PRODUCT REVIEW: Teramind Employee Monitoring Software

Today we are reviewing Teramind User Behavior Monitoring Software, designed to monitor and track employee activity, detect anomalous behavior, and protect against insider threats. Insider leaks can lead to significant financial and reputational damages for organizations and compromise internal applications and systems. The Teramind approach is user-centric and focuses on individual actions. Teramind focuses on helping organizations understand the chain of events, shape user behavior, and combat the internal threat via automated risk detection and prevention. The process is easy:

1. Organizations identify what they believe to be dangerous behavior
2. Rules are defined in Teramind
3. Teramind begins to monitor and enforce your policies

By creating a baseline and understanding normal user activity such as emails, instant messages, file transfers, and USB use, Teramind can pinpoint anomalies within computer usage patterns and identify insider leaks and data compromises.

Teramind also blocks potentially threatening activities from occurring. Using rule-based risk analysis, organizations can pre-define malicious behavior and company policies to identify company weak spots and implement security policies.

Additionally, organizations have reports of each rule violation and the ability to access a full video recording of the violations in order to have all the information needed for IT forensic investigation.

Rule-Based Risk Analysis of Insider Threats

Cybersecurity apps should apply protection intelligently, rather than putting up the strongest conceivable barriers in every possible location. And this is precisely the approach Teramind takes, by analyzing trends in employee behavior to identify which are most risky to your organization. This process of analyzing behavior will be unique to each organization. Therefore, Teramind enables you to write unique rules, such as alerting when a certain document is being printed.

Detect & Block Malicious Activity

With Teramind, you can go a step further than auto-alerts, and actually prevent malicious users from causing damage:

• Configure rules to notify, block, redirect, log out, or even lock-out the user depending on the severity of the offense.
• Configure alert on any user behavior, including web, email, keystrokes, file transfers, instant messaging, and more.
• Block e-mail from being sent, on any platform, if they match certain criteria
• Prevent a user from instant messaging on a specific platform, or with specific users
• Block websites or limit usage of website to certain times
• Lock-out users pending administrator unlock for any action
• Stop users from writing to USB key, or uploading to a cloud drive, or sending certain e-mail attachments.

Intelligent Session Mining

Intelligent Session Mining uses optical character recognition (OCR) to index all text that appears on a screen, even in images, remote desktops, and Java apps. Administrators can find instances when employees saw specified text on a screen and build rules around the action, such as blurring the text in recordings, shutting down the app, notifying or locking out the user. This is particularly useful in scenarios such as alerting when users see a full credit card number on the screen, counting how many times a user saw a sensitive record, or building behavior rules into applications that are not parseable.

Employee Productivity Monitoring

Compared to similar offerings, Teramind has extensive monitoring features and an exceptional user experience. By telling Teramind which apps and websites you consider productive, you can get reports on how employees are spending time and automatically alert users when they’ve exceeded your established thresholds. While such alerts may be slightly creepy, they can help your organization discourage unproductive activity and get instant ROI. You can also be competitive as an employer by offering the benefit of remote work, while continuing to monitor employee productivity.

Regular Upgrades

Teramind is a relatively young product. Founded in 2014, Teramind announced its public launch in March 2016, although by that point the technology had already been in use by large corporations and dozens of startups worldwide.

The firm has maintained a rapid pace of innovation, having released in June 2017 a new anomaly detection feature based on machine learning algorithms. The feature is unique in its abilities to automatically quantify and analyze internal employee data, identify internal security anomalies, and prevent the occurrence of internal data leaks.​ (We just released an additional feature at the RSA conference this week.

What Customers Say

Teramind was awarded Gold and Excellence badges from TopTenReviews, and is also listed as a Best Pick by ​Business.com​ and PC Magazine. The solution has been reviewed ​more than 35 times​ ​on Capterra​ and scored an impressive average of 4.5 out of 5 stars.

More information: https://www.teramind.co

 

The post PRODUCT REVIEW: Teramind Employee Monitoring Software appeared first on Cybersecurity Insiders.

May 01, 2018 at 03:21AM

Read More

Someone hacked this highway sign & defaced it with “Hail Hitler” text

By Waqas

On Friday at 2:30 am Arizona highway sign was hacked as in

This is a post from HackRead.com Read the original post: Someone hacked this highway sign & defaced it with “Hail Hitler” text

May 01, 2018 at 12:05AM

Read More

Firewalls: What They Are & Why You Need Them

By Uzair Amir

There are some phrases that you hear bandied about, and

This is a post from HackRead.com Read the original post: Firewalls: What They Are & Why You Need Them

April 30, 2018 at 08:52PM

Read More

Patching Frequency Best Practices

A client asked the other day for guidance on best practices regarding how often they ought to patch their systems. My immediate thought was “continuously.”  However, most small to mid-sized enterprises don’t have the resources for that.

If you go to a source such as the Center for Internet Security they talk about patching as a critical security control and say you need a formalized program of patch management to “regularly update all apps, software, and operating systems.” But they don’t say much about how or how often this should be done.

Patching Frequency Best Practices from DoD

So, I hearkened back to the days when I was performing security audits for the Army. I probably did more than 500 of these on every type of system – from a small, rack-mounted tactical command & control server in the back of a Humvee to a 350,000-user wide area network in all 50 states. I started in the 1990s with the Department of Defense (DoD) Information Technology Security Certification & Accreditation Process (DITSCAP), and then moved to the DoD Information Assurance Certification and Accreditation Process (DIACAP), and finally the Risk Management Framework (RMF) that is in use today.

Typically, whenever we assessed those Army systems, if they had any missing patches or antivirus updates for more than a week, we would fail them. But when I researched this recently, I couldn’t find an Army or DoD reference to support this timeframe. You would think the DoD would have a best practice in place for that!

The Defense Information Systems Agency (DISA) publishes Security Technical Implementation Guides (STIGs), which are checklists for security hardening of information systems/software “that might otherwise be vulnerable to a malicious computer attacks.”  These outline security best practices for a variety of technologies – e.g., Windows OS, networking devices, database, Web, etc.

The STIGs serve as the reference guides for all of DoD and represent what I would call “high assurance” best practices.  In fact, we used to joke that if you followed all of the STIG guidance, you would “brick” your system! There is, of course, always a tradeoff between system security and usability.

There is also doctrine on security controls (including patching /updates) in various guides such as the NIST SP 800-53 Risk Management Framework the DoD Cybersecurity Discipline Implementation Plan.

Upon examining all of these, I found that they actually provide varying advice on patching/update frequency – based on the criticality of the system, level of data being processed, or criticality/impact of the patches to be implemented.

The current objective for all patching in the DoD, according the Cybersecurity Discipline Implementation Plan, dated February 2016 is: “All DoD information systems have current patches within 21 days of IAVA patch release.” In addition: “Systems with high risk security weaknesses that are over 120 days overdue will be removed from the network.”

Note that an IAVA is an Information Management Vulnerability Alert, which generally starts at the US Computer Emergency Response Team (CERT) level, and then is promulgated down to US Cyber Command and the Cyber Commands of the military service branches.  These represent the most critical vulnerabilities for which all US government systems must be patched.  We can also use this as a best practice for anyone running a high-security commercial system.

To summarize DoD guidance / best practices on security patching and patch frequency:

1. You must apply security patches in a timely manner (the timeframe varies depending on system criticality, level of data being processed, vulnerability criticality, etc.) in accordance with the Information Assurance Vulnerability Management (IAVM) process. 
2. IAVM process: All systems must install all IAVAs and IAVBs (bulletins) immediately, and report back to the command within 21 days.
3. Windows security patches must be installed “immediately” using automated patching methods 
4. Database patches must be applied quarterly in accordance with the patch release cycle 
5. Antivirus updates and scans must be run at least weekly 

Patching Frequency Best Practices

In general, the following is my advice for patching frequency best practices:

1. Run scheduled monthly vulnerability scans utilizing AlienVault Unified Security Management (USM) Anywhere built-in network vulnerability scanner to check for vulnerabilities and misconfigurations in your cloud, on-premises, and/or hybrid environment.
2. Besides the scan reports, you should also research vulnerabilities for all Windows, desktop applications, and so forth on a monthly basis. The AlienVault Open Threat Exchange (OTX) Pulse feed is a good place for this. There is also the classic BugTraq mailing list and the National Vulnerability Database feed
3. Download and regression test the patches on a staging system (to make sure they don’t break anything) before deploying to the enterprise.
4. Critical vulnerabilities that have published exploit code should be given the highest severity weighting and be addressed immediately – not waiting for a patching cycle.
5. Organizations with an automated patch distribution mechanism often establish a short timeframe (average is about 48 hours to one week) for the testing and distribution of critical patches.
6. Finally, if this still sounds daunting (and it should), you may want to engage with a comprehensive Managed Security Services Provider (MSSP), such as Abacode to handle all this for you. We know IT folks don’t have the bandwidth to deal with all of this, given all their other duties just to keep the network up and running. Also, it does require continuous research to stay on top of all the latest threats and vulnerabilities. So, it makes sense to engage with someone who has the expertise and can manage this for you.

      

The post Patching Frequency Best Practices appeared first on Cybersecurity Insiders.

April 30, 2018 at 09:09PM

Read More

After Facebook Twitter gets entangled in Cambridge Analytica data scandal

Mark Zuckerberg, the founder of Facebook has made it official early this month that his company did share details of its 87 million US users with British Political Consulting Firm Cambridge Analytica. He also testified his statement before the Congress and added that he and his company will from now on follow strict rules when it comes to protecting the privacy of users and will never-ever allow companies play with its user data in near future.

Now, a report published in ‘The Sunday Telegraph’ suggests that another popular social networking website named ‘Twitter’ also shared its user data with the political consultancy firm in 2015.

University of Cambridge former professor Aleksander Kogan who was then in-charge of Cambridge Analytica said that Twitter supported his company’s ‘Global Science Research(GSR) by supplying info related to tweets, usernames, photos, profile pictures and location data for over a 5-month period i.e between December 2014 and April 2015.

Note 1- Normally Twitter charges very heavily for sharing data of users en masse. But in this case, the info relating to the financial gains is still being maintained as a secret.

However, Kogan added that the data was used to create brand reports and survey extender tools and the info was never used against the policies of Twitter.

Meanwhile, a spokesperson from Cambridge Analytica said that the company did use the information shared by Twitter for political advertising. But insisted that it never participated in the GSR or any such campaign mentioned by Kogan.

Note 2- Cambridge Analytica(CA) in the name of GSR developed a Facebook app named “This is your Digital Life” that reportedly collected data from the people in the name of supporting a research program for psychologists. Around 270,000 Facebook users in America is said to have downloaded the app and gave permission to it to access data from their respective profiles including their likes and friends list. But in reality, the data was used by CA to know the pulse of US voters in the upcoming US 2016 elections.

Now news is out that Twitter also shared the data of its users in support to the campaign and this news was leaked out on last weekend to The Sunday Telegraph.

Note 3- An undercover interview of Cambridge Analytica’s suspended CEO Alexander Nix was about to be aired by Channel 4 in November 2017. But the broadcast was blocked by some top-notch politicians from the trump administration at the last minute.

Yet another article from the Sunday Telegraph which accuses Trump getting onto the presidential chair in a wrong way. 

But isn’t the media reporting too much of negativity on Trump?

Aren’t the US populace getting vexed with all these reports?

Maybe we deserve a break guys!

Report something authentic and which helps in building the future of America; making it ‘Great’.

Because we are least bothered by what has happened in the past………

The post After Facebook Twitter gets entangled in Cambridge Analytica data scandal appeared first on Cybersecurity Insiders.

April 30, 2018 at 09:03PM

Read More

Man jailed for hacking County jail’s records to get friend released early

By Waqas

Man Sentenced to 87 Months in Prison for Hacking County

This is a post from HackRead.com Read the original post: Man jailed for hacking County jail’s records to get friend released early

April 30, 2018 at 07:30PM

Read More

How to Transfer Data from Android to iPhone

By Carolina

Do you want to transfer data from Android to iPhone?

This is a post from HackRead.com Read the original post: How to Transfer Data from Android to iPhone

April 29, 2018 at 09:48PM

Read More

Man bought mail bomb from dark web (Alpha Bay market) to kill ex-wife

By Waqas

Convict Ordered Contraband Cellphone and Mail Bomb from Dark Web

This is a post from HackRead.com Read the original post: Man bought mail bomb from dark web (Alpha Bay market) to kill ex-wife

April 27, 2018 at 09:49PM

Read More

Ex-NSA staffer creates app to notify users of evil maid attack on MacBook

By Uzair Amir

It is a fact that a MacBook cannot be easily

This is a post from HackRead.com Read the original post: Ex-NSA staffer creates app to notify users of evil maid attack on MacBook

April 27, 2018 at 09:03PM

Read More

Things I Hearted this Week, 27th April 2018

Master Keys

F-Secure researchers have found that global hotel chains and hotels worldwide are using an electronic lock system that could be exploited by an attacker to gain access to any room in the facility. The design flaws discovered in the lock system’s software, which is known as Vision by VingCard and used to secure millions of hotel rooms worldwide, have prompted the world’s largest lock manufacturer, Assa Abloy, to issue software updates with security fixes to mitigate the issue.

• Researchers Find Way to Create Master Keys to Hotels | F-Secure
• A ONE-MINUTE ATTACK LET HACKERS SPOOF HOTEL MASTER KEYS | Wired

SEC Fines Yahoo $35 Million

The company formerly known as Yahoo is paying a $35 million fine to resolve federal regulators’ charges that the online pioneer deceived investors by failing to disclose one of the biggest data breaches in internet history.

The Securities and Exchange Commission announced the action Tuesday against the company, which is now called Altaba after its email and other digital services were sold to Verizon Communications for $4.48 billion last year. Yahoo, which is no longer publicly traded, neither admitted nor denied the allegations but did agree to refrain from further violations of securities laws.

• SEC Fines Yahoo $35 Million for Data Breach That Affected 500 Million Users | Bleeping Computer
• Company Formerly Known As Yahoo Pays $35M Fine Over 2014 Hack | CBS SF

SOCs require automation to avoid analyst fatigue for emerging threats

SecOps needs an immediate shift across industries. Some SecOps teams develop playbooks for an additional layer of training, but when security events occur, it is uncommon to follow every step a playbook describes. The data becomes overwhelming and the resulting alert fatigue leads to analysts overlooking threats entirely, leading to an increase in emerging threats.

• SOCs require automation to avoid analyst fatigue for emerging threats | HelpNetSecurity

On the topic incident response, I enjoyed this piece by Steve Ragan,

• Two incident response phases most organizations get wrong | CSO Online

Also related:

• How to Build a Cybersecurity Incident Response Plan | Dark Reading

The Seven Circles of Security

An insightful post from a CISO highlighting where most of their time is spent. Number six will shock you! Well, it probably won’t, but a little clickbait never hurt did it?

• The Seven Circles of Security: Where This CISO Spends Her Time | Helen Patton, Medium

Hackers Steal Data on 14 Million Users From Ride-Hail App Careem

The personal data of up to 14 million people in the Middle East, North Africa, Pakistan and Turkey has been stolen by online criminals in a cyber-attack on the systems of Dubai ride sharing platform Careem.

On January 14, the company detected the breach in the computer systems which hold the account data of customers and captains – or drivers – in 78 cities in 13 countries. Names, email addresses, phone numbers, as well as trip data was stolen.

• Hackers Steal Data on 14 Million Users From Ride-Hail App Careem | Gizmondo
• Ride sharing platform Careem says hit by cyber attack with data of up to 14 million users stolen | The National

Muhstik botnet exploits highly critical Drupal bug

Researchers are warning a recently discovered and highly critical vulnerability found in Drupal’s CMS platform is now being actively exploited by hackers who are using it to install cryptocurrency miners and to launch DDoS attacks via compromised systems. At the time of the disclosure, last month, researchers said they were not aware of any public exploits.

• Muhstik botnet exploits highly critical Drupal bug | Threatpost
• Botnet Muhstik is Actively Exploiting Drupal CVE-2018-7600 in a Worm Style | OTX

Actually, Myspace Sold Your Data Too

In the wake of Facebook’s privacy debacle, Myspace Tom has emerged as an unlikely hero. But the platform he built and the data you put on Myspace continues to help advertisers target its old users.

• Actually, Myspace Sold Your Data Too | Motherboard

Speaking of tracking users through data, what happens when the same, or similar techniques are used to track people for more nefarious purposes?

• CIA agents in ‘about 30 countries’ being tracked by technology, top official says | CNN
• Turning an Echo into a spy device only took some clever coding | Wired

Cops used dead man’s finger in attempt to access his phone

In a case of, yes, it’s legal, but is it appropriate? Especially when the deceased was shot and killed by a police officer in that same department.

“While the deceased person doesn’t have a vested interest in the remains of their body, the family sure does, so it really doesn’t pass the smell test,” said Charles Rose, professor and director of the Center for Excellence in Advocacy at Stetson University College of Law. “There’s a ghoulish component to it that’s troubling to most people.”

• Cops Attempt To Unlock Phone Of Man They Killed Using His Finger | Huffington Post

• Cops used dead man’s finger in attempt to access his phone. It’s legal, but is it okay? | Tampabay

Bezos’s empire: How Amazon became the world’s biggest retailer

Amazon has shipped more than 400 items per second at its peak. How did it grow from bookseller to retail giant?

• Bezos’s empire: How Amazon became the world’s biggest retailer | The Guardian
• Jeff Bezos v the world: why all companies fear ‘death by Amazon’ | The Guardian

More security related, Amazon’s internet domain service was rerouted.

• Hijack of Amazon’s internet domain service used to reroute web traffic for two hours unnoticed | Kevin Beaumont, Medium

      

The post Things I Hearted this Week, 27th April 2018 appeared first on Cybersecurity Insiders.

April 27, 2018 at 09:09PM

Read More

Leominster pays $10K in bitcoin to free up data from a ransomware attack

Leominster school district located in the scenic locales of Worcester County, Massachusetts is reported to have paid $10k in bitcoin to free up data from the ransomware attack which encrypted its entire database early this month.

Mayor Dean J Mazzarella said that the ransom payment made for the cyber attack will be debited from the city’s general fund as it is not covered under the city’s insurance.

The Federal Bureau of Investigation has been asked to investigate the attack and as per the ‘Prima Facie’ available to the media, the malware attack was launched from outside the United States- probably from a prominent city in Europe.

Mr. Mazzarella said that the attack was very much sophisticated and gave full credit to the hackers. On further inquiry, the Mayor said that the school district’s critical data will from now be protected with the best of the technology and so incidents such as these will never get repeated.

Meanwhile, the school district staff are said to be using Gmail for internal correspondence and has also asked the students to use the same till the network gets back to normalcy.

In another press release, Interim Police Chief Micheal Goldman said that ransomware attacks on digital assets are hard to predict and so the only way to decrypt the database was to pay a ransom in exchange of the decryption key or to recover data from backups.

Mr. Goldman said that in the year 2015, Tewksbury Police
Department paid $500 to recover data from a malware attack of a similar sort. He added that paying a ‘ransom’ proves more economical than recovering the data from backups.

Despite regular alerts being issued by FBI and CIA to not pay ransom to hackers, some government entities and public organizations are found paying the money in cryptocurrency to recover data assets.

This activity encourages hackers in launching cyber attacks on entities and might turn fatal to the critical infrastructure operating in the United States and around the globe.

The post Leominster pays $10K in bitcoin to free up data from a ransomware attack appeared first on Cybersecurity Insiders.

April 27, 2018 at 08:45PM

Read More

Authorities bust world’s largest DDoS-for-hire service & seizes its domain

By Waqas

In a large-scale joint operation called “Operation Power Off”, the

This is a post from HackRead.com Read the original post: Authorities bust world’s largest DDoS-for-hire service & seizes its domain

April 27, 2018 at 05:43PM

Read More

Popular Chrome VPN extensions are leaking your DNS data

By Waqas

Last month, HackRead reported how tons of popular VPN (Virtual Private

This is a post from HackRead.com Read the original post: Popular Chrome VPN extensions are leaking your DNS data

April 27, 2018 at 03:28AM

Read More

iPhone crackers GrayShift become victim of extortion after code Leak

By Waqas

GrayKey’s code snippets recently appeared online and an unknown party was

This is a post from HackRead.com Read the original post: iPhone crackers GrayShift become victim of extortion after code Leak

April 26, 2018 at 08:30PM

Read More

Financial Fraud: What Can You Do About It?

Financial fraud used to be simple. Erase the ink from a check, make it out for more money, and laugh as you withdrew money. Nowadays, it requires a bit more finesse but is still simple in concept. Thankfully, it’s also fairly easy to protect yourself or your company from financial fraud in a highly digitized world.

In 2017, massive data breaches, ransomware attacks, and financial fraud ramped up. Steps are being taken around the world to combat this, such as the European Union updating their General Data Protection Regulation to help with breaches, but where does that leave you?

Identity Theft and Credit Card Fraud

First, it’s helpful to discuss identity theft and credit card fraud, and what they mean to you. From a data breach, a hacker could, in theory, steal your Social Security number and open a credit card in your name.

The first part is identity theft; the second, where the hacker maxes out the credit card, is credit card fraud. You won’t be liable for the damages, but you need to be aware of them first. Otherwise, they will sit on your credit report, quickly wrecking your credit score thanks to unpaid bills and high utilization ratio. This makes financing a car or a house much harder.

This is a less-than-ideal situation, but at least your money is safe. That’s only the beginning, though.

A 2013 study showed that identity theft accounted for $24.7 billion in losses. Hackers attack every 39 seconds, from your social media accounts to your IoT devices. They steal credentials, log in to your bank account, and steal your money. Here’s how:

Email Spoofing

If you look in your spam email folder, you are likely to see familiar emails. Banks and people you know have, apparently, been emailing you without your knowledge. Your bank needs your password in order to unlock your account, for example. The problem is that the email is not actually from your bank; hackers have spoofed the email address to appear as something familiar.

It’s not just banks, either. It could be an email from Facebook or Instagram that looks legit, asking you to log in. Once your credentials are stolen, they can try your logins on other sites, leading back to your bank.

Hackers are sophisticated enough that they can even spoof a different employee of your company. If you get an odd email from someone in the finance department, it’sa good idea to verify, in person, that they actually do need the private information they are asking for. Otherwise, you may end up with a compromised payroll.

The Internet of Things

You have a spam filter for your emails. You don’t see any spoofed emails. But you do have IoT items. It might be a fitness tracker, your smart TV, or a home automation system, but it’s wirelessly connected to the internet.

If your network is not secured, your IoT devices offer multiple opportunities to penetrate your network and “sniff” the data that is being transmitted. Hackers can see what images you are loading. They can see everything you type, including login credentials. They can redirect you to a custom-made website to steal more information, under the guise of a legitimate version of your bank’s website.

Although your financials will not be affected, IoT devices can also be hacked and added to a botnet. As part of a botnet, the device could be used as part of an advertisement fraud scheme, where it is remotely commanded to go to a website and click on an ad. The hacker then gets a percentage of the advertising fees for every click. Or it could be made to mine cryptocurrency, slowing down your system.

What You Can Do

How can you stop hackers from infiltrating your system and either stealing your money, login credentials, or even the potential for making money? Here are some simple steps:

• Upgrade your password. You may think replacing letters is a smart idea, but it’s even better if you use four random words.
• Don’t use the same password for everything. Use a different password for banking than anything else. Use a completely different password for social media. Use yet another password for logging in to your email.
• If you are protecting a business, encrypt your data whenever possible. Conduct regular accounts payable audits to make sure hackers have not obtained access to your accounts.
• Avoid suspicious emails, especially with links to unfamiliar sites. Always check where the link actually goes to, rather than what it says in the text of the email. The same goes for suspicious attachments.
• Get antivirus software. If you do download a file or click a link, if it tries to install a virus or malware, an antivirus can stop it. This is more important in a business, as the computers are likely linked, and one computer will infect the next.

Conclusion

Hackers are evolving with the times. Some use new tactics, while others try to pose as someone in authority and get information, such as login credentials. It’s vital to understand their methods so you can protect yourself or your company from losing vast sums of money.

      

The post Financial Fraud: What Can You Do About It? appeared first on Cybersecurity Insiders.

April 26, 2018 at 09:10PM

Read More

Automating server workload security with CloudPassage Halo

The Enterprise Strategy Group consistently produces some of the most thorough research the security industry. Their latest solution showcase, Automating server workload security with CloudPassage Halo, is an excellent sample of their in-depth work. The report begins by delving into the the various infrastructure, platform, and software models, (including containers), which have sprung up in order to provide organizations with improved agility and speed as they continue to adopt DevOps processes.

But with this explosive growth of infrastructure comes a price. Security continues to be a challenge as businesses expand their container and cloud footprint, all while employing DevOps processes. As ESG calls out, these modern environments require a “hybrid approach to security, one that centralizes policy and monitoring across disparate infrastructures to enable the agility provided by adding elastic, on-demand cloud services into the IT mix.”

The key concerns for this new security landscape include:

• Vulnerabilities: Out those surveyed by ESG, top two concerns reported we’re discovering vulnerabilities: both software-related and workload-configured, at 30% respectively.
• Auditing: Most organizations cited auditing as an important way to gain greater visibility, with 27% of organizations citing an audit trail of all system level activity, 26% citing an audit trail of user account activity, and 24% citing the use of IaaS APIs as being most important to improve visibility.
• Anomaly detection: There’s also a consistent need for auditing. 26% of respondents indicated a need for detecting anomalous system-level workload activity in order to improve visibility.
• Network traffic flow discovery: Given the best practice of funneling external traffic via a host, identifying workloads that are externally facing will uncover a configuration issue that could allow for malicious traffic and/or outbound communication with a remote control server. Gaining visibility into inter-workload traffic can also reveal unintended and potentially problematic network traffic flows such as a workload that should not have had access to a database server. Views into inter-workload east-west traffic also help provide the basis for microsegmentation policies to control which workloads can communicate with one another.

To learn more about how CloudPassage Halo can address key security concerns in the hybrid security space, read the ESG report on our website. You can also learn more in our infographic, Hybrid cloud security: Building infrastructure that works for your organization.

The post Automating server workload security with CloudPassage Halo appeared first on Cybersecurity Insiders.

April 26, 2018 at 09:09PM

Read More

Master Key Hack Exploits Flaw in Key System to Unlock Hotel Rooms

By Waqas

The master key hack has the capability of unlocking not

This is a post from HackRead.com Read the original post: Master Key Hack Exploits Flaw in Key System to Unlock Hotel Rooms

April 26, 2018 at 07:34PM

Read More

Thousands of Android apps for kids are secretly tracking their activities

By Waqas

Have you ever noticed you are talking about a product

This is a post from HackRead.com Read the original post: Thousands of Android apps for kids are secretly tracking their activities

April 25, 2018 at 10:36PM

Read More

Certificate Lifecycle Management: People, Process and Technology

Trust and Digital Certificates

Trust is a valuable commodity in the age of data proliferation. An abundance of information makes it possible for bad actors to impersonate trusted brands using fake websites and accounts. Organizations therefore need a way to ensure that potential customers can trust their identity when visiting their official website, especially if they decide to purchase their goods or services.

To address this issue of trust online, organizations look to the Public Key Infrastructure (PKI). This framework enables the issuance of public key certificates, otherwise known as digital certificates. These documents use security technology called Transport Layer Security (TLS) and previously Secure Sockets Layer (SSL) to encrypt a connection between a company’s web server and a user’s browser. As such, digital certificates provide a way for web users to trust that a website domain owner is who they say they are and that the transmission of their information with the website is secure.

Challenges of Certificate Management

It’s not difficult for organizations to obtain a digital certificate. Depending on the level of trust they want to build with users, they can obtain a domain validation (DV), organization validation (OV) or extended validation (EV) certificate. These different types of electronic documents require that domain owners submit to validation checks conducted by trusted Certificate Authorities (CAs). In the case of DV certificates, CAs look to confirm the contact listed in the WHOIS record of a domain. EV certification is comparatively more thorough, requiring steps to confirm legal and physical operation. For those that obtain EV certificates, web browsers display their names in green along with a padlock indicating HTTPS protection in the address bar.

(Source: Quora)

Difficulties in Certificate Management

By contrast, managing a certificate can be difficult. This is especially true for enterprises that use numerous certificates issued by multiple CAs to protect their web resources. Here are some of the biggest enterprise certificate management challenges identified by DigiCert, a trusted CA, in a useful web guide (PDF):

1. Keeping Certificates Up-to-Date: TLS certificates suffer from security vulnerabilities just like other software. The problem could arise from misconfigurations, such as missing fields and the use of internal names, or they could owe their existence of out-of-date hashing algorithms. Organizations need to be able to discover these flaws and remediate them to prevent bad actors from compromising and abusing their certificates.
2. Ensuring Complete Visibility Over All Certificates: In an enterprise, some users may have the authority to request, approve and issue a certificate. This level of access is fine as long as the organization can maintain complete visibility over its certificates. Without it, bad actors can seize upon an overlooked certificate and use it to their advantage.
3. Managing Certificate Expirations: Besides suffering from vulnerabilities, all certificates have an expiration date. That maximum validity period for a certificate is two years as of 1 March 2018. At the end of that period, organizations need to renew their certificates or risk them expiring, a scenario which could allow bad actors to renew those certificates in their names and/or steal users’ now unencrypted data when exchanged with the domain owner.

(Source: Super User)

Certificate Lifecycle: A Holistic Approach

To adequately protect their digital certificates against bad actors, organizations need to manage their electronic documents across their entire lifecycles. This involves properly accounting for certificates from the moment they’re issued to their renewal/expiration.

Certificate lifecycle management involves building up an organization’s people, process and technology. Here are Entrust’s recommendations:

1. Assign Roles: As part of their certificate lifecycle management plan, organizations need to clearly identify administrators who can manage issuance, expiration, etc. as well as approvers and other required roles. Companies can then use each entrusted employee’s privileges to streamline workflows by deciding what types of notifications each person will receive as well as implementing security controls at each phase.
2. Build an Inventory: Those employees responsible for organizations’ certificate lifecycle management should oversee the creation of an inventory of all certificates in the environment. This step usually requires an audit of all domains, applications and certificates. With an inventory in place, administrators can then add new certificates as they become available, monitor existing resources for vulnerabilities and stay on top of impending expiration dates.
3. Invest in Automation: It’s possible for organizations to build inventories and manage their certificates manually. But there’s always the chance that they could miss a certificate or an important alert. For that reason, companies should consider investing in a solution that uses a centrally managed system to automate the certificate discovery, management and renewal processes.

Trust for the Future

Digital certificates help confirm organizations’ identities to web users. With these certificates, users can trust they’re dealing with a domain owner that is who they say they are. It follows that companies should leverage their people, process and technology to make sure that trust is always there. Towards that end, certificate lifecycle management is the way to go.

      

The post Certificate Lifecycle Management: People, Process and Technology appeared first on Cybersecurity Insiders.

April 25, 2018 at 09:09PM

Read More

What Kind of GDPR Animal Are You? Take the Quiz and Find Out

With just one calendar month to go before GDPR enforcement begins I bet there are people in all sorts of different states of readiness to comply. I suspect there will also be a wide range of emotions associated with your compliance program!

For a bit of light relief, and with absolutely no scientific basis for the outcomes, we have devised a little quiz so you can establish your position in the GDPR “evolutionary food chain”.

Take our quiz now and discover just what kind of GDPR animal you are!

The post What Kind of GDPR Animal Are You? Take the Quiz and Find Out appeared first on Gemalto blog.

The post What Kind of GDPR Animal Are You? Take the Quiz and Find Out appeared first on Cybersecurity Insiders.

April 25, 2018 at 09:09PM

Read More

PyRoMine malware disables security & mines Monero using NSA exploits

By Waqas

The IT security researchers at Fortinet have discovered a dangerous new

This is a post from HackRead.com Read the original post: PyRoMine malware disables security & mines Monero using NSA exploits

April 25, 2018 at 05:06PM

Read More

All Nintendo Switch Consoles Contain Unpatchable Chip-Level Flaw

By Waqas

Nintendo Switch has fans across the world; the gaming console

This is a post from HackRead.com Read the original post: All Nintendo Switch Consoles Contain Unpatchable Chip-Level Flaw

April 24, 2018 at 10:40PM

Read More

RSA 2018 Recap and Launch of OTX Endpoint Threat Hunter!

RSA 2018 was the best RSA ever from an AlienVault perspective! It was a “giant leap” for sure.

The booth was Out of This World:

We had hundreds of folks pop by for a demo or theater presentation.

The Big News! OTX Endpoint Threat Hunter Free Tool!!

The statistics on OTX participation are amazing – as of this writing 86018 participants, and 162K contibutions per day on average. The new free tool, OTX Endpoint Threat Hunter already has 443 downloads in less than a week of availability. Hear about it in the video below from Sacha Dawes and Russ Spitler.

Then there was a party jointly sponsored by AlienVault  where we gave out a lot of our famous lighted sunglasses

Oh and I got to catch up with Twitter buddies @uuallan @C_3PJoe @VinceintheBay @ChuckDBrooks and others!

The Security Bloggers Meetup

The big news was Javvad Malik winning the Most Entertaining Blog category with his personal blog.

I also got to catch up with many InfoSec luminaries. Here’s my favorite pic with @RSnake, an injured-but-smiling @indi303 & @alexlevinson:

It was an exhausting but very fun week indeed!

      

The post RSA 2018 Recap and Launch of OTX Endpoint Threat Hunter! appeared first on Cybersecurity Insiders.

April 24, 2018 at 09:10PM

Read More