By Waqas
Last year the credit reporting firm Equifax revealed how unknown
This is a post from HackRead.com Read the original post: Worse than Equifax: Personal records of 340M people leaked online
June 30, 2018 at 12:15AM
Friday, June 29, 2018
Github refuses Microsoft’s $2 billion acquisition deal
Github, a web-based development platform for software engineers has declined the $2 billion offer of Microsoft to take over its control. But sources from Business Insider say that the proposal of Microsoft to acquire Github for the said sum has not be declined but has been kept on a temporary hold.
Those reporting to Cybersecurity Insiders say that Github is interested in handing over its company controls to Satya Nadela led Microsoft Corporation for a fancy offer of $7 billion or more.
It’s not immediately clear where the talks will land up in the next few weeks. But as per some anonymous sources reporting from the Microsoft Board the deal will take place in August first week and the financial breakpoint will be either $5.5 or $6 billion.
Github, which boasts to have over 24 million software developers as users say that the deal will prove as a profitable edge to Redmond based software giant against Amazon Web Services. And if the Windows giant manages to integrate Github into its own Microsoft Azure Cloud Service, then it can place the American company as an undisputed leader in the cloud business.
Technically speaking, the San Francisco based tech giant has so far invested much of its considerable resources into social networking, which is paying it back on a positive note as it makes teams and communities to collaborate and work together on software.
If Microsoft is in an intention to buy Github, then it can get back all that it has invested within no time.
Imagine, if all the Github projects run on the Azure cloud, then Microsoft can get back the developers love and can also simultaneously keep its Azure platform ever- buzzing.
Moreover, after investing in LinkedIn, Microsoft will also start asking all its future employees to have an active profile in Github in order to keep their resume pepped up with developer skills
Therefore, in whatever way we look into the acquisition deal, it’s proving profitable to Microsoft in a long run.
The post Github refuses Microsoft’s $2 billion acquisition deal appeared first on Cybersecurity Insiders.
June 29, 2018 at 08:59PM
Gentoo Linux on Github hacked; repositories modified
By Waqas
Another day, another data breach – This time, it is
This is a post from HackRead.com Read the original post: Gentoo Linux on Github hacked; repositories modified
June 29, 2018 at 05:35PM
Now available to all Halo users: Cortex v1.1
This post was originally published here by ash wilson.
We’ve just released Cortex v1.1 (https://github.com/cloudpassage/cortex), and while some changes may seem subtle, they greatly improve the functionality and efficiency of Cortex, giving you an even more seamless experience.
Some of the changes you’ll see include:
File-based configuration for scheduled jobs:
In the original design, users could disable certain components in Cortex and re-implement them in with other automation systems. Now, we have refactored the scheduler and task dispatcher to make scheduled task dead simple to add. It’s as easy as copying a config file, adjusting the config file to meet your specific task’s requirements, and restarting the scheduler component. The schedule is defined in the config file, and the task’s code itself lives in a container image.
Though the ease of adding new functionality to Cortex itself was originally just a secondary goal, early feedback indicated that instead of using Cortex as a set of training wheels to jumpstart security automation, many of our users wanted to build additional integrations on top of Cortex.
We’ve also included a few tasks for getting events and scan results from the Halo platform to S3, in the Cortex repository. Adding a new scheduled task is as simple as creating a config file to describe the task and schedule, and then building a container image that contains the code that performs the task. This bears some similarity to serverless – or function-as-a-service – applications. Cortex’s scheduler, however, is cloud platform-independent.
For more detailed information on enabling scheduler tasks, take a look here: https://github.com/cloudpassage/cortex/tree/master#scheduler-configuration
Policies for monitoring scheduled tasks in Cortex:
Simply moving information from one place to another is only part of the challenge when automating the delivery of compliance information. If the task is interrupted or fails to complete, you need to be notified quickly so that you can take corrective action as soon as possible. To make this easy, we’ve included a Halo Log-based IDS (LIDS) policy within Cortex to track (and optionally alert on) task execution failures.
Instructions for setting up Cortex for this kind of monitoring using Halo are here: https://github.com/cloudpassage/cortex/tree/master#monitoring-cortexs-scheduled-tasks
Proxy support:
Cortex now supports deployment behind a web proxy. One environment variable, and the setting propagates to all components in the Cortex application.
For more information, see https://github.com/cloudpassage/cortex/tree/master#setup-and-use
Improved reliability:
Parts of Cortex depend on external services (like Slack). When Cortex is unable to maintain a connection with these other services, the Cortex component responsible for managing that communication automatically restarts. Since no application components in Cortex carry critical state, we simply restart the specific component that’s experiencing the issue.
Feedback from Cortex v1.0 users indicated that some components were restarting more frequently than we want them to. We have improved the logic in Cortex that maintains connections with those external services so that we can more gracefully handle sub-optimal operating conditions without immediately resorting to a component restart.
Photo:Tripwire
The post Now available to all Halo users: Cortex v1.1 appeared first on Cybersecurity Insiders.
June 29, 2018 at 05:09PM
Thursday, June 28, 2018
Are Your Smartphones’ Batteries Spying on You?
Most batteries in today’s smartphone are intelligent enough to detect
This is a post from HackRead.com Read the original post: Are Your Smartphones’ Batteries Spying on You?
June 29, 2018 at 01:41AM
Digital Disruption for Mobile Operators
Traditionally the MNO has applied volume based charging models. Voice services are charged per min. Messaging services charged per message. Data services are charged per bit. The existing trajectory of the MNO will only result in possible market consolidation as seen recently with T-Mobile and Sprint in the US.
The MNO has reached equilibrium in terms of growth in its traditional business and must transform itself into a business where it is operating higher in the value chain. Let’s take look at the use of Artificial Intelligence (AI) in enabling process automation in existing operational processes and creating new digital products and services to put the MNO on two trajectories.
Traditional business for the MNO represents a large share of revenues and eroding margins are forcing operators to grow their data traffic. With increasing smartphone penetration, longer battery life and higher processing capacity, coupled with progress in cloud storage, the MNO’s strategy is to invest in new technologies like 5G, Cloud Computing and Artificial Intelligence (AI), to enable a new set of digital products and services and to operate higher in the value chain. The proposed initiative uses Artificial Intelligence to extract a higher value per bit and implement value based charging models and transform the MNOs business.
Strategies enabled with AI and other technologies
The first trajectory is to use technology to reduce operational expenditures and play a cost leadership role in its traditional markets where access to services is based on volume based charging models.
The second one is to offset the revenue erosion from the first trajectory and use technology to introduce new products and services to create differentiation in the market. In the process of achieving this, the MNO is looking to extract further value from the data over its networks and create new value based charging models. In that case the MNO is playing the role of a digital transformation enabler by providing data to its customers as part of their own digital program.
Technologies used to achieve the proposed initiative
To achieve the proposed initiative, the first point to note is that AI alone is insufficient for the successful implementation of the program. Complementing technologies like
1- 5G to achieve large scale and cost effective connectivity for devices
2- Cloud storage to format, classify and store large volumes of structured and unstructured data.
3- Cloud computing for cost efficient application enablement eliminating network complexity.
4- And BIG Data
Operational Processes that will benefit from AI
The operational processes that are used for OPEX reduction are :-
1- Customer Retention: Machine Learning is used to look for trends to predict the moment when a customer is about to churn and the result is used in a loyalty campaign to incentivize the customer.
2- Customer Care: Machine Learning predicts customer needs and analyzes standard responses to customer care queries. Natural Language Processing is used to analyze natural language data in a traditional customer care service and provides relevant answers/suggestions.
3- Network Quality: Machine Learning is used to analyze network service quality data, user experience data and customer care data to configure the network for optimum performance.
Drones are used as a robot platform to measure parameters like signal strength, handover success and call attempts to tune network parameters in real-time for optimum coverage and radio quality.
In all of the above, it is important to realize that the MNO enjoys a trusted relationship with its customer and if AI is used responsibly, the MNO can be a more attractive brand against the OTTs who are facing challenges with regards to the use of data.
The post Digital Disruption for Mobile Operators appeared first on Gemalto blog.
The post Digital Disruption for Mobile Operators appeared first on Cybersecurity Insiders.
June 28, 2018 at 09:09PM
Tuesday, June 26, 2018
Voice records of millions of Brits stored by tax agency without consent
By Carolina
According to Big Brother Watch, a British privacy advocate, and civil liberties organization,
This is a post from HackRead.com Read the original post: Voice records of millions of Brits stored by tax agency without consent
June 26, 2018 at 06:38PM
Monday, June 25, 2018
Cyber Attacks incur $100 billion losses to Financial Institutions
Cyber Attacks are bringing in $100 billion in losses to financial institutions(FIs) says a survey conducted by International Monetary Fund(IMF). This is due to the fact that FI’s play a vital role in procuring and handling funds.
According to the IMF Staff Modeling Exercise report, hackers chose FI’s as easy targets due to the fact that they can spread the attack quickly through the interconnected financial system. And because most of the financial institutes still use legacy digital systems, their defense parameters prove almost defenseless against the current sophisticated attack standards conducted by cyber crooks.
In order to ascertain the risks, the IMF used techniques from actuarial science and operational risk measurement to calculate an estimate of the total losses from cyber attacks.
IMF study suggests that the average annual potential losses from cyber attacks could be nearly 9% of banks next income on a global note i.e around $100 billion. And in cases where the attacks were severe, the loss estimate could range from $270 billion to $350 billion. In rarest of the rare cases, the average potential loss could be as high as half of a bank’s net income, which could put the entire banking and financial sector in jeopardy.
Even the risk parameters seem to be high when the estimated losses are measured in proportion to the cyber insurance market gains. And as the premiums remain small on a global note i.e around $3 billion as of last year, the situation deteriorates as most of the financial institutions do not carry a cyber insurance cover.
The situation can only improve when the government starts collecting granular, consistent and complete data on the frequency and impact of cyber attacks. This info can then be used to asses the risks associated with the financial sector on the long run.
Furthermore, IMF suggests that an initial plan must be taken to strengthen the resilience of the digital infrastructure of the FI’s which helps in cutting down the odds of a successful attack and will facilitate a fast recovery.
The post Cyber Attacks incur $100 billion losses to Financial Institutions appeared first on Cybersecurity Insiders.
June 25, 2018 at 09:33PM
Sunday, June 24, 2018
GDPR and the REAL impact on business
General Data Protection Regulation (GDPR) has taken the world by
This is a post from HackRead.com Read the original post: GDPR and the REAL impact on business
June 24, 2018 at 04:14PM
Bitglass Security Spotlight: Google, SynAck, & Drupal
This post was originally published here by Jacob Serpa.
Here are the top cybersecurity stories of recent weeks:
- Google improves G Suite’s collaboration capabilities
- SynAck ransomware evades antivirus software
- Drupal websites subject to cryptojacking
- Nigelthorn malware targets facebook users to mine cryptocurrency
- 211 LA County exposes 3.2 million files through AWS misconfiguration
Google improves G Suite’s collaboration capabilities
Google has recently revamped its ability to integrate with a variety of other cloud services in an effort to bolster its position as a leader in collaborative cloud services. G Suite was recently found to be trailing Office 365 in enterprise adoption – more than two times as many organizations have chosen Microsoft’s offering as Google’s.
SynAck ransomware evades antivirus software
The SynAck ransomware has resurfaced in a new and improved form. The threat is now capable of employing the Process Doppelgänging technique. This means that the ransomware can hide its nefarious activities through code injection on Windows machines, inhibiting antivirus software’s ability to detect it.
Drupal websites subject to cryptojacking
Drupal-based websites have been exposed by vulnerabilities in the underlying Drupal platform. Malicious parties have been leveraging said security gaps in order to infiltrate websites and use them to engage in malicious cryptomining. This trend of cryptojacking is becoming fairly commonplace.
Nigelthorn malware targets facebook users to mine cryptocurrency
New malware called Nigelthorn is infecting Facebook users through means like faux direct messages in order to steal their credentials and install scripts for malicious cryptomining. This is similar to the recent Stresspaint malware that also targeted Facebook users’ credentials.
211 LA County exposes 3.2 million files through AWS misconfiguration
Nonprofit organization 211 LA County is the most recent firm to suffer from a misconfiguration in its AWS S3 bucket. The NPO’s security mistake left 3.2 million files publicly available – files that contained personally identifiable information. For those that 211 LA County serves, this means that their personal information has been exposed to potentially nefarious parties.
While malware continues its assault upon the cloud, cloud access security brokers (CASBs) should be used to defend against zero-day threats in any cloud application (whether G Suite or Office 365). To learn more, download the Zero-Day Solution Brief.
Photo:Systemat
The post Bitglass Security Spotlight: Google, SynAck, & Drupal appeared first on Cybersecurity Insiders.
June 24, 2018 at 01:04PM
Friday, June 22, 2018
In Russia for World Cup? Beware of fake WiFi hotspots stealing user data
By Uzair Amir
The Football World Cup 2018 has gathered thousands of fans
This is a post from HackRead.com Read the original post: In Russia for World Cup? Beware of fake WiFi hotspots stealing user data
June 22, 2018 at 05:31PM
Northwestern Partners with Bitglass for Data Security
This post was originally published here by Jennifer Perisho.
A few weeks ago, I had the pleasure of sitting down with Tom Murphy, the CISO of Northwestern University – a Bitglass customer. After corresponding for a few months, hoping he would meet with us to make a customer testimonial video, it finally happened! Like most interviews, it took us a few minutes to set up, but, once the interview started, he was unstoppable!
For anyone unfamiliar with it, Northwestern University, based in Illinois, is one of the country’s leading research and academic institutions with twelve colleges across three campuses, 20,000 students, and 3,000 faculty members (that’s a lot of data).
So, what data does a university like Northwestern need to protect? A lot, as it turns out. There is a need to secure student, faculty, and alumni personally identifiable information (PII). As a research university, Northwestern also needs to protect intellectual property, which can be a big revenue generator for such an institution. Northwestern also runs a medical school, so protected health information (PHI) must be secured according to HIPAA. Throw in credit card processing for fees and tuition payments and a large university looks like a combination of just about every regulated and security-conscious industry out there!
To meet its data protection needs, the university was looking to prevent data loss and control access to cloud apps such as Box and Office 365. Only Bitglass’ cloud access security broker (CASB) solution was able to provide Northwestern with agentless real-time data protection. So far, Northwestern University and Bitglass have been an unstoppable team as you will see in the video.
All in all, it was a great day of filming with Tom (he really was a natural), and learning more about Northwestern and its use of Bitglass. Want to hear more? Check out the video here.
Photo:Boch Systems
The post Northwestern Partners with Bitglass for Data Security appeared first on Cybersecurity Insiders.
June 22, 2018 at 04:50PM
Thursday, June 21, 2018
The Pirate Bay is down – Here are its alternatives & Dark Web domain
By Waqas
It is a fact that The Pirate Bay has been
This is a post from HackRead.com Read the original post: The Pirate Bay is down – Here are its alternatives & Dark Web domain
June 21, 2018 at 09:16PM
3 questions that will help you understand Gemalto’s 5G vision on ensuring trustworthy virtualized networks
Digital transformation and 5G introduce new risks to the confidentiality, integrity and availability of enterprise data. Trust-by-design NFV architecture must prevail.
Let’s have a look at:
-
- Gemalto’s understanding of the current 5G digital transformation
- Gemalto’s 5G vision
- The best way to ensure a trustworthy 5G network
1. What do you believe is the biggest digital transformation challenge to mobile operators this year?
The biggest digital transformation challenge to CSPs this year is indeed the complexity of the ecosystem that is developing in front of them. We’re going from a very consistent, static model where there was very linear model with vendors supplying to telcos, and telcos addressing their own individual customers. The complexity of this model is going to change especially with the advent of 5G, where we move towards to the digital transformation, and the end-customers of the telcos will indeed become the industry verticals. With that, will come a big cultural divide in such that they speak different languages: CSPs will need to adapt their way of working to address the need of these different industry verticals.
As 5G is the first cellular generation to launch in the era of global cybercrime, indeed trust will have to be inserted into that relationship (between telcos and the industry verticals) in order to build a strong, solid foundation going forward.
5G is the first cellular generation to launch in the era of global cybercrime.
2. What’s Gemalto’s vision for 5G?
Gemalto’s vision for 5G is that it’s truly a platform for digital transformation. 5G will be leveraged by service providers to collect information, to generate actionable insights from that information, to bring it to the cloud and to help automate people’s daily life.
Trust is increasingly perceived as a pervasive transversal factor to be added to a trust-by-design virtualized architecture to help deliver the full 5G promise.
Trust is increasingly perceived as a pervasive transversal factor to be added to a trust-by-design virtualized architecture to help deliver the full 5G promise.
3. How to ensure a trustworthy 5G network?
Gemalto has issued a white paper that looks into the new trust model for the 5G era and covers 5 topics:
- Data protection.
We believe that as 5G network’s goal is to be able to capture insights, those insights will be gained from processing a lot of different data collected from the billions of IoT 5G-connected devices. All of these insights will be then leveraged in order to improve future actionable insights and to be able to implement predictive analytics. Those predictive analytics will ultimately trigger automated events and help to automate our daily life.
5G network softwarization and virtualization increase the attack surface, thus exposing critical information to lawless hackers. Ensuring data confidentiality, integrity and availability via a proper fabric of trust (e.g. secure enclave, encryption) become of primary importance for all stakeholders (telecom operators, network vendors, cloud vendors, system integrators).
Ensuring data confidentiality, integrity and availability via a proper fabric of rust become of primary importance for all stakeholders.
- IoT device lifecycle management.
As IoT sensors and many different devices will be in the field for 10 to 15 years rather than our traditional smartphones (which typically last between 2 and 3 years), we need to make sure that we can upgrade the software in each of these devices. So IoT device lifecycle management is extremely important going forward into the 5G system.
- Authentication and authorization of devices connecting to the 5G system.
We need to ensure that the devices which are connecting are authentic, 5G-devices which are authorized for us (users) on the network by the cloud service providers, by the connectivity service providers, by the service providers that are ultimately collecting the data and leveraging it in order to be able to automate our daily life.
- Network slicing.
It’s extremely important that we can correctly isolate the data which is flowing in each of the network slices which are being leveraged by the service providers on the network of the connectivity service provider. Meaning that if we have one slice for an autonomous vehicle and another one for a massive IoT sensor network, then we need to ensure that a Distributed Denial of Service attack on the massive IoT slice wouldn’t bring down a critical service like autonomous vehicles which could potentially have human casualties or even more dire consequences. In order to do that, we have established a collaboration with Intel to leverage their SGX enclave, and that secure enclave is used to protect the keys which are used to authenticate, and to provide confidentiality and integrity protection between the virtual network functions flowing along different network slices. eSIM can play an increasing role in advanced authentication, and in network slicing authentication.
eSIM can play an increasing role in advanced authentication, and in network slicing authentication.
- Software licensing.
Many different software vendors will be contributing to the success of this 5G network. In order to be able to protect everybody’s IP, software licensing technologies can help connectivity service providers and software vendors to jump into a pay-as-you-go or subscription based model around software licensing. What that means is that rather than having upfront fees for each NFV-ized network function that is acquired by a connectivity service provider, we’ll have the possibility to be able to implement those much more linear models so that the telecom operators is truly paying what it needs to use, as opposed to paying upfront for the different software functions that build up the 5G network.
What’s your view about deploying trust-based schemes across virtualized networks? Feel free to react here or on @GemaltoMobile.
Related resource:
The post 3 questions that will help you understand Gemalto’s 5G vision on ensuring trustworthy virtualized networks appeared first on Gemalto blog.
The post 3 questions that will help you understand Gemalto’s 5G vision on ensuring trustworthy virtualized networks appeared first on Cybersecurity Insiders.
June 21, 2018 at 09:09PM
Chapter Spotlight: Hawaii
While the chapter has held its official charter with (ISC)², the chapter has been somewhat dis-engaged from the local community. The new 
- Establish a study group program
- Coordinate local CPE earning opportunities for chapter members
- Engage in the Safe and Secure Online (SSO) program to engage the children and the public, especially during the National Cyber Security Awareness Month (October)
- Partner closely with Girl Scouts of Hawaii to offer the highest quality training and mentoring
- …Much more…
As another goal of the chapters re-engagement in Hawaii, the chapter decided to celebrate its three-year anniversary (in March) with a celebration meeting for members in late spring. The new chapter officers, who took over only a few months prior, had little time to plan; however, as with all great things, the chapter’s leadership was able to pull their resources and connections to plan the Chapter Anniversary Member Meeting.
The (ISC)² Hawaii Chapter held its third anniversary chapter member meeting in May, 2018. The chapter hit a new meeting record with approximately 53 people in attendance!
The chapter’s featured speaker was Clyde Sonobe, Vice President of CyberHawaii, the state’s think tank on cyber security. Clyde briefed the meeting guests on the mission and objectives of CyberHawaii and where the chapter would potentially fit into the vision as a partner in growing cybersecurity awareness in Hawaii. The chapter also had mini presentations by several guest speakers including Jake Ross (with CyberHUI), who is seeking security professionals to mentor high school students in the CyberPatriot competition.
The chapter continues to plan new, exciting events for its members throughout the rest of the year. The chapter plans to host their June meeting very soon, which will include a series called “Talk Story with ___.” This series will give members an opportunity to speak to the featured speaker in an intimate setting. The chapter’s inaugural Talk Story, which will take place in June of 2018, will feature Mr. Alan Paller of SANS fame.
There are many more exciting events in the works, so follow the (ISC)² Hawaii Chapter on Facebook (@isc2chapterhi), Instagram (@isc2_hawaii_chapter), or visit our website at www.isc2chapter-hi.org to keep up to date. Aloha!
(ISC)² Hawaii Chapter
Contact: Gerald Amasol
Email: gerald.amasol@isc2chapter-hi.org
Website: www.Isc2chapter-hi.org
Facebook: @isc2chapterhi
The post Chapter Spotlight: Hawaii appeared first on Cybersecurity Insiders.
June 21, 2018 at 09:08PM
Wednesday, June 20, 2018
Israel Prime Minister Netanyahu simulates Cyber Attack
Israel Prime Minister Benjamin Netanyahu has urged all nations to collaborate to fight growing cyber threats on critical infrastructure. Speaking at the cybersecurity conference in Tel Aviv, the 68-year old politician faked a cyber attack on the conference by a country from another side of Israel border. He told the attendees that their bank accounts and private conversations and information were being shared with the enemy.
And when everyone felt baffled by his statement, Netanyahu said that it was just a fake attack launched from behind the stage.
Benjamin said that the attack is not far-fetched and could take most sensitive systems of nations and bring down planes and fighter jets within no time if left ignored.
“One of the greatest challenges facing humanity is a cyber threat”, said Bibi (Mr. Netanyahu). He added that the challenge is an ever-present race and the outcome is not guaranteed unless we run ahead and stay ahead.
Israel is a good place when it comes to recognizing the value of cybersecurity. And the world admires the nation which exported over $3.8 billion worth cybersecurity services to the world in 2017.
They are 480 cybersecurity companies operating in Israel with 50 international R&D centers in the sector. When it comes to cyber research academic, Israel ranks at the top among the 10 and is said to have so far attracted $810 million investments in 2017.
Especially mentioning about the Beersheba Cyber Security Complex set up in the south of the country; Bibi said that the center was acting as a hub for academic, military and industry for defense simulations.
Netanyahu said that the National Computer Emergency Response Team (CERT) that operates in Beersheba manages to monitor events and block quite a bit of cyber attacks.
The Prime Minister feels that leaders of the nations should collaborate to fight digital terror spurn by some nations. Although he did not mention the names, his intentions were clearly pointing at Russia, China, and North Korea.
The post Israel Prime Minister Netanyahu simulates Cyber Attack appeared first on Cybersecurity Insiders.
June 20, 2018 at 10:01PM
Tuesday, June 19, 2018
16 arrested for hacking Internet cafes to mine cryptocurrency
By Waqas
The group of hackers mined Siacoin cryptocurrency from hacked computer
This is a post from HackRead.com Read the original post: 16 arrested for hacking Internet cafes to mine cryptocurrency
June 19, 2018 at 06:19PM
Zacinlo malware spams Windows 10 PCs with ads and takes screenshots
By Waqas
The IT security researchers at Bitdefender have discovered a sophisticated
This is a post from HackRead.com Read the original post: Zacinlo malware spams Windows 10 PCs with ads and takes screenshots
June 19, 2018 at 01:29AM
Monday, June 18, 2018
Bitdefender issues Cyber Threat warning on Zacinlo Malware
Romanian Cybersecurity firm Bitdefender has issued a cyber threat warning on the spread of Zacinlo Malware. Experts from the said security firm suggest that the adware has the potential to get deep into the operating systems including Windows 10 and has the ability to flood the users with invisible ads.
Zacinlo is said to be a malware which infects user computers and opens multiple browser sessions loaded with ad banners and simulates clicks from fictional audiences. The said malware variant is capable of replacing the ads with its own content pages generating revenues for the cyber crooks. As a result of such activity, the ad budgets of companies get disrupted as the content in the advertisements doesn’t reach the targeted audiences.
Bitdefender research states that Zacinlo has the capability of mimicking admin privileges which allows the malware to isolate itself from processes that try to block it or detect and erase it. As the adware gets deeply integrated into the operating system its removal becomes very difficult.
Google Adsense ads have been replaced the most by Zacinlo which also has the ability to delete other adware’ on the infected machine in order to cut down the competition
The study says that the said adware has the ability to take screenshots of apps and programs running on an infected computer and send them to a command and control center for analysis. This activity can prove as a serious user privacy concern if remains unchecked.
Zacinlo malware spread is yet to be confirmed. But the threat is said to be looming mostly on those using computing devices in US, Europe, Brazil, China, and India.
The post Bitdefender issues Cyber Threat warning on Zacinlo Malware appeared first on Cybersecurity Insiders.
June 18, 2018 at 09:25PM
13 Ways Cyber Criminals Spread Malware
Security incidents where hackers distribute malicious code (malware) via spam,
This is a post from HackRead.com Read the original post: 13 Ways Cyber Criminals Spread Malware
June 18, 2018 at 05:16PM
Sunday, June 17, 2018
ClipboardWalletHijacker malware replaces address to steal cryptocurrency
By Waqas
The IT security researchers at Qihoo 360 Total Security have discovered
This is a post from HackRead.com Read the original post: ClipboardWalletHijacker malware replaces address to steal cryptocurrency
June 17, 2018 at 05:49PM
Friday, June 15, 2018
Microsoft Cortana allows hackers to snoop down your files
Microsoft Windows 10 operating systems(OS) offers a virtual assistant called ‘Cortana’ which helps the OS users integrate with hundreds of Windows apps. But McAfee researchers allege that the hackers are using this AI propelled assistant to snoop down files from locked computers.
Experts warn that the attack can turn serious if hackers decide to break into the network of the Windows 10 computer systems and spread malware on the PC/s.
In general, Cortana is developed to assist Win 10 users to schedule calendar appointments, check weather updates, set reminders and send emails and more.
However, researchers from McAfee labs have found that the voice-based virtual assistant is being used to browse files, install virus and even reset the password of a user-provided it has been activated for use.
The security flaw in Windows 10 was discovered when experts enabled the full desktop interface for Cortana by typing any key while the voice assistant was listening to their query on the lock screen of the computer.
As a result of this activity, the OS was displaying a search ability for the hackers to search for any files and apps on the system which is against the usual computer security protocol. What’s even worst that the security researchers were able to use the flaw to summon the voice-based assistant menu to open and induce malicious files from a USB drive. That’s possible due to the feature of Cortana’s ‘constant indexing’ in the background which enables it to find files for the computer user.
Microsoft made a note of this flaw on Friday last week and issued an update on Monday this week which disables the use of voice assistant Cortana from the lock screen.
The update has been issued on a worldwide note by the Santa Clara based company. But it might take at least a month time to reach the count of 400 million Win 10 active users on the full scale on a global note.
The post Microsoft Cortana allows hackers to snoop down your files appeared first on Cybersecurity Insiders.
June 15, 2018 at 08:50PM
Thursday, June 14, 2018
PSD2 implementation update from the EBA
The European Banking Authority (EBA) has published two documents, Opinion of the EBA on the Implementation of the RTS on SCA and CSC and Consultation Paper, in its ongoing PSD2 implementation process. Whilst there’s still lots of information to come, this communication does provide details on how strong customer authentication (SCA) and common and secure communication (CSC) needs to be implemented.
The Opinion Paper, addressed to Competent Authorities, discusses key areas identified by the market and the authorities after the publication of RTS in March. These include the exemptions to SCAs (contactless payments, for example), consent, the scope of data sharing and requirements for Open APIs. The EBA has also been clear that two factor authentication means two elements in two categories. EBA’s precisions about two-factor authentication also show that our Dynamic Code Verification cards and mobile are very relevant in the context of this regulation.
The EBA is very aware that more details are needed by the banks in order to successfully comply, and it intends to keep on its works for clarification.
The Consultation Paper, focusing on “the conditions to be met to benefit from an exemption from contingency measures” – for banks to open their systems to free access by TPPs, will help gather the views and expertise of the market’s players on this important topic.
At Gemalto, we’ve spent a lot of time with banking sector customers building in the mechanisms for SCA and CSC, and have published a helpful resource to guide our customers on the preparation required for PSD2 here.
We’ll publish updates as further clarity comes in the weeks and months ahead.
The post PSD2 implementation update from the EBA appeared first on Gemalto blog.
The post PSD2 implementation update from the EBA appeared first on Cybersecurity Insiders.
June 14, 2018 at 09:10PM
Why digital fintech companies are getting physical
It’s no surprise to tell you that the banking sector has undergone some fundamental changes over the past 20 years. A road that started with the arrival of online banking has led to a fintech revolution that’s transformed how consumers think about and manage their finances.
For traditional banks, staying relevant in the face of new digital competitors starting with the remodeling of branches to include technology and services that appeal to different customer groups. The rise of online has challenged the assumption that we need bank branches on every street corner and consumer demand for safe, secure and convenient banking, mixed with the capabilities of modern smartphones, have pushed banks towards rolling out their own apps and digital services. However, we still haven’t got to the point where we completely ignore bank branches and do all our banking online. And although competition across the financial ecosystem is significantly increasing, large financial institutions are not in retreat. In fact, interestingly, some digital players have been making the move to become more like traditional banks in an attempt to please more customers.
According to a report from the Wall Street Journal, PayPal will be launching traditional banking services later this year – including debit cards, loans and partnerships with small US banks to deliver them. The aim is to give those excluded from the banking system access to the digital economy, driven by the necessity of owning a bank account in order to participate in the modern economy because “if you don’t have a bank account, you can’t take an Uber ride or book a room on AirBnB”. PayPal is trying to make such services available to all, regardless of whether they have a bank account or not. To add to this, the fintech also recently acquired iZettle – a Swedish start-up that sells mobile credit card readers and other payment platforms. This step is set to allow PayPal to bring its online platform to 11 new countries and expand its offline offerings in the US, UK and Australia.
On top of this, Apple has also announced that it’s preparing to release a credit card in partnership with investment bank Goldman Sachs. The new credit card would use the Apple Pay branding and is expected to launch in early 2019, while Goldman Sachs will also offer in-store loans to Apple customers. This move by Apple means that the humble payment card still has a long future, but new actors in the industry would have to learn from the traditional players if they want to succeed in the competitive financial services market.
This is an interesting move, considering that a recent study by RFi Group suggested that digital-only banks are losing their appeal. According to the research, global appetite for digital-only providers fell from 74% in the first half of 2017 to 63% in the second half. Appetite for a digital-only main bank has also dropped, from 50% to 44%. While traditional banks may have been pleased to see those statistics, PayPal and Apple’s move into physical banking services shows that the disruption to the sector from digital entrants is only set to deepen, and competition for customers will remain intense.
Despite the perceived decline in interest for digital only banks, the sector continues to grow, with services like Monzo and Revolut rapidly gaining popularity and attracting major funding. For all banks – whether a traditional one or a digital startup – it shows the importance of being able to adapt to the customer needs and put them at the heart of their operations. Right now, a combination between the trust and reassurance of a traditional bank, and the convenience and innovation of digital services seems to be consumers’ most preferred approach. PayPal’s latest move shows that it understands this.
So, with digital entrants into the banking sector set to continue, and traditional banks fighting back, PayPal’s launch of physical services may be a sign of things to come. What do you think? Let us know in the comments below or by tweeting to us @Gemalto.
The post Why digital fintech companies are getting physical appeared first on Gemalto blog.
The post Why digital fintech companies are getting physical appeared first on Cybersecurity Insiders.
June 14, 2018 at 09:10PM
EU GDPR vs US: What Is Personal Data?
This post was originally published here by Rich Campagna.
May 25th, GDPR enforcement day, has come and gone with little fan fare (and about 6 quadrillion privacy policy updates), but that doesn’t mean we all know what to do to get into compliance. In fact, some measures put only one third of organizations in compliance as of the deadline, and the linked article refers to UK organizations – what about US organizations that are only now catching on to the fact that they probably need to be GDPR compliant? We thought that contrasting GDPR with typical US regulations and definitions would be helpful.
First topic, what constitutes personal data?
In the US, when we hear “personal data,” that usually equates to Personally Identifiable Information (PII). PII, according to the CIO of the US Navy, is “information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, date and place of birth, mother’s maiden name, biometric records, including any other personal information which is linked or linkable to a specified individual.” This has become an important enough topic that NIST has created a list of specific fields that constitute PII.
How does this differ from how personal data is defined in GDPR?
Well, according to the GDPR, personal data means “any information relating to an identified or identifiable natural person.”
Side note: In GDPR, “natural persons” are typically referred to as, “data subjects,” which is the least personal and least natural possible way to describe natural persons that I can think of, but I digress…
GDPR clarifies that “identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.“
In other words, personal information includes the US definition of PII, but goes much further. In addition to PII, personal information can include IP address (yes, even dynamic IPs with user behind a router doing NAT/PAT), sexual preference, medical prescriptions, occupation, eye color, shoe size and puzzling fandom of the band Survivor.
The post EU GDPR vs US: What Is Personal Data? appeared first on Cybersecurity Insiders.
June 14, 2018 at 05:20PM
SURVEY: MILLENNIALS DON’T SEE CAREER PATH IN CYBERSECURITY
This post was originally published here by (ISC)².
As organizations struggle to fill cybersecurity vacancies, they aren’t finding many candidates among millennial jobseekers. A new study shows millennials are only marginally interested in cybersecurity careers, with 9 percent showing any interest at all.
The finding is troubling, considering millennials have become the largest percentage of the overall workforce. This generation, which has grown up with iPhones and YouTube is often viewed as an untapped source of talent for cybersecurity careers, but it’s clear they are not getting the message that they are needed.
The study of 524 technology-savvy millennials, conducted by Enterprise Strategy Group and sponsored by ProtectWise, found that respondents are more interested in other technology areas. Video game development, cited by 33 percent of respondents, tops the list. It’s worthy of note that 40 percent of study participants have been gamers for more than 10 years. In addition, 68 percent of respondents view themselves as either technology innovators (27 percent) or early adopters of technology (41 percent).
No Cybersecurity Connections
Despite their enthusiasm for technology, study participants don’t view cybersecurity as a career path. Most don’t know anyone in cybersecurity, with only 17 percent saying someone in their family has worked in the field. To put things in perspective, only four male study respondents “described their current job as being in the field of cybersecurity.”
And even though nearly half of respondents had been in a STEM program during their K-12 education, 68 percent had never taken a class in school about cybersecurity. “This is primarily because they never had a choice: 65 percent said that their schools never offered courses,” James Condon, director of the threat research team at ProtectWise, wrote in a blog.
The lack of cybersecurity schooling has had an impact, but it’s also clear the cybersecurity field is failing to reach millennials and draw them to cybersecurity careers. Luring them with on-the-job training is an option, especially since millennials generally welcome training and mentorship. (ISC)2 has found that organizational programs are very important to a sizable majority (65 percent) of millennials – and nearly half (46 percent) view mentorship programs also as very important.
Higher Interest Among Women
In what is unquestionably a silver lining, the study found young women are more attracted to cybersecurity careers than young men (57 vs. 40 percent). Women are grossly underrepresented in the cybersecurity field, making up only 11 percent of the workforce, so this interest among the younger generation is welcome and could signal the beginning of a reversal of the underrepresentation. “Female millennials may present the industry’s best chance to effectively overcome the security skills shortage,” says Condon.
Interestingly, despite their small numbers, women are happier in cybersecurity careers than men, as evidenced in a recent (ISC)2 study. Women showed higher levels of satisfaction in areas such as salary, work proximity to home and adherence to a strong code of ethics.
Conclusion
It’s clear the industry needs to become more aggressive in getting its message out and working with educational institutions to expand cybersecurity curricula.
Photo:Hacker Noon
The post SURVEY: MILLENNIALS DON’T SEE CAREER PATH IN CYBERSECURITY appeared first on Cybersecurity Insiders.
June 14, 2018 at 05:06PM
Wednesday, June 13, 2018
Dixons Carphone admits payment card data breach
London based Dixons Carphone LLC, the largest electrical and telecommunications retailer and service provider has admitted that its servers were hacked by cyber crooks in July Last year who accessed the payment card data of customers in an unauthorized way. The consumer electronics company also admitted that it became a victim of a major cyberattack for the second time in three years and assured that the incident will never get repeated again in future.
In an investigation launched last week, the security analysts hired by the company found that an attempt to compromise data of 5.9 million credit cards was attempted in 2Q last year. As hackers found a way to access one of the processing systems of Currys PC World and Dixons Travel Stores.
Analysts discovered that all the data related to the cards were stored without any card verification values nor pin codes. Also, it was found that cardholder identification or purchases to be made lacked basic security controls.
The investigation further proved that more than 105,000 non-EU issued payment cards which did not have any chip and pin protection had been compromised.
Dixons Carphone has informed the card companies about the data breach so that they can protect the customer transactions from fraudulent means.
Also, data such as names, addresses and email addresses of more than 1.2 million customers is alleged to have been compromised in the breach.
Britain’s Information Commissioner’s Office(ICO), as well as the Financial Conduct Authority(FCA), have been informed about the breach.
Note- In the year 2015, Carphone Warehouse suffered a data breach exposing information of more than a million customers. ICO imposed a fine of 400,000 pounds for failing to protect the information of customers.
Wonder how much fine will be imposed on Dixons Carphone now- especially after the latest GDPR rules have come into effect from May 25th,2018.
The post Dixons Carphone admits payment card data breach appeared first on Cybersecurity Insiders.
June 13, 2018 at 09:36PM
Promoting gender diversity to boost innovation
The question of how to get more women into technology isn’t a new one. Since 2001, the French organization “Le Cercle InterElles” (website in French) made up of members from 14 international companies, has been working on the topic. Every year InterElles holds a conference and in 2018 more than 600 people, both men and women, gathered to exchange on the subject of “How men and women collaborate on innovation and the role of men in supporting gender diversity.
Gemalto is a member of several such organizations around the world, and is a member of InterElles in France via our women’s network “Gemalto Connected Women”. We have been present at many editions of this forum, with over 20 participants on hand in 2018, including Nicola Joels, Nathalie Bogard, Ghita Tazi and Lucie Brelot. We met to discuss the role of women in innovation and how to ensure daughters and sons have equal opportunities for professional success. For the last three years our senior management has also taken the stage to share lessons on diversity from our business.
Senior management support
In 2018 it was the turn of our CTO, Serge Barbe, to take the stage. During a panel discussion, Serge shared insights on the importance of gender diversity at Gemalto and in particular the role it plays within the R&D teams.
He emphasized that for innovation to be successful, it’s not solely about allocating time and money (although that’s certainly important); it’s also about creating the right conditions to innovate. For example, creating a common framework where all employees, regardless of gender, work towards a single target. It could be value creation, solving a particular customer problem, or another collective goal (business processes, manufacturing, etc.). What’s important is that everyone must have the same objective in mind.
Equally as important is the curiosity mindset, which is key to triggering people’s involvement. And since curiosity fuels growth, it’s essential that it is encouraged and supported equally among all employees, both men and women alike.
One of the areas where companies can make a difference is by showcasing successful and innovative women. For example, in 2017 one of our own, Aline Gouget, was recognized with the ‘Scientist woman in an enterprise’ award by the French Ministry of Education, Research and Innovation. Aline was also recently promoted as Gemalto’s first female Tech Advisor – one of only eight advisors in the entire company. And we are also lucky to have other innovation role models like Karen Lu, senior researcher in Austin and Virginie Galindo who works in the CTO office, bringing their expertise to the field.
As Serge pointed out, 28% of all patent applications at Gemalto – which are the innovation pulse of any company – include women as inventors. We’re constantly looking for more ways to support women’s development in tech so that this percentage – along with the number of women in tech overall – continues to grow.
Promoting women at Gemalto
Gemalto Connected Women is our internal professional network. It was launched in January 2015 by women employees with the backing of Gemalto’s top management. It aims to promote gender diversity by building awareness, taking concrete actions and sharing best practice among Gemalto women. The network keeps growing and today numbers more than 1,000 members across 23 chapters around the world. See more about diversity at Gemalto.
The post Promoting gender diversity to boost innovation appeared first on Gemalto blog.
The post Promoting gender diversity to boost innovation appeared first on Cybersecurity Insiders.
June 13, 2018 at 09:10PM
Dixons Carphone breach: Millions of card and user data compromised
By Waqas
A prominent United Kingdom-based retailer has suffered a massive data
This is a post from HackRead.com Read the original post: Dixons Carphone breach: Millions of card and user data compromised
June 13, 2018 at 07:05PM
Tuesday, June 12, 2018
UK ICO imposes £250k fine on Yahoo
The Information Commissioner Office (ICO) of UK has imposed a fine of £250,000 on Yahoo’s UK Division for failing to notify the 2014 Cyber Attack on time. Yahoo! Officials notified the world about the hack in September 2016 i.e after two years of a data breach which was strictly against UK’s data protection standards.
In September 2016, Yahoo disclosed that data of more than 500 million global users were compromised in a data breach-which includes details of 515,121 UK account holders. The leaked data includes email addresses, names, phone numbers, date of births, hashed passwords and encrypted security questions and answers of some users.
When a probe was carried out by the ICO on Yahoo’s data breach, it was revealed that the leak took place as the web service provider failed to take appropriate technical and organizational measures. Also, appropriate monitoring measures were never put in place by Yahoo to protect the credentials of its users. ICO said that the inadequacies found were in place for a long period of time without being disclosed or addressed.
James Dipple, the Deputy Commissioner of Operations, ICO confirmed this issue in a statement released a couple of hours ago.
Mr. Dipple also added that since the latest EU General Data Protection Regulation(GDPR) came into effect on May 25th,2018, the populace of Britain now have stronger rights and more control and choice over their personal data.
Note 1- In October 2016, ICO imposed a fine of £400,000 on ‘TalkTalk’ as the company failed to keep its customer data isolated from hackers.
Note 2- In general, Information Commissioner’s Office of UK has the power to impose a fine of the maximum penalty of £500,000 under the Data Protection Act 1998. But if the modalities are worked out the data protection watchdog can also impose a maximum penalty of £20 million or 4% of a company’s annual turnover on a global note.
The post UK ICO imposes £250k fine on Yahoo appeared first on Cybersecurity Insiders.
June 12, 2018 at 09:30PM
Dolphin attacks, and what they mean for digital assistants
Simply put, digital assistants are nothing short of amazing. In the past couple of years, advancements in this space have been stunning. We can now rely on digital assistants to enhance, simplify and improve our lives in multiple ways, both for personal and business use.
The likes of Alexa, Cortana, Siri and Bixby (and many more) are now household names. They come with an impressive range of benefits, tricks, ever-improving software and being integrated in more and more devices. These virtual buddies/helpers can carry out a wide range of complex tasks, from scheduling appointments, creating lists, ordering taxis, booking flights, opening software, and even activating/controlling smart devices – all possible by voice commands from the user.
But this is only the beginning; as Henrik Nordmark, head of data science at Profusion, said recently in an interview with The Telegraph: “We’ve barely scratched the surface of what virtual assistants can do.” It’s clear the future holds digital assistants with significantly more power, intelligence, ingenuity and connectivity to other devices/services in our lives. This of course is exciting; it’s easy to think of all the other ways in which this will enhance our lives and the new windows it’ll open. But before we get carried away by our new virtual companions, we need to think carefully about their/our security.
Recently, researchers have discovered a new type of cyber threat related to these assistants, called ‘Dolphin Attacks’. The name comes from the fact that dolphins can hear a range of sounds that humans can’t (similarly to dogs). In essence, the concept is that commands can be hidden in high-frequency sounds that these assistants can detect, but our human ears are unable to hear. A scary thought.
And this thought is now capable of becoming a reality. A new paper from Nicholas Carlini and David Wagner of University of California, Berkley, has revealed the specifics. Crucially, they discovered that “With optimization-based attacks applied end-to-end, we are able to turn any audio waveform into any target transcription with 100% success by only adding a slight distortion.” Basically, they can disguise these hidden commands with some slight distortion, without a user realizing.
Of course, this isn’t easy; it took extensive research and effort to achieve this… but it is possible. This means that with the right opportunity, and the right knowhow, a hacker could theoretically hijack an assistant (using the speech recognition function), using it to carry out commands without a user’s knowledge. As you can see in the paper, in their case examples, it is practically impossible for humans to detect any differences in altered clips/sounds with hidden commands.
So, what does this mean?
Firstly, it’s important we don’t over analyze the situation or create unnecessary fear. While there are concerns, the researchers only tested speech recognition software, not specific digital assistants. And we should also consider how these tests were carried out in a controlled environment and aren’t guaranteed to work in a real scenario. So, it’s not time to press the panic button. However, it is certainly time to carefully evaluate the situation. Clearly, there is a threat, which could result in significant consequences for individual users or businesses.
This means that it’s more crucial than ever before that security by design, for all new technologies (digital assistants in this case), is a priority. Security and protection from threats must be at the front of our minds when we construct these new solutions and products. Perhaps this is the only way we can boost consumer confidence in IoT device security…
Fortunately, the leading providers of these solutions (the largest tech companies such as Apple, Google and Amazon) are aware of this type of threat; built-in security features are now there to help protect against them. However, it is yet to be seen whether these features have the necessary requirements to stop dolphins in their tracks. Clearly, there’s still much to be realized when it comes to voice recognition security.
On a personal level, I’m well-versed with a wide range of smart home, voice-activated devices now, using them mostly to control lighting, music and heating. So far, I’ve not come across any issues or significant threats or needed to worry about any dolphin attacks. However, I do have some concerns regarding a hacker in our own home: my four-year-old son; he’s been somehow able to add his favorite toys to our family Amazon shopping cart recently, on his own. This just shows once more that digital assistants offer a (voice) user interface, that even a small child can use…
As with any new technology, new routes of attack come with it, which we’re witnessing here. That’s why it’s so important we keep security (in this case IoT Security) at the front of our minds as we design these new products/offerings. At the same time, security needs to be able to evolve and be managed over the lifecycle. If we don’t follow this approach, it’ll be impossible to stay ahead of the hackers who seek to exploit the incredible new breakthroughs and solutions that are being developed right now.
What do you think? Do you believe Dolphin Attacks are a major threat to digital assistants? Let us know your thoughts by tweeting to us @Gemalto or leave a comment in the section below.
The post Dolphin attacks, and what they mean for digital assistants appeared first on Gemalto blog.
The post Dolphin attacks, and what they mean for digital assistants appeared first on Cybersecurity Insiders.
June 12, 2018 at 09:11PM
Make a lasting impact while in New Orleans during (ISC)² Security Congress
Training employees about cybersecurity is essential but educating younger generations from the moment they gain access to the internet, should be a priority. This year, at (ISC)² Security Congress in New Orleans, cyber, information, software and infrastructure security professionals will learn about cyber safety education thanks to the Center for Cyber Safety and Education, the charitable arm of (ISC)². The Center relies on (ISC)² members to develop cyber safety programs for seniors, parents and children. Its mission is to empower students, families and whole communities to secure their online life through cybersecurity education and awareness with the Safe and Secure Online educational program; information security scholarships; and both industry and consumer research.
In line with this year’s Security Congress theme, “Enrich. Enable. Excel.” the Center is providing multiple opportunities for cybersecurity 
But wait, there is more! This year the Center is launching its very first Cyber Safety Day, Monday, October 8th, a one-day event taking place during October’s Cybersecurity Awareness. The goal is to collaborate with companies that are passionate about cyber safety to provide elementary schools in New Orleans with Garfield’s Cyber Safety Adventures digital citizenship curriculum. This is a great opportunity for companies and individuals to take part in a feel-good event and make a lasting impact while visiting New Orleans. Once contributions are finalized, the Center will coordinate with local schools to deliver the materials. In addition, one lucky school will receive a surprise visit from Garfield, everyone’s favorite cat! Teachers will deliver the lesson Monday, October 8, as part of Cyber Safety Day – New Orleans.
The post Make a lasting impact while in New Orleans during (ISC)² Security Congress appeared first on Cybersecurity Insiders.
June 12, 2018 at 09:11PM
US government sees Russia as a cyber threat to undersea cables
US government’s Treasury Department has imposed new sanctions on 5 Russian companies and 3 Russian Nationals said to have helped the Russian Federal Security Services to launch cyber attacks on the critical infrastructure of United States in February this year.
In a statement issued by Treasury Secretary Steven Mnuchin, it was clearly mentioned that the sanctions were imposed to punish foreign hackers working hand-in-hand with the Vladimir’s Putin’s government which was trying hard to jeopardize the safety and security of the United States and Allies.
A source from Associated Press says that the sanctions were imposed in retaliation to the NotPetya attack, as well as intrusions carried out on US Energy grid and global network infrastructure by Russian intelligence.
The source adds that US Intelligence recently detected Russian efforts to track and sabotage undersea cables carrying global internet communications.
As web connectivity allows the populace of different continents connects with each other, Russia is planning to disrupt it to bring the digital world to a halt.
According to the Associated Press, Digital Security Plus and two of its subsidiaries- ERPScan and Embedi, Kvant Scientific Research Institute, and Diventechnoservices will face the new sanctions. Aleksander Lvovich Tribun, Oleg Sergeyevich Chirikov and Vladimir Yakovlevich Kaganskiy working for Diventechnoservices will also face the sanctions.
Note- In 2017, Trump administration imposed sanctions on Russia for interfering in US Presidential Elections. It expelled 35 Russian Nationals from its country.
The post US government sees Russia as a cyber threat to undersea cables appeared first on Cybersecurity Insiders.
June 12, 2018 at 11:25AM
Monday, June 11, 2018
Start your week with these news snippets related to Cyber Security
Fifa World Cup Apps are vulnerable to cyber threats- San Francisco based mobile security company named Pradeo has found that almost all the Euro Sports Apps related to the FIFA World Cup Football are filled with over 63 vulnerabilities each related to Cyber Threat. This includes apps which have been downloaded more than 1000 to 10 million times. It was found in the research that the apps send user’s location to 18 remote servers and collect data via 8 ad libraries. Thus, researchers who dissected the technicalities of the apps say that the apps expose their users to man-in-the-middle attacks and Denial of service attacks. So, all you fans who want to catch the live action of World Cup Football, please beware of these security threats.
Banco De Chile loses millions due to Cyber Attack- Bank De Chile, a commercial banking service provider has admitted that its payment system and money transfer services were hit by a recent cyber attack making it lose millions to hackers due to the incident. A virus named KillDisk is believed to have infiltrated into the banking network earlier this year infecting over 9000 computers and 50 servers related to Bank of Chile. Sources reporting to Cybersecurity Insiders say that the virus created a loophole for the hackers to enter into the network and helped them conduct fraudulent transactions. Later the same Virus is said to have wiped hard drives and left the servers in a non-rebootable state. Ofer Israeli, the CEO of Illustrative Networks said that Lazarus Group of North Korea could have launched the said cyber attack.
Cyber Attack on South Korean Cryptocurrency Exchange Coinrail spooks investors and leads to the downfall of Bitcoin. As soon as the Korean exchange admitted that it was hacked, its investors started selling off the digital coins prompting a downfall of the currency. It is said that the hack news resulted in Coinrail losing around 30 % of coins traded on the exchange. As of now, the trading on the website has been suspended. Currently, BTC is trading at $6,757 down from $7,300 earlier on Sunday.
The post Start your week with these news snippets related to Cyber Security appeared first on Cybersecurity Insiders.
June 11, 2018 at 09:23PM
Security and Identity Management in the Gaming Industry
Last week we held a webinar together with Veridocs, on the topic of security and identity management in the gaming industry. We have pulled together the 5 key takeaways from the session.
- New technologies are equipped to overcome the deficiencies of the past.
Many traditional technologies and security procedures such as handheld bar code readers, manual ID check, manual recordkeeping, and floor presence check points haven’t done enough to keep up with the ever-increasing complexities involved in keeping a casino floor safe.
Fake IDs, for example, are never perfect, and today’s document readers are equipped to look at more than the easily faked bar code. They use multiple light sources to pick up and check for numerous security markings while advanced algorithms authenticate the ID against the appropriate, government issued, ID template.
Or take for instance, the manual, random, patrolling of casino floors and monitoring of security camera feeds. According to Derk J Boss, CFE, CPP, CSP and Alan W. Zajic, “Most new surveillance operators are not trained in the technique of proper patrol. Most, in fact, are trained to patrol randomly and not in a systematic manner…a random patrol equals random results. Random results will cost your casino money, a loss of efficiency, and will not deter crime.” With the advances in facial recognition technology, random surveillance is a thing of the past. Even systematic patrol can be set aside because facial recognition allows for 24/7, real time monitoring and alerting to optimize efficiencies and of course, deter crime.
- Facial recognition speed and accuracy have made massive improvements in the last decade.
It’s no secret that casinos and law enforcement alike have been at least passively researching facial recognition for years. While it certainly had its own deficiencies in the past, machine learning advances have moved this technology from deficient to excellent!
You’ve heard about Artificial Intelligence (AI)? AI is all about learning. No matter the amount of data you had at your disposal, the effectiveness of traditional algorithms (regardless of the application) would level off at some point. With machine learning advances, the algorithms continue improving as they are exposed to more and more data. These advances have improved facial recognition accuracy and speed results ten-fold. Just this year, DHS and NIST sponsored a biometric rally where the technology was put to the real world test and the results were amazing.
- Adding document authentication will strengthen your KYC security.
What’s the first thing you’re asked to present checking into the casino hotel or cashing in at the end of a great night of gambling? Your ID.
By implementing document authentication, casinos are able to add a layer of security that removes the innate human error associated with manual ID reviews. Large casino-destination cities like Las Vegas in the United States and Macua in China, attract patrons from around the world. With that wide array of individuals comes a wide array of ID cards, driver’s licenses, and passports. It takes years of experience and practice to identify a fake ID and expecting cage workers and concierges to catch such nuances is not likely. By utilizing document authentication such as Gemalto’s CR5400 ID1 Reader or the AT9000 MK2 Passport Reader, casinos can arm each customer touch point with a high-tech device capable of identifying even the most minute errors in an ID. On top of security, parsing data from the ID and automatically populating hotel guest profiles, including images, provides time saving, typo-proof, advantages.
- Facial recognition is unique in its ability to provide value in numerous use cases including self-enrollment, access management and surveillance.
- Self-Enrollment: The most basic form of facial recognition is 1 to 1 (1:1) matching. 1:1 matching allows casinos to verify that the person presenting the ID is in fact the person whose image is on the document. By leveraging technology to authenticate and verify the individual, casinos no longer need any employee interference as customers sign up to become members of their players’ club, register for online gaming, or yes, check-in to the hotel.
- Access Management: Enable frictionless access control for everyday needs and special events using 1 to few (1:n) matching. The next step up is matching a live person against a small database of known individuals. This scenario leverages the same technology as used in self-enrollment use cases but with 1:n, images are stored and used for matching at a later date. The most common use cases for casinos includes granting access to secured locations and managing access to approved vendors and contractors.
- Surveillance: Similar to 1:n matching, 1 to Many (1:N) matching, leverages a larger database of images that can be separated into different lists of interest. Picture a large crowd of 50,000 people. Even with 200 officers monitoring that crowd, watching for specific persons of interest and unusual activity is an uphill battle. With 1:n facial recognition, any camera trained on the crowd becomes an additional set of unbiased eyes looking for specific individuals or specific abnormalities. Additionally, the use of facial recognition at choke points, such as entrances and exits, ensures that every individual in the area is captured and compared against the database of peoples of interest upon arrival and departure. Each person captured is also time and date stamped.
- Document authentication and facial recognition are designed to protect your current infrastructure investments while future proofing for future needs.
Gemalto is front and center for the evolution of driver’s licenses from physical to digital and is currently operating numerous pilots in the US. Understanding this transition is key to any security vendor trying to prepare your casinos for the future. As more funding is pumped into digital ID’s, less will be allocated to the refinement and continuous improvement of physical IDs. This is where document authentication really shines. Society will face at least a decade where citizens will be able to present either form of identification, yet with less scrutiny surrounding physical IDs, counterfeiting is sure to climb. Having a document reader in place now, will proactively prepare your organization for the shift to come, while improving your security and efficiency today.
Facial recognition technology is simply software that relies on camera input. Previous attempts to deploy facial recognition on a large scale had failed largely due to infrastructure investment costs. Vendors of the technology required top of the line cameras that cost the consumer thousands of dollars each. While the recommendation to utilize quality cameras has not changed, years of camera technology improvements have made the infrastructure needed for accurate facial recognition more affordable. Additionally, many casinos have upgraded their surveillance systems in recent years installing cameras more than capable of producing hi-res imagery that benefits facial recognition.
If you have any questions related to security and identity management in the gaming industry, leave a comment below or tweet us @Gemalto.
Learn more about the Presenters:
- Gemalto: Daniel Asraf, Senior Vice President of Biometrics
- Veridocs: Brian Heidorn, Vice President of Sales and Product Management.
The post Security and Identity Management in the Gaming Industry appeared first on Gemalto blog.
The post Security and Identity Management in the Gaming Industry appeared first on Cybersecurity Insiders.
June 11, 2018 at 09:08PM
