered good enough or strong enough at the time.
Immune to correction, their protections have to survive the cycles of Moore’s Law, and as yet unseen advances in technology, techniques and research.
from Naked Security https://ift.tt/2pIudr9
Earther Why the High-Tech Plan to Bring Back the Northern White Rhino Matters | TV Club The Conner f
Earther Why the High-Tech Plan to Bring Back the Northern White Rhino Matters | TV Club The Conner family tries to prove it hasn’t just grown in numbers in Roseanne’s season premiere | The Takeout This month in overturned trucks: McDonald’s fries, beer, milk |
from Lifehacker https://ift.tt/2IX9V53
Tuesday, March 27, 2018
Earther This Canadian Pipeline Battle Is Starting to Feel a lot Like Standing Rock | Film The Justic
Earther This Canadian Pipeline Battle Is Starting to Feel a lot Like Standing Rock | Film The Justice League Blu-ray is a bizarre exercise in hiding the truth about moviemaking | The Takeout Shake Shack fan’s shoutout to the chefs goes viral |
from Lifehacker https://ift.tt/2GgywjL
Earther Deep in the Amazon, Scientists Strip a Cloud Forest of Its Clouds | Film Steven Spielberg fi
Earther Deep in the Amazon, Scientists Strip a Cloud Forest of Its Clouds | Film Steven Spielberg finds fun, and maybe even a soul, in the pandering pastiche of Ready Player One | The Takeout Stop messing with our ketchup, man |
from Lifehacker https://ift.tt/2IXQgSw
Axonius goes retro to see and secure all devices
Just 6 months after its seed funding, Axonius today announced the general availability of its Cybersecurity Asset Management Platform to enable customers to see and secure all devices.
With over 100,000 devices already managed at early customers worldwide, today’s announcement marks the official availability of the platform in advance of RSA Conference 2018 held in San Francisco.
“We started this company to solve a very specific, acute problem – fragmentation,” said Dean Sysman, CEO and Co-Founder of Axonius. “If you were to think back to the 1980s or 1990s, cybersecurity was easy. It was a simpler time, and no one could have foreseen the security challenges resulting from the explosion in the number and types of devices we use to work every day. When you think of cybersecurity, you think of incredibly cool, advanced technology like Artificial Intelligence, Machine Learning, Deception, and Automation. But trends like BYOD, virtualization, containers, and IoT have made it extremely difficult to answer the most fundamental question in cybersecurity: how many devices are in my environment, and are they secure? Our approach is a radically simple one: by leveraging the security and management tools customers already have, we can give a comprehensive view of all devices and let customers take action to secure all devices.”
By integrating with customers’ existing management and security technologies and using an extensible plugin infrastructure to add custom logic, customers are able to get a unified view of all devices – both known and unknown. Starting with the most commonly used management and security products, the Axonius Cybersecurity Asset Management Platform gathers data from identity and authentication solutions, network solutions like NAC, firewalls, vulnerability scanners, and switches, agent-based device management products, security solutions like SIEM, and EDR, and device-specific management products like MDM, IoT, container, and OS-specific products to see all details about devices from all angles.
“The security industry is full of solutions to prevent advanced and sophisticated attacks, but somehow we still lack the basic ability to perform effective asset discovery and identification,” said Adrian Sanabria, Director of Research at Threatcare. “Of all the controls we consider to be ‘the basics’ of information security, asset management is considered the first and most critical. Few of these offer more than a murky view of the IoT landscape and fewer reach beyond the traditional corporate network, into public cloud assets and off-premise devices. Axonius doesn’t attempt to reinvent discovery and interrogation techniques. Instead, it wisely takes advantage of existing systems-of-record and APIs, allowing it to have a rich view into the big picture with minimal effort. This allows Axonius to focus its efforts on the problem of answering the correct questions and presenting the information in a more effective context. More wisely, Axonius avoids competing with most of the aforementioned vendors by enhancing the information they collect, not replacing it.”
“We have several global customers already, and we hear the same three things every time we start a POC,” added Sysman.
Simplicity – Customers don’t want to install yet another agent, and they don’t want a 6-month professional services engagement. Simplicity is the only answer if you are solving complex, time-constrained problems that have evolved over decades. That’s why Axonius built a platform to connect to existing management systems.
Speed – The faster organizations can answer questions about devices and their security, the faster they can act. If customers aren’t able to get value right away, you are wasting their time.
Visibility in context – It’s not enough to answer the questions around the number of devices by just exporting a list of IP addresses. Organizations need to understand the type of device, what software and versions are resident, which systems manage it, and how the device fits into the overall security policy.
Axonius’ goal is to give full visibility into all devices, letting customers then ask interesting questions to take automated action. A common example is finding new devices that should be scanned by a vulnerability assessment tool. Using the Axonius platform, those devices can be discovered automatically and can inform the VA scanner to add the new devices to the next scheduled scan. By connecting the siloed systems together, Axonius can go beyond visibility into control and security.
from Help Net Security https://ift.tt/2Gb0Mbq
3 of Facebook’s dumbest hoaxes
What’s Facebook for?
Thanks to Cambridge Analytica, it’s a question on a lot of people’s minds right now, minds that have fingers hovering tentatively over “delete” buttons.
It’s been bugging me since the middle of the last decade, when everyone was suddenly very excited about a new website that gobbled up your entire life and shared it with your just your friends.
It seemed like a terrible idea.
The proposition was this: everything would be fine… so long as your friends never did anything stupid with your data and you never fell out with any of them, so long as Facebook never shared your data with anyone, never changed its mind about what it wanted to do with your data, was never hacked, never got into financial trouble and was never purchased by another company.
I couldn’t wait to not open an account so I rushed out and didn’t (didn’t fail to not open one, that is).
Mercifully, after people joined Facebook they stopped talking about it so much (or anything else… too busy… sorry… what did you say? Sorry, I’m checking Facebook).
Still, they did seem to be mostly having a nice time making their lives appear more enriching than they actually were while worrying about how just much more enriching everyone else’s life looked.
When that wasn’t exciting enough they harvested wheat, read made up news stories or handed over wads of personal data in the name of discovering which Disney princess they were.
Mark Zuckerberg even helped his users to stave off platform fatigue by periodically turning off everyone’s privacy settings without asking.
As the membership grew it became clear that Facebook was an amazing platform for collaborating on, and sharing and spreading ideas. But some of the those ideas were really, truly, bafflingly bad.
Facebook then, is the world’s biggest petri dish for culturing hair-brained hoaxes.
Proving that the so-called wisdom of crowds has its limits, here are three Facebook hoaxes that are dumb with a capital “um?”
Talking Rubbish
Talking Angela is the eponymous feline star of her own smartphone app.
To your kids, she’s a cat with a big face that sits very still and asks a fairly limited range of questions.
To the guardians of Facebook she’s a vile temptress whose dark secret is hiding in plain sight. Literally in her sight, that is…
Did you see it?
In her eyes?
Google Play reviewer Yianni Vasilounis can help if you didn’t:
DO NOT DOWNLOAD THIS APP I AM WARNING YOU DO NOT DOWNLOAD THIS APP. IT IS TOTALY DANGEROUS AND DONT LISTEN TO WHAT THE MAKERS OF THE APP TELL YOU... IF U ZOOM IN HER EYES U WILL SEE A ROOM WITH A GUY IN IT, AND IT TAKES RANDOM PICTURES.... IF U WISH TO DOWNLOAD MAKE SURE U COVER UR CAMERA WITH UR FINGERS
They say the eyes are the window to the soul but in Talking Angela’s case they’re just a window – one that’s got a tiny weeny man behind them (all of them that is, on every copy of the app), taking your picture.
Had the man snuck Tron-like into the very bits and bytes of the Talking Angela app and replicated himself across every copy of it? Were there millions of separate tiny people? There were no answers, just lots of FURIOUS, SPITTLE-FLECKED CAPITAL LETTERS.
Put down the Giraffe, it’s loaded
We’ve all had it: that urge you get when you’re just sitting at work or at home with the laptop open, when there’s nobody else there – the itch that can only be scratched by changing your Facebook profile picture to a giraffe.
Am i right?
No, of course not.
Which is why it’s truly bizarre that the warning “don’t change your profile picture to a giraffe” ever gained any traction. But traction it got, somehow. Thanks Facebook.
The tortured logic ran something like this:
- Facebook users are challenging friends to solve a riddle. Losers have to display their failure to solve the riddle by changing their profile picture to a giraffe.
- Crooks have milked this by flooding the internet with pictures of giraffes that are poisoned with malware.
- If you accidentally choose one of these pictures the you set off the crooks’ booby trap and lose your username and password.
Who knows how many pictures of these majestic animals we were all deprived of seeing on the vast savannah of Facebook profile pics.
Facebook ends 15 March
The Cambridge Analytica crisis has Zuckerberg reeling, with some calling it the beginning of the end for Facebook.
Sorry folks, you’re seven years too late – Facebook’s ending on 15 March 2011, don’t ya know.
Long ago, before the terms “fake” and “news” had formed their all-conquering super group and were still enjoying their modest solo careers, an online news outlet called Weekly World News proclaimed the end of The Social Network.
Like all good hoaxes, it came with a made up quote from Somebody Important:
After March 15th the whole website shuts down,” said Avrat Humarthi, Vice President of Technical Affairs at Facebook. “So if you ever want to see your pictures again, I recommend you take them off the internet. You won’t be able to get them back once Facebook goes out of business.
They were, sadly, quite wrong.
The story was snuggled up next to a big fat clue that it was probably not true: the slightly less devastating news that 2011 would also see aliens attacking the Earth.
from Naked Security https://ift.tt/2Gg2qo5
Monday, March 26, 2018
Make a Tropical Gin Out of Pineapple Peels
Welcome back to Eating Trash With Claire, the Lifehacker series where I convince you to transform your kitchen scraps into something edible and delicious. In this episode, I show you how to use spiky, seemingly useless pineapple peels to make a tasty, tropical gin. Once you’ve infused your the spirit with fruity goodness, use it to make a gin & tonic, gin rickey, or get real fancy with a Ramos gin fizz.
from Lifehacker https://ift.tt/2G9yZYK
The A.V.
The A.V. Club Another retcon of Marge and Homer’s marriage leaves us wondering who these impostor Simpsons are | Earther This Alaska Native Village Finally Has Money to Begin Relocating Residents | The Takeout Does cooking with sprouted garlic make food taste bad? |
from Lifehacker https://ift.tt/2I56lEG
Gang leader behind malware attacks targeting 100 financial institutions arrested in Spain
The leader of the crime gang behind the Carbanak and Cobalt malware attacks targeting over a 100 financial institutions worldwide has been arrested in Alicante, Spain, after a complex investigation conducted by the Spanish National Police, with the support of Europol, the US FBI, the Romanian, Belarussian and Taiwanese authorities and private cyber security companies.
Since 2013, the cybercrime gang have attempted to attack banks, e-payment systems and financial institutions using pieces of malware they designed, known as Carbanak and Cobalt. The criminal operation has struck banks in more than 40 countries and has resulted in cumulative losses of over EUR 1 billion for the financial industry. The magnitude of the losses is significant: the Cobalt malware alone allowed criminals to steal up to EUR 10 million per heist.
Modus operandi
The organised crime group started its high-tech criminal activities in late 2013 by launching the Anunak malware campaign that targeted financial transfers and ATM networks of financial institutions around the world. By the following year, the same coders improved the Anunak malware into a more sophisticated version, known as Carbanak, which was used in until 2016. From then onwards, the crime syndicate focused their efforts into developing an even more sophisticated wave of attacks by using tailor-made malware based on the Cobalt Strike penetration testing software.
In all these attacks, a similar modus operandi was used. The criminals would send out to bank employees spear phishing emails with a malicious attachment impersonating legitimate companies. Once downloaded, the malicious software allowed the criminals to remotely control the victims’ infected machines, giving them access to the internal banking network and infecting the servers controlling the ATMs. This provided them with the knowledge they needed to cash out the money.
Cashing out
The money was then cashed out by one of the following means:
- ATMs were instructed remotely to dispense cash at a pre-determined time, with the money being collected by organised crime groups supporting the main crime syndicate: when the payment was due, one of the gang members was waiting beside the machine to collect the money being ‘voluntarily’ spit out by the ATM
- The e-payment network was used to transfer money out of the organisation and into criminal accounts
- Databases with account information were modified so bank accounts balance would be inflated, with money mules then being used to collect the money.
The criminal profits were also laundered via cryptocurrencies, by means of prepaid cards linked to the cryptocurrency wallets which were used to buy goods such as luxury cars and houses.
International police cooperation
International police cooperation coordinated by Europol and the Joint Cybercrime Action Taskforce was central in bringing the perpetrators to justice, with the mastermind, coders, mule networks, money launderers and victims all located in different geographical locations around the world.
Europol’s European Cybercrime Centre (EC3) facilitated the exchange of information, hosted operational meetings, provided digital forensic and malware analysis support and deployed experts on-the-spot in Spain during the action day.
The close private-public partnership with the European Banking Federation (EBF), the banking industry as a whole and the private security companies was also paramount in the success of this complex investigation.
Wim Mijs, Chief Executive Office of the European Banking Federation, said: “This is the first time that the EBF has actively cooperated with Europol on a specific investigation. It clearly goes beyond raising awareness on cybersecurity and demonstrates the value of our partnership with the cybercrime specialists at Europol. Public-private cooperation is essential when it comes to effectively fighting digital cross border crimes like the one that we are seeing here with the Carbanak gang.”
Steven Wilson, Head of Europol’s European Cybercrime Centre (EC3), said: “This global operation is a significant success for international police cooperation against a top level cybercriminal organisation. The arrest of the key figure in this crime group illustrates that cybercriminals can no longer hide behind perceived international anonymity. This is another example where the close cooperation between law enforcement agencies on a worldwide scale and trusted private sector partners is having a major impact on top level cybercriminality.”
from Help Net Security https://ift.tt/2I7pu9k
Monday review – the hot 20 stories of the week
from Naked Security https://ift.tt/2G92DcQ
Do you have what it takes to withstand modern DDoS attacks?
As the latest record DDoS attack hit GitHub and threatened to overwhelm its edge network, the popular Git-repository hosting service quickly switched to routing the attack traffic to their DDoS mitigation service.
In the end, GitHub ended up completely unavailable for five minutes and intermittently unavailable for four. But while the effect of the attack could have been worse, GitHub’s engineering team aims to do better next time they are hit.
Robert Hamilton, Director of Product Marketing at Imperva, believes that nine minutes of outage is definitely way too much. Paying a sizeable amount of money for DDoS mitigation services should come with a promise that attacks will be thwarted within seconds, he says, and that’s what Imperva is doing.
The company’s services come with a guarantee – written into the service level agreement (SLA) – to detect and block all attacks in under ten seconds.
The offer is unique in the DDoS mitigation market, and Hamilton says that they expected some of their competitors to follow suit and offer a similar deal. None did, though, which makes him believe they are not capable of mitigating a DDoS attack in less than ten to twenty minutes.
Imperva Incapsula
Granted, Imperva is the de-facto leader on the DDoS mitigation market at the moment and has a high-capacity global network that spans the globe. If anyone should be able to mitigate new, massive attacks, it’s them.
The company’s Incapsula DDoS mitigation services are part of its cloud security and content delivery network (CDN) portfolio, and are used by a large customer base, something that helps them keep on top of the DDoS threat landscape.
“Because we have so many customers, we’ll see any new type of DDoS attack very quickly. We saw the memcached-based amplification attack about a week before GitHub got hit, and introduced protections against it,” he notes.
That’s also part of the reason why he believes Akamai should have been able to mitigate the GitHub attack much more quickly than they have.
“We have a relatively large internal security research team in Israel, and one of the things that they do continuously is monitor the network for known and new types of attacks. The latter are identified very quickly, typically within hours or even minutes, and a filter for them is then applied on our network so that similar future attacks are easily mitigated,” he says.
Keeping an eye on the threat landscape
In 2016, the threat of IoT botnets engaging in DDoS attacks loomed large, especially after Mirai caused massive outages when it hit Internet performance management company Dyn.
But the promise of crippling botnet-based attacks did not materialize in 2017. Hamilton believes that that was the result of the effectiveness of subsequent DDoS mitigation efforts.
Attackers were forced to figure out how DDoS mitigation services and products work and to come up with new approaches.
Memcached-based attacks are one of these. Another inventive approach that has become increasingly popular was first spotted in the spring of 2017. Dubbed “pulse wave,” the attacks consisted of a series of short-lived, packet-intensive bursts occurring in clockwork-like succession, aimed at five to ten organizations at practically the same time.
Botnets are made to deliver these peak-intensity bursts as the attackers are switching between targets on-the-fly.
These attacks are particularly harmful to solutions having an “appliance first, cloud second” hybrid approach to DDoS mitigation, as the bursts of traffic make on-premises DDoS mitigation appliances unable to communicate with the cloud-based scrubbing platform and “ask” for its aid in handling this large packet volume.
Each attack/pulse lasts for a few seconds, but is highly disruptive. “What you have is a very short attack that will lead to a certain period of downtime before the on-premises devices can call on the cloud service to mitigate this huge burst of packets,” Hamilton explains.
In addition to this, the lack of communication makes it impossible for the appliance to provide information required to quickly create an attack signature, and this leads to further mitigation delays.
“Pulse wave attacks can be aimed at a larger number of targets. Instead of attacking one organization for ten minutes, the attackers can hit ten organizations continuously for a few seconds at a time, maximizing efficiency,” Hamilton notes. “Packet-intensive attacks such as these are designed to overwhelm edge routers and bring the whole network down, and are unfortunately increasing in size and frequency.”
Application-level attack are also a rising problem – they used to be a minority of DDoS attacks, and now they are almost two-thirds of all attacks, he says.
“What’s interesting about them is you have to use completely different techniques to mitigate them. The attack comes from what appear to be real web clients, but you can’t block all traffic to the website as legitimate traffic must be able to pass through to the site. So you need technology to identify which bots are attack bots and which sessions are real human beings trying to perform an action on the website.”
Making the right choice
DDoS mitigation options come in form of standalone, on-premises appliances; hybrid solutions that combine appliances and protection services in the cloud; and “as-a-Service.”
Imperva offers a pure, cloud-based DDoS mitigation-as-a-Service and it offers something that all organizations should look for: guaranteed attack mitigation in under ten seconds, regardless of the attack’s size and without getting in the way of legitimate traffic.
from Help Net Security https://ift.tt/2pKAIJk
Sunday, March 25, 2018
Week in review: PKI and IoT, Facebook’s trust crisis, understanding email fraud
Here’s an overview of some of last week’s most interesting news and articles:
Top cybersecurity evasion and exfiltration techniques used by attackers
SS8 released its 2018 Threat Rewind Report, which reveals the top cybersecurity evasion and exfiltration techniques used by attackers and malicious insiders.
Malware leverages web injects to empty users’ cryptocurrency accounts
Criminals trying to get their hands on victims’ cryptocurrency stashes are trying out various approaches. The latest one includes equipping malware with Man-in-the-Browser capabilities so they can hijack online accounts and perform fraudulent transactions on the fly.
Excessive alerts, outdated metrics, lead to over-taxed security operations centers
A new study, conducted by 360Velocity and Dr. Chenxi Wang, found that excessive alerts, outdated metrics, and limited integration lead to over-taxed security operations centers (SOCs). The study was conducted over the span of three months, interviewing security practitioners from enterprise companies in a cross-section of industries: Software-as-a-Service (SaaS), retail, financial services, healthcare, consumer services, and high tech.
Why PKI will secure the Internet of Things for years to come
Dispelling some common myths about PKI as they relate to the IoT.
Atlanta government systems hit by rasomware
The city of Atlanta has suffered a ransomware attack on Thursday, which resulted in outages of some of its customer facing applications, including some that customers may use to pay bills or access court-related information.
Netflix, Dropbox promise not to sue security researchers, with caveats
Netflix and Dropbox have both noted recently that they won’t sue security researchers who find and disclose vulnerabilities in their products. The only caveat is: the researchers must conduct the research in line with their vulnerability disclosure policy and bug bounty program guidelines.
RSA Conference 2018 USA: What you can expect at this year’s event
With RSA Conference 2018 USA less than a month away, we asked Britta Glade, Director, Content and Curation for RSA Conference, to tell us more about this year’s event.
AMD confirms processor flaws found by CTS Labs, firmware fixes are coming
Chipmaker AMD has confirmed that the vulnerabilities discovered by CTS Labs researchers earlier this month do affect a variety of its products, and that firmware patches mitigating them will be released “in the coming weeks.”
880,000 payment cards, user info hit in Orbitz data breach
Expedia subsidiary Orbitz has revealed that a legacy Orbitz travel booking platform had been compromised and personal user information and payment card data might have been accessed by unauthorized parties.
1 in 10 targeted attack groups use malware designed to disrupt
Cyber criminals are rapidly adding cryptojacking to their arsenal and creating a highly profitable new revenue stream, as the ransomware market becomes overpriced and overcrowded.
Flaws in ManageEngine apps opens enterprise systems to compromise
Researchers have discovered multiple severe vulnerabilities in ManageEngine’s line of tools for internal IT support teams, which are used by over half of Fortune 500 companies.
Facebook’s trust crisis: Has it harmed democracy?
Barraged by accusations of spreading divisive fake news and amid new allegations that it handed over personal information on up to 50 million users without their consent, Facebook is losing the faith of the Americans people, according to the Digital Citizens Alliance.
Understanding email fraud: Do you have visibility into email threats?
Email fraud is highly pervasive and deceptively simple; hackers don’t need to include attachments or URLs, emails are distributed in fewer volumes, and typically impersonate people in authority for maximum impact.
Nmap 7.70 released: Better service and OS detection, 9 new NSE scripts, and more!
Nmap is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Privilege escalation on Unix machines via plugins for text editors
Several of the most popular extensible text editors for Unix environments could be misused by attackers to escalate privileges on targeted systems, SafeBreach researchers have found.
A look inside the big business of cybercrime
For three months, Armor’s Threat Resistance Unit (TRU) research team compiled and analyzed data from the black market to shed light on the type of activity threat actors are participating in and how underground forums operate in the burgeoning industry.
New Intel processors to have hardware-based protections against Meltdown, Spectre 2
Intel has officially pushed out microcode updates with Spectre and Meltdown mitigations for all of the processors it launched in the past five years. In addition to this, the company’s CEO announced new, redesigned processor lines.
Have you evaluated the cost of a cloud outage?
New findings from a study by Veritas Technologies, indicate that 60 percent of respondents have not fully evaluated the cost of a cloud outage to their business and are therefore ill prepared to deal with the impact of an outage.
New infosec products of the week: March 23, 2018
A rundown of infosec products released last week.
from Help Net Security https://ift.tt/2GrSn2R
Saturday, March 24, 2018
Friday, March 23, 2018
Crooks infiltrate Google Play with malware in QR reading utilities
Thanks to Chen Yu of SophosLabs for her behind-the-scenes work on this article.
SophosLabs just alerted us to a malware family that had infiltrated Google Play by presenting itself as a bunch of handy utilities.
Sophos detects this malware as Andr/HiddnAd-AJ, and the name gives you an inkling of what the rogue apps do: blast you with ads, but only after lying low for a while to lull you into a false sense of security.
We reported the offending apps to Google, and they’ve now been pulled from the Play Store, but not before some of them attracted more than 500,000 downloads.
The subterfuge used by the developers to keep Google’s “Play Protect” app-vetting process sweet seems surprisingly simple.
First, the apps were, at least on the surface, what they claimed: six were QR code reading apps; one was a so-called “smart compass”.
In other words, if you were just trying out apps for fun, or for a one-off purpose, you’d be inclined to judge them by their own descriptions.
Second, the crooks didn’t fire up the adware part of their apps right away, lurking innocently for a few hours before unleashing a barrage of ads.
Third, the adware part of each app was embedded in what looks at first sight like a standard Android programming library that was itself embedded in the app.
By adding an innocent-looking “graphics” subcomponent to a collection of programming routines that you’d expect to find in a regular Android app, the adware engine buried in the app can effectively hide in plain sight.
For all its apparent innocence, however, this malware not only pops up advertising web pages, but can also send Android notifications, including clickable links, to lure you into generating ad revenue for the criminals.
When you run one of the these infected apps for the first time, it “calls home” for configuration information to a server controlled by the crooks.
Each configuration download tells the malware what to do next:
- The Google Ad Unit ID to use.
- How long to wait before showing ads.
- The URLs to open in your browser to push ads on you.
- The messages, icons and links to use in the notifications you’ll see.
- When to call home for the next configuration update.
This makes it easy for the crooks to adapt the behaviour of the malware remotely, changing both its ad campaigns and its aggressiveness easily, without needing to update the malware code itself.
When SophosLabs tested these samples, the first configuration settings pushed out by the crooks were very low-key.
For the first six hours, the list of ads was empty, meaning that the behaviour of the apps was unexceptionable to start with…
…before flooding the device with full screen ads, opening various ad-related webpages, and sending notifications with ad-related links in them, even when the apps’ own windows were closed.
What to do?
As mentioned, Google no longer endorses these apps, and if you install our free Sophos Mobile Security for Android product, we’ll detect and optionally remove these ad-foisting apps if you already have them on your device.
Despite Google’s failure to spot the roguery of these particular “utilities” before blessing them into the Play Store, we nevertheless recommend sticking to Google Play if you can.
Google’s app vetting process is far from perfect, but the company does at least carry out some pre-acceptance checks.
Many off-market Android app repositories have no checks at all – they’re open to anyone, which can be handy if you’re looking for unusual or highly specialised apps that wouldn’t make it onto Google Play (or trying to publish unconventional content).
But unregulated app repositories are also risky, for all the same reasons.
from Naked Security http://ift.tt/2FYDDZH
The A.V.
The A.V. Club Batman Returns is a relic of an age when disgusting monsters only ran for office in the movies | Earther Cryptocurrency Companies Are Rushing to Gobble up Canada’s Cheap Electricity | The Takeout TIL there’s a right way to split an English muffin |
from Lifehacker http://ift.tt/2HZaWbG
Netflix, Dropbox promise not to sue security researchers, with caveats
Netflix and Dropbox have both noted recently that they won’t sue security researchers who find and disclose vulnerabilities in their products. The only caveat is: the researchers must conduct the research in line with their vulnerability disclosure policy and bug bounty program guidelines.
Dropbox
Dropbox Head of Security Chris Evans announced on Wednesday that they’ve updated their vulnerability disclosure policy to clearly say that the company will “not initiate legal action for security research conducted pursuant to the policy, including good faith, accidental violations,” and that they “won’t bring a Digital Millennium Copyright Act (DMCA) action against a researcher for research consistent with the policy.”
“Anything that stifles open security research is problematic because many of the advances in security that we all enjoy come from the wonderful combined efforts of the security research community,” he pointed out.
“Motivated by recent events and discussions, we’ve realized that too few companies formally commit to avoiding [legal threats, suits, inappropriate referral to authorities, public attacks on researchers’ character or motivation, and pressuring, gagging, or firing researchers by abusing law or business relationships to the detriment of scientific publication].”
The company will consider actions consistent with the policy as constituting “authorized” conduct under the Computer Fraud and Abuse Act (CFAA), and if a third party initiates legal action, Dropbox will make it clear when a researcher was acting in compliance with the policy.
Dropbox is requesting researchers to give them a “reasonable time” to fix the issue before making it public, but Evans noted that that doesn’t mean that the company reserves the right to take forever to fix a security issue.
The policy and other details about the Dropbox’s bug bounty program can be found here.
Netflix
Netflix has been operating a private bug bounty program since September 2016 and initially invited 100 of Bugcrowd’s top researchers to participate.
The initial scope of the program has been increased considerably since then, and now 700 researchers have been invited to participate in it.
Detailed information about what’s in scope of the program and what isn’t can be found on the here.
What’s important to point out is that the company promises to resolve reported issues quickly and not to bring a lawsuit against researchers or ask law enforcement to investigate them if their research and disclosure conformes to the set bug bounty guidelines.
Netflix allows “coordinated disclosure” for valid, remediated submissions, meaning researchers will have to get explicit permission from the company to disclose information about the found (and fixed) vulnerability.
from Help Net Security http://ift.tt/2IOR38w
Atlanta government systems hit by rasomware
The city of Atlanta has suffered a ransomware attack on Thursday, which resulted in outages of some of its customer facing applications, including some that customers may use to pay bills or access court-related information.
The city government alerted the public about the outages on Thursday morning via Twitter, but did not say at the time what was their cause.
Later that day, Keisha Lance Bottoms, the city’s mayor, held a press conference during which she confirmed that the operation of both internal and external apps was affected by the attack, and said that the FBI, the DHS, Microsoft and the Cisco cybersecurity incident response team are helping with the investigation.
At the same press conference, Richard Cox, the new Atlanta chief operations officer, shared that the city systems have been hit with ransomware and that the malware has encrypted some of the city’s data.
He noted that they still don’t know whether the attack resulted in the compromise of personal or financial information, but advised city employees to keep a close eye on their bank accounts, just in case their financial information has been stolen and is being misused.
He said that public safety, water services and airport operations departments have not been affected, nor has the city’s payroll.
Apparently, the city got notified of the incident when the city’s security department “noticed something peculiar on the server.”
Local NBC affiliate WXIA received a screenshot from a city employee that shows the ransomware message demanding a payment in Bitcoin “of $6,800 per unit, or $51,000 to unlock the entire system.”
“One expert said based on the language used in the message, the attack resembles the ‘MSIL’ or ‘Samas’ (SAMSAM) ransomware strain that has been around since at least 2016,” the news outlet noted.
The city officials did not say whether a decision has been made on whether or not they will be paying the requested ransom.
In the meantime, city employees have been advised to unplug their computers if they notice any suspicious activity.
from Help Net Security http://ift.tt/2uimPYm
RSA Conference 2018 USA: What you can expect at this year’s event
With RSA Conference 2018 USA less than a month away, we asked Britta Glade, Director, Content and Curation for RSA Conference, to tell us more about this year’s event.
Read on to find out what’s in store for the world’s largest gathering of information security professionals.
What have been the major security developments in the past year, and how have these informed the conference agenda for 2018?
Where to begin? 2017 showed us just how sophisticated cyber threats could be. From human manipulation through social engineering, to hacking of IoT and medical devices, you couldn’t turn on the news without hearing of another breach. But nevertheless, security companies innovated, persevered and gained insight from yesterday’s breach. We saw artificial intelligence and machine learning being applied through security solutions. The industry continued to push the envelope on how AI and ML can be used to protect against evolving threats.
This year we added a half-track on Machine Learning to the Conference agenda to allow for more focused education on the advancements being made in that area. Another security issue that jumped top of mind is risk management and compliance as organizations prepare for GDPR in May. This is such a significant topic of discussion among attendees that we added a GDPR Essentials seminar to the agenda on Monday, April 16, which will take a holistic look at risk and compliance through a business, customer and security lens.
There are quite a few security conferences in the US. What do you see as your strengths? Has your strategic focus changed from previous years? How much has the event grown in the past five years?
RSA Conference gives attendees the power of community and the opportunity to gather face to face and exchange ideas with one another as we all work together to make the world a more secure place. RSA Conference has doubled in size since 2012 and we expect to see significant growth once again in 2018.
Collectively our conferences draw over 45,000 attendees per year, making us the world’s largest provider of security events. That said, we work very hard to create “small” experiences for our attendees as well via a wide variety of learning formats that maximize networking and information exchange as well as providing powerful interactive learning.
Most importantly, the real value of RSA Conference lies not in our size, but in the valuable content we provide and our commitment to finding new industry voices and new ways for our community to feel inspired and engaged. Presentations are encouraged to always end with actionable guidance—how are our attendees going to do their jobs differently next week, next month, and next year as a result of the content presented. At the end of the day that’s what it’s all about—helping our attendees to be more effective in their work.
What will be different or new at RSA Conference 2018? What aspects of the event are unique to the US event compared to Asia Pacific & Japan or Abu Dhabi?
Even though we see the majority of attendees at the US RSA Conference come from domestic cities (80%), it does essentially function as a global event, attracting attendees and press from all over the world. Because of this, we actually use the US event to test new ideas and learning formats that, if successful, can be brought to our other global events in a modified format that reflects local market drivers. This allows us to be creative with our programming and the approaches we take and provide new and exciting tracks and sessions to participants every year.
We know that it’s especially important to deliver new and customized content to attendees, so we have a massive Monday seminar lineup, we have 19 Learning Labs and 48 Peer2Peer sessions, as well plenty of morning and afternoon Birds of a Feather sessions. These are all purposed to provide not only great networking opportunities but a set agenda for discussion around key themes and interests so attendees can meet and share pain points or best practices with others in their field of expertise.
The feedback we receive on these sessions at the US Conference will inform programming at our international events. For example, at RSAC Asia Pacific & Japan, we’ll have two Learning Labs this year and two seminars as well as the “Ask the Experts” offering, which introduces a market-specific Peer2Peer-type discussion format adopted from the US Conference agenda.
What tracks and workshops would you highlight?
We’ve built significantly more content into the Monday schedule for attendees to take advantage of before the Expo Hall opens on Tuesday. As I mentioned above, we’ll dive into the topics of GDPR, bitcoin & blockchain and ransomware, as well as the always popular Security Foundations seminar, on Monday.
In addition, I encourage anyone attending RSAC to check out our Securing Diversity session that day as well, either in person or via the live stream. This is a highly anticipated seminar featuring a wide range of speakers designed to expose the audience to a variety of thoughts, backgrounds and perspectives. It’s a great way to start the week on a high note with valuable content and networking opportunities.
Lastly, I’ll highlight our innovation tracks for anyone involved with or interested in the startup world. Check out our Early Stage Expo, the ever popular Innovation Sandbox Competition or attend the How-To for Innovators and Entrepreneurs seminar Monday morning.
from Help Net Security http://ift.tt/2pyXaoE
New infosec products of the week: March 23, 2018
Gemalto unveils enhanced security features for ID documents
These security features are available as additional options in the Gemalto Color Laser Shield secure identity solutions range. The new enhancements are simple to adopt by the government agents in the field. They are designed to counter forgery while remaining easy for officials to verify their authenticity, thereby providing convenience for legitimate holders.
QuintessenceLabs qStream 100P PCIe card integrates high-entropy, quantum-based true random numbers to servers
QuintessenceLabs has announced a PCIe version of its qStream quantum random number generator, the qStream 100P, which delivers 100 percent entropy at 1 Gb/s, solving the strength and speed issues of pseudo-random cryptographic applications. As a PCIe Gen 2 card module, the main benefit of the qStream 100P is the ability to easily add true random capabilities to existing appliances. Apart from that, the qStream 100P provides the same full-entropy random numbers as the full-size qStream 100A appliance, at the same gigabit throughput.
Full transaction stack protection for financial institutions
Trusted Knight launched Protector Air, a cloud-based solution that deploys in-stream between consumers and businesses conducting financial transactions to protect both from cyber attacks and fraud. Customers using Protector Air are able to prevent banking malware techniques including rootkits, man-in-the-browser attack, session hijacking, account takeovers, and more.
Dome9 adds GDPR Readiness Bundle to its public cloud compliance engine
Dome9 Security announced the availability of the GDPR Readiness Bundle as part of the Dome9 Compliance Engine. The solution offers compliance management in public cloud environments. Customers can identify risks and gaps, fix issues such as overly permissive security rules and weak password policies, enforce compliance requirements and prove compliance in audits.
Install-free remote user protection to safeguard from unmanaged endpoints
Minerva Labs released an installation-free Remote User Protection solution for Mac and Windows systems that are not under the organization’s direct control. These new capabilities allow enterprises to automatically activate malware protection throughout the entire remote session when connecting to corporate assets, without relying on the user’s own security measures or requiring user interaction.
RedLock supports Security Command Center for Google Cloud Platform
RedLock announced technology integration with Cloud Security Command Center for Google Cloud Platform, a security and data risk platform that helps enterprises gather data, identify threats and act on them before they lead to damage or loss. As part of the integration, RedLock continuously monitors environments and sends results pertaining to resource misconfigurations, compliance violations, network security risks and anomalous user activities to Cloud Security Command Center.
SecureAuth and Core Security release Visual Identity Suite
SecureAuth and Core Security announced the Visual Identity Suite (VIS) – a new approach that accelerates and improves accuracy of role design and certifications, with the ability to visually see user access and entitlements. This is the latest product release in the category of Identity Security Automation – an identity-first approach to security.
from Help Net Security http://ift.tt/2IHFsbf