Organizations need to shift strategies, adopt a proactive approach to cybersecurity

The cybersecurity market has reached a point whereby organisations need to shift their strategies and have a new, proactive approach to their cybersecurity, according to a report by 451 Research.

Hurdles that organizations need to overcome to successfully shift their strategies

These were identified as:

• A profusion of tools and data that complicates – and too often, frustrates – an effective strategy
• An over-reliance on people to resolve security issues, and the unsustainable business model it represents
• A “one size fits all” mentality that leads to tools and processes insufficiently flexible to serve real-world people and processes – and too often leaves security poorly aligned with business realties
• Lopsided investments in reactive measures that too often result from these failures.

The report identified that opting to ‘monitor and respond’ at the expense of ‘prepare and protect’ is a poor strategy from a security performance and cost standpoint, especially as we reach a point where the cost of containment and response can far exceed the investment in resilience. This is clearly illustrated by the global impact of the 2017 NotPetya outbreak, which ranges as high as $10 billion – yet the vulnerabilities exploited in many cases had already been resolved for years in many older operating systems.

Scott Crawford, Research Director, Information Security, 451 Research: “Advances in data gathering, rationalization, analytics and automation have made a proactive strategy more actionable now than ever before. Organizational infrastructures are becoming more complex as billions of smart devices coupled with a growing diversity of technologies demands an approach that can scale. Adversaries, too, recognize how their strategies must adapt. The risks are too great to ignore. The technology is available; the time is now to take action – before organizations become even more overwhelmed with what may face them tomorrow.”

The growth of the proactive security market

The analysis by 451 Research support the recent industry predictions from Markets and Markets, which outlined that the proactive security market is undergoing tremendous growth. Its report outlined that the market is expected to grow from USD 20.66 billion in 2018 to USD 41.77 billion by 2023, at a Compound Annual Growth Rate (CAGR) of 15.1% during the forecast period.

“The last decade has seen a huge surge in cyber defense technologies that support a reactive approach. However, we have now reached a point where this just doesn’t work. It is an outdated equation where you will never have enough resources to respond, as reacting costs much more budget – it’s like closing the stable door after the horse has bolted. If you are to stand a genuine chance of combatting threats successfully and addressing the myriad of compliance issues facing all industries, you need a different playbook. With limited budgets and resources, and demands for insight and proof, organisations must move from firefighting to fireproofing and developing a robust, proactive cyber strategy,” said Nik Whitfield, CEO, Panaseer.

from Help Net Security https://ift.tt/2P13zEy

Quantifying a firm’s security levels may strengthen security over time

Cyberattacks grow in prominence each and every day; in fact, 2017 was the worst year to-date for data breaches, with the number of cyber incidents targeting businesses nearly doubling from 2016 to 2017.

Now, new research from the UBC Sauder School of Business has quantified the security levels of more than 1,200 Pan-Asian companies in order to determine whether increased awareness of one’s security levels leads to improved defense levels against cybercrime.

The study found that when cyberattacks were less likely to directly harm a company, organizations were unlikely to prioritize security improvements. Firms were more likely to fix issues related to spam emails originating from their compromised computers, but failed to act when they were found to host phishing websites on their servers. Most of the firms with phishing websites are actually hosting service providers.

The researchers conducted a randomized field experiment on organizations in Hong Kong, China, Singapore, Macau, Malaysia and Taiwan – which were chosen for their significant economic development as well as rapid adoption of technologies. The experiment evaluated each organization’s preparedness against two distinct security issues: spam emissions and phishing website hosting. Spam usually consists of unsolicited bulk messages sent out by compromised “zombie” computers controlled by cyber attackers, while phishing refers to fraudulently obtaining sensitive information, such as passwords and credit card details for malicious reasons.

“For companies hosting phishing websites, there were fewer incentives to crack down on the sites since they were operated by paying customers and the sites failed to negatively impact the company itself,” explains Gene Moo Lee, study co-author and assistant professor of Accounting and Information Systems at the UBC Sauder School of Business.

The researchers developed and assigned an information security score, similar to the idea of Moody’s and Standard and Poor’s credit ratings, to each organization. The score can be used as an indicator of each organization’s security vulnerabilities.

The security results from each company were then published online. According to Lee, publicizing firms’ security levels not only leads to greater transparency, but it could also be used to strengthen their security over time. In addition, organizations with poor performance could face greater pressure from their customers and a loss of reputation.

“The ever-increasing number of cyberattacks motivated my co-authors and I to explore a more effective way to enhance the security awareness of organizations and the general public,” explains Lee. “By establishing a ranking scheme of firms against online scams, we hope this will heighten firms’ awareness to address suboptimal security issues.”

For Lee, cybersecurity is an international concern that needs to be managed more effectively. “Many organizations don’t understand the threats posed by emerging, sophisticated cyberattacks and usually adopt a wait-and-see approach in security investments until a huge security incident affects them significantly,” he said. “Our hope with this research is that companies improve their security levels to prevent the potential of cyberattacks from happening in the first place. And, ultimately, the goal of our research is to provide insights for cybersecurity policy makers.”

from Help Net Security https://ift.tt/2NezkYQ

Explosion of look-alike domains aims to steal sensitive data from online shoppers

Venafi released research on the explosion of look-alike domains, which are routinely used to steal sensitive data from online shoppers. Venafi’s research analyzed suspicious domains targeting the top 20 retailers in five key markets: the U.S., U.K., France, Germany and Australia.

As the rate of online shopping increases, customers are being targeted through look-alike domains. Cyber attackers create these fake domains by substituting a few characters in the URLs. Because they point to malicious online shopping sites that mimic legitimate, well-known retail websites, it makes it increasingly difficult for customers to detect the fake domains. Additionally, given that many of these malicious pages use a trusted TLS certificate, they appear to be safe for online shoppers who unknowingly provide sensitive account information and payment data.

“Domain spoofing has always been a cornerstone technique of web attacks that focus on social engineering, and the movement to encrypt all web traffic does not shield legitimate retailers against this very common technique,” said Jing Xie, senior threat intelligence analyst for Venafi. “Because malicious domains now must have a legitimate TLS certificate in order to function, many companies feel that certificate issuers should own the responsibility of vetting the security of these certificates. In spite of significant advances in the best practices followed by certificate issuers, this is a really bad idea.”

“No organization should rely exclusively on certificate authorities to detect suspicious certificate requests,” continued Xie. “For example, cyber attackers recently set up a look-alike domain for NewEgg, a website with over 50 million visitors a month. The look-alike domain used a trusted TLS certificate issued by the CA who followed all the best practices and baseline requirements. This phishing website was used to steal account and credit card data for over a month before it was shut down by security researchers.”

According to Venafi’s research, there has been an explosion in the number of potentially fraudulent domains. There are more than double the number of look-alike domains compared to legitimate domains, and every online retailer studied is being targeted.

Key findings from the research include:

• The total number of certificates for look-alike domains is more than 200 percent greater than the number of authentic retail domains.
• Among the top 20 online German retailers, there are almost four times more look-alike domains than valid domains.
• Major retailers present larger targets for cyber criminals. One of the top 20 U.S. retailers has over 12,000 look-alike domains targeting their customers.
• The growth in look-alike domains appears to be connected to the availability of free TLS certificates; 84 percent of the look-alike domains studied use free certificates from Let’s Encrypt.

As the holiday shopping season approaches, there will likely be an increase in look-alike domains. For online retailers that discover malicious domains, they can take several steps to protect their customers:

Search and report suspicious domains using Google Safe Browsing. Google Safe Browsing is an industry anti-phishing service that identifies and blacklists dangerous websites. Retailers can report a domain here.

Report suspicious domains to the Anti-Phishing Working Group (APWG). The APWG is an international voluntary organization that focuses on limiting cyber crime perpetrated through phishing. Retailers can report a suspicious domain at https://ift.tt/2RenO36 or via email to reportphishing@apwg.org.

Add Certificate Authority Authorization (CAA) to the DNS records of domains and subdomains. CAA lets organizations determine which CAs can issue certificates for domains they own. It is an extension of the domain’s DNS record and supports property tags that let domain owners set CA policy for entire domains or for specific hostnames.

Leverage software packages to search for suspicious domains. Copyright infringement software may help retailers find malicious websites, stopping the unauthorized use of their logos or brands. Solutions that also provide anti-phishing functionality can help aid in the search for look-alike domains.

“Ultimately, we should expect even more malicious look-alike websites designed for social engineering to pop up in the future,” concluded Xie. “In order to protect themselves, enterprises need effective means to discover domains that have a high probability of being malicious through monitoring and analyzing certificate transparency logs. This way they can leverage many recent industry advances to spot high-risk certificate registrations, crippling malicious sites before they cause damage by taking away their certificates.”

from Help Net Security https://ift.tt/2NekQbp

New tools from IBM and Google reveal it’s hard to build trust in AI

The unseen dangers inherent in artificial intelligence (AI) are proving the importance of IBM and Google’s diverse approach to this multifaceted problem.

Brad Shimmin and Luciano C. Oviedo offer their perspective on this important issue.

Brad Shimmin, Service Director at GlobalData

Artificial Intelligence (AI) has already changed the way consumers interact with technology and the way businesses think about big challenges like digital transformation. In fact, GlobalData research shows that approximately 50% of IT buyers have already prioritized the adoption of AI technologies, and that number is expected to jump to more than 67% over the next two years.

However, there is a growing realization that good AI is hard to come by and such decisions AI makes, may only appear to be correct, when in reality they harbor unseen biases, based on incorrect or incomplete data. Many facets of AI such as Deep Learning (DL) algorithms are in essence a black box, unable to reveal how and why a given decision has been made.

Over the last two weeks, IBM and Google, both took an important next step by introducing tools, capable of building trust and transparency into AI itself. Both offer highly divergent approaches yet neither solves the problem in its entirety.

Google’s new tool, named What-If Tool, allows users to analyze a Machine Learning (ML) model directly, without any programming. Intended for use long before an AI solution is put into operation, this tool allows users to readily visualize how the outcome of a given ML model will change, according to any number of “what if” scenarios surrounding the model itself or its underlying dataset.

Conversely, IBM has taken an operational approach to the problem with its new trust and transparency capabilities for AI on IBM Cloud. IBM’s new tools evaluate the effectiveness of a given model, based on how the business expects it to behave, explaining its effectiveness and accuracy in natural and business language.

Despite each solution not being enough to solve the overall problem, what these two highly divergent solutions point to, is the necessity of a multi-pronged approach to building trust in AI; first in the underlying data, next in the model and algorithms, and finally, in the final solution running in the wild.

Luciano C. Oviedo, Warwick Business School/Arizona State University

The galactic collision and convergence of AI, IoT, Fog or 5G stands to create plausible futures that range from utopian to dystopian, and everything in between. No one knows which future will hit us but what we can control are to proactively stress-test and adapt our respective strategy and plans to mitigate issues and risks as well as to promote values and opportunities.

Yet, unlike previous technology waves, current research indicates that this specific suite of technology convergence stands to impact society in ways that we’ve not ever seen before. What’s also evident is that companies, and their respective platform ecosystems are, in general, lagging in pro-actively and rigorously analyzing the social impact and implications of these emerging technologies. I recommend companies use this as an opportunity re-engage with non-traditional stakeholders to tackle these topics head on.

from Help Net Security https://ift.tt/2OsWMGs

How to Quit Drinking For 'Sober for October'

Week in review: First-ever UEFI rootkit, Apple DEP vulnerability, new tactics subvert traditional security measures

Here’s an overview of some of last week’s most interesting news and articles:

What do you mean by storage encryption?
Depending on the threat context and how you define “storage encryption,” it can be a highly effective control or a complete waste of resources.

Phorpiex bots target remote access servers to deliver ransomware
Threat actors are brute-forcing their way into enterprise endpoints running server-side remote access applications and attempting to spread the GandCrab ransomware onto other enterprise computers.

LoJax: First-ever UEFI rootkit detected in a cyberattack
ESET researchers have discovered a cyberattack that used a UEFI rootkit to establish a presence on the victims’ computers. Dubbed LoJax, this rootkit was part of a campaign run by the infamous Sednit group against several high-profile targets in Central and Eastern Europe and is the first-ever publicly known attack of this kind.

Vulnerabilities and architectural considerations in industrial control systems
The reason SCADA security is so controversial stems primarily from the intense consequences that come from a compromise in this area. In this podcast, Andrew Ginter, VP of Industrial Security at Waterfall Security Solutions, and Edward Amoroso, CEO of TAG Cyber, talk about SCADA vulnerabilities in ICS architectures.

Apple DEP vulnerability lets attackers access orgs’ resources, info
An authentication weakness in Apple’s ​Device Enrollment Program​ (DEP) may allow attackers to enroll any device into an organization’s Mobile Device Management server and, consequently, to obtain privileged access to the private resources of an organization or even full VPN access to internal systems.

Downloads of known vulnerable open source components increase 120%
Sonatype today released its fourth annual State of the Software Supply Chain Report, which reveals the widespread use of vulnerable software components by businesses around the world.

Firefox Monitor tells you whether your email was compromised in a data breach
After a few months of user testing, Mozilla has launched Firefox Monitor, a free online service that allows users to check whether their email address was involved in a publicly known data breach and to sign up to get notified if the account appears in new data breaches.

French cybersecurity agency open sources security hardened CLIP OS
After developing it internally for over 10 years, the National Cybersecurity Agency of France (ANSSI) has decided to open source CLIP OS, a Linux-based operating system developed “to meet the specific needs of the [French] administration,” and is asking outside coders to contribute to its development.

You should prepare for the next mega data breach
In the wake of widespread data breaches, many organizations have quickly increased their cybersecurity spend and embraced new identity protection protocols to protect their customers’ information. The challenge with this approach is that while technology has historically moved and evolved rapidly to support changes in business and consumer demands, the security protocols surrounding it have had difficulty keeping pace.

Researchers develop invisibly thin spray-on antennas
The promise of wearables, functional fabrics, the Internet of Things, and their “next-generation” technological cohort seems tantalizingly within reach. But researchers in the field will tell you a prime reason for their delayed “arrival” is the problem of seamlessly integrating connection technology – namely, antennas – with shape-shifting and flexible “things.” But a breakthrough by researchers in Drexel’s College of Engineering, could now make installing an antenna as easy as applying some bug spray.

A law enforcement view of emerging cybercrime threats
Cybercriminals are adopting creative new techniques to target their victims at an unprecedented pace and are constantly seeking methods to avoid law enforcement detection. To stay ahead of them, law enforcement should target cybercriminals offering “off-the-shelf” cyber-attack services or products to make it more difficult for low-level cybercriminals to carry out high-level attacks.

Security and privacy improvements in macOS Mojave
Apple has released macOS Mojave, which comes with a new Dark Mode, a redesigned Mac App Store, and many new and modified features. It also sports changes aimed at enhancing users’ privacy and security.

How organizations overcome cybersecurity hiring challenges
A strong security-focused culture and adherence to best practices helps companies attract and retain cybersecurity talent.

Cybersecurity has a diversity problem: Here’s why
Greater diversity in cybersecurity is critical to catering to a more diverse consumer base, which in turn, increases the bottom line.

Hackers are finding creative ways to target connected medical devices
Hackers are leveraging error messages from connected medical devices — including radiology, X-ray and other imaging systems — to gain valuable insights.

Are you ready? A good incident response plan can protect your organization
Organizations must have conversations that lead to the generation of a custom-fit IR plan. This not only includes what to do in the event of an incident, but also how to address incidents before they occur.

Smart homes, dumb devices: Making the IoT safe
The reality is that home networks of the average, uninformed users are rarely well protected.

The state of network security in organizations with 1000+ employees
Security team size at the largest organizations does not scale with the number of overall employees, but they are more likely to include staff with specialized roles.

New tactics subvert traditional security measures and strike organizations of all sizes
Alert Logic released its latest cybersecurity analysis, “Critical Watch Report: The State of Threat Detection 2018,” which shows attackers are gaining vastly greater scale through new techniques such as killchain compression and attack automation, expanding the range of organizations under constant attack regardless of industry or size.

New infosec products of the week​: September 28, 2018
A rundown of infosec products released last week.

from Help Net Security https://ift.tt/2yaXyOv

How to Get Your U.S. Passport Fast

Sunday's Best Deals: Motor Oil, LEGO Star Wars, Sonicare, and More

These Airlines Offer Free In-Flight Messaging

The Best Value in the Sonicare Line Is Only $20 Today

Prevent Apps From Tracking if You've Opened an Email With This Gmail Extension

How to Remove Your Phone Number From Facebook

Saturday's Best Deals: Qi Charging, Skincare, Boxer Briefs, and More

How to Tell if Your Flight's WiFi is Going to Be Netflix Worthy

This Is One of the Cheapest Qi Pads We've Seen With iPhone Fast Charging

The iPhone XS Is Forever

Friday Squid Blogging: Squid Protein Used in Variable Thermal Conductivity Material

How to Get the Best Dynamic Desktop Wallpaper for Windows 10

Can a Dealer Low-Ball My Trade Because It Has a Recall?

How Are You Decompressing From This Hell Week?

The Fastest Way to Save $1 Million

Read one article about personal finance and you know that compound interest is one of the most important reasons to start saving and investing early. Well, in theory. You’ve heard that if you start investing in your 20s, you’ll have a bajillion dollars more than you will if you start in your 30s. Or something like that.

It is true that starting early helps build more money. Take this simplified example:

Let’s say you’re 25 and you start putting $3,000 annually into an account for the next 40 years, with a seven percent annual return. You’d contribute a total of $120,000 by the time you’re 65—but your account will have ballooned to almost $700,000.

Now let’s say you wait until you’re 35. Even if you contributed $5,500 per year, rather than $3,000, until you’re 65 with seven percent annual returns, you’d end with just under $600,000.

Start early, put away less each year, and you end up with $100,000 more. Not bad.

Advertisement

Ok, that’s all well and good, but what does that actually look like? This video will help you visualize the difference. We’ve laid out the steps for the best ways to save and benefit from compound interest so that by the time you retire, you could be a millionaire. It’s not a bajillion dollars, but it’s not half bad.

from Lifehacker https://ift.tt/2Qh9DsD

A Parent's Guide to Teaching Your Kid About Consent

How to Have a Conversation With a Conspiracy Theorist Without Losing Your Mind

How to Impeach a Supreme Court Justice

This Dark and Stormy Week Calls for a Dark 'n' Stormy Cocktail

Grab One of Last Year's Best TVs For Just $400, While You Still Can

Brett Kavanaugh and the Myth That Sports Build Better Men

Big Facebook breach: 50 million accounts affected

Facebook has suffered a data breach affecting almost 50 million accounts. Another 40 million have been reset as a “precautionary step”.

What’s happened?

In a post on the site earlier today, Facebook’s VP of Product Management, Guy Rosen, said that the breach was discovered on Tuesday 25 September.

Attackers exploited a vulnerability in Facebook’s “View As” feature to steal access tokens, which are the “digital keys” that allow you to stay logged into Facebook so you don’t need to re-enter your password every time you use the app.

Rosen says the vulnerability is now fixed.

We have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year.

Those affected will now have to log back into Facebook, and any apps that use Facebook Login.

Facebook has also turned off the “View As” feature while it investigates. This function allows you to see what a particular friend, or people you aren’t friends with, can see on your profile, such as old profile photos or posts you might not have restricted access to.

It’s still early days but Facebook says it looks like the hole was opened when developers made a change to the video uploading feature way back in July 2017. The attackers then stole an access token for one account, and then used that account to pivot to others and steal more tokens.

Facebook says it doesn’t yet know if any accounts were misused or information was accessed.

What to do

If you’ve been logged out by Facebook then your account is one of those affected. Rosen says there’s no need for anyone to change their passwords, but out of an abundance of caution (and especially if you’ve got a weak or reused password) now is as good a time as any to change it. Pick a strong and unique one!

You can also choose to log out of all your Facebook sessions by going to Settings > Security and Login. On this page you can see a list of all the places you’re logged in. Scroll down the page until you see Log out of all sessions and click it.

Follow @AnnaBrading
Follow @NakedSecurity

from Naked Security https://ift.tt/2N2S6m5

Major Tech Companies Finally Endorse Federal Privacy Regulation

Ask The Salty Waitress: Help! My server speaks like a millennial nitwit

How to Lock and Unlock Your Chase Credit Card

These Cheddar Biscuits are Better Than Red Lobster's

How to Rage-Donate Against Chuck Grassley

Friday's Best Deals: Halloween Costumes, Dolby Vision TV, Cheap Tiles, and More

How to Find HDR Content on YouTube

Apple's Screen Time Report Is Not Accurate for Tracking Your Habits

Where to Get Free Coffee for National Coffee Day 2018

Deadspin The Jimmy Butler Trade Saga Has Entered The Realm Of Farce | The Slot Brett Kavanaugh and

 Deadspin The Jimmy Butler Trade Saga Has Entered The Realm Of Farce | The Slot Brett Kavanaugh and the Myth That Sports Build Better Men | Splinter Kavanaugh’s Deranged Hearing Freaked Out Some of His Most Important Supporters | Very Smart Brothas The Delicious Salt of Brett Kavanaugh’s White Tears | The A.V. Club Cable news commentator fired for being too gross, even for Fox News

from Lifehacker https://ift.tt/2OhRv4A

Yet Another IoT Cybersecurity Document

Use the 100x Method to Only Start Worthwhile Projects

Possible Price Mistake? Add Tile Trackers to Eight Different Items For About $5 Each.

Tile Mate 8-Pack | $44 | Amazon

Whether you’re buying them all for yourself, or sharing them with particularly forgetful family members, we’ve never seen a better deal on the Tile Mate than this $44 8-pack. The Mate’s most obvious home is on your keychain, but it’d also work great on a gym bag, in your luggage, or even attached to a TV remote.

This 8-pack has been selling for over $90 lately, and today’s price is easily an all-time low. I wouldn’t be surprised if it was a price mistake.

---

from Lifehacker https://ift.tt/2zBHjM0

WhatsApp cofounder: “I sold my users’ privacy”

Mobile password managers vulnerable to phishing apps

Gear Up For Your Next Camping Trip With This One-Day Amazon Sale

Power to the people! Google backtracks (a bit) on forced Chrome logins

Robocallers slapped with huge fines for using spoofed phone numbers

New infosec products of the week​: September 28, 2018

Chronicle announces VirusTotal Enterprise with greater search and analysis capabilities

Chronicle, the cybersecurity subsidiary of Google’s parent company Alphabet, has announced VirusTotal Enterprise, which is aimed at helping enterprises protect their own networks. VirusTotal Enterprise will allow (paying) users to search for malware samples (using VT Intelligence), hunt for future malware samples (using VT Hunt with YARA), analyze malware relationships (using VT Graph), and automate all these tasks with the service’s API.

Sysdig Monitor 3.0 adds Prometheus monitoring and enhances its Kubernetes and Docker support

Sysdig Monitor 3.0 is an industry-first in delivering enterprise-grade Prometheus monitoring. In addition, the new release further cements Sysdig as the leader in Kubernetes monitoring and Docker monitoring for enterprises with the introduction of universal Kubernetes support, cluster management dashboards, and StatefulSet metrics, as well as Prometheus Query Language (PromQL) capabilities and Grafana integration.

Yubico launches YubiKey 5 Series, the multi-protocol security keys supporting FIDO2

Yubico announced the launch of the YubiKey 5 Series, the multi-protocol security keys supporting FIDO2/WebAuthn. With this new addition, the YubiKey 5 Series has the capability to replace password-based authentication with hardware-based authentication. The YubiKey 5 NFC is also new to the series, incorporating all protocols support over USB and NFC for new user experiences like tap-and-go authentication across desktop, laptop and mobile with FIDO2.

Siemplify harnesses machine learning for smarter security operations

Siemplify revealed new machine learning capabilities in its security operations platform. With this new version, security operations teams can expedite day-to-day workflow activities such as assigning cases based on analyst experience and identifying threats that can shed light on the way to address new ones.

Code42 Forensic File Search delivers visibility to file movement across cloud services

Code42 has extended the investigation capabilities of its Code42 Forensic File Search product beyond endpoints to include cloud services, offering security teams visibility to data no matter where it lives and moves. To start, the company is offering this new expanded cloud search capability for Google Drive and Microsoft OneDrive. In the near future, Code42 plans to broaden its support to additional cloud services, such as Box and Slack.

Crowdfense launches Vulnerability Research Hub for top security researchers

Crowdfense officially launched the Vulnerability Research Hub out of beta. After being internally developed and fine-tuned for several months, Crowdfense opened their process-oriented platform to a wider audience of researchers and brokers interested in trading 0day cyber capabilities, which can be both within the scope of Crowdfense public Bug Bounty Program or freely proposed (for a specific set of key targets).

Symantec protects Office 365 with DLP and new data rights management

Symantec provides functionality for visibility, protection and control of data no matter where it lives or travels. Users can now share data through Office 365 with employees, partners or contractors. As an integral element of Symantec’s Integrated Cyber Defense Platform, Symantec’s DLP technology leverages a combination of detection technologies backed by machine learning to classify personal information, including Sensitive Image Recognition (SIR) with Optical Character Recognition.

Endace launches petabyte network recording appliance

Endace announced the launch of its new 9200 Series EndaceProbe Analytics Platform. With built-in compression, and patented Smart Truncation, the 9200 Series can record more than a petabyte of network traffic at a sustained 40Gbps. In order to investigate and respond to security threats and performance issues, many organizations rely on recorded network packet history. The new EndaceProbe 9200 Series delivers a boost in packet storage density, extending the depth of Network History that can be recorded for analysis.

Ixia delivers visibility into network traffic through Microsoft Azure Virtual Network TAP

Keysight Technologies announced it has extended the Ixia CloudLens visibility platform to provide packet-level visibility into virtual machine network traffic through Microsoft Azure Virtual Network Terminal Access Point. Cloud adoption is ubiquitous with 92 percent of companies reporting they have adopted the public cloud, according to the RightScale 2018 State of the Cloud Report. As cloud adoption increases, security concerns intensify.

from Help Net Security https://ift.tt/2NKG6e1

Phorpiex bots target remote access servers to deliver ransomware

Threat actors are brute-forcing their way into enterprise endpoints running server-side remote access applications and attempting to spread the GandCrab ransomware onto other enterprise computers, SecurityScorecard researchers are warning.

Their weapon of choice is Phorpiex/Trik, a bot with worm capabilities that allows it to spread to other systems by copying itself to USBs and other removable drives.

The campaign

This rather unsophisticated piece of malware scans the internet for Remote Desktop Protocol (RDP) and Virtual Network Computing (VNC) servers and tries to gain access to these devices by running through a list of widely used usernames and passwords (“password”, “test”, “testing”, “server”, “admin”, “123123”, “123456”, and similar).

The malware randomly generates a target’s IP address and tries to connect to it through port 5900. If it succeeds, it inserts the ransomware and leaves the user with locked files and a ransom request.

“The computers infected with Phorpiex are not the same as the computers that are targeted for ransomware infection. This means that Phorpiex still has most of its bots at the bot master’s disposal to do the other malicious activities, such as DDoS, brute-forcing, etc.,” Paul Gagliardi, the company’s director of threat intelligence, told Help Net Security.

“Initially they just distributed the ransomware, and the ransomware was instantly encrypting the files. However, in last two days, they started to distribute a Phorpiex executable to the exploited systems. It’s possible that either they themselves are distributing the ransomware or that they are doing it on behalf of someone else who rented their distribution services. ”

The researchers have keeping tabs on the campaign by sinkholing inactive Phorpiex domains and connecting to active ones after making their own systems appear to be compromised by the bot and listening for updates and commands.

“We don’t know how many computers were compromised with the ransomware via port 5900, but we know that there are 68,000 unique IPs infected with Phorpiex which are actively trying to infect computers with it,” Gagliardi shared.

Currently, the ransomware is being delivered mostly to systems in the US, Canada, certain European countries, Turkey, China, Japan, Taiwan and Australia.

Advice for potential targets

The researchers advise users to make sure that the password for their RDP and VNC servers is a strong one (long, complex and unique) and to regularly run virus protection on all removable media.

“If you notice that your computer is contacting other computers on port 5900 and you are not using remote access applications, then you might be infected with Phorpiex and you should take actions towards removing the infection,” they noted.

They also warned that, in general, all threats are evolving and companies should constantly evaluate their cybersecurity controls (and those of their partners) for efficacy and make needed changes to stay ahead of the attackers.

from Help Net Security https://ift.tt/2R6GOk3

Vulnerabilities and architectural considerations in industrial control systems

The reason SCADA security is so controversial stems primarily from the intense consequences that come from a compromise in this area. In this podcast, Andrew Ginter, VP of Industrial Security at Waterfall Security Solutions, and Edward Amoroso, CEO of TAG Cyber, talk about SCADA vulnerabilities in ICS architectures.

Here’s a transcript of the podcast for your convenience.

Andrew Ginter: Hello everyone. Thank you for joining us. I’m Andrew Ginter, the vice president industrial security at Waterfall Security Solutions. I’m here with Ed Amoroso, the CEO of TAG cyber and the former CSO at AT&T. Hello Ed.

Edward Amoroso: Hi Andrew!

Andrew Ginter: So, Ed and I are here today because we put together a five-part series on industrial control systems security, topics and issues. This is number three in this series, and we’re going to be talking about vulnerabilities and architectural considerations in industrial control systems. Ed, did you want to start us out?

Edward Amoroso: I certainly can. You know, I think a common theme Andrew, that you I both agreed on very strongly, is that OT designers are no dummies, these are smart people, and could build up industrial equipment. But to build an automobile for example, takes considerable skill and practice and knowledge, apprenticeships and years of building up an experience base. So, it’s not that you know when hackers find exploits into something like an automobile that it was just pure negligence, it just hasn’t been a consideration. I think what you and I and others have noticed is that over the years the design process for industrial control has begun finally to evolve the things that are consistent with the principles that we all understand.

For example, it makes absolutely no sense from a hacking perspective to build a “bus” that connects up you know open IT connected or internet-facing like entertainment type things in a car to the safety control systems in an automobile that might be remotely managed in some center. Maybe in the beginning when people first got that idea it sounded like a great convenience, but we all know now that it violates about every tenet of cyber security architecture that we built up over 20 years.

So, what we wrote about in the articles is this idea that it is time now, to really examine and focus on and improve the architecture of the systems that either control, or operate, or provide safety for, somehow integrated into an industrial control environment. One of these you write about was kind of the famous exploit that was demonstrated by Charlie Miller and Chris Valasek in 2015 where they used a zero-day to break into a Jeep. I personally didn’t approve that they’ve done it on a live highway, but it is what it is. It did raise a lot of awareness.

Learning is an important initiative at this point, it’s that design considerations consistent at least privilege with segregation of duty, with separation architecture, with minimizing trust between different components – all the things that we learn in IT security 101 are now finally moving into SCADA and industrial control environments. and I think we’re finally seeing some of these designs improved.

Right now, putting things like for example, Waterfall, your team built a wonderful device that separates and segregates one environment from another on the premise that you know there might be some dangerous stuff there. I think commensurate with that, it would make sense also for the things in that IT environment could be less natively accessible because insiders working in that environment are not going to be separated. You’re gonna have that problem – if somebody goes bad who administers locally some equipment, so it can be malware to catch it, could be somebody who just won’t got paid offering compromise.

I think we can look at it holistically. You want good network architecture, and I think you will have improved design for these components. I think that’ll help everything.

Andrew Ginter: I think that’s a great summary Ed, thank you. What we see in the control system world really is reflecting what’s happening in the greater world with as we said in the first piece – a different emphasis – what we see forever in the world of computers and connectivity more generally is that there’s more and more computers everywhere which means there’s more and more software everywhere. We see more and more software control in the control system space every year and we see greater and greater connectivity. Everything’s being connected together, has been for 30 or 40 years out in the world, and it has been increasingly so in the control system space as well.

The essential problem is this: all software has bugs, some bugs or vulnerabilities so all software can be hacked. This is very bad, one software controlling dangerous processes is hacked and every communication path that lets data flow also lets attacks flow. All cyber-attacks are information, and so this trend is, we’re seeing serious investment on the control systems based on hardening the software, hardening the endpoints, but in the end it’s all still software.

The fundamental problem is that all of this software, encrypted or not, hardened or not, still has bugs, still has zero days and is still vulnerable to this increased connectivity to the increased information flows. In a sense, this is the essential problem of control systems, the world of control systems. In the IT world the priority is to protect the data. In the control system world, every piece of information, every piece of data is a threat. The priority in the control system world is to protect us from the data that we find everywhere now.

Edward Amoroso: Yeah, the emphasis is different but to your point the software theme is the same, deja vu all over again when software was introduced to business environments years ago everybody freaked out, it was the beginning of IT security and now you see more or less the same thing. I mean like all that stuff you’re saying about software and connectivity, that’s to save money, right? I mean it’s about to make it easier to run these environments, that’s more convenient, flexible, interoperable, cheaper and then the cycle times are shorter, so that’s going to happen. Nothing you know anybody can do to stop that train, that’s out of the station. So, now it’s imperative that the security corresponding security catch up so Andrew it’s good summary.

Andrew Ginter: Thank you Ed and thank you everyone for joining us. Tune in for our next installment in a little bit.

from Help Net Security https://ift.tt/2Ol3xtO

Connected car security is improving, researchers say

The automotive industry has apparently stepped up their game when it comes to improving connected car security.

According to the latest IOActive report, which was compiled from the results of the company’s extensive research in the field in 2016 and 2017, there has been a significant improvement in front-end cybersecurity, i.e. vehicles’ hardware systems.

Risk ratings have gone down

Since their previous report on the state of vehicle security (released two years ago), the industry has has been tackling the hardening of local interfaces and their efforts have lead to a decrease of vulnerability impact and likelihood, researchers Josh Hammond and Jerel Culliss have noted.

The number of critical-impact vulnerabilities – those that can lead to partial or complete compromise of a component or potential safety concerns, the disabling of a functionality, or disclosure of sensitive personal information – has decreased by 15 percentage points, while the distribution of medium- and low-impact vulnerabilities has increased.

“We’ve seen significant growth in the design of vehicle systems to incorporate security from the start. This includes making sure that the processes that handle data are running with limited privileges, which helps lower the impact of the most likely attacks,” they pointed out.

Also, most vulnerabilities unearthed by IOActive researchers could either only be exploited by advanced attackers or may require another compromise to be exploitable and, as such, they fell into medium- and low-likelihood categories.

Attack vectors and vulnerability trends

The most common attack vectors for the vulnerabilities the researcher discovered in 2016 and 2017 are local and network.

The local attack vector requires an attacker to have a foothold on the system and be able to obtain privilege escalation. The network attack vector includes network traffic (e.g., Ethernet, web) but also cellular network and CAN bus traffic (even if those have bee given their own category in the above graph).

There was also a marked increase in the “serial” attack vector.

“These attacks require physical access to the device and can include reading and modifying firmware, reading data between components, and taking advantage of debugging and test features left in the hardware,” they explained.

“The large increase in local and serial attacks can be attributed to a shift in testing approaches. As security has become a more prevalent concern, more companies are providing documentation and debugging access to help identify vulnerabilities inside their systems. The automotive industry is also taking more of an interest in lower-level security features, like secure boot, which is reflected in the areas we end up testing.”

The most prevalent vulnerability type in their data set was coding logic errors (26%), followed by memory corruption flaws (16%), incorrect utilization of the principle of least privilege (14%), and information disclosure bugs (12%). And the researchers expect the percentage of coding logic errors to increase over time, as security architecture and secure development practices improve.

Prevention

Most of the found vulnerabilities can be prevented by manufacturers following industry best practices (as detailed by groups such as Auto-ISAC and OWASP), to prevent issues like unencrypted and unauthenticated network traffic, unfiltered user inputs, etc.

“The next largest category is secure coding practices, such as using insecure functions and not checking return values. These can mostly be fixed with strong implementation guidelines and enforcing banned functions,” they noted.

“Authentication design may be the most difficult category to fix. These are issues that come from the design of the system, where strong controls are lacking in the system architecture. Fixing these may involve significant changes in how services communicate and how the system is accessed.”

It’s also good to note that their report was based on research they performed just on cars’ hardware systems, and not associated mobile apps, web interfaces and manufacturers’ backend systems, which are likely to be targeted by attackers searching for all kinds of information about the car owners (contacts, location, payment information, etc.).

They also believe that the industry should focus on making over-the-air updates secure, as they are largely delivered by third parties. Singed firmware updates are a good solution for that.

from Help Net Security https://ift.tt/2N88zWb

An investigation into how cyber ready businesses really are

The more cyber ready a business becomes, the better its overall business outcomes. Vodafone’s Cyber Ready Barometer notes 48% of cyber ready businesses are reporting more than 5% increases in annual revenue as well as high stakeholder trust levels. Despite this, the research also shows that only 24% of businesses globally could reasonably call themselves cyber ready.

Cyber readiness, according to the report, is a mix of different measures including cyber operations, cyber strategies, cyber resilience, an understanding of risk and employee awareness. Key findings include:

• Healthcare, technology and financial services sectors are the most cyber ready with retail and education the least
• Businesses in India, the UK and the USA are the most cyber ready while The Republic of Ireland, Singapore and Germany perform less well
• Larger enterprises are most likely to be cyber ready but can be hampered by management and control issues.

One of the more interesting areas undermining cyber readiness has been identified as the disconnect between what employers believe about employee activity and what is actually taking place. For instance, employers of all sizes offering remote working believe a maximum of 46% of their employees work remotely, while 59% of employees report that they work away from the office. This kind of disconnect extends to the use of personal devices to access company data – 43% of companies believe employees use their personal smartphones for work while in reality 63% of employees do so.

The report illustrates that a common challenge for businesses is to align security and cyber policies more closely with employee requirements and behaviours. Employees understand their role in ensuring cyber security with 47% of staff reporting policies are followed but most say there are some types of “work rounds” used. However, 42% of workers say that policies actually hinder their efficiency.

Vodafone Enterprise Cyber Security Lead Maureen Kaplan commented, “There is clearly a common desire for both employees and employers to do the right thing, but a big discrepancy in understanding. This research demonstrates that businesses must create digital cyber security policies, which are compatible with their workforce, not just to tick a box. The report also highlights a link between being cyber ready and business results, understanding your employee behaviour and how to secure it across devices, locations and networks, is more important than ever in a digital world.”

The report also identifies a strong link between success in cyber readiness and reaching a tipping point in overall performance, while delivering competitive advantage in regards to other business KPIs.

For instance, with the most advanced businesses:

• 68% of cyber leaders say they are more focussed on innovation than close competitors
• 65% believe they are more customer centric than less cyber ready competitors
• 59% of cyber ready businesses believe they have a competitive digital advantage.

The Vodafone Global Cyber Readiness Barometer was based on responses from 3,281 consumer/employees and 1,528 business IT decision makers in nine countries around the world accounting for 48% of global services GDP.

from Help Net Security https://ift.tt/2OnNADy

ISACA introduces new credential to build and recognize auditors’ cybersecurity knowledge

Auditors are being required to audit cybersecurity processes, policies and tools to provide assurance that their enterprise has appropriate controls in place. To help them acquire and prove these skills, ISACA—creators of the Certified Information Systems Auditor (CISA) certification—has introduced the new Cybersecurity Audit Certificate Program.

The Cybersecurity Audit Certificate Program provides audit/assurance professionals with the knowledge needed to excel in cybersecurity audits. It provides security professionals with an understanding of the audit process, and IT risk professionals with an understanding of cyber-related risk and mitigating controls.

“Information security has become critical to understanding an enterprise, its risk and its processes,” said Caitlin McGaw, president of Candor McGaw, an executive search provider to Fortune 500 companies in the IT audit and GRC space.

“To add increased value now, IT audit and GRC professionals have to build solid information security skills. This is the golden ticket to short-term success and long-term career sustainability.”

ISACA’s Cybersecurity Audit Certificate exam is bundled with the training of the candidate’s choice—a self-paced online course, a virtual instructor-led course or an in-person training workshop—which teaches more than a dozen skills, including:

• Understanding security frameworks,
• Identify cyber and legal regulatory requirements to aid in compliance assessments,
• Identify weaknesses in cloud strategies and controls,
• Perform cybersecurity and third-party risk assessments,
• Identify the benefits and risks of containerization.

The bundle includes a study guide that introduces candidates to cybersecurity and audit’s role, cybersecurity governance, and cybersecurity operations.

The Cybersecurity Audit Certificate exam is an online and remote-proctored, and can be taken at the candidate’s convenience. Candidates who pass the exam will receive a certificate and digital badge.

from Help Net Security https://ift.tt/2N6bqyU

Hackers are finding creative ways to target connected medical devices

Hackers are leveraging error messages from connected medical devices — including radiology, X-ray and other imaging systems — to gain valuable insights, according to Zingbox. These insights are then used to refine the attacks, increasing the chance of successful hack.

“Hackers are finding new and creative ways to target connected medical devices. We have to be in front of these trends and vulnerabilities before they can cause real harm,” said Xu Zou, Zingbox CEO. “We make it our mission to assist and collaborate with device manufacturers to ensure the security and uninterrupted service of connected medical devices.”

The information gathering phase of a typical cyberattack is very time-intensive, where hackers learn as much as they can about the target network and devices. By simply monitoring the network traffic for common error messages, hackers can gain valuable insight into the inner workings of a device’s application; the type of web server, framework and versions used; the manufacturer that developed it; the database engine in the back end; the protocols used; and even the line of code that is causing the error. Hackers can also target specific devices to induce error messages. With this information, the information gathering phase is greatly shortened and they can quickly customize their attack to be tailored to the target device.

Zingbox’s research discovered that:

• Information shared as part of common error messages can be leveraged by hackers to compromise target connected devices.
• Hackers can “trick” or induce medical devices into sharing detailed information about the device’s inner workings.
• Leveraging this information quickens a hacker’s access to a hospital’s network.

“Imagine how much more effective hackers can be if they find out that a device is running on IIS Web Server, using Oracle as backend and even gathering usernames,” said Daniel Regalado, principal security researcher at Zingbox. “That will help them to focus their attack vectors towards the database where PHI data might be stored.”

The research also revealed that the healthcare industry has made great strides in collaborating across providers, vendors and manufacturers: there was rapid response and a willingness to generate patches for their medical devices from three out of seven manufacturers whose devices were included in the study. However, there is still work to be done to bring the urgency of these findings as well as increased collaboration between security vendors and device manufacturers.

from Help Net Security https://ift.tt/2Qg7ld9

Organizations apply stronger PKI security controls due to their increasingly critical role

The Internet of Things is the fastest growing trend driving the deployment of applications that use public key infrastructure as evidenced by the Thales 2018 Global PKI Trends Study.

The report, based on independent research by the Ponemon Institute, reveals continued and increased reliance on PKI as a core enterprise asset and a root of trust. Over the past few years, cloud applications, and now the IoT, are the newest disrupters to future PKI planning as organizations not only tend to the digital certificate needs of today, but must also simultaneously prepare for the future – a future with never-before-seen diversity and scale.

While many of the traditional challenges to PKI adoption remain, such as a lack of clear ownership (70 percent), organizations are increasingly hiring PKI specialists and investing in additional security controls such as multi-factor authentication (62 percent). The findings, which reflect the responses of 1,600 IT security practitioners, demonstrate the current state of PKI maturity while hinting at future trends:

• In the next two years, almost half (42 percent) of IoT devices will use digital certificates for authentication
• As the IoT continues to grow, 27 per cent believe PKI deployments for device credentialing will live in the cloud, with 43 percent a combination of both enterprise and cloud
• Enterprises are beginning to encrypt data from IoT devices with 49 percent of respondents either extensively or partially encrypting their IoT device data
• IoT is the top trend driving deployment of PKI-enabled applications with a 23 percent increase from 2015
• Ranking important PKI capabilities necessary for IoT deployments, 45 percent of respondents cited scalability to millions of managed certificates as most important, followed by 39 percent who cited online revocation
• The use of hardware security modules (HSMs) to secure PKI digital certificates to form a root of trust and enable strong authentication has increased to 39 percent
• Forty-four percent of companies in the healthcare/pharmaceutical sector believe the IoT is one of the top two trends driving deployment of PKI applications
• The industrial/manufacturing sector led the charge in growth of PKI usage with an average of 43,000 certificates under management.

“In this era of digital transformation, where companies are deploying digital technologies to improve their operations, deliver value to customers and gain competitive advantage, IoT initiatives invariably are the backbone of those efforts. Huge amounts of data are generated by and collected from a rapidly growing number of IoT devices, with the cloud playing a pivotal role in IoT solutions of the future. But there’s no point in collecting and analyzing that data, and making business decisions based upon it if you’re not able to trust the devices or their data. For safe, secure IoT deployments organizations need to embrace time-tested security techniques, like PKI, to ensure the integrity and security of their IoT systems,” said John Grimm, senior director security strategy, Thales eSecurity.

from Help Net Security https://ift.tt/2xM1yFu

Are communications service providers confident in open source networking solutions?

The Linux Foundation announced the results of an industry survey to gauge industry perceptions of open source across networking technologies. Top takeaways from the survey indicate an increasing maturity of open source technology use from operators, ongoing innovation in areas such as DevOps and CI/CD, and a glimpse into emerging technologies in areas such as cloud native and more.

Conducted by Heavy Reading, the multi-client survey spanning six segments across networking technologies – DevOps, automation, cloud native, big data and analytics, open networking performance, software-defined networking (SDN), and management and orchestration (MANO) – indicates continued and increasing importance of open source software for network transformation.

Key findings indicate CSPs show an unexpected level of sophistication around new technologies and approaches, including adoption of open networking solutions in numerous domains and active automation of processes across operations.

“From the number of CSPs expecting open source to be a critical component of next-gen networks, to the growing importance of emerging technologies like DevOps and cloud native, it’s encouraging to see open source continue to mature and watch real progress unfold,” said Heather Kirksey, Vice President, Ecosystem and Community, LFN.

The survey includes responses from 150 CSP representatives across 98 discrete companies worldwide. Bringing an unprecedented look at operator perceptions and experience of open source networking technologies, the survey delivers a comprehensive look at the state of open source in networking today.

Growing importance and maturity of open source

Combined with an overwhelming confidence in open source performance,98 percent of CSPs are confident that open networking solutions can achieve the same level of performance as traditional networking solutions. CSPs are increasingly leveraging open source software in production. 69 percent are using open source networking solutions in production networks, signaling a real staying power.

SDN in particular is seeing strong deployment, with nearly 60 percent of CSPs reporting they have either already deployed SDN (39 percent), or are currently trialing SDN (20 percent). Open source is key to SDN solutions; 86 percent of respondents indicated it’s important that the SDN products their company uses are open source.

Remarkable innovation: DevOps & CI/CD

With 77 percent of respondents seeing DevOps as either essential (41 percent) or important (36 percent) to the long-term success of service delivery at their company, the survey indicates focus has shifted from whether to adopt this approach to the more operational elements of how and when to best roll it out.

While the stage at which CSPs are in their DevOps journey is split, an impressive 67 percent have implemented some aspect of DevOps and 22 percent are evaluating DevOps tool chains and methodologies. Less than 1 percent have no plans to adopt DevOps.

On the horizon: Cloud native and infrastructure as code (IaC)

While open source is reaching a new level of maturity among telcos generally, some strategies are still being defined among more emerging technologies:

Cloud native – the journey towards cloud native network functions (CNFs) is in the early stages:

• Only 5 percent have already adopted Kubernetes and are running production workloads on it, including VNFs/CNFs.
• Another 34 percent say they are considering adopting Kubernetes/OpenShift but haven’t yet.

Infrastructure as Code (IaC) strategies are still developing, with 35 percent of CPS respondents considering adopting Infrastructure as Code (IaC) while 22 percent have adopted but are working through challenges.

The survey findings show open source has become core to the ways in which service providers are reinventing their networks and basic assumptions on how networks are managed has evolved. The journey so far has come with both successes and challenges that LFN, with collaboration from its membership and broader community, is committed to helping resolve.

from Help Net Security https://ift.tt/2Ohia1o

Blue Cedar collaborates with OpenSSL, Akamai, NetApp, and VMware to develop FIPS module

Blue Cedar has joined an industry initiative to develop the open-source FIPS 140-2 module for OpenSSL. Blue Cedar will collaborate with Open SSL, Akamai, NetApp, and VMware, in the effort to upgrade and improve secure data transfers using the OpenSSL cryptographic library.

Updating the open source FIPS 140-2 module, which is used by millions of web servers and internet-connected devices, will make it easier for companies to comply with the TLS and SSL open source cryptographic standards.

FIPS (Federal Information Processing Standard) 140-2 is the accepted certification standard used by government agencies, financial, healthcare, and other industries as the de facto standard for certification of the cryptographic modules used within commercial and open source products.

FIPS 140-2 certification ensures cryptographic protection for data at rest and data in transit across networks.

The current FIPS 140-2 module for OpenSSL is overdue for an upgrade. The last significant update was in 2012, and encryption standards have evolved since then.

Until a FIPS 140-2 cryptographic module is available for OpenSSL, federal agencies and organizations are forced to rely on older, less secure implementations of OpenSSL.

“Today, if a small company wishes to engage with a government, bank, or healthcare system, it can do one of two things to meet the FIPS 140-2 certification requirement: build its own cryptographic library or buy one at great expense,” said Kevin Fox, CTO at Blue Cedar.

“We are proud to be joining with other key players in the Free and Open Source Security (FOSS) community to develop an option that will maintain an open standard with truly secure cryptography that is accessible to all.”

Blue Cedar, which specializes in in-app security solutions that protect mobile and other edge apps and data whenever and wherever they are used, is contributing its expertise and other resources to the FIPS 140-2 module development effort.

Last month, an expert team of Blue Cedar security engineers took part in a face-to-face meeting in Brisbane, Australia where members of the consortium and partner organizations focused on a modernized implementation of FIPS 140-2 that can support the community now and in the future.

from Help Net Security https://ift.tt/2xRsiUm

Continuum expands cloud capabilities in remote monitoring, backup and security

Continuum announced new cloud capabilities across its IT Management Platform. In an age of digital transformation and multi-environment infrastructures, IT service providers need a management platform that can support their end-clients’ needs across multiple environments and use cases.

Recognizing this demand, Continuum has enhanced its IT management platform’s capabilities to monitor, manage, and back up in Azure, giving partners opportunities to succeed in cloud.

These new capabilities include the extension of remote monitoring and management in Azure cloud services, allowing providers to take advantage of the Continuum platform when working with clients leveraging Azure environments.

On the backup and disaster recovery front, the introduction of backups for Azure instances ensures that providers can provide BDR services for their end-clients at a time when data security is mission-critical.

The expanded cloud support follows similar cloud developments for the Continuum Security portfolio. The suite of security solutions now also supports configuration and treat monitoring in Microsoft Office365.

“Continuum’s emphasis on delivering multi-environment cloud support reflects the new and increasing business requirements of digital transformation and multi-environment infrastructures,” said Bill Hughes, Product Manager, Continuum.

“By offering support of multiple cloud options across our core product line, we’re furthering our investment in building a best of breed platform for infrastructure management for MSPs.”

from Help Net Security https://ift.tt/2R6jC5t

Ixia delivers visibility into network traffic through Microsoft Azure Virtual Network TAP

Keysight Technologies announced it has extended the Ixia CloudLens visibility platform to provide packet-level visibility into virtual machine network traffic through Microsoft Azure Virtual Network Terminal Access Point (TAP).

Cloud adoption is ubiquitous with 92 percent of companies reporting they have adopted the public cloud, according to the RightScale 2018 State of the Cloud Report. As cloud adoption increases, security concerns intensify.

According to Gartner, clouds are secure, but organizations are often not using them securely. Further, Gartner states that through 2022, at least 95% of cloud security failures will be the customer’s fault.

In a public cloud environment, traditional methods for gaining packet-level visibility can sometimes be challenging. Users installed sensors within their workloads for packet visibility. These agents/sensors compete for resources on the workload for operation and introduce added complexity.

The CloudLens Software-as-a-Service (SaaS) platform was designed to retain the benefits of the cloud – scale, flexibility, and agility, while enabling security, analytics, and forensics tools to acquire the packet-level data.

CloudLens now offers an Azure feature that enables customers to mirror virtual machine network traffic which can then be filtered, replicated and forwarded to the analysis tools.

“Security is a shared responsibility between the cloud provider and the hosted organization, so we joined with Microsoft Azure and our technology partners to help our customers secure their clouds more effectively,” said Scott Westlake, vice president, Alliances for Keysight’s Ixia Solutions Group.

“CloudLens enables customers to use the Microsoft Azure Virtual Network TAP to gain network traffic visibility and ensure the security and performance of their Azure cloud-based applications.”

CloudLens provides a sensor that can be configured through API’s from Azure Infrastructure as a Service (IaaS). This enables the user to forward network traffic to the CloudLens Sensor without the need to install a sensor in every workload.

“Deploying RSA NetWitness Platform is critical to maintaining consistent security visibility across hybrid environments while customers are in the process of migrating workload to the cloud. Ixia CloudLens works with Azure’s new Virtual Network TAP to streamline collection of the necessary packet level data from Azure instances for security monitoring and analysis via the RSA NetWitness Platform.”, said Matthew Chase, Senior Manager, Technical Alliances, RSA Security, LLC

“Wire data analysis is vital to monitor and manage applications migrated to Microsoft Azure for IaaS hosting, particularly in hybrid on-premises and cloud deployments. Ixia CloudLens, combined with Azure Virtual Network TAP, provides Dynatrace’s Network Application Monitoring solution the complete visibility it needs in an easy to deploy and scalable way. This joint solution complements Dynatrace’s agent-based solution for Azure native applications.”, said Krzysztof Ziemianowicz, Technology Strategist, Dynatrace

“Eastwind Networks offers customers ubiquitous breach analytics across public Cloud IaaS, private infrastructure, and SaaS. With data collection service powered by Ixia CloudLens, and in concert with Microsoft Azure Virtual Network TAP, our customers gain seamless access to the packet level data required for Eastwind to provide full context and detail into security breaches that occur on their Azure hosted workloads.”, said Paul Kraus, CEO, Eastwind Networks

from Help Net Security https://ift.tt/2OWexLA

Booz Allen launches District Defend, new location-aware technology

Booz Allen Hamilton announced the availability of new mobility technology — District Defend — that uses security protocols to make the management of mobile devices like tablets in sensitive and classified environments easier and less complex.

District Defend, available on select Dell computers, brings the benefits of mobile computing to the public sector, unlocking opportunities to collaborate, work from more places, and handle different types of data while mitigating security threats that have hampered mobility adoption within government.

According to a new survey of federal decision-makers commissioned by Booz Allen, a major factor limiting the government’s ability to adopt mobile technologies is the tension between mobile workplace practices and security standards.

Nearly 6 out of 10 respondents note they have security controls that inhibit mobility in the workplace. And yet, three-quarters of respondents (74%) feel it is important for their organization to have mobility.

“Mobility traditionally comes at a cost for government users, restricting productivity and collaboration in favor of stricter security,” said Dee Dee Helfenstein, a Booz Allen Senior Vice President and leader of the firm’s Solutions Business.

“District Defend empowers government users managing highly sensitive and classified environments to mitigate security breaches from human error, limit advanced attacks, increase enterprise mobility, and enable secure communication. Simply put, District opens a world of possibilities for agencies managing data across multiple locations.”

District Defend technology combines RFID and military-grade security to create “Districts”—each a distinct physical location with varying levels of security access.

For example, when a District Defend-enabled device crosses into the perimeter of a secure location, the technology pushes the security protocols to the device —regardless of whether the device is powered on.

These security rules can enable access to networks as appropriate and disable firmware functions that could capture and transmit secure information like the capability to record, use USB ports and access fraudulent networks.

When the device leaves the secure location, access to sensitive information is closed off and encrypted with full functionality restored once the device re-enters an authorized location.

District Defend could lower costs for the U.S. government while increasing the efficiency of government workers. Government employees use a multitude of different devices and computers to manage information: unclassified devices that cannot enter a classified location and classified devices that require different levels of security based on the information being accessed.

District Defend-enabled devices give government employees a single device they can bring back and forth between spaces while keeping information contained and secured—serving as leadership-briefing books, on the go computers, enterprise desktop replacements and more.

District-enabled devices are ideal across a variety of scenarios, including:

• Mixed use buildings: Many buildings with classified spaces have rooms with different classifications, including controlled unclassified spaces (e.g., conference rooms), and common unclassified spaces (e.g., lobby or cafeteria). District Defend-enabled devices can adjust to their environments and enforce security policies for each space as the device is carried around the building.
• Locked in transit: Devices in transit from manufacturing plant to end user are often at risk of compromise. District Defend allows for devices to be disabled and encrypted until they reach their desired destination, reducing the risk of breaches.

“District Defend, currently on the Dell Latitude 5290 2-in-1 device, will eventually be available on the full range of our mobile computers,” says Steve Harris, general manager and vice president of Dell EMC’s federal business.

“The pairing represents an ideal marriage of hardware, firmware, operating system and applications to create a tightly secured system.”

In addition to the application of District Defend to help protect classified government information, the technology is adaptable to the private sector.

In the future, it could help secure personally identifiable information and protect intellectual property and proprietary information – a threat that costs U.S. businesses hundreds of billions of dollars annually.

from Help Net Security https://ift.tt/2N5U4lK

Aerohive expands cloud-managed SD-WAN portfolio with new XR600P branch router

Aerohive Networks announced its XR600P SD-WAN branch router is now shipping. The XR600P is the latest addition to Aerohive’s growing SD-WAN portfolio, designed to simplify the management, performance, and support of remote access networks.

Combing Aerohive’s Cloud Networking technologies, virtualized network services, and a software-defined architecture, Aerohive’s SD-WAN solution complements its SD-LAN offering to provide a HQ-like network experience for every user and device, regardless of location.

The XR600P, Aerohive’s highest capacity SD-WAN router, capable of operating as both VPN client and server, offers larger branches increased throughput, secure application-aware traffic shaping and monitoring, end-to-end QoS, and dynamic link prioritization.

Managed by HiveManager, Aerohive’s cloud-management platform, Aerohive’s XR routers can be deployed with ease and at scale alongside Aerohive’s switches and access points for a full-stack distributed access network solution.

Aerohive is investing in its branch routing solutions to help multi-site organizations benefit from reduced network cost and complexity, deployments, identity-driven secure access, and automated fault remediation.

from Help Net Security https://ift.tt/2R5vrZm

The 10 Best Deals of September 27, 2018

5 rules for better drinking at a beer bar

Here's the Streaming Video Service That's the Best Bargain for Your Money

Facebook Is Giving Advertisers Access to Your Shadow Contact Information

Use Freeze-Dried Fruit to Color Your Frosting

Microsoft Office 2019: Everything You Need to Know

All the Information You Need to Vote in the 2018 Midterm Elections

eBay's Taking 15% Off Basically Everything For a Few Hours - Here's How to Make the Most of It

How to Fix a 'CPU Temperature Error' When Your Computer Gets Too Hot

I Have $80,000 To Spend On My Dream Car, But It Must Fit Two Car Seats! What Should I Buy?

What to Do If Your Snapchat Streak Disappears

Chronicle announces VirusTotal Enterprise with greater search and analysis capabilities

Chronicle, the cybersecurity subsidiary of Google’s parent company Alphabet, has announced VirusTotal Enterprise, which is aimed at helping enterprises protect their own networks.

About VirusTotal Enterprise

VirusTotal is a well-known website/online service that allows anyone to check whether a submitted file or URL is detected as malicious by a variety of antivirus products and website/domain scan engines.

VirusTotal Enterprise will allow (paying) users to search for malware samples (using VT Intelligence), hunt for future malware samples (using VT Hunt with YARA), analyze malware relationships (using VT Graph), and automate all these tasks with the service’s API.

Improved search and more powerful data visualization

The new malware n-gram content search will increase search speed dramatically and improve search accuracy as it allows users to use additional parameters such as common icons across files, spam emails sharing a common visual layout, and so on.

The service will provide new details about uploaded malicious files, including things like embedded domains, IP addresses, and interest-ranked strings.

Private Graph allows enterprise security analysts to manually add information about their company’s internal infrastructure to create more helpful visualizations of malware relationships.

“The purpose of this feature is to help with an investigation, so the information that would be linked would most likely be machine names, user names, etc. internal to an organization – not the organization’s customer information,” Brandon Levene, Head of Applied Intelligence at Chronicle, told Help Net Security.

“That being said, think of this like putting a short list of machine names in a file in a secure drive. It’s not shared with VirusTotal users except those that you explicitly indicate. It’s not scanned for purposes outside of showing the graph, and these graphs aren’t visible to the general VirusTotal user population. It’s similar to putting a file with some machine names in a Google drive that you share with a handful of people. We don’t know what’s in the file and don’t share it or scan it. The whole purpose of Private Graph is to make it easier for analysts to protect their information during an investigation and to enable secure team collaboration.”

Private graphs can also automatically extract commonalities from nodes, to identify indicators of compromise.

Finally, with VirusTotal Enterprise comes a new, unified interface across the free and paid VirusTotal sites, new API management of corporate groups, and the option of using existing two-factor authentication to secure access to VirusTotal Enterprise accounts.

Availability

“The new service does not bring any changes in the company’s relationship with their AV partners. It is centered on making the features in VirusTotal (i.e., searching, access control, graphing) more powerful for customers,” Levene explained.

“The service is available globally and the new features (Private Graph, n-gram search, extended retrohunts, etc.) will be available as licensed add-ons on top of the existing VirusTotal packages.”

from Help Net Security https://ift.tt/2xIM6u1

Aioli Is Not 'Fancy Mayonnaise'

The Anatomy of a Perfect Bar Cart

A bar cart is a deeply personal part of the home, but there are still certain basics you should keep around to make all your favorite classic cocktails. Here we show you the essentials you need to build a functional, adult, properly-stocked cart of booze. Once you have a handle on these elementary building blocks, feel free to play around. Want to dive into tiki? Expand your rum selection. Need a margarita? Add tequila. If you’re anything like me, you’ll eventually end up with a cart that is mostly amaro and liqueur, and that’s okay.

from Lifehacker https://ift.tt/2Io3d8c

Thursday's Best Deals: All-Clad, Instant Pots, Computer Components, and More

Watch These Timeless TV Shows With Your Kids

Cryptojacking – coming to a server-laptop-phone near you (and how to stop it)

Your Notifications Are Lying to You

Splinter LIVE BLOG: The Christine Blasey Ford and Brett Kavanaugh Senate Hearings | Deadspin Fiancé

Splinter LIVE BLOG: The Christine Blasey Ford and Brett Kavanaugh Senate Hearings | Deadspin Fiancée Of White Sox Pitcher Jace Fry Appears To Nuke Their Engagement Via Instagram | The A.V. Club South Park addresses mass shooting fatigue in an intriguing-but-uneven premiere | Jezebel Naomi Campbell on Kendall Jenner: ‘Next Question’ | The Root It Ain’t Worth It: Only Black Woman in Vermont Statehouse Resigns After Sustained Racial Harassment |

from Lifehacker https://ift.tt/2QbuPAs

How to make the McAffogato, the classiest McDonald's menu hack

A 'Microshift' Is Going to Change Your Life, Not an Epiphany

The Best Skillet Money Can Buy Has Never Been Cheaper

How to Fix Connectivity Issues on Your iPhone XS

The Best Rochester, NY Travel Tips From Our Readers

Counting People Through a Wall with WiFi

LoJax: First-ever UEFI rootkit detected in a cyberattack

ESET researchers have discovered a cyberattack that used a UEFI rootkit to establish a presence on the victims’ computers. Dubbed LoJax, this rootkit was part of a campaign run by the infamous Sednit group against several high-profile targets in Central and Eastern Europe and is the first-ever publicly known attack of this kind.

Boot process of a system infected by the UEFI rootkit

“Although, in theory we were aware that UEFI rootkits existed, our discovery confirms they are used by an active APT group. So they are no longer just an attractive topic at conferences, but a real threat,” comments Jean-Ian Boutin, ESET senior security researcher who led the research into LoJax and Sednit’s campaign.

UEFI rootkits are extremely dangerous formidable tools for the launch of cyberattacks. They serve as a key to the whole computer, are hard to detect and able to survive cybersecurity measures such as reinstallation of the operating system or even a hard disk replacement. Moreover, even cleaning a system that was infected with a UEFI rootkit requires knowledge well beyond the reach of a typical user, such as flashing the firmware.

Sednit, also known as APT28, STRONTIUM, Sofacy or Fancy Bear, is one of the most active APT groups and has been operating since at least 2004. Allegedly, the Democratic National Committee hack that affected the 2016 US elections, the hacking of global television network TV5Monde, the World Anti-Doping Agency email leak, and many others are believed to be the work of Sednit.

The discovery of the first-ever in-the-wild UEFI rootkit serves as a wake-up call for users and their organizations who often ignore the risks connected with firmware modifications.

“Now there is no excuse for excluding firmware from regular scanning. Yes, UEFI-facilitated attacks are extremely rare, and up to now, they were mostly limited to physical tampering with the target computer. However, such an attack, should it succeed, would lead to the full control of a computer, with nearly total persistence,” comments Jean-Ian Boutin.

from Help Net Security https://ift.tt/2NOd7q0

Apple DEP vulnerability lets attackers access orgs’ resources, info

An authentication weakness in Apple’s ​Device Enrollment Program​ (DEP) may allow attackers to enroll any device into an organization’s Mobile Device Management server and, consequently, to obtain privileged access to the private resources of an organization or even full VPN access to internal systems.

In addition to this, the provided DEP profile may contain information about the organization (email addresses, phone numbers) that could be used to mount successful social engineering attacks against company employees.

The vulnerability

The vulnerability was discovered by Duo Security researchers while probing Apple DEP’s security.

“Our research focused on the details of how some of the undocumented DEP APIs work, specifically those that are used by Apple devices to communicate and enroll with the DEP service. Through this research, we found that because of the way DEP is implemented, it only uses a device’s serial number to authenticate to the service prior to enrolment,” James Barclay, Senior R&D Engineer at Duo Labs, explained.

“Also, while Apple’s MDM protocol supports user authentication prior to MDM enrollment, it does not require it – meaning many organizations are currently protecting device enrollment with the serial number alone.”

Unfortunately, serial numbers of Apple devices are predictable and also often found online, and this info can be exploited to query the DEP APIs.

For those interested in an in-depth report about the vulnerability and the actual research that resulted in the discovery, Duo Security has released an extensive technical report.

What now?

“It’s impossible for us to know the full size or scope of devices that this DEP issue impacts, but every customer using Apple’s DEP service is affected. However, it’s worth remembering, not every Apple enterprise customer that deploys Apple devices in their corporate IT environment uses Apple’s DEP service,” Barclay noted.

Apple has, of course, been notified of the find earlier this year, but has yet to do something about it.

The researchers recommended that Apple add strong authentication of devices going throug the DEP enrolment process, rate-limit requests to the DEP APIs and limit the information returned by the API endpoints. Not relying on serial numbers as a sole authentication factor has also been put forward as a solution.

“In the meantime, Apple customers using DEP can protect themselves by requiring user authentication prior to MDM enrollment, or by not trusting devices simply because they’re enrolled in MDM,” Barclay concluded.

from Help Net Security https://ift.tt/2NMXYoD