FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Thursday, February 28, 2019

Microsoft unveils two new Cloud Security services for Enterprise Customers

Microsoft Corporation has released two new cloud security services yesterday for enterprise customers to help them defend against major cyber threats and manage their cyber line defense by referring to experts from the tech giant.

Microsoft Azure Sentinel is a cloud security tool available for customer preview from Thursday this week and happens to work as a Security Information and Event Management tool using the technology of Artificial Intelligence. This software tool allows users to sieve data to find threats and lets them lease out their computing power for other applications rather than trading more of the server power to crunch information.

Azure Sentinel is enriched with the ability to download a customer’s Office Cloud data and detect threats if any.

Furthermore, Microsoft also unveiled a second service for preview called Microsoft Threat Experts which allows the company hunt down cyber threats from the data stored on the cloud and if necessary provides help on demand through the “ As an expert” service tab.

News is out that pretty soon these two services will be a part of Microsoft’s Windows Defender ATP Security Product.

Currently, both the services are available for preview through Azure portal for free of cost. So, all existing customers of Azure cloud platform can test the platform by applying it to the ATP Console.

Additionally, the said cloud platform works with security software from CheckPoint Software, Cisco, Symantec, and Palo Alto Networks.

The post Microsoft unveils two new Cloud Security services for Enterprise Customers appeared first on Cybersecurity Insiders.


March 01, 2019 at 10:35AM

Cyber Attack news trending now on Google

1.) Last week the media buzzed with reports that the New Jersey Borough of Palisades Park witnessed a financial drain out when $460,000 went missing from the Borough’s official bank account as a result of a fraudulent wire transfer.

News is out this week that the Mariner’s Bank received $200,000 advancement for the insurance claim and more amounts will be sanctioned after a second inquiry. 

The $200,000 insurance cheque was given to the Borough Council on Tuesday night by Ezio Altamura, risk manager, Otterstedt Insurance.

Hence, here’s the proof that all cyber attacks do not leave victims traumatized and make them feel out of luck.

2.) In other news related to the cyber attack, Aurora City School officials have issued a notice on Thursday that most of the amount which was compromised due to a cybersecurity attack of Tuesday has been recovered with the help of the law enforcement authorities.

As the cyber attack was sophisticated and launched by mature hackers, the school district’s treasure’s department couldn’t prevent the financial drain which happened on Tuesday afternoon. However, their timely intervention later and the coordination between the law enforcement helped the school authorities recover most of the amount by Thursday evening.

Aurora School District has issued a public statement a few hours ago stating that no data was compromised in the attack and they will follow a proper protocol and standard to protect all personal and financial electronic data from now on.

3.) Coming to the third news which is related to Ransomware, Colchester Town of Connecticut is said to have become a victim to hackers who locked down the data access until a hefty ransom is paid.

Art Shilosky, the 1st selectman of Colchester said that town’s digital assets were impacted by ransomware and details on how many departments have been affected are yet to be known.

Last year, a dozen state agencies were hit by ransomware and that includes the City of West Haven which paid $2000 in cryptocurrency to free up their assets.

Note- The best way to defend the digital data assets is to have a data backup system in place- all as a part of a business continuity plan.

The post Cyber Attack news trending now on Google appeared first on Cybersecurity Insiders.


March 01, 2019 at 10:33AM

Securing Azure Virtual Network

Many enterprises are already reaping the exponential rewards delivered by using Infrastructure as a Service (IaaS), in the form of increased efficiency and decreased costs.

By combining its reach and scope with the power of virtualization services, such as Azure Virtual Network  and Virtual Machines (VMs), Azure is delivering a number of business benefits to companies of all sizes. Enterprises are now able to expand their network capabilities almost instantly, improving speed, agility, performance, security and disaster recovery at scale.

What is Azure Virtual Network?

Azure Virtual Network basically enables you to create an isolated replica of your network within the Azure cloud that is completely dedicated to your subscription.

A virtual network (VNet) is used as a communication channel between the resources you launch in the cloud. They are referred to as ‘virtual’ because they don’t rely on actual routers and switches to provide the medium for your servers to interact. The VNet itself is the medium which gives you private connectivity between your VMs, other networked devices, and some Azure services.

Synonymous to AWS VPC (Virtual Private Cloud), Azure Virtual Network can also deliver a range of other networking features, including the ability to customize DHCP blocks, DNS, routing, inter-VM connectivity, access control and Virtual Private Networks (VPNs).

Simply put: If two of your computers need to interact with each other, you would just need to give them the right permissions, which you can configure in your VNet settings. Once you’ve added the appropriate permissions, you just include the VMs within that virtual network and you’re all set.

Using VNets, you get total control over the IP address blocks, DNS settings, security policies and route tables within your VNet, and you can connect the VNet to your on-premise network.

IaaS Requires New Approach to Security

Because cloud computing is driven by a new infrastructure model, it also requires a new approach to security. In the Azure environment, Microsoft provides a secure foundation across physical, infrastructure, and operational security, but it is still your responsibility to protect the security of your application workloads, data, identities, on-premises resources, and all the cloud components that you control. This is referred as the “Shared Responsibility Model.”

What are the Risks of Misconfiguring Your Azure Virtual Network?

To protect the security of your Azure Virtual Network resources, it’s important that you fulfill your end of the Shared Responsibility Model by using and configuring the service correctly based on security best practices. If you don’t configure your Virtual Network based on security best practices, you will not be putting the right controls in place and risk giving unrestricted access to the following:

  • Inbound Access on All Ports
  • Outbound Access on All Ports
  • Telnet access
  • SSH access
  • SMTP access
  • RPC access
  • RDP access
  • PostgreSQL access
  • Oracle Database access
  • NetBIOS access
  • MySQL Database Access
  • CIFS Access
  • CIFS access
  • FTP Access

How Halo Can Help

Halo Cloud Secure can help you control network traffic and access to resources in your Azure Virtual Network by ensuring you are applying the correct setting and using network security groups to restrict access. A network security group contains a list of security rules that allow or deny inbound or outbound network traffic based on source or destination IP addresses, Application Security Groups, ports, and protocols.

Read our solution brief to learn more about how Halo Cloud Secure can help reduce your cloud attack surface with security best practices.

The post Securing Azure Virtual Network appeared first on Cybersecurity Insiders.


March 01, 2019 at 09:09AM

Smart Business Travel Needs Smart SSO: Tips for Beating (Digital) Jet Lag


I recently returned from a business trip only one time zone away from my city of residence. As an infrequent business traveler, I continue to marvel at my colleagues’ savvy at globetrotting yet staying awake and productive through meetings, conferences and sales presentations – and so I have compiled a few tips for you to beat, or at least mitigate the jet lag jolts.
But before I unveil my two cents /pence of worldwide wisdom, let’s shed some light on the other victim of business travel – your devices’ digital journey.

Don’t let your credentials fly away

What happens to your working patterns from the time you leave your office and until you return? Using Smart SSO (Smart Single Sign On), an effective access management system will apply the appropriate multifactor authentication or contextual authentication method to each login attempt. Smart SSO is a clever access management benefit for the in-house worker and remote business traveler alike, as it only requires you to provide an additional authentication method when the login is risky.

Identity as a Service for the digital device journey

Smart SSO will allow your companies to set scenario-based policies per business need, application sensitivity and employee function. Utilizing an identity as a service solution will help power an efficient cloud access management strategy for your enterprise.

1. On-premises
You’re in your office, working at company headquarters, and connected to your office’s network. If your organization is using an Access Management solution such as SafeNet Trusted Access, it can set up a policy for groups of users connecting on-premises. This will require a single sign on (SSO) that will allow you and similar employees seamless access to your in-house applications such as a time clock and internal drives, as well as access to Web or cloud-based applications like SharePoint, Office 365 or Salesforce.

2. En-route
If you commute by train or bus, your system may recognize that you are in the same time zone and country, but are working from a public Wi-Fi network. In this case, an access management solution can step up authentication and ask for another layer of security in order to connect to your network. This can be something you possess like a certificate-based smart card or USB token, which you insert in your corporate laptop.

3. At home
Now back at home, you are ready to pack for your trip but still need to get some work done before heading out to the airport. Your organization’s access management system recognizes your device. The system will still prompt you to use a second factor of authentication, such as a Push message on your mobile phone – but it knows that it does not report anomalies since the time, IP and internet connection seems to be the same as your regular work from home routine.

4. On your mobile phone
You’re stepping out to run a few errands before you fly out of Ottawa (Canada) and need to join a conference call in Dublin (Ireland). You don’t want to take your laptop with you and want to connect from your mobile phone. You can use a push notification to join the conversation through your corporate calendar application and email. Again, an effective access management system has asked for an extra factor of authentication. However, ensuring optimal convenience, Smart Single Sign On (SSO) won’t ask you to remember separate passwords for each application you need to access.

5. At the airport
Before you board the plane, go onto airplane mode and can’t use Wi-fi, you might want to connect again. Once more, your organization’s access management recognizes that you are not in the office. However, if someone tries to steal your laptop and login to your system from another internet connection, they’ll need your smart card and your password to pretend to be you – these additional factors minimize the risk of identity theft. An access management solution such as SafeNet Trusted Access will report on failed access attempts and raise awareness regarding attempted data breaches or unnecessary lockout for authorized users.

6. Off the plane
Finally, you have landed and on your way to your meeting with a business associate. You want to edit a presentation that one of your colleague’s has uploaded onto Confluence or another cloud-based app containing sensitive or confidential information. Your cloud access management service has defined that you need to authenticate using a password and token based authentication each time you login to certain sensitive applications. In this way, your enterprise can track which applications are being accessed, at what location and when.

7. Different country
There may be cases for your company to forbid logging in to the network if you are outside your country. In this screenshot, you can see a conditional access policy that forbids access to workers outside of the U.S. and Ireland.

Since I have already described how to overcome digital jet lag with access management, here are the tips for your body to handle long journeys and multiple time zones. After all, if your physical presence was not required in the first place, you could have stayed at home.

Before you leave

• Phone: Ensure that your phone plan is set to international service and avoid unnecessary roaming charges by purchasing a cost-effective program in advance
• Plugs and cables: Pack an international adapter so that you’re prepared for outlets in many countries. Remember your phone charger, power bank and extra power cords. Keep extra batteries on hand in case you need to work unplugged.
• Finances: Alert your bank and any credit card companies of your travel dates and locations
• Medication: Remember to pack all your essential medications and hard-to-replace items such as eyeglasses.
• Documents: Keep your international driver’s license and passports up to date in case you need to travel at short notice.
• Entertainment: download your favorite music, podcasts, TV shows or movies for the plane

On the plane
• Fluids: Drink lots of water throughout your journey, which will keep you hydrated and help combat jet lag once you land
• Sock it up: Wear compression socks or tights to increase circulation
• Comfort kit: Carry on a kit to help you feel more comfortable on the plane: warm socks, neck pillow, facial moisturizer (within the liquid limits allowed), water bottle, headset and eye mask
• Exercise: Stretch or do some yoga on long flights – or take a walk around the plane to move your muscles

After you land
• To stay awake: force yourself to adjust to local time by going for a walk or visiting a museum before your business meetings start.
• To fall asleep: Take melatonin or a sleeping aid to adjust to local time if you arrive late at night.

Global travel does not need to be difficult for your physical and digital access. With contextual based access management and smart SSO, your organization will not need melatonin and will help you adjust smoothly to different digital routines. Looking for a down to earth access management strategy? Read more about our access management solution, SafeNet Trusted Access or download the Gemalto Access Management Handbook.

Contributions in this article from: Ashley Adams

The post Smart Business Travel Needs Smart SSO: Tips for Beating (Digital) Jet Lag appeared first on Cybersecurity Insiders.


February 28, 2019 at 09:08PM

iPhone hacking tool Cellebrite being sold on eBay

By Waqas

Cellebrite UFED, an iPhone hacking tool made in Israel and widely used by the law enforcement authorities including the Federal Bureau of Investigation, Customs Enforcement and Immigration departments is surprisingly up for sale on eBay. This tool is mainly used for hacking or breaking open modern mobile phones such as iPhones and Androids for the […]

This is a post from HackRead.com Read the original post: iPhone hacking tool Cellebrite being sold on eBay


February 28, 2019 at 09:00PM

North Korea’s dangerous weapon is Cyber Attacks and not Nukes

As US President Donald Trump met North Korean leader Kim Jong UN in Hanoi, Vietnam this week, the world expected a peace between the two leaders. Though all seems to be well as of now, they are high-level chances that things might turn bitter after a few days of the meeting. Remember, this was the second time for the leaders to meet on a personal note after the Singapore summit which took place in June last year.

While keeping aside the political developments, National security and Cybersecurity experts around the world say that the biggest threat from North Korea after the meet( if in case things turn negative) will be cyber attacks and not the nukes.

American Cybersecurity firm CrowdStrike which releases a global cyber threat report each year has specifically mentioned in its latest that North Korea has turned into a growing cyber threat to the entire world.

“Be it Ransomware or DDoS attacks, the nation’s cyber army is well capable to launch devastating attacks on the west”, says the report.
Furthermore, security experts from CrowdStrike say that Ransomware attacks are now acting as fundraisers for the vision of Kim for his future regime.

According to CrowdStrike, North Korea has so far involved in state-sponsored tactics, techniques, and procedures to promote alarming trends. And if at all tensions rise between the two nations, Kim Jong will definitely capitalize on cyber warfare than the usual nukes to down the nation led by Trump.

In the 2019 report released in Feb this year, Crowdstrike mentions that there has been a 25% increase in targeted intrusion activity. And mind you, the said security company is not the only one to conclude the same.

The Asian Institute for Policy Studies came to a similar conclusion in its recent security report titled “The Evolution of North Korean Cyber Threats”. The research clearly mentions in the report that over 7K hackers being funded by North Korean intelligence are being involved in various activities which include theft, denial of service attacks, espionage, and sabotage. And most of the attacks were for financial gains and only a few were conducted for political benefits.

Moreover, the attacks are being carried out with so much sophistication that it has become extremely difficult for companies or governments entities to realize when they are being attacked and difficult to trace those responsible for the infiltration.

Crowdstrike research says that healthcare firms and federal agencies are the top two targets of cyber criminals and US Government entities are woefully unprepared for cyber attacks.

So, the government entities all over the world, especially those in the United States should take adequate measures or else be ready to face serious consequences on financial and on national security note.

The post North Korea’s dangerous weapon is Cyber Attacks and not Nukes appeared first on Cybersecurity Insiders.


February 28, 2019 at 09:01PM

Wednesday, February 27, 2019

Plug in devices make laptops and desktops vulnerable to cyber attacks

A study conducted by researchers from the University of Cambridge in the UK and Rice University in the US has confirmed that most desktops and laptops fall prey to hackers due to plug-in devices used commonly like chargers and docking stations.

The security researchers have found that the vulnerabilities were detected mostly in computers running on Thunderbolt ports irrespective of the software OS they were operating on i.e. Windows, MacOS, Linux and FreeBSD.

Thunderclap, an open source platform acted as a source for the researchers to conduct the study in which they discovered that potential attacks on computing devices can help take complete control of the targeted computer.

Moreover, plug-in-devices like graphic and network cards can also act as access points for hackers to target a host machine as these peripherals have direct access to the DMA-Direct Memory Access.

So, those using chargers and projectors should be very careful while connecting commonly used devices as infected machines can help cyber crooks take control of a targeted machine to extract sensitive data.

Some security researchers argue that all modern day computing gadgets come with a feature called I/O Memory Management Units (IOMMUs) which help restrict access to DMA attackers by allowing access only to non-sensitive regions of memory.

However, the researchers from the University of Cambridge have discovered that hackers have become very much sophisticated these days to compromise any protection on the devices.

Although technology companies have addressed the issue by releasing security updates from time to time since 2016, the recent research shows that the main problem remains elusive due to the developments such as a rise in hardware interconnects like Thunderbolt 3 that combines power usage, data I/O and device management from the same port.

So, hackers can easily use malicious devices such as charging docs and projectors to take control of the connected machines…..isn’t it?

Then how to secure a device from such malevolent manifestations…?

1.    It’s simple, just install security updates provided by Apple, Microsoft, and others from time to time.

2.    And never connect the device to networks and devices whose origin is not trustworthy.

The post Plug in devices make laptops and desktops vulnerable to cyber attacks appeared first on Cybersecurity Insiders.


February 28, 2019 at 10:39AM

SonicWall aims to protect wireless networks, cloud apps and endpoints from elusive cyber threats

California based Network Security provider SonicWall has announced a new platform which protects SMBs and large scale enterprises from cyber attacks aimed at wireless networks, cloud applications, and endpoint nodes. The company is offering the platform in addition to the new line of firewalls designed to consolidate security, networking, and performance.

Furthermore, in order to ease the operation of wireless networks across the globe, SonicWall has also launched a new cloud-managed Wi-Fi access points and wireless planning tools last week.

“As hackers take the opportunity to explore and exploit gaps left in the security architecture, SonicWall is in a mission to empower firms to improve their cybersecurity posture by raising their defense line skills against growing vulnerabilities. This is made possible by offering a new platform to firms which have the ability to evolve, expand and integrate with proven security solutions and has the aptitude to streamline processes, enhance visibility as well as implement costs in an efficient way”, said Bill Conner, President SonicWall.

As the technology landscape has evolved, companies also need to adapt to the shift. Hence, firms need to take the help of security tools which are agile and scalable and can provide comprehensive visibility and quality of service in dynamic cloud environments.

After SonicWall was purchased by Dell in 2012, its products got overlooked in the market due to Dell’s miss guiding business principles. But after breaking up ties with Dell in 2016, the company has since then trying hard to make its place in the cyber security field.

From over a year and so the company has succeeded in doing so and is now not only for a solutions provider for SMBs but is also ranked among the top 5 for enterprise security as well.

The company’s motto is simple- security should be simple and cost-effective and hope this dictum brings more success to SonicWall in years ahead.

The post SonicWall aims to protect wireless networks, cloud apps and endpoints from elusive cyber threats appeared first on Cybersecurity Insiders.


February 28, 2019 at 10:36AM

Cellular networks flaws expose 4G & 5G devices to IMSI capturing attacks

By Waqas

A team of researchers has disclosed their findings at the NDSS (Network and Distributed System Security) symposium 2019 held in San Diego, revealing that cellular networks have certain vulnerabilities that can potentially affect not only 4G but 5G LTE protocols to IMSI capturing attacks. The findings of their research have been published in a paper titled […]

This is a post from HackRead.com Read the original post: Cellular networks flaws expose 4G & 5G devices to IMSI capturing attacks


February 27, 2019 at 09:50PM

Are you ready for MWC Barcelona 2019?

It’s almost upon us

MWC Barcelona 2019 – one of the biggest and most exciting mobile events of the year – is fast approaching.  And if you’re one of the 100,000 plus visitors expected to descend on the city, you’re probably very busy with last-minute prep ahead of the show. At Gemalto, we’re making our final preparations, and the team, who’ll be there in full force, can’t wait for a fun, productive and action-packed four days in the vibrant city.

Visit us at our booth

Reliable connectivity and digital security will be important themes at MWC this year and have always been integral to our vision – a vital part of our DNA – for more than two decades. We work with customers around the world to deliver seamless connectivity across all cellular networks, and strong digital identities for both people and connected objects.

As ever, we’ll be very happy to discuss this vision of the connected world with you, so if you’re heading to the show, make sure you stop by to see us at our MWC Barcelona 2019 booth, in Hall 2 stand 2J41.

Demos

 At our booth, you’ll get to experience all three of our live demos which will be ongoing throughout the event:

  • eSIM Revolution: Learn about the latest eSIM solutions and chat to our experts about Turning Things On, Gemalto’s view on how the eSIM is paving the way for connecting the vast array of smart devices out there
  • Trusted Digital Identity: Making the leap into a digital future: Trusted Digital Identityservices are paramount for each step of the customer journey. Discover how we are enabling secure and seamless in-store digital enrolment and biometric authentication
  • The Future of IoT: Visit the booth to experience immersive AR demos that show how we are enabling the future of IoT for a variety of industries including automotive, smart metering, commercial drones and more!

Let’s chat!

You can swing by anytime for a chat with one of our experts who’ll be on hand to talk about topics at the heart of everything we do. Or you can request a meeting ahead of the show.

Further to the demo topics, here’s a taster of other key themes we’ll be delving into and bringing to life at the conference, so you can get thinking about what you’d like to explore:

  • Future-Proof Cellular Connectivity: Getting customers connected today and prepared for the coming 5G revolution
  • End-to-End Security: Ensuring trusted data exchange from edge devices up to the cloud
  • Advanced Analytics: Delivering real time business insight based on a powerful AI engine

We’d love to hear about the topics you’re most looking forward to learning more about at the show in the comments section below. Or you can tweet us at @GemaltoMobile or @GemaltoIoT.

The post Are you ready for MWC Barcelona 2019? appeared first on Cybersecurity Insiders.


February 27, 2019 at 09:09PM

Trusted Digital Identities – the interview

With Mobile World Congress now underway for another year, we thought we’d take a dive into how companies and governments are approaching digital identity.

In this blog, I’m joined by my colleague Didier Benkoel-Adechy as we chat through some of the most pressing questions on the topic.

How has the digital economy changed the way we think about identity? Has there been an impact on the way companies interact with consumers?

Juana Catalina Rodriguez (JCR):  The Internet and the widespread connectivity has enabled the explosion of new collaboration models. This has resulted in a series of exciting technological breakthroughs from Uber testing autonomous cars to Facebook developing cryptocurrency for its users to make payments through WhatsApp. Even Amazon is getting in on the act by planning to launch 3,000 “Amazon-Go” cashier-less stores by 2021.

Didier Benkoel-Adechy (DB): It’s interesting isn’t it how these innovations have revolutionized the way companies in all sectors interact with consumers. It’s been said before but we’re now much more comfortable interacting with these networks of strangers.

JCR: That’s right, and those interactions are built on trust. In this new era, the first thing we want to know is whether that person or service is “real”. We’re now questioning how sure we can be that others are who they claim to be.

Where I have concerns is that this shift from in-person transactions to digital connections is creating a new dynamic environment which could inspire insecurity and fear.

Traditional identification methods don’t work, as a result, we are changing the way we think about identity.

DB: And that’s where Gemalto’s Trusted Digital Identities approach comes in. It can be a decisive factor for success for companies who need to offer their customers trust. And we mustn’t forget that increased safety and transparency are the most fundamental elements needed to make the most from this new digital era.

JCR: Every day we are working with services providers and governments to design new customers experiences. It is vitally important that we meet the end-user need for consistent, seamless and personalized engagement across a range of digital and physical channels. It has become clear that digital identities are the strategic foundation of digital business transformation.

Is there a difference in how digital identity is used in emerging markets vs developed markets?

JCR: You’d be surprised at how much identity underpins the digital revolution and, by extension, world economies.

We see different levels of maturity per country, market and sector. Neo/challenger/digital-only banks are using online document verification and biometrics to enable remote mobile enrolment.

DB: And then there are countries like India where digital identities supported by biometric technology is providing access to communities previously cut-off from financial services.

Digital identity provides a significant opportunity for value creation for individuals and institutions. For emerging economies, a lot of value creation can be generated by combining digital ID with authentication. This has the power to transform the lives of people who lack an official proof of identity. And the World Bank estimates that’s as much as one billion people.

JCR: I’ve been struck by transformative affect digital identities has had in these countries. It goes way beyond reducing the cost of current operations. Improving ID coverage give people more access to education, boosts the labor market and makes healthcare more accountable. But it also goes beyond purely economic factors in boosting how citizens feel included in society, have their rights protected and raises transparency (which inevitably tackles corruption).

DB: Looking at developed markets as UK, France, Denmark, Netherlands, Belgium, many processes are already digital. The potential for improvement here relies on digital ID programs that enable seamless experiences across multiple channels to access more services and further reduce customer friction.

What key elements does a digital identity need to have?

JCR: A digital identity is the technological link between a real entity such as a person and its digital equivalent entities. It is also defined as the sum of all digitally available information about an individual. It includes a collection of verified identity attributes such as biographic and biometric data, known passwords, digital codes and also owned devices. These can all come together in various contexts to verify and authenticate a person.

Can you discuss security and privacy for a moment? What are some of the risks associated with digital identities and how can companies mitigate those risks to ensure consumer trust?

DB: Absolutely, both must be at the center of any digital identity system. We subscribe to an idea of security by design and are very focused on privacy. There is a lot out there lately suggesting that people want greater ownership of their data and to know the services they use are secure.

JCR: As we all know, there has been a significant rise in complaints of social media user data misuse. Facebook, in particular, made headlines last year with numerous high-profile data breaches including the Cambridge Analytical scandal. When it comes to

consumer privacy, I consider there to be three fundamental elements to take into account:

  • Consumers need to know what information of theirs is stored, how it is protected and the ways it is used.
  • Consumers must have control of their data, explicitly give their consent for its use and be able to easily manage their privacy options.
  • Digital identities must be driven by human-centric design to reduce friction and fulfil their potential.

DB: That’s true. Designing services with these factors in mind will increase trust, improve adoption and heighten transparency. And it will also calm end-user nerves about their privacy being eroded by using new services.

JCR: To some extent, the combination of technologies and digital identities could be seen as a double-edged sword. All ecosystems are concerned about how data can be misused for monetization and how easy it is for identities to be stolen, replicated, curated and morphed for fraud. But it is the addition of Trusted to the Digital Identity concept that proves essential for ensuring security and privacy.

We are working “for the good” of the industry and technologies like biometrics, big data and AI will lead to vast opportunities for new innovative services that will delight end users.

If you would like more information about how Gemalto seamlessly capture and verify user identities, and how we digitalize them securely, you can click here or, alternatively, you can tweet us @Gemalto

The post Trusted Digital Identities – the interview appeared first on Cybersecurity Insiders.


February 27, 2019 at 09:09PM

Power systems in data centers are vulnerable to Cyber Attacks

Power systems which happen to be the most critical infrastructure of a data center are sadly the most overlooked architecture by Cybersecurity teams. The reason, most of the IT heads think that protecting the powers systems through backups and restricting physical access to them is enough to protect them from failures and blackouts.

However, they fail to make a note that the Cybersecurity controls on their power systems are vulnerable to cyber attacks which can make or break a data center business.

But security experts say that most of the power equipment in the data centers running across the world can be remotely controlled and configured.

“So, a malicious cyber actor or a military agency of a nation can easily take control of the device and interrupt the power to a data center or a specific server on a network- eventually leading to a business disruption”, said Bob Pruett, Security Field Solutions executive, SHI International. Bob added that some of these data center systems which are prone to cyber attacks fall into the category of the Internet of Things(IoT).

And a recent survey made by Darktrace- a San Francisco based Cybersecurity vendor says that attacks against IoT devices have increased by 100% in 2018.

Another survey made by SANS Institute says that only 40% of companies go for the security patches to their systems every year to protect their IoT devices and rest all either neglect or are still ignorant of troubles of being outdated.

Remember, the high-profile attacks have been against power grids maintained nationally, like the 2015 and 2016 attacks against the Ukraine Power Plant.

In the past, there are instances of IoT devices being hijacked to power botnets, which later are used for malevolent purposes.

Technically speaking, most of the attacks can be controlled by Cybersecurity teams. But with industrial control systems that are not possible in practice. And as these systems serve as entry points into a network of a data center, extra care is needed to protect them.

Here, if proper care is taken while purchasing new devices, then the security issue can be managed with due diligence. However, with old systems, the only thing we can do is to keep the systems well patched and that too on time.

In most cases, the budget also plays a vital role in securing the data center equipment from cyber attacks. Therefore, in most cases, the staff of the server farms is left with no option, other than to manage the resources they have.

It’s a tough call from here….isn’t it?

The post Power systems in data centers are vulnerable to Cyber Attacks appeared first on Cybersecurity Insiders.


February 27, 2019 at 09:00PM

Tuesday, February 26, 2019

More evidence on Russian Cyber Attack on US 2018 Midterm Elections

US Military announced yesterday that it shut down an Internet Research Agency (IRA) located in Russian port city of St. Petersburg on November 6th last year- just before the 2018 Midterm elections. IRA is believed to be working secretly for Russian Intelligence and was established to spread disinformation such as fake news in the United States before the elections in order to influence the American populace.

Evgeny Prigozhin is the boss of IRA, who is actually into the business of catering and whose clients include some of the top Russian intelligence officials from Kremlin. Moreover, the news is out that Evgeny served as a cook to Russian President Vladimir Putin for years, before stepping into the catering business in 2013.

According to the Washington Post, the US Cyber Command targeted the IRA servers on November 5th, 2018 and managed to intercept the network within a couple of hours. Then they shut down access of the Kremlin based outfit with the outside world, thus preventing the spread of fake news before the midterm elections.

Pentagon’s Cyberwarfare unit is silent on the issue and isn’t ready to comment on the topic as of now due to its sensitivity.

IRA happens to be the same agency which was involved in spreading misinformation during the 2016 US elections and influencing the voters to tamper the ambition of Hillary Clinton from the presidential race; eventually making Donald Trump the 45th US President.

The post More evidence on Russian Cyber Attack on US 2018 Midterm Elections appeared first on Cybersecurity Insiders.


February 27, 2019 at 10:35AM

Pennsylvania ranks second worst in cyber attacks as per FBI data study

According to a study carried out on the data sourced from FBI, Pennsylvania ranks second worst when it comes to handling cyber attacks. The study made by INA (Information Network Associates)- an international security consulting company says an increase of 25% was witnessed in cyber attacks between 2016 and 2017 and so the US state which is officially known as the Commonwealth of Pennsylvania has to do some work in getting rid of the tag ASAP.

Note- INA happens to be an investigative agency which serves government entities, private companies, and individuals across the globe.

Coincidentally, the study made by Security.org also states the same and adds that a trend of business email compromise was witnessed in 2017-2018 were more than 6 out of 10 Americans became the victims of a major data breach.

The study discovered that there were about 195 cyber attack victims for every 100,000 people in the state of Pennsylvania, giving the commonwealth a grade of D when it comes to cybersecurity defense for elections.

Hawaii was the state which topped the list followed by Nevada at 3 and Florida at 4.

So, businesses operating in Pennsylvania are advised to have a business continuity planning to ensure the execution of essential functions through all circumstances in the event of a technological disaster such as a cyber attack.

Also, individual users are requested to follow basic cybersecurity hygiene principles such as keeping their computer security tools up to date with the latest updates and getting their systems inspected by qualified computer technicians.

Furthermore, the employees and business owners are hereby informed to keep themselves updated with the latest trends taking place in the cyber landscape to abort any threat of cyber attacks on their digital assets.

The post Pennsylvania ranks second worst in cyber attacks as per FBI data study appeared first on Cybersecurity Insiders.


February 27, 2019 at 10:32AM

6 Security Tips When Trading Online

Image Source: Pixabay

Online trading is on the rise as many consumers take control of their own investments or work with brokers virtually rather than in person or over the phone. At the same time, cybersecurity attacks are on the rise as hackers also try to take advantage of gaps in the system, stealing identities and even money.

How do you keep yourself safe when trading online? Here are six simple tips:

Check the Doors and Windows

Before trading online, know that the most important thing is awareness. Be aware of what risks you run by trading online and what might happen. In your home, you check doors and windows before going to bed because you know they are potential entry points; you need to understand the same thing about online trading.

How do you recognize a threat and combat it or prevent it in the first place? One of the keys is good security software and setting up automatic alerts. Of course, once you receive an alert, you need to know what actions to take, and software can help with that as well. Secure your online trading accounts and all of the data associated with them by securing any potential entry points. As well, it’s never a bad idea to regularly back-up your data either through physical offsite or cloud-based storage. Should the integrity of your systems be compromised due to a breach, you’ll still have access to your data.

None Shall Pass

For a moment, let’s talk passwords, one of the entry points mentioned above. Truth is, as much as we talk about passwords, the list of the top awful ones every year is astounding, including things like your birthday, 123456, and even the word “password” used as a password.

There is no reason for this in an age of password vaults and generators that not only help you set your password, but remembers them for you as well and can even remind you to change them. Consider using such a password management system, and guard your passwords carefully. All of the fancy firewalls and protection in the world do no good if your password is easy to guess.

Think Twice

Do you know what two-factor authentication is and how to use it? Most apps, even those for social media, offer this now, and bank and trading apps are no exception. When you log in from a new device, you will need not only your password, but you will need to have access to a device you own.

This can be everything from your tablet, your phone, your smartwatch, or at the minimum access to your primary email. A code will be sent to that device or email that you must enter in order to access your account. This is a great second layer of security — one that is free.

That way, even with your password, a hacker cannot breach your account. 

Don’t Let Them In

What happened in the quite public cyberattacks on Home Depot and Target? Both retailers had the same problem, in that they had granted access to their systems to vendors and did not shut off that access when the vendor was done working.

This is a common insider threat. The key is that you do not give access to your trading account to any app or person who does not need it. If you do give someone, like your accountant, access at tax time, or even programs like TurboTax or H&R Block, change the password and remove their access once they no longer need it.

Just as you control your own password, you need to control the password and access of others who can control your account. Also, in many cases, you can set up roles and determine what exactly that person can do with your trading accounts. Understand this, and limit actions to ones they actually need.

What’s in Your Wallet?

More common than ever before, trading in cryptocurrency is on the rise. However, there is an issue that is often not addressed. While the blockchain is very secure and easily encrypted, often the weak point for traders is their virtual wallet. Much like cash, when cryptocurrency is stolen, it is hard to track down and get returned.

What do you do? First, make sure that you are using a well-known and reliable wallet. There have been scams where hackers offer wallets with supposed benefits only to empty depositors’ wallets and disappear.

When trading, use an established exchange too. Be sure it is secure and has a good reputation. As cryptocurrency becomes more mainstream, large firms and exchanges are offering trading platforms. Take advantage of this trend to keep your coins safe.

Keep Currency

Do you trade in other currency? Forex trading is another place where security is vital, and much of this depends on the broker you choose. The truth is, no one forex broker is right for everyone. You need to carefully evaluate them based on your needs and the security they provide.

Things like speed, comfort with the forex platform, spreads, and commissions are also important to understand. Forex trades are much like cryptocurrency trades: Security is paramount, and the right hacker given the right opportunity can drain your accounts and really ruin your day.

Trading online is becoming more popular, but as it does, hackers are becoming more determined. Take steps to secure your trading accounts and follow up with new security updates to keep your money safe online.

      

The post 6 Security Tips When Trading Online appeared first on Cybersecurity Insiders.


February 27, 2019 at 09:08AM

Build Smarter, More Secure Applications with Pulse vADC Community Edition

Communities define us

We are defined by the company we keep – but what do we mean by the word “community?” The word “community” used to refer to the simple idea of a group of people living in the same place. And the idea of “Communication” is about the way we share information around our community. But in today’s virtual world, we live in multiple online places: at work, with friends, sports, shopping, and more. Technology means that we can inhabit all these communities simultaneously, and it is easy to create new watering holes for communities to interact.

But what makes a community grow? Why do communities gather around one watering hole rather than another? Think of the number of messaging apps out there – I just counted EIGHT messaging applications on my phone. And that doesn’t include LinkedIn, Outlook, Strava, Garmin, Facebook and all the other applications that compete for my attention.

Growing your Community

For one of those applications, the size of the community is key – the larger the community, the more valuable the application. To attract and grow, a community needs to be easy to access, low friction, a smooth user interface – but it’s a moving target, and applications are in constant competition for the attention of me and my circle of friends.

All those applications need to innovate to stay ahead, so they need to release new updates to attract my attention, and to make themselves even easier to use and even more pervasive. However, rapid application development brings a new challenge, to build security into the core of those applications, to protect all the customer data they are harvesting from their growing community. Nothing kills the trust of a community faster than losing all their data.

Application Innovation

In order to drive that innovation, organizations are changing they way they build applications – moving towards open access tools, agile development methods, and rapid release cycles. And they are changing the way they deploy and manage those applications in production, adopting DevOps-style workflows, blurring the lines between development, test and production, and designing new container-based architectures to make it easier to build and run dynamic applications.

The problem is that traditional application tools, especially legacy application delivery controllers (ADC) do not fit well with rapid application development: they are difficult to integrate with automated orchestration and provisioning, which are needed to support rapid development. They tend to be expensive, unwieldy appliances, or they are software tools with limited capabilities which can difficult to secure and scale in production.

Introducing the Community Edition

So that’s why we have released our new Pulse vADC Community Edition to help our customers build smarter, more innovative applications – applications that are secure from day #1. Our Community Edition is a full-featured ADC, based on Pulse Virtual Traffic Manager, with all the tools you need to build and launch secure applications, including the latest TLS 1.3 support, clustering, global load balancing, and even our virtual Web Application Firewall.

The Community Edition is a free-to-download, free-to-use virtual ADC, which can scale up and out whenever you are ready to go global. You can build, test and launch your application into production without a license key, and you can upgrade seamlessly to 24×7 support when you are ready. And with support for container-based architectures, such as Docker and Kubernetes, and open source tools such as Terraform, you can integrate into your development toolchain for integrated release cycles.

Download our new Pulse vADC Community Edition, and start building your communities today!

For more information, see:

 

The post Build Smarter, More Secure Applications with Pulse vADC Community Edition appeared first on Cybersecurity Insiders.


February 27, 2019 at 01:56AM

Zero Trust Secure Access in 2019

Today’s enterprises are increasingly under attack by threat actors bent on breaching network perimeters. Notable breaches are now almost a weekly occurrence, with Marriott’s 500M records being just the largest and latest. Estimates suggest that over 5 billion records were collectively stolen in data breaches in the first half of 2018 alone.

In the Marriott case, an unauthorized user gained access to Starwood Resort’s database in 2014, but it was only uncovered four years later. (Starwood, in fact, had their cash register systems penetrated in a separate incident in 2015.)  According to the NY Times, the stolen records have not yet shown up for sale on the “dark web” which suggests that this breach is a China government-sanctioned attack.

So, administrators are understandably worried about sensitive corporate data, like customer contact information or financial data, and how best to ensure they’re not the next victims.  But, it’s also part and parcel of businesses to enable connectivity and encourage productivity for their mobile workforces.  Because of these two forces, there has been increasing interest in Zero Trust secure access due to the proliferation of users, the number of devices, and the applications being accessed.

Zero Trust requires users and their devices to go through an authentication and authorization process prior to (and during) a connection to an application. While usernames and passwords alone were sufficient a few years ago, given the risks associated with breaches it is good security hygiene to:

  • Authenticate and authorize every user by requiring single sign-on and multi-factor authentication
  • Verify and validate every device that connects by checking it for the presence of malware and anti-virus software, OS version, and other metrics
  • Deploy policies centrally to enable local and mobile workforce access to appropriate resources only
  • Protect data transactions through always-on, on-demand, and per-app VPN, reducing data loss and leakage

When verifying users and devices, enforcing multi-factor authentication and single sign-on ensures that users are vetted while streamlining the login experience. Assessing the device before and during the connection prevents rooted or jailbroken devices from connecting, reducing the chance that malware can infect your network.

Pulse Secure’s natural-language and context-based policy definitions can also quarantine, grant, or deny access to devices that may not be in an ideal state. Those same policies can be distributed centrally from Pulse One, our comprehensive management application.

And, if you’re using Pulse Secure’s Workspace feature, it’s possible to provision, configure, and wipe corporate data from mobile devices if needed. Indeed, ESG estimates that 56% of organizations have adopted a digital workspace strategy, or plan to do so in the next six months.

Pulse Secure’s advanced VPN features offer further ways to secure transactions through always-on and on-demand connections.  Always-on requires the use of secured sessions when accessing any application. On-demand, however, only leverages a secure tunnel if the application itself requires it.

Zero Trust allows you to:

  • Mitigate endpoint exposures and ransomware risks with “comply-to-connect” and always-on VPN
  • Enforce NAC-based micro-segmentation for different groups of users
  • Provide visibility and control with network profiling, RADIUS, and network access control
  • Switch VPN access and policies across hybrid IT environments for flexible, elastic productivity

Pulse Secure has been providing Zero Trust solutions since our inception. We are the leading Secure Access vendor offering a unified client across operating systems for streamlined, consistent user access, extensive authentication and device compliance, and centralized, unified policy enforcement and management.  All of it built for hybrid IT: mobile, data center, and cloud.

 

Additional Resources:

https://www.nytimes.com/2018/11/30/business/marriott-data-breach.html

https://www.esg-global.com/data-point-of-the-week-12-17-18

The post Zero Trust Secure Access in 2019 appeared first on Cybersecurity Insiders.


February 27, 2019 at 01:52AM

Gear Up Your Secure Access Strategy for 2019

Before the advent of Cloud and BYOD, enterprise network access was predominantly restricted to few limited corporate owned devices where network admins had full control and visibility into endpoints. The phenomenon of digital IT has led enterprises to embrace initiatives like Cloud and BYOD, allowing users to use personal devices for corporate network access anytime and from anywhere. This also opened the floodgates for more security loopholes, increasing the number of breaches and targeting access security. The amount of money spent on recovering from a breach is far higher than what is spent on planning and implementing security infrastructures.

Securing Access is the Key

How do we solve this problem? Having networking devices with strong security methodologies only solves half of the problem. If you allow access to corporate data from compromised devices, then your secure corporate data will get in the hands of an intruder. On the other hand, if you restrict access to just a few corporate owned devices, then employee and business productivity take the hit. The security posture of your network is not only determined by the devices within your network but also relies on the state of the devices/endpoints accessing your network. It is of paramount importance to protect access to enterprise networks and immediately quarantine any unwarranted access.

So, what is an ideal Secure Access solution. How does Pulse Secure help solve the access problem?

Pulse Secure understands that there is no tradeoff in security. As quoted by the CEO of Pulse Secure, Sudhakar Ramakrishna, Security is all about Access not just control. Built on these principles, Pulse Secure presumes Access as the core facet of Security and thrives in delivering Secure Access solutions for Hybrid IT. Being an industry leader in remote and network access solutions, helping more than 25,000+ customers in their cloud and Hybrid IT journey, Pulse Secure resonates and understands access security requirements of this ever-changing digital IT landscape.

Remote Access

Having an experience of more than a decade in solving all types of remote access problems for all types of industries, Pulse Connect Secure has everything to offer to enable secure remote access for simple networks to enterprise networks spanning across multiple geographical locations, cloud data centers and Hybrid IT.

Enterprise Network Access Control

Pulse Secure supports enterprise network access control methodologies and integrates with enterprise network products like switches and firewalls from multiple vendors to support dynamic policy enforcement. Loaded with all the capabilities to support various enterprise access mechanisms like L2 Access, L3 Access, Guest Access, Unmanaged device access and provides consistent access behavior. Simplified provisioning and on-boarding capabilities for managed endpoints, auto-provisioning of IoT devices in addition to auto-discovery and profiling of all the devices in the network, helps your network scale and securely adopt latest technologies. Check out our integration with Palo Alto Networks Firewall.

Compliant Access

Compliance holds the key to Secure Access. Real time assessment of device postures, assessing vulnerabilities and enforcing immediate remediation actions for any breaches helps maintain a good security posture of your network as well as devices that connect to the network.

Single Sign-On

Pulse Secure supports various protocols to achieve Single Sign-On access to enterprise resources spread across multiple data centers, multi-cloud and Hybrid IT environments. Support of SSO protocols like SAML, Kerberos, Kerberos Constrained Delegation, NTLM, Form post SSO provides SSO to resources located anywhere. In addition to this, VPN and NAC session re-use helps users seamlessly roam without the need to reconnect again.

Seamless Access

Support of features like Per-App, OnDemand VPN and location awareness allows automatic connection establishment with application access and completely conceals technical intricacies to end-users. Pulse Secure provides seamless access and simplifies it to an extent that users get access with one-touch.

Granular/Conditional Access

Pulse Secure’s robust policy framework allows defining granular as well as conditional access policies with differentiated access privileges. Role Based access policies with conditional checks during initial network access in addition to allowing flexible as well as dynamic policies updates with posture changes makes your deployment completely adaptive and secure. Instant remediation actions for any non-compliant access secures your network completely from access breaches.

Federated Access

A strong ecosystem integration and support of standard protocols allow easy integration with third-party products. Be it cross-domain federated access through SAML for Cloud Services, support of IF-MAP federation for on-premise resources spread across multiple data centers, or integration with third-party IdPs, Pulse Secure is the best fit in securing a heterogeneous network with devices from multiple vendors.

Flexible deployment options, simple end-user experience coupled with strong access security principles makes Pulse Secure a win-win for CISOs, Network admins and let’s not forget…end-users.

Check out our latest blogs:

Zero Trust Secure Access in 2019

Pulse Secure Access for Industrial Internet of Things (IIoT)

Securing a Day in the Life of a Digital Age Employee

 

The post Gear Up Your Secure Access Strategy for 2019 appeared first on Cybersecurity Insiders.


February 27, 2019 at 01:46AM

6 Pieces of Tech Every Office Needs

By ghostadmin

Before you start buying any technology or furniture for your office, you must put in some planning and research time. There are so many options to consider and each one will have a direct impact on the functionality of your workspace and, as result, how productive you and your team are on a day to […]

This is a post from HackRead.com Read the original post: 6 Pieces of Tech Every Office Needs


February 26, 2019 at 09:42PM

Cyber Criminals are interested in knowing these secrets of your Business

Effective cybersecurity planning starts by having a good understanding of your enemy’s( hackers) intentions and Cybersecurity Insiders brings to you the 6 specific areas of data that are considered as gold mines for cyber crooks. The trick is that if you know what the gold is, you will come up with a better plan to protect it.

Banking credentials- Let’s think from a hacker’s perspective- No cybercrook in this materialistic world will hesitate to figure out a company’s banking credentials in order to swindle money from the bank accounts. By impersonating an authorized user of the account, money from a payroll account or a current account can be easily drained. What if the said incident takes place before the night of the usual payroll processing?

Critical Info about customers, vendors, and staff- Usually cyber thieves will be super-interested in stealing sensitive info like credit card numbers, social security numbers, and other data. At the same time, they will try to infiltrate into a corporate network to siphon info about customers, vendors, and staff as it can be sold from $10 to $300 per record in the dark world depending on the data value.

Trade secrets- Usually, such type of data steal happens in the corporate world of technology where companies, hacking groups funded by state actors, governments or enemies will be interested in accessing such info to stay ahead in the competition or with some malevolent motives. Secret formulas, software codes, design specs, and well-defined processes can prove as valuable info to hackers. So, are all your business ideas well guarded against such thefts?

Email data- Getting access to an individual’s email account– especially who holds a top position in a federal agency can prove valuable to cybercriminals as such data can fetch them $1200 to $30,000 depending on the person whose account credentials have been stolen. Furthermore, hackers are ready to pay $8 each for credentials of an iTunes account, $6 for accounts related to FedEx, Continental.com and United.com and $ for Groupon.com account. Also if the hacker can get access to the login credentials of active Facebook and Twitter accounts, then they can get paid between $3 to $4 each.

Hitting the business partners- Suppose a smaller company does business with a larger company and so has access to some kind of passwords and accounts due to the work relationship. Then cybercriminals will be interested in breaking into the network of the small company and then will try to find their way into the network of the bigger company. All such activity is done by infecting the small company website with malware and then attacking the larger company network with the available credentials-known as a watering hole attack.

Reputation damage- We have seen and heard a lot of examples about the reputational damage done to SMBs when they are hit by a cyber attack. But do you know that a big company like Yahoo had to give a $380 million discount to its buyer i.e Verizon when the telecom company wanted to acquire it…? Such is the reputation damage incurred from a cyber attack.

The post Cyber Criminals are interested in knowing these secrets of your Business appeared first on Cybersecurity Insiders.


February 26, 2019 at 09:08PM

5 fun things to do at MWC19

MWC Barcelona this year is already promising to be the best in recent memory. To ensure you make the most of your time at the show, here are five things not to miss!

  1. Foldable smartphones

Be one of the first to put the new foldable smartphones to the test! As we have already seen with the launch of the new Samsung Galaxy Fold, foldable phones are latest hot trend in smartphone technology, offering something much more innovative than recent new releases. The potential of these devices to attract consumers has led to many other big brands such as Huawei, ZTE and Oppo joining the party. Many attendees at MWC will be flocking to play with these state-of-the-art devices and judge if these dual-screen folder phones can bridge the gap between the traditional mobile phone and a tablet device. The question is: will you be keen to have one? Let us know as you try them out by tweeting to us @GemaltoMobile.

  1. Trial the latest Augmented Reality headset

Microsoft has returned to Barcelona after a few quiet few years with the highly anticipated second version of their augmented reality headset, HoloLens 2. The addition of a Snapdragon processor will allow the headset to be used outside of a Wi-Fi network and untethered to wires, meaning users will have greater mobility with the device than ever before. Although Microsoft is aiming to sell the device to a range of corporations in the future, the opportunity to experience how doctors might use Microsoft’s technology to assist with operations in the future is certainly the most appealing use case so far.

  1. Explore the abilities of the cars of the future

Several car manufacturers, including Volkswagen, Tesla and Daimler are exhibiting on the show floor this year, showcasing new digital mobility services and apps in their cars. Those attending MWC will be able to test the technology in the latest car models, which are expected to demonstrate better intelligent connections between the surrounding infrastructure and other cars.

And if this wasn’t enough to inspire a visit to a car manufacturer stand this year, SEAT is premiering the world’s first ‘5G connected car’, making reliable, autonomous driving a reality. With the connected car market growing 10 times as fast as the overall car market and with expectations of cutting-edge technology in cars at an all-time high, the desire to show off new products and to be the most innovative car manufacturing brand, means MWC goers will no doubt be in for a treat this year. But what technology actually goes into a connected car? See our tweet below for an inside look!

  1. Check out what is in store with the newest development in smart cities

As the IoT grows, so do the plans for intelligent transportation systems, smart parks and even robotic lawn mowing! The plans for smart cities of the future are not new to MWC; however, this year the focus is centered around how the mobile industry can help smart cities to make significant progress towards UN sustainable development goals. The significant progress made with 5G over the past year means that the smart city models and the data storage required to create them are closer than ever to implementation. The ability to explore and get to grips with just how the IoT will work in practice in large cities across the world means the smart cities tour at MWC 2019 may not be that dissimilar to real cities in the near future!

  1. Try out a world of hyper connectivity with the best 5G networks

5G is coming in 2020 and with less than a year before it is rolled out there is one big name on everyone’s mind. Huawei has made no secret of its desire to embrace the 5G era, building technology solutions for the next generation. The world will be watching closely at MWC 19, as Huawei has promised products that will be commercially applicable for network and storage businesses in the 5G era. With 5G set to be the next generation’s big technology leap, significantly impacting society’s progress for generations to come, a visit to the Huawei stand to experience what this era of wireless applications and AI could be like is not to be missed by tech lovers.

So, there you have it – five things you shouldn’t miss at MWC 2019! Do you agree with our selection? Or, do you think there are other options we should add to our list? Let us know by tweeting your thoughts to @GemaltoMobile or @Gemalto.

And if you’re at MWC this year do come and check out the Gemalto stand (2J41, Hall 2) to see our latest demos and meet our experts.

The post 5 fun things to do at MWC19 appeared first on Cybersecurity Insiders.


February 26, 2019 at 09:08PM

Monday, February 25, 2019

Sophos integrates with Microsoft to offer utmost Mobile Security Threat Detection

British Security firm Sophos has announced that it will be integrating its Mobile Device Management system with Microsoft’s Intune to help customers work and access data in a secure way from any device and location while maintaining compliance with the corporate data laws.

Therefore, Sophos Mobile Security running on Microsoft Azure will help IT admins configure individual device usage policies as per the corporate data laws. Suppose in case an employee endpoint security is compromised, then administrators will have access to the detailed security insights from Sophos Mobile Security helping them effectively decide when to lock down access to that compromised asset.

“Analyzing the threat and managing it is a highlight in Sophos which when integrated with Microsoft delivers informed choices to IT administrators”, said Dan Schiappa, Chief Product Officer, Sophos.

Thus, Users having devices running on Android and iOS platforms can access the services of Sophos Mobile Security by purchasing licenses through registered Sophos partners across the globe.

Hence, to all those corporate heads who would like to raise the defensive line of their corporate network perimeter, by bidding adieu to Zero Trust Architecture in their corporate environments, Sophos Mobile Security’s flexibility to integrate with Microsoft will be a great choice to opt for.

Note- Sophos delivers network, encryption, web, email and mobile security solutions to more than 100 million users plying in 150 countries through 43,000 registered partners. The company which is headquartered in Oxford, UK is known with the symbol SOPH on the publicly trading London Stock Exchange platform.

The post Sophos integrates with Microsoft to offer utmost Mobile Security Threat Detection appeared first on Cybersecurity Insiders.


February 26, 2019 at 10:03AM

Demystifying the India Data Protection Bill, 2018: Part 3 of 3


In the first two parts (Part 1 and Part 2) of this three-part series on the upcoming Personal Data Protection Bill in India, we covered the draft bill’s important elements and key terminologies that organisations need to keep in mind in order to comply with the bill’s stringent guidelines.

To quickly summarise what we have covered earlier, the Personal Data Protection Bill is slated to mark the advent of perhaps the biggest shake-up of data privacy laws in India. Based on the premise that ‘Right to Privacy’ is a fundamental right of every Indian citizen, the bill clearly outlines (in no ambiguous terms) the way in which organisations can obtain, store, process or access an individual’s personal data, and makes “individual consent” a central requirement for obtaining, storing, processing or accessing such personal data.

In this third (and last part) of the Personal Data Protection Bill series, we will cover 4 key technologies that play a pivotal role in protecting data — both at rest and in motion, and 3 important steps that organisations need to take to adhere to the bill’s mandates. Let’s begin!

Key Technologies

1. Data Encryption

Widely considered as one of the best ways of protecting any data, data encryption is the process of scrambling plain data into an unreadable format through the use of an algorithm that creates a unique “key” known as an “encryption key” or “crypto key”.

Encrypted data can be unscrambled back and made readable only with the specific key that was used to encrypt it. With massive advancements in encryption technologies in the last few years, encrypted data is virtually impossible to hack today.

2. Tokenization

Tokenization is the process of assigning a random surrogate value (also known as a “Token”) to the original data to avoid its easy identification.

Initiated using a special software known as a “Tokenization Manager”, the original data is first received at its initial entry point by the Tokenization Manager and then encrypted. As an industry best practice, many organisations across the globe then proceed to securely store the encryption keys in FIPS-certified Hardware Security Modules (HSMs).

A good Tokenization solution should be able to support reverse data tokenization (also known as “De-tokenization”) wherein the tokens can be converted back to plain data, as well as non-reversible data tokenization wherein the tokens cannot be converted back to plain data. Further, the solution should also offer key functionalities like bulk tokenization for operations that involve large data volumes and ready integration with a Key Management Solution (KMS) or HSM if crypto keys are involved in the tokenization operation.

3. Data Masking

Also known as “Data Obfuscation”, data masking is the process of hiding (or obscuring) the original data with random characters or other data. In data masking, a structurally similar but inauthentic version of the original data is created by using the same format as that of the original data, but changing the original values to achieve obfuscation.

The original data can be modified in a number of ways – including encryption, character shuffling, and character or word substitution. While any method can be used to mask the original data, the moot point is that the values must be changed in some way or the other to make detection or reverse engineering impossible.

The primary purpose of data masking is to protect the original data while having a functional substitute for occasions when the original data is not required. For example, Data Testing.

In India, the Payment Card Industry Data Security Standard (PCI DSS) and Reserve Bank of India (RBI)’s circular on tokenization of debit card data mandates the use of data masking to protect the card data.

4. Key Management

Since encryption keys pass through multiple phases during their lifetime – like generation, distribution, rotation, archival, storage, backup and destruction, efficiently managing these keys at each and every stage of their lifecycle plays a pivotal role in optimal data protection.

With an increasing range of heterogeneous keys being created by a diverse set of applications, efficiently managing these keys centrally becomes paramount. A common practice for cohesive key management is using the Key Management Interoperability Protocol (KMIP) – an extensible communication protocol that defines the message formats for the manipulation of crypto keys on a key management server.

KMIP seamlessly facilitates data encryption by simplifying crypto key management and is inherently designed to support a diverse set of cryptographic objects, including symmetric and asymmetric keys, digital certificates, etc. Further, it allows clients to ask a server to encrypt or decrypt data, without needing direct access to the encryption key.

With more and more organisations using a disparate set of crypto technologies (like Payment HSMs for financial operations, General Purpose HSMs for common operations, etc.) across multiple business units and diverse geographical locations, adopting a robust Key Management Platform that would cater to the current as well as future encryption requirements is imperative.

Steps for preparing for the Personal Data Protection Bill

Placing great emphasis on the approach of “privacy-by-design”, complying with the bill’s strict mandates requires all departments in an organisation to closely look at the way they manage their users’ data.

Below are 3 easy steps to audit your users’ personal data:

Step 1: Map Your Data

Carefully identify all the sources from where your organisation receives its users’ personal data, where it resides, which departments and individuals have access to it, and document in detail if there are any security risks to that data.

Step 2: Determine What Data You Want To Store, And Why

More often than not, organisations keep collecting data without any concrete plan of destroying it when it becomes redundant. Since the Personal Data Protection Bill encourages organisations to adopt a disciplined approach towards its users’ personal data, now is the right time to audit your data and determine which of it is important and which of it can be deleted.

Below are 3 pertinent questions that need to be asked:

1. Why are we storing all this data? Is all of it really business critical?

2. What is our business objective of collecting all categories of our users’ personal information? Do we really need all this information?

3. Is the financial gain of deleting this information greater than the cost of encrypting it?

Step 3: Review Your Cybersecurity Measures

Meticulously review your organisation’s existing cybersecurity systems and update/upgrade them wherever needed. While front-line (perimeter) defense mechanisms like firewalls, antivirus, antimalware, etc. act as a good deterrence against cyber attacks, they are rendered useless once hackers gain an inside access to an organisation’s data files.

To truly insulate your organisation from malicious attacks, equal priority needs to be given to last-line defense mechanisms like encryption, tokenization, data masking and key management.

Further, do not restrict the purview of cybersecurity to your organisation only, but extend it to your vendors too as mere outsourcing doesn’t exempt you from any breach of your users’ personal data.

To Sum It Up

With the Personal Data Protection Bill recommending hefty penalties that can go up to Rs. 15 crores or 4% of an organisation’s total worldwide turnover, organisations can no longer take their users’ personal data for granted.

Considering the recent example of France imposing a fine of €50 million (approximately Rs. 400 crores) on Google for violating data privacy rules as defined by the GDPR, it would be a folly on the part of Indian organisations to not take the Personal Data Protection Bill’s compliance guidelines seriously.

To comply with the bill’s stringent mandates, organisations need to adopt a data-centric approach towards cybersecurity to protect their users’ personal data.

Below are 3 basic steps that organisations can take to safeguard their users’ personal data:

Step 1: Encrypt The Data – at rest, in motion, on cloud and across virtual and on-premise environments.

Step 2: Own & Secure The Encryption Keys – at each stage of their lifecycle.

Step 3: Control Access – to resources across diverse environments by providing strong multi-factor authentication to prevent unauthorised access.

How Gemalto Can Help

As the global leader in providing state-of-the-art data protection technologies to leading organisations across the globe, Gemalto offers a robust, edge to core, plug-and-play Unified Data Protection Compliance Platform that organisations can leverage across diverse business needs.

Below is a quick snapshot of Gemalto’s Enterprise Data Protection Portfolio:

Learn how Gemalto can assist your organisation in optimal data protection.

The post Demystifying the India Data Protection Bill, 2018: Part 3 of 3 appeared first on Cybersecurity Insiders.


February 26, 2019 at 09:09AM