CASB tales from the darkside…

This post was originally published here by Nat Kausik.

Recently, met with the CASB team at a global management consulting company.  Their struggles over the last two years are worth chronicling.

This company had purchased a first-gen CASB that installs agents on every device, making the solution almost impossible to deploy to a global workforce on a range of devices. After two years, they were still only partially deployed.    Worse yet, the vendor updated end-point agents at their whim.  After one such update, almost all of the laptops in the company were disconnected from the internet for several days.    

Even on a good day, the proprietary data centers of the vendor were overloaded. Latency was an issue for roaming users, particularly those traveling outside the United States.   

So the customer uninstalled the agents, turning off the proxy and switching the CASB to API only mode.  And now there over 30M files backlogged to be scanned, and growing.  The CASB vendor is simply unable to keep up.

Photo:Happiest Minds

The post CASB tales from the darkside… appeared first on Cybersecurity Insiders.

December 01, 2018 at 12:07PM

Read More

Indian police & Microsoft busts tech support scam centers

By Uzair Amir

You may have watched YouTube videos about tech support scam tricking unsuspecting users into believing that their devices have been compromised with some nasty malware and the only way to get rid of it is to pay the technician for their “services” over the phone or Skype call. This type of tech support scam has […]

This is a post from HackRead.com Read the original post: Indian police & Microsoft busts tech support scam centers

December 01, 2018 at 03:18AM

Read More

Marriott hotel data breach: Sensitive data of 500 million guests stolen

By Waqas

Marriott has announced that it has suffered a massive data breach after attackers hacked its guest reservation system at Starwood hotels, a group of hotels the company took over in 2016 – These hotels include Sheraton, St. Regis, Westin and W Hotels. The breach was discovered last week after Marriott’s internal security tool alerted the company regarding an attempt to access the […]

This is a post from HackRead.com Read the original post: Marriott hotel data breach: Sensitive data of 500 million guests stolen

November 30, 2018 at 11:10PM

Read More

Things I Hearted this Week – 30th Nov 2018

Last week I was off attending IRISSCON in Dublin and so there was no update, and this week I’ve been at the SAN EU security awareness summit – so while I have been hearting things for the last two weeks, I’ve not had a chance to put them down.

I don’t want to miss two weeks in a row – so I’ll give you a quick download and hopefully normal service will resume next week!

Chat app Knuddels fined €20k under GDPR regulation

The chat platform violated GDPR regulation by storing passwords in clear text and for this reason, the regulator imposed its first penalty under the privacy regulation.

• Chat app Knuddels fined €20k under GDPR regulation | Security Affairs

IOC Origins

Richard Bejtlich gives a historical view into the origins of IoC’s

• The Origin of the Term Indicators of Compromise (IOCs) | TaoSecurity

The spread of low-credibility content by social bots

The massive spread of digital misinformation has been identified as a major threat to democracies. Communication, cognitive, social, and computer scientists are studying the complex causes for the viral diffusion of misinformation, while online platforms are beginning to deploy countermeasures. Little systematic, data-based evidence has been published to guide these efforts. Here we analyze 14 million messages spreading 400 thousand articles on Twitter during ten months in 2016 and 2017. We find evidence that social bots played a disproportionate role in spreading articles from low-credibility sources.

• The spread of low-credibility content by social bots | Nature.com

The $1M SIM Swap

A 21-year-old has been accused of SIM-swapping the mobile number of a Silicon Valley executive in order to steal roughly $1 million in cryptocurrency.

• SIM-swapping 21-year-old scores $1 million by hijacking a phone | ZDNet

A day in the life of a trickbot hunter

Nice writeup!

• Day in the life of a researcher: Finding a wave of Trickbot malspam | SANS

Crypto hacking

If you maintain any software libraries that deal with cryptocurrency wallet private key, there’s a huge incentive for hackers to compromise your library’s dependencies, and dependencies of dependencies. That’s what happened with this npm package

• I don’t know what to say | GitHub

Get SaaSy

The NCSC’s new SaaS security collection provides a lightweight approach for determining the security of any SaaS application. The collection also includes security reviews of the 12 most asked-about SaaS services used across UK government.

• SaaS security – surely it’s simple? | NCSC

Today’s Deep Learning “AI” Is Machine Learning Not Magic

Well, if AI isn’t magic, I should update my Uncybered browser plugin!

• Today’s Deep Learning “AI” Is Machine Learning Not Magic | Forbes

Chinese Ramp up AI

When I read stories like this, my worry that machines will take over human jobs subsides. In this story, Chinese cities have rolled out AI-powered facial recognition technology to identify jaywalkers (because I’m sure they’ve solved every other crime out there).

The results… well, can you say dystopian?

• AI Mistakes Bus-Side Ad for Famous CEO, Charges Her With Jaywalking | CX Live

I hope to be this petty some day

Zuckerberg told Facebook execs to stop using iPhone after Tim Cook privacy comments | Apple Insider

Although, is it as petty as 50 Cent?

50 Cent buys 200 tickets to Ja Rule concert to keep seats empty in ongoing feud | CBS news

Other stories of interest

• I still miss my headphone jack, and I want it back | Fast Company
• AWS has released some free training | AWS
• Regular Exercise May Keep Your Body 30 Years ‘Younger’ | NY Times
• The Next Data Mine Is Your Bedroom | The Atlantic
• The Wartime Spies Who Used Knitting as an Espionage Tool | Atlas Obscura

      

The post Things I Hearted this Week – 30th Nov 2018 appeared first on Cybersecurity Insiders.

November 30, 2018 at 09:09PM

Read More

Data of 500 million Starwood Marriott Hotel customers compromised in Cyber Attack

Marriott International has disclosed that the data of more than 500 million guests was compromised in September this year which happens to be the biggest in the last 5 years. The compromised details include Passport info, credit card details, and names & phone numbers of guests who checked into the Starwood properties on or before Sept 10 this year.

Sources reporting to Cybersecurity Insiders say that the intrusion into the network of Starwood Hotels & Resorts was taking place since 2014, but was detected recently through a data audit conducted by Marriott authorities who now confirm that all the guest info was copied after decryption. And the hackers also tried to wipe out the entire database with a malware.

The company confirmed on Friday that credit card numbers and their expiry details could have been compromised in the incident. And added to its statement that for over 327 people, details such as names, mailing address, phone numbers, email addresses, passport numbers, Starwood premium customer info, date of birth info, gender, arrival, and departure info, reservation date, flight numbers, and communication preferences could have accessed by hackers.

More details will be updated shortly!

Note 1- Starwood merged with Marriott almost 2 years ago and attempts to combine the loyalty programmes were barred due to technical issues.
 
Note 2- Currently, the following hotels and resorts are under the hood of Starwood- St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Le Meridian Hotels & Resorts, Four Points by Sheraton, Design Hotels, W. Hotels and the Tribute Portfolio.

Note 3– Arne Sorenson the CEO of Starwood said in a statement yesterday that the full details of the cyber attack are yet to reach his insight.

The post Data of 500 million Starwood Marriott Hotel customers compromised in Cyber Attack appeared first on Cybersecurity Insiders.

November 30, 2018 at 08:51PM

Read More

Hackers shut down Moscow’s Cable Car via Cyber Attack

Moscow’s Cable Car services which were opened to the public for the first time was reportedly shut down by hackers via cyber attack. Sources reporting to Cybersecurity Insiders say that the passengers were forced to disembark the vehicles only 2 hours after it opened on Wednesday as the digital systems which were operating the cars were disrupted.

Many Twitter users who were about to take the ride were seen sharing a video of a police officer requesting them to get down the vehicle as it could not operate due to technical reasons. When they tried to inquire with the authorities, they were told that the cable car service was down due to a cyber attack.

The details of the hackers who disrupted the network are yet to be known. But the law enforcement has been pressed into service to identify the culprits as soon as possible.

Note 1- the Cable Car was meant to be a Moscow’s tourist attraction plying on the wire link of Moskva River and was to take passengers to and fro from the Sparrow Hills to the Luzhniki Sports stadium where the Soccer World Cup Final was held in this summer.

Note 2- The service was opened to the public on Tuesday and was supposed to be free for the 1st month.

Note 3- The Cable car was supposed to be opened in May this year to ease the transport glitches of the world cup fans to a certain extent. But a 2-tonne aluminum panel worth 2 million rubles (30,000 USD) was reported to be stolen from the construction site during the course—$1= 66.36 Rubles.

Note 4- In general, if this incident happened in a Western country like UK or US, the fingers could have been easily pointed towards their adversaries like Russia, China, and Iran. But now, as it has taken place in the capital of Russia, the media sources are just seen reporting the incident, instead of playing the blame game.

Note 5- A cable car is a metal compartment meant to transport people from one point to other- usually up & down a mountain. It is suspended via a moving cable which is driven by a motor at one end of the route or at both ends for failover.

The post Hackers shut down Moscow’s Cable Car via Cyber Attack appeared first on Cybersecurity Insiders.

November 30, 2018 at 11:06AM

Read More

SSCP CREATES POINT OF ENTRY TO CYBER CAREER

This post was originally published here by(ISC)² Management .

If you’re looking to break into the field of cybersecurity – and workforce research shows, we need you to join us – (ISC)²’s SSCP certification may be the way to go.

Certification Magazine recently wrote about the SSCP certification as a solid point of entry for aspiring security professionals. The certification is ideal for those in “boots on the ground” positions within security operations. The SSCP exam is highly technical and focused on hands-on knowledge skills. The certification is ideal for security analysts, systems engineers, database administrators and others responsible for the day-to-day operations of securing their organizations critical assets.

For more information about the SSCP certification – including exam information, steps to getting certified and the benefits of membership – download the Ultimate Guide to the SSCP.

Photo:Trade & Investment | Wales

The post SSCP CREATES POINT OF ENTRY TO CYBER CAREER appeared first on Cybersecurity Insiders.

November 30, 2018 at 04:59AM

Read More

CYBERSECURITY SCHOLARSHIPS FROM (ISC)² AND THE CENTER FOR CYBER SAFETY AND EDUCATION

This post was originally published here by (ISC)² Management.

Each year, (ISC)² and the Center for Cyber Safety and Education partner together to offer scholarships to students around the world. There are three categories of scholarships in this program: Graduate, Undergraduate and Women’s. All are open to students pursuing cybersecurity degrees in any country in the world, whether they are full-time or part-time students, online or attending a campus.

The Graduate Scholarship period is open until January 15. Applicants must be pursuing, or plan to pursue, a master’s degree program, or a doctoral study, with a focus on cybersecurity or information assurance. The Undergraduate Scholarship application period will open January 1, 2019 and close March 1. To qualify, students must be pursuing, or plan to pursue, a degree with a focus on cybersecurity or information assurance. High school seniors and current undergraduate students are eligible. We will open up applications for the (ISC)² Women’s Scholarship on February 15, 2019 closing on April 15. Multiple recipients will be selected for each scholarship.

One of last year’s Graduate Scholarship winners, Mahak Sachdeva, said “(ISC)² has been a knowledge center for information security. As a woman and a strong proponent of reducing the diversity gap in cybersecurity, I feel proud to become part of this organization. As an international student from India studying for a Master’s of Cybersecurity Policy in the United States, this scholarship provides motivation for me and likeminded students that we can succeed in the information security industry.” Mahak plans to pursue her CISSP certification following completion of her graduate studies.

Photo:The Great Courses

The post CYBERSECURITY SCHOLARSHIPS FROM (ISC)² AND THE CENTER FOR CYBER SAFETY AND EDUCATION appeared first on Cybersecurity Insiders.

November 30, 2018 at 04:47AM

Read More

Tips for a Successful AWS re:Invent 2018

This post was originally published here by gregg rodriguez.

AWS re:invent is less than a month away, but if you’re like most IT and security professionals you have your hands full.

This year we’re sharing some tips for AWS re:Invent that will help you take advantage of great online resources so you can plan ahead and hit the ground running the minute you arrive–without having to flip through guides and agendas as you’re looking for the right venues.

Top AWS Resources for re:Invent-ing like a Pro

• 2018 AWS re:Invent Agenda Worksheet: Before you head out, confirm you are prepped and ready to go. Plan ahead using the pre-event checklist, a priority questionnaire, weekly planner, and daily planner.
• How to re:Invent: re:Invent has gotten so big there’s now a show dedicated to helping you get the most out of your attendance. Check out this entertaining series of 15-minute webinars covering everything from registration opening, subject matter experts on AWS services and solutions, as well as to how best prepare to join AWS onsite in Las Vegas.
• AWS Hero Guides: If you’re still trying to make sense of the abundance of sessions and breakouts, check out the AWS Hero Guides and get advice from top re:Invent veterans.
• AWS re:Invent Workshops: Get some cred while you take part in problem solving activities in re:invent workshops: two-hour, hands-on sessions where you work in teams to solve problems using AWS. Experts provided by AWS will be in the room to make sure every group gets the assistance they need. Best of all, reserved seating is available.
• AWS re:Invent Session Catalog: This year, AWS will be repeating some its most popular sessions across the campus, giving you the opportunity to attend any sessions you missed last year or those sessions most important to you this year. They’re also giving you more flexibility and tools to plan your daily schedule. View the 2018 session catalog now and map out your event schedule.
• re:Play Party: re:Invent should not be all work and no play, so don’t forget to have some fun and strike work/party balance. The re:Play Party is not just another EDM concert, but an interactive extravaganza, providing the ultimate playground for those of us who believe that grown-ups should still play and have fun. Release your inner child!

We hope you have a great AWS re:Invent.

Please stop by booth #1810 to meet us and enter to our Sonos One Drawing for a chance to win an all-new Sonos One smart speaker with Alexa voice control built-In, and to learn about how CloudPassage’s Halo Cloud Secure can you give comprehensive security visibility and compliance for all your AWS deployments.

The post Tips for a Successful AWS re:Invent 2018 appeared first on Cybersecurity Insiders.

November 30, 2018 at 04:37AM

Read More

Dunkin Donuts Perks loyalty data breach: Change your password

By Waqas

Dunkin Donuts says it has suffered a data breach in which customer data of its DD Perks loyalty program may have been stolen – The DD Perk is a reward program for the company’s regular customers. According to a now-inaccessible security advisory, Dunkin Donuts stated that the data breach was initially detected on October 31st forcing it to […]

This is a post from HackRead.com Read the original post: Dunkin Donuts Perks loyalty data breach: Change your password

November 30, 2018 at 05:04AM

Read More

Feds charge 2 Iranian hackers behind SamSam ransomware attacks

By Waqas

The United States Department of Justice has charged two Iranian nationals with allegedly developing and using SamSam ransomware against their targets in the United States and Canada to carry out computer hacking and extortion scheme from Iran. Both Mohammad Mehdi Shah Mansouri, 27 and Faramarz Shahi Savandi, 34 have been charged with six counts together with one count of conspiracy […]

This is a post from HackRead.com Read the original post: Feds charge 2 Iranian hackers behind SamSam ransomware attacks

November 30, 2018 at 01:00AM

Read More

Gang sentenced for installing card skimmers on gas pumps & stealing data

By Carolina

On Wednesday, a group of ten individuals including the head of the group received a total of 30 years sentence. The group was involved in installation of card skimmers on gas pumps across five states in the US including main cities of Northeast Ohio. Through card skimmers, credit card detail of thousands of people was […]

This is a post from HackRead.com Read the original post: Gang sentenced for installing card skimmers on gas pumps & stealing data

November 29, 2018 at 08:40PM

Read More

HCISPP Spotlight: George Chacko

Name: George Chacko
Title: Senior Manager, Information Security
Employer: New York Blood Center
Location: New York, NY, U.S.
Education: State University of New York at Buffalo
Years in cybersecurity and/or privacy: 14
Cybersecurity certifications: CISSP, HCISPP

 

How did you decide upon a career in healthcare security and/or privacy?

After starting my career in financial services as an information security professional, I knew that the healthcare industry was an area in which experienced resources were needed due to the rise in major breaches of medical records and personal healthcare information. I had many family and friends in different roles in healthcare and I admire the mission and purpose of the industry. I wanted to leverage my experience in information security in the healthcare industry by supporting the mission and vision of an organization.

 

Why did you decide to pursue your HCISPP?

Although the financial and healthcare industries are very different, the core principles of information security are similar. As I transitioned into my new role in healthcare, I wanted to learn more specifics about the terminology, regulations and principles. Since I had my CISSP, I researched different certifications and learned that the HCISSP offered this content in its knowledge domains and was part of the (ISC)² umbrella of certifications. Being a member of (ISC)² for more than 10 years gave me confidence that the HCISSP would help me to learn these topics.

 

What is your main role in your organization?

I am responsible for the overall information security program for my organization. One of my main roles is to align the information security strategy for the organization to our business. I report to the chief information officer (CIO) and work with him on these strategic and tactical activities. We work closely to communicate progress and roadblocks to our senior leadership team. I believe this is critical to success because often in other companies, information security works in isolation which impedes the business, instead of empowering them.   

 

Tell us about a project that you were particularly proud of –

I have been part of many projects, but what I am most proud of is being able to instill information security into the culture of our company. Before me, the organization did not have an IT professional dedicated to information security, so I had the opportunity to build the program from the ground up and to lay a foundation for my organization. I tried to take a methodical approach, focusing on our biggest risks and aligning information security to our business to support them and our critical functions.

  

What impact has the HCISPP had on your career?

Implementing an information security program in a blood center is unique and different from other industries because hospitals are our major partners, donors are our biggest clients and the foundation for regulations support human life rather than financial thresholds. The HCISPP helped me to bridge the gap between my prior financial service experience and the healthcare industry by helping me to understand new terms and a differing culture. As I prepared for the certification, I took a study course and networked with other certified members which gave me access to resources that I would not have known about otherwise.

  

What advice would you give to those who are thinking about pursuing health IT security as a career?

The purpose and mission of healthcare organizations are amazing and are very different from other industries. To know that you are supporting an organization that is there to help save lives gives you great perspective. I would advise anyone interested in health IT security to understand the regulations, culture and the customers you are supporting. It is very different from other industries because you are supporting human life. Risk management becomes a very different process as you are making critical decisions for your organization.

 

For more information about the (ISC)² Healthcare Information Security and Privacy Practitioner certification, download the Ultimate Guide to the HCISPP.

The post HCISPP Spotlight: George Chacko appeared first on Cybersecurity Insiders.

November 29, 2018 at 09:09PM

Read More

Dell fails to notify customers on Cyber Attack

Dell has announced late yesterday that it had reset all the passwords of its customers belonging to its electronics store Dell.com on November 14th this year as a precautionary measure to block unauthorized attempt of cyber crooks to extract customer information like email address, customer names and hashed passwords.

The highlight of this issue is that the company detected unauthorized attempt to access its database on November 9th,2018, but chose not to make it public to avoid embarrassment among its competitors.

Instead, the American Multinational Computer technology company chose to reset all the passwords of the customers of its electronics store and chose to disclose the news to the world after a fortnight.

The company stated in a statement released a few hours ago that no sensitive info such as credit card details was leaked in the hack. And the cyber incident did not impact any Dell products or services.

Cybersecurity Insiders learned that the Texas-based computer maker firm has hired a digital forensics company to conduct an independent probe and has kept the law enforcement updated with the cyber attack info from November 16th,2018.

Dell has assured that the hack happened early this month and so all the data of the customers who logged onto the online store to bag the best Black Friday or Cyber Monday deals is pretty safe and secure.

Meanwhile, the Asia-Pacific wing of Dell has issued an alert on its website stating not to respond to or interact with any individual/company via emails/letters making a demand for money in exchange of interview or employment letters.

The company clearly specified in its statement that it is in no way associated with such emails and cannot be held liable for the actions conducted by the cyber crooks.

Dell has stated that all genuine job offers or vacancies are mentioned in the Dell Career website and any job application received through proper channel will be reviewed carefully and then be finalized based on the merit and other conditional factors.

The post Dell fails to notify customers on Cyber Attack appeared first on Cybersecurity Insiders.

November 29, 2018 at 08:51PM

Read More

Dell resets all customer passwords after security breach

By Waqas

The computer technology giant Dell has announced on Wednesday that it has suffered a potential security breach in which hackers attempted to steal customer data from its website Dell.com. The incident took place on November 9th when Dell detected and disrupted an attack aimed at the personal data of its customers including names, email addresses, and […]

This is a post from HackRead.com Read the original post: Dell resets all customer passwords after security breach

November 29, 2018 at 07:08PM

Read More

Google n FBI discover a major ad-fraud campaign infecting 2 million devices

Google in association with the US law enforcement agency FBI has busted a major AD fraud campaign which is reported to have hacked over 2 million devices so far. It’s said that the scam led the hackers to over $36 million earnings from advertising.

Cybersecurity Insiders has learned that the search giant indicted charges against 8 people for running ‘3ve’ and ‘Methbot’ Operations in which the former is said to have infected over 2 million devices, and siphoned off an alleged $29 million. On the other hand, Methboth which was shut down in 2016 is said to have earned scammers about $7 million.

The 13- count indictment which was opened on Tuesday says that the defendants listed with the charges are from Russia and Kazakhstan, while 5 other prime suspects are on run.

According to the indictment the charges levied against the 8 people are money laundering, computer network interception, hacking, wire fraud and identity theft of high level.

More details are awaited!

Note 1- The developers of 3ve were in a hope to siphon off $250 billion from the ad world. But as most of their operations turned futile they could only gain $29 m in earnings.

Note 2- Over one million IPs from home and corporate networks were said to be under control of 3ve operations-mainly from Europe and North America. The scammers went to great lengths in using bots to craft real web activity by having them open web pages and videos. This has resulted in ad earnings for them via fake clicks.

Note 3- 3ve was found to be operating till July’18 while Methbot was shut down in dec’16.

The post Google n FBI discover a major ad-fraud campaign infecting 2 million devices appeared first on Cybersecurity Insiders.

November 29, 2018 at 09:25AM

Read More

New Zealand bans Huawei 5G equipment due to Espionage fears

After US and Australia, New Zealand happens to be the latest country to ban Huawei from entering its country and upgrading its mobile network to 5G. Reports are in that the Mobile Company Spark was intending to use Huawei equipment to offer 5G services in the country located in Southwestern Pacific Ocean.

But the government dictated stringent orders early this week by banning Spark from using Huawei equipment for a 5G network upgrade.

In August this year, United States President Donald Trump released an executive order banning all equipment supplied by the Chinese manufacturers ZTE & Huawei from being used in government agencies. The order was issued based on the investigation provided by FBI that the said manufacturers were using spying software on the equipment (especially smartphones) being supplied to the United States. And those devices were sending critical info to remote servers based in Beijing.

For this reason, all the telecom networks & ISPs in the United States barred the use of Huawei phones Routers by their respective customers.

Spark says that it was extremely disappointed with the decision pronounced by the Government Communications Security Bureau of New Zealand. However, the company is still confident that it will succeed in introducing a 5G network to the populace by 2020.

Note- As per the Chinese law directed in the year 2017, every organization and citizen has been asked to support, assist, and cooperate with intelligence work. Moreover, the government of China has put a stipulation that companies doing business in their region should either store data on their soil or offer a backdoor into the services being offered to the Chinese Populace.

Based on the prevailing laws in China and some substantial evidence, Huawei’s equipment was marked as a conduit for espionage.

Early this year i.e. in March, Spark showcased a 5G test at a site near to Parliament using the equipment of Huawei. And the then Broadcast Minister of New Zealand Clare Curran is said to have attended the event.

A source from BBC on the condition of anonymity said that the government of New Zealand was pressurized to implement the ban on Huawei equipment by the members of “Five Eyes” an alliance comprising of US, Britain, Canada, and Australia.

The post New Zealand bans Huawei 5G equipment due to Espionage fears appeared first on Cybersecurity Insiders.

November 29, 2018 at 09:21AM

Read More

IAM and Common Abuses in AWS

This is the first of a 4 part blog series on security issues and monitoring in AWS.

Identity and Access Management (IAM) in AWS is basically a roles and permissions management platform. You can create users and associate policies with those users. And once those users are established you get set of keys (access key and a secret key), which allow you to then interact with an AWS account.

So, it’s kind of like having a card key into the data center, and if you get into the data center, you have physical access to assets and you can do a bunch of things – in the AWS world there is no physical access to a data center therefore you can create keys and an API and you can interact with the API to do the same things that you would do in a physical environment, like physically racking servers in a data center.

Common IAM risks are associated with folks getting a hold of, for example, a set of keys that have some policy associated with them that enables an attacker to get into the environment and do some potentially risky stuff.

Following are a couple examples:

• EC2 instance creation or deletion. This is fairly common and relatively easy to do compared with the other examples. If somebody gets a hold of a set of keys  that allows them to create EC2 instances in your AWS account, that’s the first thing they’re going do. There are a lot of bots out there looking for this access, and if a bot finds a set of keys that allows it to start interfacing with EC2, it’s going to spin up a bunch of instances – likely to start mining cryptocurrency.

This actually happened to Tesla, a pretty good sized company with quite a few resources to allocate to securing their infrastructure. There are many examples in the news about keys getting published to GitHub inadvertently, and there are bots out there scraping GitHub looking for access keys and the second they find them they’re in your AWS account seeing what they can do.

• Another scenario is roles that do automated things, like take RDS snapshots or EBS snapshots. The attacker might abuse the automated process to back up various resources like EBS or an RDS database.

If an attacker gets access to that role or the keys associated with it and takes snapshots of these resources, they can deploy a new RDS database based on the snapshot. And when they do that they get to reset the passwords associated with the database. So now they’ve got access to all of your data without actually having to have the passwords required on the RDS instance.

It’s the same thing with the EBS (Elastic Block Store) snapshot. If somebody is able to take a snapshot, basically of a hard drive in AWS, they can launch a new instance connected to that block store and do some interesting things with it.

For example, assuming they’re able to create an SSH key pair in your account, they could launch a new instance from the snapshot and assign their key pair to the instance, giving them full access to the data of the original instance. If they can’t create SSH keys in your account, they might try to mount the snapshot to an existing instance they can already access.

Basically this is a crafty way to work around credential control and access control. This is a technique that’s been used to actually exfiltrate data out of AWS, just by taking snapshots.  

• The last example is account hijacking. One story that got some headlines a while back involved attackers getting full control of an AWS account through a set of keys. The account was compromised so thoroughly that trust in the service was eroded to the point that the company went out of business – an extreme scenario, but if someone gets that level of access in your AWS account, you can pretty well expect that they’re going to hold it for ransom.

There are other risks, like S3 bucket exposure risks, that are much easier to take advantage of. The good news is that Amazon has recently added 4 new options that allow the account owner to set a default access setting for all of an account’s S3 buckets. The new settings override existing or newly created bucket-level ACLs (access control lists) and policies.

We’re not highlighting S3 bucket exposure risks above because there were too many to choose from. In my search for specific data exfiltration issues that have occurred with S3, I came across this GitHub Repo where the well-known public breaches are organized by date.

You’ll find 25 different instances of actual breaches where somebody had leaked data from a publicly exposed S3 bucket.

It works as follows: Say somebody creates an S3 bucket, where they’ve got some process running that’s capturing some data and writing the information to a file in the bucket. Then somebody else comes along later and makes that bucket publicly readable. Or, the bucket was initially set up as publicly readable and nobody noticed it.

This kind of thing happens all the time, and there are adversaries out there just scanning S3 looking for publicly accessible buckets. And once they find the buckets they just scrape the data in them and figure out what treasures they’ve got later. They don’t even care what they’re downloading.   

It’s a simple thing for them to carry out. It doesn’t require a super sophisticated attack vector. We’ll dig further into AWS security risks and what to do about them in the next blog of this series.

      

The post IAM and Common Abuses in AWS appeared first on Cybersecurity Insiders.

November 29, 2018 at 09:09AM

Read More

FBI & Google shut down largest-ever Ad fraud scheme ‘3VE’

By Waqas

8 suspects behind 3VE have also been identified. Last year in August, the Federal Bureau of Investigation organized a secret meet-up between cybersecurity and digital advertising experts in its Manhattan federal building. This included Google and nearly 20 tech firms while there were nearly 30 attendees at the meeting. The agenda of the meeting was to […]

This is a post from HackRead.com Read the original post: FBI & Google shut down largest-ever Ad fraud scheme ‘3VE’

November 28, 2018 at 09:57PM

Read More

Cyber Attacks on Banks have doubled says UK Watchdog

Cyber Attacks on Banks have doubled in a year says the Financial Conduct Authority(FCA) the UK and that’s due to the sheer neglect of bankers. Yes, you’ve read it right!

The FCA of UK says that some overconfident bankers are making silly errors in crucial computer updates leading to chaos and money loss. Furthermore, as firms are underprepared for hacking attacks, they are putting their customers at risk.

Over the past few years, several money lenders in Britain have suffered a wave of online failures, all due to the blackout of TSB and a big internet maraud at Tesco Bank.

Megan Butler, the Head of Supervisory, FCA says that there has been a 138% rise in technology failures at Finance firms during a year to October. She added that the rise was mostly due to hacking incidents and technical glitches generated from the firms own making.

Speaking at the industry meeting in Central London, Ms. Butler says that the usage trend of Cryptocurrencies such as Bitcoins and Monero has also led to an increase in cyber attacks like Ransomware- an impending menace to the business world across the globe.

The regulator showed the example of the huge failure which happened this year at Trustee Savings Bank(TSB), which saw over 1.9 million customers locked out of their bank accounts, triggering a massive wave of crime.

Other lenders who have suffered an outage include Barclays, Natwest owner Royal Bank of Scotland and the downtime of Visa servers observed in June this year.

Miss Butler said that most of the banks and financial lenders are overconfident about their ability to manage flagship IT change programs and system updates. And this is what is creating a lot of chaos in the financial sector of UK.

Another failure singled out by Megan was the Tesco Bank’s hack in 2016 where hackers initiated fraudulent transactions from 1000’s of accounts- all due to the failure of bank’s IT staff who failed to put the effective defense in place- life effective cybersecurity measures.

Note- Paul Gillen, the head of Cyber Security Team, Barclays said that the company was facing 100’s of cyber attacks every day and has so far succeeded in mitigating all the risks with great difficulty.

The post Cyber Attacks on Banks have doubled says UK Watchdog appeared first on Cybersecurity Insiders.

November 28, 2018 at 09:10PM

Read More

Lenovo to pay $7.3m for installing adware in 750,000 laptops

By Waqas

In 2015, Beijing based laptop manufacturer and seemingly reliable technology company Lenovo made headlines that its 750,000 laptops had pre-installed adware called VisualDiscovery developed by Superfish. The adware played a vital role in compromising online security protections installed by the users on their laptops, accessed financial data and performed man-in-the-middle attack on private and secure connections […]

This is a post from HackRead.com Read the original post: Lenovo to pay $7.3m for installing adware in 750,000 laptops

November 28, 2018 at 05:50PM

Read More

Google might cancel the build of ‘Censored’ search engine for China named Project Dragonfly

Google is said to cancel the build of a separate and censored Chinese search engine named ‘Project Dragonfly’ due to strong protests from its own employees. It’s said that more than 273 managers and engineers have penned a letter to Alphabet Inc the parent company of Google to stop the build of a separate search engine which will be crafted in compliance with the current surveillance laws of China.

The employees have clearly mentioned in the letter that if the internet juggernaut moves ahead with Project Dragonfly, then there is a high chance that other country governments would request for customized search engines in order to spy on their citizens.

For those who aren’t aware of what Dragonfly is here’s a bit of summary on it. In May this year, on the special request of the Chinese government, Google CEO Sundar Pichai gave a public statement that his company could oblige the demands of the Chinese government and could come up with a separate search engine for China- parallel to Baidu, in order to gain business confidence in the said country.

But those concerned about privacy statement that the search engine crafted by Google will give special powers to the government of China and will help the officials in spying on the content being surfed, transmitted and accessed by the citizens- leading to suppression of democracy, human rights and discords being held in a peaceful way.

The latest Chinese laws on data say that all those companies doing business in the region should host data in the same region and share data with the government-if and when necessary. As the technology will be presented with sophisticated tools, it will lead to mass monitoring of citizens and might silence marginalized people and favor info that promotes government interests.

In August this year, Sundar Pichai stated publicly that the plan to offer a separate search engine was just in the drafting stage and it’s still unclear whether it will go to the stage of implementation in near time.

However, the employees of Google argue that censored search engine exclusively devised for China has already taken a shape and would be presented to the world in Feb’19.

Note 1- Since, October 16th, 2007, China has banned Youtube and other Google services. Although the government of China says it has lifted the ban from March’08, anyone who searched for certain services like Youtube on the official Chinese search engine ‘Baidu’ would see a response of “results cannot be shown”.

Note 2- Probably Google wants to change its business stats in China and so has decided to offer a separate search engine for China where every data generated, accessed and edited will be stored inside the borders of the ‘People’s Republic of China’.

The post Google might cancel the build of ‘Censored’ search engine for China named Project Dragonfly appeared first on Cybersecurity Insiders.

November 28, 2018 at 11:05AM

Read More

Trump might start his own Internet

US President Donald Trump has expressed his desire to start his own ‘World Wide Web’ network to counter misinformation (according to him) or fake news spread by CNN on International Level.

Mr. Trump expressed his desire to do so via Twitter on Monday which goes on as follows- CNN has a powerful voice portraying the United States in an unfair and false way. So, something has to be done”.

All those who have read his tweet are in an opinion that the 45th President of North America is in a vision to start his own internet which will help promote his voice and will block all the ‘view-stats’ going against him and his administration in near future.

Readers of Cybersecurity Insiders have to notify a fact over here that the US government already operates ‘Voice of America’ which is said to have picked up news report figures of 275 million people worldwide- via television, radio, online and social media.

Note 1- Donald Trump and his administration have frequently criticized CNN and its reporters for varied reasons. In fact, the white house has recently announced that it has decided to ban CNN reporter Jim Acosta from entering the media rooms where Mr. Trump will be addressing the nation.

Note 2- From the beginning (i.e. from 2016) there has been N number of news reports suggesting that the Trump Administration is going to end Net Neutrality. Net Neutrality is an idea where all internet traffic is treated the same and is free to be accessed by anyone in the world. And if ‘Net Neutrality’ is ended then the Internet Service Providers (ISPs) will get the permission from the government to play with the information and can either block or slow down access to specific websites. Also, they can charge special prices for premium content access- like the content banned from access based on age, region, community, and populace.

Note 3- In January this year, Russia expressed a bold plan to protect its populace from external influence by creating its own internet. Russian News Agency RT reported in Aug’18 that the alternate internet is ready for use and can be used and accessed by BRICS nations like Brazil, India, Russia, China, and South Africa.

Note 4- Probably Donald Trump is also planning to host a similar network as stated in the above paragraph in order to save the integrity of his Nation in the political arena on a worldwide note.

The post Trump might start his own Internet appeared first on Cybersecurity Insiders.

November 28, 2018 at 11:01AM

Read More

Best Data Recovery Software of 2018: Top 10 Software for Windows, Mac and Android

A big part of the Cloudwards.net mission revolves around promoting cloud tools as a means of preventing data loss. Cloud backup solutions in particular are ideal to ensure you’ve always got a copy of your most valuable content. That said, we also understand the importance of taking such measures doesn’t really come to light until you’ve been bitten by the data loss bug. Our roundup with the best data recovery software shows you which vendors you can rely on. 

The good news is that if you find yourself tearing out your hair because you accidentally deleted a file or are dealing with a corrupted, deleted or formatted partition, there might be a way out even if you neglected setting up a backup plan. During this roundup, we’ll be introducing our readers to some of our favorite data recovery software.

Do you need a data recovery service or is software enough?
Data recovery software can recover data as effectively as a data recovery service. This includes recovery from data from machines that aren’t booting due to an issue with their boot partition. The only time you really need to use a service is if you have a drive that has failed physically.

Is all data recoverable?
No. When you delete files from your computer or a partition is deleted, there’s a chance that data could be overwritten by new files. If that happens, you won’t be able to get it back.

What if I formatted my hard drive, can I still use data recovery software?
Most good recovery software, like Stellar Phoenix, can recover data even if your hard drive has been formatted. Again, though, if you’ve overwritten your data with new data, that might not be the case.

What does a data recovery service company charge? 
Data recovery services usually price based on the severity of the issue. It can be quite expensive. U.S. electronics chain Best Buy, for example, charges between $200 and $1500 for professional recovery.

What does data recovery cost?
The best tools we reviewed — Stellar Phoenix, Prosoft Engineering and EaseUS — cost around $100 for their flagship PC software. There are some cheaper options out there, like Cleverfiles and Wondershare, though they’re not quite as good.

Do I need I still need cloud backup if I have recovery software?
Yes! Data recovery is never a sure thing, while getting your data back from the cloud is. Also, cloud backup recovery is much faster and can be done from another computer. If you’ve got a good backup plan, you shouldn’t ever need to spend money on recovery software.

 

Find the best data recovery software for you!

The post Best Data Recovery Software of 2018: Top 10 Software for Windows, Mac and Android appeared first on Cybersecurity Insiders.

November 28, 2018 at 01:37AM

Read More

Popular Android apps on Play Store caught defrauding users

By Waqas

A well-known Chinese app developer Cheetah Mobile and one of its subsidiaries Kika Tech might have claimed credit for millions of dollars from advertisers through an Android fraud scheme, reveals app analytics firm Kochava. It is a common practice for mobile app developers to generate revenue by marketing for new apps inside their apps for […]

This is a post from HackRead.com Read the original post: Popular Android apps on Play Store caught defrauding users

November 27, 2018 at 08:40PM

Read More

UBER to pay $491,000 Penalty for 2016 Cyber Attack

Uber Technologies, an American taxicab company has been ordered to pay $491,000 or £385,000 (pounds) by UK data watchdog over a 2016 cyber attack which compromised the data of millions of customers and tens of thousands of drivers.

Information Commissioner’s Office (ICO) said that the penalty has been imposed on the California based peer to peer ride sharing company for leaking info of over 2.7 million UK customers which includes email addresses, phone numbers, and physical addresses.

Readers of Cybersecurity Insiders have to notify a fact that the customers of the company were kept in dark about the cyber attack for more than a year. And it’s said that the top officials of the company paid the hackers $100,000 to destroy the data they accessed during the hack.

“As Uber failed to protect the data of its users, the said penalty has been imposed on the taxi cab company carrying out operations in London”, said Steve Eckersley, the ICO’s director of investigations.

Note 1- the fine comes in the midst of the battle which has been taking place between the London drivers from Uber and the management of the company over employment status and other work benefits.

Note 2- In June this year, the government of London issued a green flag for the renewal of a probationary license to the company to carry out its business operations in the UK capital- all against the desire of the transport regulators.

Note 3- Uber made the details of the cyber attack public in November 2017 and revealed that the hackers accessed the info of more than 57 million Uber customers and drivers worldwide from a storage bucket of AWS Cloud Platform.

Note 4- In a separate instance, Uber has been fined £600,000 fine by the data watchdog of Netherlands. As it was revealed in a probe that the hack affected around 174,000 Dutch citizens.

Note 5- Uber has to consider itself fortunate as the fine was imposed as per the GDPR regulations existing before May this year. If was to face the latest, then it could have landed up in paying a fine of 4% of its annual turnover or £20 million whichever is higher.

The post UBER to pay $491,000 Penalty for 2016 Cyber Attack appeared first on Cybersecurity Insiders.

November 27, 2018 at 09:06PM

Read More

Security Orchestration, Automation and Response (SOAR) – The Pinnacle For Cognitive Cybersecurity

The cognitive tools/technologies of machine learning (ML) and artificial intelligence (AI) are impacting the cybersecurity ecosystem in a variety of ways. Applied AI machine learning and natural language processing are being used in cybersecurity by both the private and public sectors to bolster situational awareness and enhance protection from cyber threats. The algorithmic enablers that make ML and AI pinnacles of cybersecurity are automation and orchestration. 

Last year, the research and analyst firm Gartner created a term called SOAR. It stands for Security Orchestration, Automation and Response. A key element of SOAR has been the automation and orchestration elements. An excellent analysis of the impact of automation was provided by Stan Engelbrecht in his column in Security Week called The Evolution of SOAR Platforms. 

Stan noted “as SOAR platforms evolve, they are requiring less experience from users. Vendors embed security expertise into the products, in the form of pre-built playbooks, guided investigation workflows, and automated alert prioritization. 

Automation and orchestration features have also reached a level of sophistication where they can be integrated into an existing security framework without relying on users to know exactly what should be automated.”

Indeed, SOAR and corollary cybersecurity automation technologies combined with ML and AI tools can be viewed as a strong framework for mitigating evolving threats. AI and ML have emerged into new paradigms for automation in cybersecurity. They enable predictive analytics to draw statistical inferences to mitigate threats with fewer resources. In a cybersecurity context, AI and ML can provide a faster means to identify new attacks, draw statistical inferences and push that information to endpoint security platforms.

Three significant factors are heightening their risk:  

1) Skilled Worker Shortage: It is widely noted that the cybersecurity industry is facing major skilled worker shortages. According to data published on Cyberseek, U.S. employers in the private and public sectors posted an estimated 313,735 job openings for cybersecurity workers between September 2017 and August 2018. That’s in addition to the 715,000-plus cybersecurity workers already employed. It is not just a U.S. problem, but a global problem and the demand for skilled workers to address the growing prevalence and sophistication of cyber-threats is growing exponentially.

2) Expanding Digital Connectivity: The expanding connectivity of the Internet of Things (IoT) has greatly increased cyber vulnerabilities. IoT refers to the general idea of devices and equipment that are readable, recognizable, locatable, addressable, and/or controllable via the internet. This includes everything from home appliances, wearable technology and cars. Gartner predicts that there may be nearly 26 billion networked devices on the IoT by 2020.  The numbers of devices provide a larger attack surface with more targets for cyber criminals and makes defending networks and endpoints even more difficult.

3) Sophistication of Adversaries: Cybersecurity criminals are using machine learning techniques to discover vulnerabilities on their targets and to automate their own attacks (with increasing success). They often share tools available on the Dark Web and hacker attacks are now faster, more calculating, and more lethal. The threat actors are many and varied including nation states, criminal enterprises, and hacktivists.

The three factors I highlighted are not the only ones forcing the need for automation and orchestration tools, but they are prevailing ones. To keep up with cyber-threats and help level the playing field against attackers, companies and governments need to evaluate and assimilate many of the automation and orchestration tools that hackers employ and integrate them into their own Security Automation and Orchestration (SOAR) platforms and security information and event management (SIEM) platforms. They should implement these tools and technologies under a comprehensive risk management strategy.

Security automation and orchestration of applications should be commensurate and grow with derived benefits (and adversarial risks) from AI and ML. These technologies can provide for more efficient decision-making by prioritizing and acting on data, especially across larger networks and supply chains with many users and variables.

The automation and orchestration tool chest can now utilize horizon scanning technologies, filter through alerts, use predictive analytics, facilitate identity management, coordinate incident response (audits and alerts), use self-repairing software and patch management, and employ forensics and diagnostics after an attack.  Automation and orchestration can be valuable in enhancing existing cybersecurity architecture such as preventive security controls, including firewalls, application security and intrusion prevention systems (IPSs). Perhaps most importantly, automation and orchestration can provide a more rapid response capability across a multitude of security components and tools whether they are located in the Cloud or in onsite data centers. The faster a CISO can identify and address a threat or breach, the better the likely outcome.

Combating machine-driven hacker threats requires being proactive by constantly updating and testing cybersecurity capabilities. Using ML automation platforms to recognize and predict anomalies associated with the data-base of behavioral patterns of malicious threats can be an indispensable layer in an integrated cyber-defense.

For the public sector, automation, combined with ML and AI, is an emerging and future cybersecurity pathway, especially for industrial systems and critical infrastructure.

DARPA is investing for the Department of Defense (DoD) in developing these capabilities for the warfighter.  DARPA announced a multi-year investment of more than $2 billion in new and existing programs called the “AI Next” campaign. DARPA’s website notes that “key areas of the campaign includes automating critical DoD business processes, such as security clearance vetting or accrediting software systems for operational deployment; improving the robustness and reliability of AI systems; enhancing the security and resiliency of ML and AI technologies; reducing power, data, and performance inefficiencies; and pioneering the next generation of AI algorithms and applications, such as “explainability” and “common sense reasoning.”  

For domestic federal security, the Department of Homeland Security (DHS) has deployed an automated cyber surveillance system that monitors federal internet traffic for malicious intrusions and provides near real-time identification and detection of malicious activity called EINSTEIN. This system is continually being upgraded.

Einstein is only one element of DHS’s use of automation. DHS’s newly created Cybersecurity and Infrastructure Security Agency (CISA) will be using cognitive automation for cyber, collaboration and communication capabilities in many areas of its defined mission:

Proactive Cyber Protection

• CISA’s National Cybersecurity and Communications Integration Center (NCCIC) provides 24×7 cyber situational awareness, analysis, incident response and cyber defense capabilities to the Federal government; state, local, tribal and territorial governments; the private sector and international partners.
• CISA provides cybersecurity tools, incident response services and assessment capabilities to safeguard the ‘.gov’ networks that support the essential operations of partner departments and agencies.

Infrastructure Resilience

• CISA coordinates security and resilience efforts using trusted partnerships across the private and public sectors, and delivers training, technical assistance, and assessments to federal stakeholders as well as to infrastructure owners and operators nationwide.
• CISA provides consolidated all-hazards risk analysis for U.S. critical infrastructure through the National Risk Management Center.

Emergency Communications

• CISA enhances public safety interoperable communications at all levels of government, providing training, coordination, tools and guidance to help partners across the country develop their emergency communications capabilities.
• Working with stakeholders across the country, CISA conducts extensive, nationwide outreach to support and promote the ability of emergency response providers and relevant government officials to continue to communicate in the event of natural disasters, acts of terrorism, and other man-made disasters.

Cybersecurity Ventures predicts that cybercrime will cost the world $6 trillion annually by 2021. That is a scary scenario. It is important that both government and industry are investing together in automation and orchestration to harness productivity and to especially address cyber-threats. It will take a vibrant partnership to help meet the threats. With every passing year, cyber criminals become more sophisticated and adept in their cyber-attacks. In view of a lack of skilled workers, expanding digital connectivity, and the growing sophistication of adversaries, automation and orchestration are key elements for a viable cybersecurity posture.   Ultimately, incorporating these elements will become a cybersecurity imperative in an AI and ML guided world.

      

The post Security Orchestration, Automation and Response (SOAR) – The Pinnacle For Cognitive Cybersecurity appeared first on Cybersecurity Insiders.

November 27, 2018 at 09:10PM

Read More

4 ways Apple’s eSIM-ready iPhones will change the mobile industry

< 4-minute read.

On September 12, 2018 Apple announced that its newest iPhones (iPhone XS, iPhone XS Max, iPhone XR) will ship with eSIM technology. The new iPhones became the first widely marketed eSIM-compatible smartphones ever launched. Thus, generating a wind of change onto the mobile and SIM industries.

1. Bringing eSIM to the masses

Apple is the world’s number 2 smartphone vendor with a 14% market share in 2017 (after Samsung which holds 20% of the worldwide market).

With almost 1.25 billion iPhone sold worldwide between 2007 and 2017, Apple’s flagship smartphone revolutionized the mobile industry with pioneering features that were quickly adopted by competitors, such as full screen phones, fingerprint authentication and the creation of the App economy. As a trend setter, it represents the reference point for innovation and whenever new features launch, customers have quickly learned what they are, and how they work.

That’s why Apple’s eSIM adoption is a true game changer. It will further increase eSIM awareness and adoption among consumers globally – in addition to the iPad Pro and iWatch’s current support of eSIMs.

In terms of customer experience benefits, eSIMs simplify the user journey thanks to the digitalization of the mobile subscription activation of eSIM-ready devices.

eSIM-ready iPhones further increase eSIM awareness and adoption among end-users & consumer product OEMs globally

Apple has made it clear it will generalize eSIM across all its product portfolio (the iPad Pro being the latest one, since its launch end of October).

2. Democratizing mobile access among OEMs and ODMs

Apple’s eSIM endorsement is a fantastic spotlight for the SIM industry in bringing mobile-connectivity-as-a-feature for original equipment & device manufacturers.

It truly facilitates the pervasiveness of cellular technology into existing non-connected devices such as smartwatches, wristbands, PCs and new categories of devices including headphones, digital healthcare assistants, pet trackers, smart clothing, coffee machines and many other consumer devices.

Thanks to mobile connectivity miniaturization, innovation in device features is enhanced. This means customers can now enjoy extended battery life, reduced thickness & weight in their devices, and improved waterproof capabilities (as the pop-out SIM tray will no longer exist for some secondary devices).

How does the world’s most popular mobile OS, Google’s Android, envision eSIM?

In the beginning of November, Google announced Android eSIM support for all OEMs. With its leaked Hermes project, Google wishes to add this functionality to Chrome by delivering messages between devices with eSIM chips and carrier servers through profile downloads as well as service discovery for new carriers. It aims to provide seamless integration with Project Fi and an easily portable API to be used on different hardware.

Announced last October, Google’s Pixel 3 and Google Pixel 3 XL smartphones include eSIM technology in addition to a nano-SIM. Compared to the Pixel 2 – which already supports eSIM, but intentionally locked to only work with Google’s own Project Fi, these new models will also work with eSIM-open mobile operators like Verizon, T-Mobile, AT&T to name just a few.

As an aside, with so much connectivity around us, we’re now tantalizingly close to American writer Gary Shteyngart’s 2013 prediction that  being unconnected is a luxury only the richest people will be able to afford.

3. Inflecting the SIM industry history

The SIM industry is at a turning point in its evolution: the commitment of a giant such as Apple is a positive growth signal for the eSIM technology market.

In its survey eSIM in the consumer market published in May 2018, ABI Research highlighted that eSIM support from major smartphone vendors  such as Apple and Samsung would significantly stimulate massive adoption of eSIM in the consumer space. It also forecast that the switch to eSIM by the first mover would likely pave the way to attract other contenders such as China’s Huawei. After Apple’s keynote, ABI Research revised upwards its consumer eSIM shipment forecasts by 40% to reach more than half a billion units by 2022. Counterpoint forecasts that 24% of all mobile phones will support eSIM technology by 2022.

The future’s in the air

I can feel it everywhere

Blowing with the wind of change

Song: “Wind of change” – Scorpions, 1990

Logically any new device accepting an eSIM will contribute to increased market traction for SIM card vendors’ products & services, such as GSMA-compliant Remote SIM Provisioning eUICCs platforms. For example, Gemalto already provides more than 100 eSIM remote subscription management solutions, making us the undisputed number 1 provider in eSIM solutions worldwide.

4. Contributing to the digitalization of mobile operators’ user journey

The launch of eSIM-compliant iPhones has opened up a new era in the distribution model of mobile subscription and connectivity.

Apple’s new iPhone generation supports Dual SIM Dual Standby (DSDS) feature[1], including one eSIM and a removable nano SIM (except in China, with a dual nano SIM). In addition to inserting a removable SIM card in a drawer, users can add a new operator in seconds remotely through software. If eSIM and SIM subscriptions are locked onto the same operator for subsidized iPhones, it’s a different story for open market iPhones (i.e. the ones you buy separately from your mobile subscription): two different operators can seat in the same smartphone. It means a first mobile operator can offer its offer via the SIM card slot, and a second one via the eSIM. Paving the way for major competition between operators proposing aggressive offers.

The iPhone’s eSIM features are offered through an iOS software update. But only operators going through a stringent Apple certification process will be able to open up their iPhones with their offer.

After mobile operators have pushed to have eSIM carefully specified by GSMA’s trade body, it’s no surprise to see some of them now considering eSIM with precaution.

I fear what I hope

Book: “The pleasure” – By Italian novelist Gabriele d’Annunzio, 1889 (original quote in French: “Je crains ce que j’espère”)

But the good news is that ….

Mobile operators can fully embrace the full opportunities offered by the digitalization of the user journey. Many of them have already done so by offering connectivity bundles for adding multiple devices on a single contract, which can help with increasing the revenue per subscription.

This implies that there is a need to fully transform operators’ mobile connectivity lifecycle management policy to address the barriers hindering the massive adoption of consumer eSIM:

• Complex device & customer onboarding
• Multiple purchase channels
• Cumbersome subscription activation
• Limited customer lifecycle management

This is the first-time mobile operators face such a variety of end-user options. I’d be really interested to hear from mobile operators or OEM vendors and their view of the eSIM opportunity.

Have I missed anything important? If yes, I will update this blog and cite your comment (and send you a small gift via courier ). Let me know in the comments or by tweeting us @GemaltoMobile!

Feel free to read my other blogs on the eSIM here:

• 3 reasons why eSIM is ready to make an impact in consumer IoT and M2M markets
• eSIM simplified: a guide to consumer eSIM-ready device activation | Blog series (1/3)

 

[1] Dual SIM Dual Standby (DSDS) allows to enjoy two or several different mobile phone subscriptions onto the same phone.

The post 4 ways Apple’s eSIM-ready iPhones will change the mobile industry appeared first on Cybersecurity Insiders.

November 27, 2018 at 09:09PM

Read More

Giving Tuesday

The holidays are a great time to give back to your local community. November 27 is known as Giving Tuesday, a global day of giving. This year, the Center for Cyber Safety and Education is adding some “cattitude” to Giving Tuesday. Sign up for the Center’s “Round-Up” program from November 1 to November 27 and you will be entered for the chance to win a Jim Davis autographed holiday-themed Garfield print. Once enrolled, the program “rounds up” your change on every day purchases and donates them to the charity of your choice.

Another way to give back is at the office. One of our (ISC)² members working in the information security office at Fulton Financial Corporation planned events in September and October – for Cyber Security Awareness Month – where they could coordinate a “casual week” at the office. Employees could donate to wear jeans to the office, with all proceeds collected being donated to a cybersecurity-related charity. Fulton Financial Corporation employees selected the Center and raised more than $800 in a few months.

The (ISC)² New York Metro Chapter also donated to the Center through an event at the Citi offices. For their seventh annual National Cybersecurity Month, employees hosted a ticketed event benefiting the Center and raised $600.

The Center has awarded more than $1,000,000 in cybersecurity scholarships over the years and continues to do so every year. Your donations enable the Center to work toward their mission of making the cyber world a safer place for everyone, through scholarships, the Garfield Safe and Secure Online program and so much more.

The post Giving Tuesday appeared first on Cybersecurity Insiders.

November 27, 2018 at 09:09PM

Read More

2019 Endpoint Security Report: Risk and Worry Increases Among Infosec Pros

Frustration and anxiety. Those are two words that come to mind after reading Cybersecurity Insiders’ 2019 Endpoint Security Report. A majority of organizations report an increase in the risk to their endpoints as the number of new threats, particularly fileless malware, advanced attacks and evasive threats, continues to rise. Many have responded by increasing their endpoint security budgets and deploying multiple next-gen endpoint security agents. Yet, they still feel unprepared to thwart these new threats.

You can’t solve a problem until you identify the root cause, and that’s the good news in the report. Cybersecurity Insiders polled hundreds of cybersecurity professionals ranging from technical executives to managers and IT security practitioners, and the majority of them understand the problem:

• 53% report an increase or significant increase in endpoint security risk likely due to the proliferation of new threats.
• 76% see endpoint security becoming more important in the future as a result of the increased risk.

 

They’ve identified the problem and they’re trying to solve it. 41% expect to increase their endpoint security budgets for 2019, and about one third of organizations have more than four different endpoint security agents, including AV, DLP, encryption and EDR on their endpoints.

The bad news: higher awareness of the threats, budget increases and implementing more next-gen endpoint security technologies do not translate to a stronger security posture:

• Only half of organizations are very confident or extremely confident in their organization’s endpoint security posture.
• 50% believe their current endpoint security posture can stop 75% of attacks or more. 21% estimate less than 50% of attacks will be stopped.
• 32% experienced one or more attacks that successfully compromised data or IT infrastructure in the past 12 months.
• 54% believe it is moderately likely to extremely likely that they will experience successful cyber attacks in the next 12 months.

The ineffectiveness of their endpoint security solutions is the primary reason for this collective feeling of helplessness. Respondents cited several issues, including:

• 49% say their current endpoint security solutions deliver insufficient protection against newest attacks.
• 43% fault the high complexity of deployment and operation.
• 31% expressed frustration over high rates of false positives.
• 27% cite the negative impact of current technologies on user experience.

The next-gen endpoint security technologies these organizations are deploying are unable to detect and thwart the ever-growing number of new malicious threats because they all leverage the same “enumeration of badness” approach. They look for what has been identified as “bad” and try to block anything that falls under that broad umbrella. It worked 20 years ago, but not today.

All organizations, no matter their size or industry, need to combine Negative and Positive Security models. Positive Security defines what is allowed (aka “good” or “known”), and rejects everything else. Having both Positive and Negative Security solutions in your security stack provides the highest possible endpoint protection. That is what Nyotron’s PARANOID delivers.

We’ve seen countless examples of PARANOID customers simplify their endpoint security stacks by consolidating from 4-5 disparate endpoint security solutions to just one, such as Windows Defender AV. This enables them to dramatically improve endpoint performance and security. Additionally, organizations with mission-critical servers are able to break their reliance on decade-old application whitelisting products that were nightmares to manage and failed to protect against zero-days or fileless malware.

You can read the entire 2019 Endpoint Security Report here. If you experience the same sinking feeling that a majority of the survey respondents expressed over their endpoint security posture, take action.

Mark your calendars for Nov. 29th at 2 p.m. Eastern for our live webinar “How to Boost Endpoint Security in 2019”. Holger Schulze from Cybersecurity Insiders and I will examine the survey’s findings and explore what you can do in 2019 to better mitigate the risks to your endpoints and the invaluable information users create and store on them. Use this link to register to attend.

The post 2019 Endpoint Security Report: Risk and Worry Increases Among Infosec Pros appeared first on Cybersecurity Insiders.

November 27, 2018 at 07:47PM

Read More