FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Sunday, September 30, 2018

New Internet startup to offer more Data Privacy controls

Tim Berners-Lee, the inventor of World Wide Web is all set to unveil a ‘New Internet’ which promises to give users full control on the data they share with other internet services providers like Facebook, Google, and Amazon.

Inrupt, an app based web search system will allow users to regulate what personal info they would like to share on the web and how that info is stored by the big service providers.

Lee said that Inrupt will allow users to create a personal online data store called POD. And in that, they can store all the info like contacts lists to music libraries.

In simpler terms, Inrupt will be an amalgamation of certain functions of programs such as Microsoft Outlook, Google Drive, Slack, Spotify, and WhatsApp- all on one browser at one time.
Saying the same in an interview last week, Berners Lee said that the new Internet App’s main objective is ‘World Domination’ where users will be the king and not the companies which are offering the technology.

Note- Berners Lee is the same guy who found World Wide Web Consortium in 1994. He has been an avid defender of ‘Net Neutrality’ and has also aired his voice to Ajit Pai, the head of Federal Communications Commission.

Inrupt’s POD will be depending on an already established open source platform called ‘Solid’ where users will be in charge of deciding who can access their data on the information store and to what extent. The company refers to these functions as ‘Personal Empowerment through Data’.

The post New Internet startup to offer more Data Privacy controls appeared first on Cybersecurity Insiders.


October 01, 2018 at 10:26AM

British Watchdog to slap £1.25 Billion penalty on Facebook for recent Cyber Attack

Last weekend turned into a nightmare for Facebook users as their favorite social media platform officially disclosed that a cyber attack on its database could have leaked sensitive info of over 50 million users to hackers. As the investigation is still going on, the exact number of compromised accounts remains unclear and might be revealed by this weekend by the authorities.

Meanwhile, British data Watchdog has taken a review of the situation and is intending to impose a £1.25 billion fine on the world’s top social networking giant for showing laxity in keeping the data of its users secure.

In a recent conversation with a media resource, the Irish Data Protection Commissioner which mostly regulates the European Data Compliance said that the Facebook head needs to give a thorough explanation for what has happened and if he fails to do so, in either case, his company will have to face serious action.

As the global turnover for Facebook from the generated ads happens to be 31.2 billion last year, the imposed fine could be in the range of 10% to 20% of the total gross amount.

Facebook clarified in one of its latest cyber attack updates that hackers gained access to the account data through Facebook’s “View As” feature which allows users to see how their profiles look like when others view them.

Note 1- In March this year, Facebook was caught up in another data scandal which is linked to US Polls 2016. It’s said that a UK company named Cambridge Analytica falsely gathered public opinion from 86 million American Facebook users in 2015 and used that data to influence the results of 2016 US Presidential Polls which eventually went in favor of current 45th US President Donald Trump.

In other news related to the Facebook hack, Google made an announcement on Sunday that it will act swiftly to remove video tutorials on Youtube which show how to hack Facebook accounts. The web search giant has decided to scrap such videos within a period of a fortnight.

Note 2- Some videos which teach hackers on how to steal digital tokens will be the first to be blocked on Youtube, a video streaming service owned by Google.

The post British Watchdog to slap £1.25 Billion penalty on Facebook for recent Cyber Attack appeared first on Cybersecurity Insiders.


October 01, 2018 at 10:21AM

Over 50 million account info leaked in Facebook Cyber Attack

Facebook shared a blog post today which says that it’s “View As” feature had the potential to allow hackers to take over Facebook accounts. And the flaw could have compromised information of more than 50 million accounts info to hackers. The social media giant has however declared that the discovered flaw was fixed and its users need not change their account passwords in a rush.

Although the investigation is still underway, a technical source from Facebook’s backend team reveals that the “View As” flaw allowed cyber crooks to gain access to tokens which are meant to keep users logged into their accounts over multiple sessions.

Note- Facebook’s View As feature allows users to look at their profiles as others see it.

Cybersecurity Insiders has learned that Facebook is investigating on how many of the stolen tokens were used and has taken a precautionary measure of resetting the access tokens on more than 90 million accounts a couple of hours ago.

Reuters says that the technical team of Facebook found the flaw on September 25th, 2018, but delayed to inform its user’s via media for reasons.

More details will be updated shortly!

The post Over 50 million account info leaked in Facebook Cyber Attack appeared first on Cybersecurity Insiders.


September 30, 2018 at 01:26PM

Saturday, September 29, 2018

Hacker vows to delete Mark Zuckerberg’s Facebook account; reports it for bounty instead

By Waqas

Hacker Cancels Plan to Live Stream Deletion of Mark Zuckerberg’s Facebook Account. It was just yesterday when Facebook announced that it was hacked after attackers exploited a vulnerability in its View As feature and gained access to over 50 million accounts. Now, a well-known hacker from Taiwan, Chang Chi-yuan made headlines for a rather intriguing […]

This is a post from HackRead.com Read the original post: Hacker vows to delete Mark Zuckerberg’s Facebook account; reports it for bounty instead


September 30, 2018 at 02:19AM

YouTuber reveals iPhone XS passcode bypass bug exposing contacts/photos

By Waqas

With new iPhone XS out, it is a universally believed fact that Apple is committed to improving, and enhancing user privacy and security in its devices. With the new iOS 12 and iOS 12.1 beta, the Cupertino-based company claims to have taken security to a whole new level. However, this claim is questioned after numerous […]

This is a post from HackRead.com Read the original post: YouTuber reveals iPhone XS passcode bypass bug exposing contacts/photos


September 29, 2018 at 02:57PM

Facebook hacked: Hackers steal access tokens of 50 million accounts

By Waqas

Hackers exploited a vulnerability in the “View As” feature of Facebook. The social media giant Facebook has announced that it has suffered a massive cyber attack, resulting in  50 million users account impacted. In a statement, the vice president of product management at Facebook, Guy Rosen said that hackers exploited a vulnerability in Facebook’s ‘view as’ feature which […]

This is a post from HackRead.com Read the original post: Facebook hacked: Hackers steal access tokens of 50 million accounts


September 28, 2018 at 11:15PM

Demonoid goes offline with owner missing in action for last two months

By Waqas

It has been many days since a popular, semi-private BitTorrent tracker Demonoid has remained offline. The employees working for this website are also clueless about what’s happening and claim that the owner of Demonoid, Deimos, is also missing. None of them have had any contact with him for the past two months. Demonoid has been […]

This is a post from HackRead.com Read the original post: Demonoid goes offline with owner missing in action for last two months


September 28, 2018 at 09:09PM

Fancy Bear’s VPNfilter malware is back with 7 new modules

By Waqas

Cisco’s Talos researchers have identified that Russia’s VPNfilter is way more dangerous than it is believed to be. The malware, which prompted the FBI to urge people to reboot their internet routers, contains seven additional third-stage modules that are infecting countless global networking devices since 2016. The infected devices are mainly located in Ukraine as […]

This is a post from HackRead.com Read the original post: Fancy Bear’s VPNfilter malware is back with 7 new modules


September 27, 2018 at 11:37PM

Firefox Monitor will Notify you When Your Account is Hacked- Mozilla

By Waqas

Firefox has joined hands with Have I Been Pwned for this project. Mozilla introduced a new service earlier this year called Firefox Monitor, and now the company is adding a new feature to this service. The newly added feature will take scrutiny to a whole new level by allowing users to sign up for getting […]

This is a post from HackRead.com Read the original post: Firefox Monitor will Notify you When Your Account is Hacked- Mozilla


September 27, 2018 at 07:46PM

11 million personal unprotected MongoDB records leaked online

By Uzair Amir

Another day, another trove of sensitive data exposed online. This time, a MongoDB database containing a whopping 43.5GB of the dataset used in marketing campaigns has been left exposed for public access. The data was discovered by Bob Diachenko, an independent security researcher who noted that the database was available on an unprotected MongoDB hosted on Grupo-SMS hosting and […]

This is a post from HackRead.com Read the original post: 11 million personal unprotected MongoDB records leaked online


September 27, 2018 at 06:35PM

Exploring the Way Technology Has Changed Entertainment

By Carolina

There is little doubt that technology has influenced people’s lives in many ways. Not only are you more likely to have a mobile phone in your pocket, but you are also likely to use the internet many times per day. While technology has brought a lot of great ideas to business and the way people […]

This is a post from HackRead.com Read the original post: Exploring the Way Technology Has Changed Entertainment


September 27, 2018 at 04:09AM

Friday, September 28, 2018

SingHealth server did not receive security updates for fourteen months

SingHealth, the largest healthcare group of Singapore disclosed to the world on July 19th this year that it became a victim of a cyber attack where hackers succeeded in accessing personal data of more than 1.5 million people and medicine dispense details of about 160,000 people.

Furthermore, reports emerged that the hack also gave access to critical info related to the health of Lee Hsien Loong, the Prime Minister of Singapore.

Now, after two months of detailed inquiry, it has been revealed that the servers of the Singhealth haven’t received security updates for more than 14 months. The reason- the senior manager of the server Mr. Tan Aik Chin at the National Cancer Center Singapore(NCCS) did not do the update Since May 2017 for reasons best known to him and the related authorities.

Later as some senior level staff left the organization, NCCS handed over the task of managing the servers to Integrated Health Information Systems (IHiS) which took the server administration into its hands. But did not follow the standard security updated procedures which led to the data breach.

When Mr. Tan learned about the exploited server he found out that the server wasn’t updated since months and was infected with a virus sometime in July this year. The digital intrusion is said to have occurred on June 27th,2018 not on May 8th of this year, as reported by a certain section of media,) before being discovered on July 4th,2018.

All these details were testified before an Inquiry committee on Thursday on September 27th,2018.

The Cyber Security Agency of Singapore says that the cyber incident could have been avoided if the management followed simple security practices such as keeping the windows server operating system updated with the latest security updates.

The inquiry is said to progress for few more weeks as the testifying committee has learned the fact that there was a misunderstanding between NCCS and IHiS regarding the management of eight research servers which includes the database storing the info of SingHealth patients. And so a clarity in this regard is yet to be testified.

So, more details are awaited!

The post SingHealth server did not receive security updates for fourteen months appeared first on Cybersecurity Insiders.


September 28, 2018 at 09:22PM

How to Protect Data in a BYOD World

This post was originally published here by Mike Schuricht.

Every day, more and more corporate information is moving to employees’ personal devices. This rise of BYOD (bring your own device) provides increased flexibility and productivity to employees and, consequently, the organizations for which they work. However, it also creates new cybersecurity concerns. Traditional tools built for corporate-owned, managed devices are not ideal for this new BYOD landscape. Learn more by watching the below Glass Class.

 For more information about how Bitglass, the Next-Gen CASB, can help you secure your employees’ personal devices, download the solution brief below.

Photo:Wikipedia

The post How to Protect Data in a BYOD World appeared first on Cybersecurity Insiders.


September 28, 2018 at 05:23PM

Thursday, September 27, 2018

Hackers are extensively using Python language in their cyber attack tools

Imperva, a Cybersecurity software and services provider came to a recent conclusion that the world’s most popularly used programming language ‘Python’ is being widely used by hackers in their cyber attack tools,

The Redwood City-based company came to the above-said conclusion after finding more than 20% of GitHub Repositories filled with tools to launch cyber attacks and proof of concept exploits- all written in Python.

In virtually every security-related topic in GitHub, the majority of the repositories are being written in Python, including tools such as w3af, Sqlmap, and even in the not so famous tool of the auto split.

Imperva study fortifies the fact that out of most of the attacks which have taken place on a global note, 77 % of them were hit by some sort of Python-based tools and in at least a third of these incidents, the attack code was written in Python Language.

California based security company says that urllib and Requests are the 2 most popular Python libraries used by attackers with asyncio, being the latest.

Insights provided by Imperva doesn’t include the facts on whether defending the python based attacks is any different from dealing with other variants of exploits.

Grady Booch, working for IBM Cybersecurity says that Imperva’s perspective seems reasonable as Python requires minimal coding knowledge for writing a script and exploit vulnerabilities.

Even Thomas Reed, the Director of Mac and Mobile Security of MalwareBytes agrees to what is being said in the findings of Imperva. He adds that the said language is very popular with the white hats and so may also be a favorite of the dark world.

The post Hackers are extensively using Python language in their cyber attack tools appeared first on Cybersecurity Insiders.


September 28, 2018 at 10:31AM

Ransomware hits servers at Port of San Diego

A sophisticated cyber attack involving Ransomware is said to have disrupted one or more computer servers at the IT facility of the Port of San Diego. It’s said that the port officials identified the attack at first on Tuesday and then investigated it further to identify that the servers related to Harbor Police and the port employees were hit by a malware variant known as Ransomware.

After getting a confirmation of the issue, Randa Coniglio, CEO, Port of San Diego released a press statement yesterday saying that the servers of the company were disrupted by a cyber incident and special teams have been mobilized to minimize the impact and restore the system functionalities.

The cyber team working on the attack is yet to determine the damage caused by the incident and is yet to figure out the culprits.
 
A source reporting to Cybersecurity Insiders from the company says that the attack looks similar to that of the one which took place against the city of Atlanta in March this year where key services like wireless communications were locked up in exchange to a bitcoins ransom.

Port authorities have already reported the incident to the California Office of Emergency Services and the County of San Diego office of Emergency Services on Wednesday.

Note- Founded in 1962, the Port of San Diego happens to be one of the largest containership ports of America and is known to bring in nearly 3,000,000 metric tons of Cargo per year. The port is divided into two terminals spread on 221 acres and brings in inbound cargo such as refrigerated commodities, fertilizers, cement, forest products, and FMCG products.

The post Ransomware hits servers at Port of San Diego appeared first on Cybersecurity Insiders.


September 28, 2018 at 10:28AM

One Day, NCSAM will be a Fond Memory

October is National Cyber Security Awareness Month (NCSAM), and I thought it would be a neat idea to offer some ideas about best practices for good passwords.  Since I have written about this before, I figured it would be the easiest thing ever, especially with all the advances in password management technology, and the new NIST Guidelines.  I could talk about the usual things, like:

  • Use a password manager;
  • Use a passphrase instead of a password;
  • Don’t re-use passwords;
  • YAWN;
  • Etc.

All these tips seem so “common”, tired, and repetitive.  We have heard this all before from some of the giants of the InfoSec community.  There are hundreds of articles from every known source that offer the same tips on best practices for passwords, dating back many years.  Clearly, the problem is not a lack of information.  The problem is not with the message, as that is clearly splashed all over the internet.

Some of us, myself included, have previously followed the misguided approach that we should treat the patient, rather than the disease.  However, the disease is outpacing the cures.

As Bruce Schneier has stated, the problem is not with the patient. 

Technology has created a world of easy access, and it keeps getting easier.  Everything is available at the click of a link, yet we security folks, the messengers of online safety, spend much of our time like a bad piano teacher with a ruler, ready to slap the fingers of the person who clicks that link without first thinking of the consequences. 

There have been so many advances in the technology that can unobtrusively improve the security experience for everyone.  All the tools exist to create a silent security wall that protects the online experience. For example:

  • Multi-Factor authentication has been a major leap towards protecting identities, preventing many credential-theft scams.  I have posited in the past that this needs to mandatory for all online systems.
  • URL obfuscation, which masks a hyperlink and checks it against known exploits before loading the destination page, can protect against clicking a link that is not what it purports to be.  With everything based in the cloud, this is an easy redirection scheme to silently protect online browsing. 
  • Browser plug-ins, such as IDN-Safe, which protects you against malicious sites that use hidden Unicode characters in URL names.
  • Safe Wi-Fi – Products, such as LookOut Mobile, offer a feature that will detect SSL stripping to protect consumers against connecting to rogue Wi-Fi hotspots.

The main hurdle to overcome with some of these tools is that their best features are unavailable at the consumer level.  While that may make good business sense, it leaves us with the same problem of the crutch of “user awareness” as our primary tool towards security.

This all leads me back to my “password best practices” advice for NCSAM. Yes, all of the standard password rules still apply, but only because that is the current state of affairs.

What can we do to change this approach? Is it possible to demand better built-in security for our protection?  Can we shift the burden to those who want us to use their systems, rather than the current model of making us responsible for our own online safety? 

Moreover, how can we achieve such advances towards personal safety without the need for regulations and litigation? Or, with the emergence of the many cybersecurity protection regulations and GDPR, has this wave of shifted responsibility already begun?

With all the advances in our midst, will we eventually be able to celebrate Cyber Security Awareness Month as a fond memory?

I have been faulted before for saying so, but, the future looks bright!

      

The post One Day, NCSAM will be a Fond Memory appeared first on Cybersecurity Insiders.


September 27, 2018 at 09:09PM

CISSP Spotlight: Shinji Abe

Shinji AbeName: Shinji Abe
Title: Director
Employer: NTT Security (Japan) KK
Degree: Bachelor of Science, Master of Science in Quantum Physics
Years in IT: 11
Years in cybersecurity: 7
Cybersecurity certifications: CISSP

 

How did you decide upon a career in cybersecurity?

I started my career as a system engineer. I became involved in information security after some systems managed that I was managing received vulnerability assessments. That was when I realized the importance of cybersecurity. I moved to the security analysis team to focus on security works in 2011. 

 

Why did you get your CISSP®?

In the beginning of my cybersecurity career, I learned cybersecurity through self-study. However, I wanted to understand in a comprehensive and systematic fashion and to prove my skills. CISSP is the one of the best certifications to achieve that.

 

What is a typical day like for you?

I work in a SOC (Security Operation Center). I analyze logs or malware, and research threat information. I work with security engineers and analysts. One of my most important duties is building a team to further improve our organizational capabilities. The scope of the SOC is wide, covering network, endpoint, cloud, IoT, etc. I am committed to strengthening our defenses on the cyber space.

 

Can you tell us about a personal career highlight?

One of the highlights of my career is receiving the (ISC)2 ISLA Asia-Pacific recognition in the Senior Information Security Professional category. This was a great opportunity to improve the recognition of my participation in “ISOG-J” (Information Security Operation providers Group Japan) and “SOCYETI” for people who belong to SOC in Japan. I am deeply honored by this award.

 

How has the CISSP certification helped you in your career?

Through studying the CISSP CBK®, I have learned a wide range of cybersecurity knowledge. I’ve been able to consider security issues theoretically and communicate with stakeholders more constructively. This has led me to gain trust and to succeed in business. 

 

What is the most useful advice you have for other security professionals?

Widen the circle of trust. It would be difficult and inefficient to secure world on your own. We all have to help each other out. Compensate for a weaker partner or member with your performance. That is a cybersecurity professional. How do you gain trust? The CISSP certification is one of the solutions!

The post CISSP Spotlight: Shinji Abe appeared first on Cybersecurity Insiders.


September 27, 2018 at 09:08PM

CloudPassage a Cybersecurity Distinguished Vendor

This post was originally published here by jeff baumgarten.

This has been the year of cybersecurity, or one of data breaches. Depending on where you stand. In any case, it’s been a busy year for the cybersecurity industry and for companies trying to lock down their cloud security strategies.

With digital transformation in the air, more and more enterprises and organizations of all sizes are moving to the cloud and in turn expanding their overall security attack surface as well as their potential for exposure. 66% of IT professionals say security is their most significant concern in adopting an enterprise cloud computing strategy, according to CloudVision.

As cyber criminals ramp up their abilities, businesses are depending on innovative cybersecurity experts to help them protect their cloud environments. Fortunately with each passing year cybersecurity companies continue to deliver by evolving their solutions to help you understand, identify, counter and avert potential cyber threats.

This year CloudPassage becomes part of a industry collective that represents visionary technology and people in the cybersecurity industry with its designation as a Distinguished Vendor in this year’s 2019 TAG Cyber Security Annual.

In its third year of publication, the 2019 TAG Cyber Security Annual is designed to provide direct advisory guidance, at no cost, to the enterprise cybersecurity professional.

Their work is created to help cyber defenders more effectively deal with the technical challenges of our industry, including integrating cyber analytics across the kill chain, introducing automation to streamline security workflow, and adopting cloud infrastructure for enterprise applications and systems.

Each year, TAG Cyber publishes its 3-Volume Annual Cybersecurity Report to the community for download at no cost. Volume 1 is an Outlook for Fifty Cybersecurity Controls, Volume 2: Interviews with Industry Luminaries, includes an informative interview with CloudPassage CEO, Carson Sweet, and Volume 3 includes a comprehensive vendor list.

Photo:Hacker Noon

The post CloudPassage a Cybersecurity Distinguished Vendor appeared first on Cybersecurity Insiders.


September 27, 2018 at 08:00PM

Why CMOs Should Care About Cybersecurity

This post was originally published here by jeff baumgarten.

Everyone from Deloitte to Ad Age to Forbes and many more are talking about why CMOs should care about cybersecurity and become more involved in the overall strategy. That makes sense as security moves beyond the purview of IT and becomes more of a board-level issue.  

Having seen cybersecurity  from publicly-traded company and venture-backed perspectives, I wanted to share some hints and tips with my fellow marketing leaders.

While some recommend CMOs become cybersecurity experts, laying out extensive process around it, that’s just beyond the capability and simple time demands of most of you. So where should you start?

4 Key Focus Areas for CMOs

One of the best articles I’ve seen to date, from CMO magazine in Australia, lays out 4 key things on which to focus:

  • Give attention in advance to the possible customer impact of breaches.
  • Think about your own brand value impacts from cybersecurity incidents.
  • See a more secure business as a way to attract more customers.
  • Develop relationships and a common language with your security team.

Of the above, the first three are really mindset approaches that you’ll likely be able to get your arms around by giving the required time and attention with your own team, other customer-facing organizations, and your executive leadership team.

Number four is likely the most critical to getting a handle on your cybersecurity strategy. But you’ll likely need to do some homework. It’s no different than when you take your first trip to someplace like Italy – it helps to read up a bit in advance.

Cybersecurity 101 for CMOs

Fortunately, there are some “Rosetta Stone” guides before you go on your excursion if you’ve never been to Cyber-Milan before, all well-reviewed on Amazon:

So once  you have your basic “language” structure down with an idea of some of the very basic concepts and terms of cybersecurity, you’ll want to get comfortable with the culture and some of the more common phrases before diving in.

I’d suggest you start with what is currently top of mind for most cybersecurity practitioners and executives – cloud security. According to Cybersecurity Insider’s 2018 Cloud Security Survey, 90% of security pros are concerned about cloud security, way up vs. 2017.  In fact, 62% say their biggest threat is misconfigured cloud services.

For simplicity, when we’re talking about public cloud (Infrastructure as a Service) where your engineers have built the apps that your company delivers to your customers, we’re generally talking about Amazon Web Services, or AWS. They’re the 800 pound gorilla, as, Synergy Research Group states – they’re in a league of their own.

But why is cloud security such a big concern when Amazon (like Microsoft, Google, and the other major cloud service providers), spends hundreds of millions of dollars on security and has thousands of security experts around the globe working 24/7 to keep their cloud safe? (And they’re very good at it.)

It starts with what Amazon calls the Shared Responsibility Model. As shown below, AWS is responsible for the security “of” the cloud, and your company as an AWS customer is responsible for security “in” the cloud. As you can see, there’s a lot to be concerned about “in” the cloud- and it has to be managed differently than the legacy security approaches of the data center, virtual-machine world that predominated even a couple of years ago.

Click to Enlarge

Now, many of you, particularly technology startups like CloudPassage, are cloud native, so have always had a cloud-based security approach. Yet, the scale and speed at which anyone in your company can consume services for free or by swiping a credit card massively expands what is called the “attack surface”. And, the speed at which AWS releases new services to your dev teams is staggering, making it difficult for your security teams to keep up. (For example, AWS released almost 500 new services and features in just one recent quarter.)

To learn more about the basics of Cloud Security, I highly recommend grabbing a free 7 day trial to Cloud Academy and taking their fine video course on AWS Security Fundamentals. It’s just over an hour and is awesome for beginners. (If you want a sub-101 level course to start with check out their course What Is Cloud Computing?)

Ok, at this point, you may feel good about some language skills, and know some key Cyber-Italian phrases. So, it’s time to take your new knowledge down to the local Italian restaurant (you know the real authentic one where the Nonna is in the back making the meatballs). You can do it by setting up an AWS account and using an honest to goodness cloud security tool on an AWS cloud storage service. (It’s easier than it sounds – some of the least technical folks on my Growth team gave this a whirl and found it easier than they thought as well as educational. Trust me, if you can handle Google Analytics and Marketo this will be a breeze.)

How to set up an AWS Account

  • Open your own free AWS account.
  • Set up an Simple Storage (S3) bucket (like Dropbox or Box on steroids) and upload some files into it.
  • Go to cloudpassage.com/freetrial. Follow the prompts to set up your AWS account in our product Halo Cloud Secure.
  • See your risks and threats on the Cloud Secure dashboard.
  • Pat yourself on the back.

That’s it. You’ve gone beyond passing the annual pain-in-the-rear security training (yes, even here at a security company we moan about having to do that and our CISO has to stay after us to get it done).

Now you still know 99% less than your cybersecurity team, but they’ll appreciate all the questions and insight you now have, and the effort you put in to understanding their world – which is a profoundly difficult one to live in by the way. In any case, I hope this gives you a better idea about why CMOs should care about cybersecurity, as it is now everyone’s responsibility, from the top down.

I would love to hear from you what you’re doing to keep on top of cybersecurity issues – and how your discussions with your cybersecurity partners are going – it would make a great follow up post in the near future. You can reach me at jbaumgarten@cloudpassage.com.

In the meantime, I’d invite you take a look at the 2018 Cloud Security Report mentioned above. It’s a great read, packed with visuals and stats on overall cloud adoption and vendor trends that you’ll find intriguing.

Photo:The Great Courses

The post Why CMOs Should Care About Cybersecurity appeared first on Cybersecurity Insiders.


September 27, 2018 at 07:50PM

Wednesday, September 26, 2018

WhatsApp founder data privacy war with Facebook turns Murky

WhatsApp Co-Founder Brian Acton data privacy war with Facebook has turned out murky when Facebook Executive David Marcus gave a fitting reply to the latter’s claim on Forbes.

In an interview to Forbes a few days ago, Acton said that after acquiring his company for $19 billion, Mark Zuckerberg and his team were planning to monetize the app by putting the data privacy of users at risk.

Marcus gave a befitting reply to Acton yesterday by accusing him of slowing down the progress of the messaging app. He added in his statement that Facebook has a practice of retaining the founders and their teams after it acquires a company. But in the case of WhatsApp, it was Acton who acted in the urgency of leaving the company as his stifling ideas were not being entertained by the class A officials of the world’s number one social media platform.

Cybersecurity Insiders has learned that Facebook’s team wanted to show targeted ads in WhatsApp and enable businesses to communicate with users in direct messages. But Acton was against these actions as he believed that such tricks will put a red flag on WhatsApp’s core functionality of end-to-end encryption.

“Since Zuckerberg and his team would never abandon their plan to monetize the messaging service, I chose to leave the company”, said Brian Acton to Forbes.

Note 1- As soon as the Cambridge Analytica data scandal emerged early this year, Brian was the first person to tweet “Delete Facebook” sparking rumors that most of the users of the Menlo Park-based company will abandon the use of the site within 3 months due to privacy concerns.

Note 2- After selling WhatsApp to Facebook, Acton is said to have donated nearly 290 million USD to the Silicon Valley Community Foundation. With the residue $5.5 billion, Acton founded a non-profit organization named “ Signal Foundation” which helps develop open sources privacy technology that protects free expression and enables secure global communication.

The post WhatsApp founder data privacy war with Facebook turns Murky appeared first on Cybersecurity Insiders.


September 27, 2018 at 10:40AM

Fujitsu and UTC team up for setting up Cybersecurity College

Fujitsu in association with University Technical Colleges (UTC) located across England has decided to set up an information security college to address the national and global shortage of professionals in the field of Cyber Security.

The newly established technical college will aim to prepare students aged in between 14-19 for the job market of the cyber world and is in a strong hope that it will succeed in bridging the gap between security resources and skills by 2021.

As per a study conducted by UTC, there could be a shortage of 1.8 million information security professionals by 2022 on a global note. And Europe alone is said to witness a shortfall of 350,000 staff in the field of cybersecurity.

Fujitsu has declared that it will educate around 500 students per year with the required cyber skills and will be able to hit the ground when they start employment.

Another study made by Tripwire says that 93% of security professionals are worried about the skills gap in cybersecurity, while 72% believe that there isn’t enough staff to efficiently tackle the current day threats circling in the cyber landscape.

The UTC Cyber Group is looking to tap resources in order to find the right talent to meet the current day cybersecurity challenges.

As UK( which includes England, Wales, and New Ireland) happens to be making a rapid progress to become a digital-first nation, it will need a lot of investment in order to begin its digital journey to develop the right skills to support the future digital economy.

Fujitsu along with UTC’s students and the staff is said to empower the objective of England by offering skills, knowledge, and understanding of the role that cybersecurity plays in today’s business and society.

Note- UTC is a type of secondary school in England that is sponsored by a University. It helps guide students to foundation degrees and full degrees.

The post Fujitsu and UTC team up for setting up Cybersecurity College appeared first on Cybersecurity Insiders.


September 27, 2018 at 10:32AM

CISSP-ISSAP Spotlight: Patrick Liu

Patrick LiuName: Patrick Wai Keun Liu
Title: Deputy Chief Information Security Officer
Employer: DBS Bank (Hong Kong) Limited
Degree: Computer Engineering
Years in IT: 20
Years in cybersecurity: 15+
Cybersecurity certifications: CISSP-ISSAP, CRISC, CGEIT, CIA, CISA, ABCP

 

How did you decide upon a career in cybersecurity?

I started my cybersecurity career as a customized professional service for a high-end customer. I was working in an ISP and the company provided network connectivity services. My team focused on new initiatives and we believed security had potential. I have dedicated myself to this area ever since.   

 

Why did you get your CISSP-ISSAP?

As is common with most cybersecurity practitioners, we never stop learning new things. Cybersecurity is not just on one dimension, and we need to understand how things interact with each other, what is the implication when we connect different building blocks together, etc. CISSP-ISSAP is a good starting point for me to understand the best practices to build systems.

 

What is a typical day like for you?

Risk management is the key aspect of my job. First of all, I identify cybersecurity risks that might impact the organization. When we identify any cybersecurity risk, we work with different internal teams to analyze the control effectiveness and plan any mitigation plan as necessary. The most challenging part is pointing out the risk for different interested parties.

 

Can you tell us about a personal career highlight?

It is truly my honor to be recognized by (ISC)2 in their ISLA Asia-Pacific program. This is one of the greatest highlights in my career. It also gives me a driving force to improve and contribute more to the community.   

 

How has the CISSP certification, and the ISSAP concentration, helped you in your career?

The CISSP-ISSAP defines a very good baseline for cybersecurity practitioners. It is a benchmark for me to assess cybersecurity practitioners’ knowledge. I believe these credentials have become a standard for the industry and are highly recognized by the cybersecurity circle.  

 

What is the most useful advice you have for other security professionals?

I think the most powerful skill for security professionals to achieve is the ability to transform cyber risk to understandable business content. For example, a DDoS attack means loss of business productivity and we can quantify this message in dollar value. My advice is to try to develop this skill in your organization.

The post CISSP-ISSAP Spotlight: Patrick Liu appeared first on Cybersecurity Insiders.


September 27, 2018 at 09:08AM

Why CMOs Should Care About Cybersecurity

Everyone from Deloitte to Ad Age to Forbes and many more are talking about why CMOs should care about cybersecurity and become more involved in the overall strategy. That makes sense as security moves beyond the purview of IT and becomes more of a board-level issue.  

Having seen cybersecurity  from publicly-traded company and venture-backed perspectives, I wanted to share some hints and tips with my fellow marketing leaders.

While some recommend CMOs become cybersecurity experts, laying out extensive process around it, that’s just beyond the capability and simple time demands of most of you. So where should you start?

4 Key Focus Areas for CMOs

One of the best articles I’ve seen to date, from CMO magazine in Australia, lays out 4 key things on which to focus:

  • Give attention in advance to the possible customer impact of breaches.
  • Think about your own brand value impacts from cybersecurity incidents.
  • See a more secure business as a way to attract more customers.
  • Develop relationships and a common language with your security team.

Of the above, the first three are really mindset approaches that you’ll likely be able to get your arms around by giving the required time and attention with your own team, other customer-facing organizations, and your executive leadership team.

Number four is likely the most critical to getting a handle on your cybersecurity strategy. But you’ll likely need to do some homework. It’s no different than when you take your first trip to someplace like Italy – it helps to read up a bit in advance.

Cybersecurity 101 for CMOs

Fortunately, there are some “Rosetta Stone” guides before you go on your excursion if you’ve never been to Cyber-Milan before, all well-reviewed on Amazon:

So once  you have your basic “language” structure down with an idea of some of the very basic concepts and terms of cybersecurity, you’ll want to get comfortable with the culture and some of the more common phrases before diving in.

I’d suggest you start with what is currently top of mind for most cybersecurity practitioners and executives – cloud security. According to Cybersecurity Insider’s 2018 Cloud Security Survey, 90% of security pros are concerned about cloud security, way up vs. 2017.  In fact, 62% say their biggest threat is misconfigured cloud services.

For simplicity, when we’re talking about public cloud (Infrastructure as a Service) where your engineers have built the apps that your company delivers to your customers, we’re generally talking about Amazon Web Services, or AWS. They’re the 800 pound gorilla, as, Synergy Research Group states – they’re in a league of their own.

But why is cloud security such a big concern when Amazon (like Microsoft, Google, and the other major cloud service providers), spends hundreds of millions of dollars on security and has thousands of security experts around the globe working 24/7 to keep their cloud safe? (And they’re very good at it.)

It starts with what Amazon calls the Shared Responsibility Model. As shown below, AWS is responsible for the security “of” the cloud, and your company as an AWS customer is responsible for security “in” the cloud. As you can see, there’s a lot to be concerned about “in” the cloud- and it has to be managed differently than the legacy security approaches of the data center, virtual-machine world that predominated even a couple of years ago.

Click to Enlarge

Now, many of you, particularly technology startups like CloudPassage, are cloud native, so have always had a cloud-based security approach. Yet, the scale and speed at which anyone in your company can consume services for free or by swiping a credit card massively expands what is called the “attack surface”. And, the speed at which AWS releases new services to your dev teams is staggering, making it difficult for your security teams to keep up. (For example, AWS released almost 500 new services and features in just one recent quarter.)

To learn more about the basics of Cloud Security, I highly recommend grabbing a free 7 day trial to Cloud Academy and taking their fine video course on AWS Security Fundamentals. It’s just over an hour and is awesome for beginners. (If you want a sub-101 level course to start with check out their course What Is Cloud Computing?)

Ok, at this point, you may feel good about some language skills, and know some key Cyber-Italian phrases. So, it’s time to take your new knowledge down to the local Italian restaurant (you know the real authentic one where the Nonna is in the back making the meatballs). You can do it by setting up an AWS account and using an honest to goodness cloud security tool on an AWS cloud storage service. (It’s easier than it sounds – some of the least technical folks on my Growth team gave this a whirl and found it easier than they thought as well as educational. Trust me, if you can handle Google Analytics and Marketo this will be a breeze.)

How to set up an AWS Account

  • Open your own free AWS account.
  • Set up an Simple Storage (S3) bucket (like Dropbox or Box on steroids) and upload some files into it.
  • Go to cloudpassage.com/freetrial. Follow the prompts to set up your AWS account in our product Halo Cloud Secure.
  • See your risks and threats on the Cloud Secure dashboard.
  • Pat yourself on the back.

That’s it. You’ve gone beyond passing the annual pain-in-the-rear security training (yes, even here at a security company we moan about having to do that and our CISO has to stay after us to get it done).

Now you still know 99% less than your cybersecurity team, but they’ll appreciate all the questions and insight you now have, and the effort you put in to understanding their world – which is a profoundly difficult one to live in by the way. In any case, I hope this gives you a better idea about why CMOs should care about cybersecurity, as it is now everyone’s responsibility, from the top down.

I would love to hear from you what you’re doing to keep on top of cybersecurity issues – and how your discussions with your cybersecurity partners are going – it would make a great follow up post in the near future. You can reach me at jbaumgarten@cloudpassage.com.

In the meantime, I’d invite you take a look at the 2018 Cloud Security Report mentioned above. It’s a great read, packed with visuals and stats on overall cloud adoption and vendor trends that you’ll find intriguing.

The post Why CMOs Should Care About Cybersecurity appeared first on The CloudPassage Blog.

The post Why CMOs Should Care About Cybersecurity appeared first on Cybersecurity Insiders.


September 27, 2018 at 09:08AM

Take Ownership of the Keys to Your Data with Gemalto at GovWare 2018!

According to Gemalto’s 2017 Breach Level Index Report, publicly reported data breaches compromised more than 2.5 billion data records as a result of 1,765 security incidents throughout the year. North America made up the bulk of these incidents at 1,514 security events, or 86 percent of the total. The Asia/Pacific region had just 113 incidents.

Although the findings from the Breach Level Index 2017 report shows a greater number of data breaches incident in the West, that doesn’t mean security incidents in other parts of the world don’t make news. Take Singapore, for instance. With just 10 security incidents reported in 2017, this island city-state made global headlines in July 2018 with the discovery of a data breach at SingHealth. This security incident, which was discovered just months after the Singapore Cybersecurity Act entered into force, exposed the personal information of 1.5 million people. That’s more than a quarter of the country’s entire population. Among those affected by the breach is the Prime Minister, who had his personal details and medicine records “specifically and repeatedly targeted.”

Following the announcement of this data breach, the Cyber Security Agency of Singapore issued precautionary measures, urging all Critical Information Infrastructure sectors to tighten their security. These measures include removing all connections to unsecured external networks, mediating open connections through unidirectional gateways and implementing a secure information gateway to prevent leakage of sensitive information using encryption technology.

Fortunately, enterprises can protect themselves against data breaches by investing in solutions that ensure the security of their data in case perimeter defenses are compromised. Gemalto’s portfolio of SafeNet data protection solutions, which includes data encryption, encryption key management and hardware security modules, enable organizations to secure sensitive data in databases, applications, storage systems, virtualized platforms, cloud environments, and across networks.

For additional data security assistance, Gemalto invites security professionals and executives to stop by Booth No. K18 at GovWare 2018, a well-known digital security conference that marks the cornerstone of Singapore International Cyber Week. The event features more than 100 speakers as well as more than 100 exhibitors and sponsors.

Those who visit Booth No. K18 at GovWare 2018 will learn more about how to “Secure the Breach” and keep their organization out of the headlines. Gemalto will explain this approach with a once-a-day Breach Level Index and “Secure the Breach” presentation along with demonstrations of its encryption and key management solutions. Anyone who stops by also has a chance to win multiple prizes and gifts including JBL wireless headphones, Starbucks vouchers and more.

Registration information for GovWare 2018 is available here.

The post Take Ownership of the Keys to Your Data with Gemalto at GovWare 2018! appeared first on Cybersecurity Insiders.


September 26, 2018 at 09:09PM

Facing the Facts about Digital Identity Interfaces

One in 100 emails are Malicious

FireEye, a Milpitas based publicly listed Cyber Security company has discovered in its latest study that one in 100 emails are malicious. That means they are being crafted to trick people to surrender their personal details or download malware on to the recipient computers. And the results were declared only after analyzing half a billion emails sent in the first half of this year.

Researchers from the Californian security firm suggest that less than a 3rd of emails sent are considered clean i.e they pass through the spam filters to be delivered straight to the inbox.

After analyzing emails sent in the previous 6 months, FireEye has come to a conclusion that one in every 113 emails had malicious intent and that doesn’t include spam emails.

According to the latest FireEye report messages containing links and attachments that could infect the recipient’s computer with malware are usually sent on Mondays and Wednesdays; whereas impersonation emails are sent on Fridays.

The survey also reveals that scammers are finding innovative ways to slip through email security systems. They are doing so by launching spoofing or imitation attacks where emails are crafted in such a way that they mimic a person or a company which the recipient knows.

So, how can you stop getting such tricky emails

Well, the first thing you can do is to set your spam filters to exclusive which allows messages from known senders appear in your inbox.

Train your spam filter in such a way that your cal selects suspicious messages and ask your messaging filter to mark it as spam.

Always ensure that the telephone number or the email addresses you get are from known persons.

Do not react to emails which say to act with urgency- usually those which say that you won a prize or are eligible for a special customer discount.

Never ever click on email attachments unless you are certain about the sender.

Install anti-malware solutions from companies such as Norton, Sophos, and McAfee.

The post One in 100 emails are Malicious appeared first on Cybersecurity Insiders.


September 26, 2018 at 09:08PM

Free GDPR Course for Members

Gdpr course
(ISC)² is committed to enriching our professional development course offerings to members. That’s why we’re excited to announce a free course is now available – GDPR for Security Professionals: A Framework for Success. The course is online and self-paced to work with your busy schedule.

We know the GDPR deadline has come and gone, but that doesn’t mean that the work is over. Many companies are not yet compliant, and maintaining compliancy is challenging to say the least. This GDPR course is designed to help you contribute to the strategy, direction and implementation of the EU’s General Data Protection Regulation within your organization.

If you’re an (ISC)² member, the immersive course has already been added to your account in our learning management system, (ISC)² Learn. You can access it by logging into your account at https://www.isc2.org/ISC2Login. Once logged in, click on “My Courses” in the top right and scroll down to the GDPR course to select it. If you’re not an (ISC)² member, the course is available for purchase at https://learn.isc2.org on October 1.

You can launch the course from there and start learning at your own pace. Once you’ve completed the course, you’ll earn 8 CPEs, which will be automatically submitted on your behalf. We are working on bringing you two additional free courses in the coming months, focused on DevSecOps and Culture.

The post Free GDPR Course for Members appeared first on Cybersecurity Insiders.


September 26, 2018 at 09:08PM

Banking trojan found in call recorder app on Play Store – stole over €10,000

By Waqas

Android is one of the most vulnerable mobile operating systems with hackers developing new Android malware and banking trojan every 17 seconds. Then, there is Google and questionable security measures to protect users from sophisticated and persistent malware attacks. Recently, Lukas Stefanko, an IT security researcher at ESET has discovered a nasty piece of banking trojan targeting […]

This is a post from HackRead.com Read the original post: Banking trojan found in call recorder app on Play Store – stole over €10,000


September 26, 2018 at 07:38PM

empow Adds Native UEBA Functionality to Become First SIEM to Automatically Detect and Respond to Threats Across the Entire Cyber Kill Chain

empow’s native artificial intelligence, natural language processing and cause-and-effect analytics now ingest user and account activity logs to correlate all data source types covering all stages of the attack lifecycle.

empow, creators of a new kind of security information and event management (SIEM) system that detects and responds to cyber-attacks in real time and without rules, announced it has added native User/Entity Behavior Analytics (UEBA) functionality to its SIEM. With this capability, the empow SIEM now provides automated detection and adaptive response to threats across the entire cyber kill chain.

“User and account activity logs are important inputs for detecting attacks by malicious insiders or external intruders who have successfully compromised user account credentials,” said empow Founder and Chief Technology Officer Avi Chesla. “So UEBA is mainly useful in the middle and late phases of the cyber kill chain, but not in the earlier stages of the attack. Unusual user behavior is one indicator of an attack, but not the only indicator, and by itself not necessarily sufficient for making a clear actionable decision. empow has developed a complete system that uses artificial intelligence, natural language processing and machine learning – as well as behavioral analytics – digesting security logs, network-flows logs, as well as user and account activity logs, to automatically detect and respond to malicious activity across all phases of the attack life cycle, accurately.”

To gain the benefits of UEBA, organizations have traditionally had a choice between integrating standalone UEBA products into their existing rule-based SIEM infrastructures, or adding rule-based attack detection capabilities (such as those typical of existing SIEMs) to their UEBA products. Neither of these approaches is effective because rule-based detection systems cannot keep up with the ever-changing threat landscape and miss attacks. These solutions also do not provide automatic response (investigation or mitigation) capabilities.

empow has developed a new kind of SIEM that uses true artificial intelligence, along with machine learning and multiple types of analytics, including behavioral, to detect and respond to attacks. In the empow solution, UEBA is built into the SIEM at a native level, and the system takes unusual user, entity and account behavior into consideration – along with a number of other factors and indicators – when identifying and validating attacks. This maximizes the effectiveness of the UEBA functionality and improves overall attack detection accuracy.

empow’s native UEBA capabilities deliver several key benefits to security teams, including:

  • Improved results with no additional investments or tools. UEBA is native to the empow SIEM and broadens the scope of detection and investigation. Customers benefit from faster and more optimized response to attacks – without the need to invest additional time, budget or resources.
  • Works with existing data sources. empow does not duplicate data and does not force log infrastructure on customers. Instead, it works with existing open source or commercial log infrastructure, such as Elastic and other leading solutions.
  • A wider security scope, still with no rules. empow requires no correlation rules across the entire security and network infrastructure. While some UEBA-based SIEM vendors will claim they do not require rules, that is only true for UEBA data sources. For empow, it is true for all data sources.

“empow makes our entire security operation better,” said Dannie Combs, senior vice president and chief information security officer for Donnelly Financial Solutions. “It integrates seamlessly with our existing infrastructure and data sources, detects and stops threats in real time without rules, and drives far greater ROI from our existing security tools. And now, we can add UEBA functionality with no additional product investment or integration work, because it is native to the system. If you drew up the ideal SIEM, this would be it.”

The inclusion of UEBA also makes empow the first company to deliver on all of the components of a complete next-generation SIEM, including:

  • Flexible data ingestion from all log and data sources, either directly from the security infrastructure or indirectly (via intermediate log storage and management systems), without requiring the development of complex parsers for new data sources.
  • AI-driven classification of security events, which leverages natural language processing (NLP) on both machine- and human-readable threat intelligence from internal and external sources, to understand the intent behind each event.
  • Auto-correlation using cause-and-effect analytics to automatically validate and prioritize attacks, and reveal the complete “attack story” – without requiring static correlation rules.
  • Adaptive orchestration using the capabilities of the existing security infrastructure to actively investigate and mitigate (block) attacks, without requiring scripts.

“My advice to security teams is that if you haven’t already looked at a SIEM-based orchestration tool using inference and NLP for contextual understanding to improve mitigation, then add this task to your list,” writes Edward Amoroso, founder and CEO of TAG Cyber, an advanced cyber security advisory, training and consulting firm focused on enterprise and government CISOs. “And, you would be wise to give the empow team a call.”

About empow

empow is the developer of a new kind of security information and event management (SIEM) system that detects cyber attacks and automatically orchestrates adaptive investigation and mitigation actions in real time, without the need for human-written rules. empow’s innovative use of AI, including natural language processing (NLP), machine learning and cause-and-effect analytics, automatically understands the fundamental nature or intent of threats, finds the actual attacks hidden in the “noise,” and marshals the right security tools to respond when those attacks occur. This capability enables the empow SIEM to serve as an active “brain” for security infrastructure that detects, confirms and stops attacks before they can cause harm, while also maximizing the value of existing security infrastructure and slashing the need for human intervention. empow is headquartered in Boston, with an R&D office in Tel Aviv, and customers distributed across North America and Europe.

For more information, visit https://www.empowcybersecurity.com

 

The post empow Adds Native UEBA Functionality to Become First SIEM to Automatically Detect and Respond to Threats Across the Entire Cyber Kill Chain appeared first on Cybersecurity Insiders.


September 26, 2018 at 07:46PM

Tuesday, September 25, 2018

Cyber Attack automation turning lethal

Alert Logic, a Houston based security company has issued an alert that cyber attack automation will prove lethal to companies in coming months regardless of size and their operations.

The security firm came to a conclusion after analyzing the data from more than 1.2 billion anomalies, 7.2 million security events and 250,000 verified security incidents across its customer base over a fourteen month period between 2017 and 2018.

As cyber attacks are now being launched through software automation the threats are having the potential to subvert traditional security measures of companies- making them lethal.
 
According to the study, hackers are gaining vastly greater attack scale via new techniques such as Killchain Compression and Attack automation. This is making them achieve 88% success in attacks as recon, weaponization, delivery, exploitation, and installation takes place in a few minutes and as a single action. As this attack stream makes security measures employed by companies ineffective, its success rate becomes quintessential. 

Alert Logic report produces evidence that hackers are using automation to initiate random as well as recursive attacks that are capable of changing the assess risk dynamics of any organization. The password spray, and DDoS attacks stand as a tall example in this context.

Thus, as hackers are getting innovative and sophisticated in the way they launch cyber attacks, organizations who like to defend their IT assets have no other choice than to evolve in the way they approach their cyber risk mitigating security processes, procedures, and technologies.

The post Cyber Attack automation turning lethal appeared first on Cybersecurity Insiders.


September 26, 2018 at 11:09AM

US Merger and Acquisition market reaches $60 billion mark in September

United States Merger and Acquisition market have witnessed a flurry of activity in September this year with the deals reaching the mark of $60 billion.

Experts suggest that out of all only 4 major deals have captured the interest of the industry to date. And Comcast winning the bid of UK Company Sky stands tall among them. Next is the deal of Randgold Resources buying Barrick Fold and Michael Kors acquiring Versace. Pandora was purchased by Sirius XM.

If we discuss the biggest takeover in European market History, Fox buying Sky was much speculated to date. But with the latest developments seen in the past two weeks of September, Sky board reached to a consensus that they would recommend Comcast’s offer to shareholders- endorsing Comcast’s acquisition of Sky.

Every year this particular month witnesses a boom in M&A deals as the time happens to be the end of the 3rd quarter which spells an end to a financial cycle.

As Brexit approaching an end game soon, companies operating in the United States are happy to acquire their European counterparts due to weak GBP to pick up assets.

Whether it’s a technology firm or a production entity, companies in the US are showing a lot of excitement in bagging their UK counterparts.

Furthermore, as the weakness of the pound against the dollar is tend to prevail for the next few months; more companies of US origin are showing interest in buying British firms in the zeal to expand their business.

Early this year, market analysts expected US firms to cut back on foreign buyouts, due to the exceptional tax reforms brought forward by the Trump Administration.

However, things seem to be going the other way round…. Isn’t it?

The post US Merger and Acquisition market reaches $60 billion mark in September appeared first on Cybersecurity Insiders.


September 26, 2018 at 11:06AM

Will Microsoft try to monopolize its security services after Google

We all know that in coming years usage of Google services will all depend upon the patriotism of the users towards the web search giant. That’s because most of the mobile computing devices we use by then will be operating on OSes released by the subsidiary of the Alphabet, Inc and will only entertain the online services offered by the company.

Security experts suggest that the world’s top technology companies like Microsoft, Amazon, Facebook, and Google will try to monopolize the market in next 5 years. What they mean is that most of the said companies will offer secure and safe online operations only to those who only use their service offerings via different devices like tablets, mobiles, and PCs.

Well, Microsoft latest move seems to be making this trend come true in near future.

Recently, all those who were using the beta version of the latest Windows 10 were surprised to see a pop message when they tried to download third-party web browsers on their respective devices.

And the message was as follows-

“You already have a Microsoft Edge- the safer and faster browser for Windows 10”

The pop message showed the option of opening the Microsoft Edge or install the third party web browser.

The latest pop-up suggests that Microsoft was warning its users to avoid installing the browsers of its rival companies and was trying to act smart in monopolizing the business.

As soon as the users started to lash out the OS giant on this issue via various social media channels like Facebook and Twitter, Microsoft chose to make a U-turn and removed the pop-message from the build which interrupted the installation of browsers like Google Chrome or Firefox.

In a statement issued recently, Microsoft said that the warning message was only being popped at testers and has been removed from the Insider Preview Build 17760 of Windows 10. It also added in the statement that its consumers now have full choice to control the installation of 3rd party browsers and apps on their devices.

However, there’s no guaranty that the practice of banning other company apps or services by Microsoft will never repeat in future.

In fact, if all technology giants like Google, Facebook, Amazon, and Microsoft start playing such tricks to monopolize their stance in the market, then users will probably be left with only one option of using only the said company devices to access their respective services.

What’s your say on this issue….?

Feel free to share your mind through our comments section below.

Note- As per the information provided by Statcounter, Google Chrome occupies a 67.63% of market share when it comes to web browsers usage on a global note. It is followed by Mozilla Firefox with 10.97% and then Internet Explorer with 7.02%. Apple Safari has a share of 5.13% followed by Microsoft Edge with 4.24% and Opera at 2.48%.

The post Will Microsoft try to monopolize its security services after Google appeared first on Cybersecurity Insiders.


September 25, 2018 at 09:16PM

Extortion, the Cloud, and the Geopolitical Landscape – Black Hat 2018 Survey Results

At Black Hat 2018, we surveyed attendees on diverse topics ranging from how to react to extortion, what impact the geopolitical landscape is having on the industry, and whether the shiny veneer of the cloud is beginning to fade. Our Security Advocate, Javvad Malik, has put together an excellent report on the survey. The report is based on our survey at the AlienVault booth of 963 participants at Black Hat 2018 and interviews with security experts. Read the whole report by Javvad.


Key Findings

  • 38% say the Chief Information Security Officer (CISO) should be the one to negotiate extortion and/or ransom demands
  • 46% of those surveyed say security remains the biggest blocker to cloud adoption
  • 54% of participants believe US public sector infrastructure is either unprepared or very unprepared to defend against cyber attacks
  • People are relatively confident in calling a hacker’s bluff:

Read the report for all the details!

      

The post Extortion, the Cloud, and the Geopolitical Landscape – Black Hat 2018 Survey Results appeared first on Cybersecurity Insiders.


September 25, 2018 at 09:11PM

MadoMiner Part 1 – Install

2018 seems to be a time for highly profitable cryptominers that spread over SMB file-shares.  Following my analysis on ZombieBoy in July, I found a new malware sample that I’m calling MadoMiner.  With the help of Chris Doman, I was able to analyze it to discover that it uses techniques similar to ZombieBoy, because it hijacks Zombieboy’s CPUINFO.exe. 

However, MadoMiner is much, much, larger, in terms of:

  • The size of the malware;
  • The amount of systems infected; and
  • Total profit gained by the attackers.

The previously analysed ZombieBoy was earning around $750 a month, while mining at its maximum power.  MadoMiner, on the other hand, is earning around $6015 a month, while only mining at 50% power:

Malware Analysis

An overview of the Install module is below.  Depending on the victim’s architecture, obtained from CPUInfo.exe, either x86.dll or x64.dll is installed:

X86.dll and x64.dll are virtually identical just one is specifically for x86-x64 OS architecture and one is specifically for x86 OS architecture.

Domains

MadoMiner appears to use two different servers to distribute payloads for each module.

  • http://da[dot]alibuf.com:3/
  • http://bmw[dot]hobuff.info:3/

In addition, in Mask.exe, the second module, here are some identified mining servers used by MadoMiner:

  • http://gle[dot]freebuf.info
  • http://etc[dot]freebuf.info
  • http://xmr[dot]freebuf.info
  • http://xt[dot]freebuf.info
  • http://boy[dot]freebuf.info
  • http://liang[dot]alibuf.com
  • http://dns[dot]alibuf.com
  • http://x[dot]alibuf.com

Exploits

During the execution of the Install module, MadoMiner makes use of several exploits:

  • CVE-2017-9073, RDP vulnerability on Windows XP and Windows Server 2003
  • CVE-2017-0143, SMB exploit
  • CVE-2017-0146, SMB exploit

Installation

MadoMiner begins on a victim’s computer as a DLL installed by the EternalBlue/DoublePulsar exploits. Depending on OS architecture, you’ll either find x86.dll or x64.dll installed on your computer.  Both are basically the same, just adjusted for operating system.

Just like ZombieBoy, MadoMiner makes use of a heavily modified version of ZombieBoyTools in order to install its DLL.  The reason for this it seems, is that the CPUInfo.exe dropped by the Install module of MadoMiner appears to be the same CPUInfo.exe dropped by an earlier version of 64.exe, a module from ZombieBoy (similar to current day CPUInfo in ZombieBoy, sans embedded miner and anti-VM guards).

In fact, if CPUInfo.exe in MadoMiner is ran without the surrounding Install module, it will attempt to communicate with ZombieBoy’s servers and ultimately install ZombieBoy

Packet showing malware communicating to ca[dot]posthash.org:443

Setup

Once either x86.dll or x64.dll is successfully installed and executed on  a victim’s computer, several actions are performed.  First, 2 UPX packed modules are downloaded from da[dot]alibuf.info, known locally as Install.exe and Mask.exe(for x86.dll, 445.exe & mado.exe; for x64.dll, mask.exe & dst.exe). These modules are both executed concurrently and are in charge of all functionality of the malware.

Install.exe

Install.exe is a curious module.  Installed to ‘C:%Windows Directory%Install.exe’ from either http://da[dot]alibuf.com:3/445.exe or http://da[dot]alibuf.com:3/mask.exe, Install.exe seems to be in charge of spreading MadoMiner to more systems. 

MadoMiner spreads to other systems by hijacking ZombieBoy’s CPUInfo.exe.  Install.exe consists of a couple batch scripts for persistence and evasion, a dropper, CPUInfo.exe, and 2 dlls, x86.dll and x64.dll.  What MadoMiner does with these dll’s and CPUInfo.exe is particularly unique.  CPUInfo.exe on its own drops over 70+ files to IIS, including the 2 dll’s that it installs on computers, x86.dll and x64.dll. In its base form, these dll’s contain the ZombieBoy installation.  MadoMiner writes over CPUInfo.exe’s x86.dll and x64.dll with its own dlls.  When CPUInfo.exe goes to install the dlls, it installs MadoMiner’s dlls instead!

Install.exe also runs 2 tasks for persistence, RavTask and GooglePingInConfigs.  The first task,  RavTask, and runs every 4 hours, indefinitely.  RavTask runs a batch file dropped by Install.exe called Free.bat that will be discussed more below.  GooglePingInConfigs’ job is simple; all it has to do is run CPUInfo.exe at startup. 

The commands for starting Ravtask and GooglePingInConfigs are as follows:

@schtasks /create /sc minute /mo 240 /tn “RavTask /tr “C:windowsIISfree.bat” /ru “system” /f’

‘@schtasks /create /tn “GooglePinginConfigs” /tr “C:WindowsIISCPUInfo.exe” /sc onstart /ru “system” /f’

Install.exe batch scripts

Install.exe has 3 batch scripts that it uses in its runthrough.  Free.bat, DemO.bat, DemC.bat.  Dem(open) or Demo.bat is used at the beginning, when Install.exe is first launched, Free.bat is used by RavTask, and Dem(close) or DemC.bat is used at the end of install.exe’s runthrough.

DemO first sets a task named Schedule to autorun.  Next, it deletes and then recreates the 2 tasks used for Persistence — Ravtask and GooglePingInConfigs.  Finally, access is removed from RavTask and GooglePingInConfigs, RavTask is run, and then the script deletes itself.

DemO.bat

Free.bat, which is executed by RavTask every 4 hours, is a small batch script with a fairly important job.  First, Free.bat ends any of the programs/dlls used by CPUInfo.exe including DoublePulsar and EternalBlue(This is done to guarantee a clean start).  Next, Free.bat runs GooglePingInConfigs (which will execute CPUInfo.exe).  In addition, Free.bat also checks to make sure the NIC is up by pinging it.

Free.bat

Finally, DemC is ran to hide the malware and appears to be a partial wiper module.  For example, if the malware detects a VM, DemC is ran.  DemC closes a lot of open processes, in addition to deleting some of the modules dropped by MadoMiner.  Also, DemC deletes all executables in the ProgramData folder.

x64 and x86 – The Hijacking Dlls

x64.dll and x86.dll start their journey packed into Install.exe.  When Install.exe is ran however, they are dropped in C:WindowsIIS with CPUInfo.exe, however when attempting to access either x86.dll or x64.dll, access is denied.  This is so that CPUInfo.exe does not overwrite x86.dll and x64.dll while executing. 

As for the dll’s themselves, they each have a check to determine that you are indeed their respective OS type.  If so, they download their specific malware (mask.exe and dst.exe for x64.dll;445.exe and mado.exe for x86.dll) from their download server and run WinExec to run the applications.

x86.dll urldown function

CPUInfo.exe – The Hijacked malware

CPUInfo.exe is very similar to the CPUInfo.exe used by ZombieBoy.  In fact, I believe it to be an earlier version of CPUInfo.exe before ZombieBoy packed the miner with CPUInfo.exe and made it impossible to run on a VM(Running CPUInfo.exe without running Install.exe first causes ZombieBoy to be dropped).  Just like in ZombieBoy, CPUInfo.exe drops over 70+ files into C:WindowsIIS.  These files contain the exploits used, ZombieBoyTools, the web scanner, a copy of CPUInfo.exe, the 2 dlls used to spread (x86.dll and x64.dll).

In addition, CPUInfo.exe appears to have some keylogger functionalities, just like in ZombieBoy.  A static strings analysis shows that CPUInfo.exe imports a lot of commands used for keylogging, such as SetWindowHookEx and GetKeyState.

CPUInfo.exe is the main payload of Install.exe and all of the other files in Install.exe seem to support CPUInfo in one way or another.  As we’ve seen, x64.dll and x86.dll are both used to spread MadoMiner, but how it all comes together is quite interesting.

CPUInfo.exe – Runthrough

When CPUInfo first launches, it connects to ip[dot]3322.net  in order to obtain the public IP netrange. Next, CPUInfo.exe obtains regional info about the host using www[dot]ip138.com. As this is happening, CPUInfo.exe is also unpacking itself, dropping a total of 3 exploits, a web scanner, the batch scripts for scanning the files, as well as necessary dll’s and other misc files adding up to over 70 files into C:windowsIIS.  

After dropping the necessary files and obtaining the IP netrange, CPUInfo.exe begins to use the lightweight TCP web scanner, WinEggDrop, in order to scan all private IP’s from XXX.XXX.0.0 – XXX.XXX.255.255 to identify an IP with port 445 open.  If said IP is located, this ip is extracted and saved into com.dll for future use and then a heavily modified version of ZombieBoyTools is ran.  This version of ZombieBoyTools identifies the OS architecture and then, using either EternalBlue/DouplePulsar or EternalChampion/DoublePulsar, installs and executes either x86.dll or x64.dll(after extracting the saved IPs from com.dll).  This starts the infection process on a new host, running and downloading the Install and Mask modules.

Batch script to scan Private IP’s.

After finishing the private IP infection stage, CPUInfo.exe then moves onto the private IP infection stage, which is nearly identical to the public IP infection stage, except that CPUInfo.exe does not need to obtain the private IP again, since the value is already saved in memory.  When scanning the private IP, it also follows the same scan pattern as the public IP scan.

Avoidance and Removal – Install.exe

Install.exe uses several NSA exploits, just like ZombieBoy.  In fact, if your computer is patched for ZombieBoy, you’ll also be patched for MadoMiner.  Specifically, the patch that will protect you from MadoMiner is MS17-010.  In addition, you’ll want to block traffic to the following web servers (ip’s are subject to change unfortunately, so I’ve provided the alphanumeric address instead):

  • http://alibuf[dot]com:3/ (distribution server)
  • http://hobuff[dot]info:3/ (Distribution server)
  • http://freebuf.info (Mining server)

While I always advocate avoidance as the best practice sometimes that just isn’t possible.  As always, if you become infected by MadoMiner, do not panic.  However, you should backup any important files now, if you haven’t already.  MadoMiner has a nasty trap that when CPUInfo closes, it sometimes triggers demC.bat, which is Install.exe’s wiper module, in which it deletes any suspicious files for anti-analysis.

The key deleted/changed files/settings are:

  • Remove ownership from ftp.exe
  • Delete host file and then remake it, saving “127.0.0.1 localhost” to it
  • Flush dns
  • Delete several services that may be from past campaigns.
  • Delete all executable files in C:%ProgramData%
  • Make C:Progra~1dll
  • Stop all running modules from MadoMiner
  • In addition, MadoMiner appears to take advantage of the IFEO.  Anytime the modules are executed, taskkill.exe /f is ran as a debugger, killing the module

In addition, unless you use port 445, all traffic into and out of it should be blocked.

While I am including a chart with all of the installed modules of MadoMiner in total, the amount of files installed by both are too large to fit into one analysis, so in this part I will cover in depth the steps to remove Install.exe.

Note:  This requires safe mode! One of CPUInfo.exe’s batch files will delete a lot of files in ProgramData, in addition to other important files on CPUInfo.exe’s close.  Be careful, and back up any important files before attempting this. 

Since MadoMiner installs 2 jobs, those jobs will need to be deleted from either HKLMSoftwareMicrosoftWindows NTCurrentVersionScheduleTaskcacheTasks or HKLMSoftwareMicrosoftWindows NTCurrentVersionScheduleTaskcacheTree.  The jobs are known as RavTask and GooglePingInConfigs.

In addition, if you open Task Scheduler and go to the scheduled tasks, you should delete the “action” field from the jobs, so that they are rendered null and void.

Also, you should delete DemC.bat and DemO.bat from C:%WindowsDirectory% along with Install.exe and IIS. You should then be able to run your favorite Antivirus software in order to scan for any remaining artifacts.

Detection

Yara Rule

rule MadoMiner_Install

{

meta:

author = “quinnjp13@gmail.com

reference = “https://www.virustotal.com/#/file/1a90dbc1db60930614a1e78b9ecfff4d772d48c4d08e9c66986b695316253062/

strings:

$string_1 = “d09f2340818511d396f6aaf844c7e325” nocase wide ascii

$string_2 = “tem.vbs” nocase wide ascii

$string_3 = ‘taskkill /f /t /im CPUInfo.exe’ nocase wide ascii

$string_4 = ‘@taskkill /f /t /im svshostr.exe’ nocase wide ascii

$string_5 = ‘@Wmic Process Where “Name=’cmd.exe’ And ExecutablePath=’C:\ProgramData\Microsoft\Natihial\cmd.exe'” Call Terminate’ nocase wide ascii

condition:

all of them

}

rule MadoMiner_Install_CpuInfo

{

meta:

author = “quinnjp13@gmail.com

reference = “https://www.virustotal.com/#/file/9b5223806c1662084d0cdaf98b040d4b205c7dd8ad2a997e7debc8287ea1825f/detection

Strings:

$string_1 = “epykkfnx” nocase wide ascii

$string_2 = “ahwsresh” nocase wide ascii

Condition:

all of them

}

rule MadoMiner_Install_x64dll

{

meta:

author = “quinnjp13@gmail.com

reference = “https://www.virustotal.com/#/file/2480b6faef77e7446bae9630a7bcb403c5aa94e97ccb9f28db83e8476ae57093/detection

Strings:

$string_1 = “https://ift.tt/2xE3dwJ; nocase wide ascii

$string_2 = “https://ift.tt/2N18nbc; nocase wide ascii

Condition:

All of them

}

rule MadoMiner_Install_x86dll

{

meta:

author = “quinnjp13@gmail.com

reference = “https://www.virustotal.com/#/file/f534fcd5a3648c77811f2986cc6da9460ad7d913f1c3f0829656bb0e6c2628bb/detection

strings:

$string_1 = “https://ift.tt/2MT6CNb” nocase wide ascii

$string_2 = “https://ift.tt/2xAE4TF” nocase wide ascii

condition: all of them

}

Indicators of Compromise

 

Samples

 

MD5

 

Size

 

IP

 

IOC

x86.dll[first x86 installed dll]

69833a3ecc52f57a02656d46e1799dcc

70.7 KB

http://da[dot]alibuf.com:3/

x64.dll[first x64 installed dll]

e9c6bf0de42aa2449f1ed4bbb50ddcd6

39.4 KB

http://da[dot]alibuf.com:3/

445.exe [x86 Install.exe]

3c720a55b043564313000a4efb1d85c0

6.4 MB

Ip[dot]3322.net

www[dot]ip138.com

C:WindowsInstall.exe

C:WindowsIIS*

C:WindowsDemO.bat

C:WindowsDemC.Bat

Mado.exe [ x86 Mask.exe]

4ae31911c1ef2ca4eded1fdbaa2c7a49

741.0 KB

gle[dot]frebuf.info:80

Bmw[dot]hobuff.info:3

“C:WindowsFontssvchost.exe”

“C:WindowsFontsrundllhost.exe”

“HKLMSYSTEMCurrentControlSetServicesEventLog”

“HKLMSYSTEMCurrentControlSetServicesServiceMaims”

“HKLMSYSTEMCurrentControlSetServicesServiceMais”

Mask.exe [ x64 Install.exe]

d8470f5c12f5a5fee89de4d4c425d614

1.3 MB

Ip[dot]3322.net

www[dot]ip138.com

C:WindowsInstall.exe

C:WindowsIIS

C:WindowsDemO.bat

C:WindowsDemC.Bat

Dst.exe [ x64 Mask.exe]

4ae31911c1ef2ca4eded1fdbaa2c7a49

741.1kb

gle[dot]frebuf.info:80

BMW[dot]hobuff.info:3/

“C:WindowsFontssvchost.exe”

“HKLMSYSTEMCurrentControlSetServicesEventLog”

“HKLMSYSTEMCurrentControlSetServicesServiceMaims”

“HKLMSYSTEMCurrentControlSetServicesServiceMais”

CPUInfo.exe

2df2d6d9db08558e88f1636ed2acc146

5.7 MB

Ip[dot]3322.net

www[dot]ip138.com

C:WindowsIISCPUInfo.exe

Sogou.exe [ 2nd module file]

4a14e7fb274462e844b5595210350400

4.6 MB

Ip[dot]3322.net

www[dot]ip138.com

C:WindowsInstallerconhost.exe

360Safe.exe [2nd Module File]

ce606d80b44ea2aae81056b9088ba1e4

3.6 MB

gle[dot]freebuf.info:80

C:WindowsFontsrundllhost.exe

       

The post MadoMiner Part 1 – Install appeared first on Cybersecurity Insiders.


September 25, 2018 at 09:09PM