FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Sunday, March 31, 2019

Amazon CEO Jeff Bezos phone hacked by Saudi Government

Amazon CEO Jeff Bezos’s phone is reported to have been hacked by the Saudi government as a part of a malicious effort to defame and harm the world’s richest man. This was revealed by Gavin De Becker, the security chief of the Amazon Chief in an interview to the sensational news resource The Daily Beast.

The law enforcement of the United States has been informed about the mobile phone hack of Jeff Bezos who chose to remain silent on the issue until further developments are revealed.

Highly placed sources say that the hackers backed/funded by the Saudi government have gained access to some of the sensitive info of the American technology entrepreneur which includes some financial info of his recent high profile- bank transactions, access to his personal text, images and videos folder and some company details.

Note- Gavin De Becker just put allegations over the Saudis and did not reveal direct evidence or any citation for his claims/allegations.

Jeff Bezos who is currently going through divorce turmoil with his wife Mackenzie Bezos due to his extramarital affair with his present girlfriend Lauren Sanchez- a freelancing pilot turned anchor on Los Angeles TV; has confirmed the news that his phone witnessed an unauthorized access from hackers recently, but chose to remain silent on revealing the suspects behind the incident.

A Summary of this entire cyber incident

In January 2019, Jeff Bezos revealed that he is going to separate from his wife Mackenzie Bezos after having 25 glorious years of marriage. Mr. Bezos chose to remain silent on the separation until a new resource The Enquirer spilled the beans on his alleged affair with Lauren Sanchez.

In Feb’19, Bezos claimed in a media interview that the ‘National Enquirer’ was indulging in Extortion and blackmail as it was threatening to leak more photos and chat conversations with his girlfriend unless a huge amount as ransom is paid. He was also unhappy with the news reports which claimed that his girlfriend Lauren Sanchez had revealed all of their personal conversations to one of her friends who later made the matter public for monetary benefits.

However, the Amazon chief launched a separate inquiry into the hack with his security consultant De Becker as chief. And De Becker has revealed now that the personal info leak was done by Saudi military intelligence who first hacked the phone of Jeff Bezos to steal his private info and then leak to the media- all in retaliation to a news report of The Washington Post which alleged Saudi Crown Prince Mohammed Bin Salman for killing Jamal Khashoggi.

Since Jeff Bezos owns the Washington Post; he might have to face more such consequences in the near future.

The post Amazon CEO Jeff Bezos phone hacked by Saudi Government appeared first on Cybersecurity Insiders.


April 01, 2019 at 10:31AM

Hackers using hacked WordPress & Joomla sites to drop malware

By Waqas

Apparently, the malware attack is carried out by Russian speaking hackers. The IT security researchers at Zscaler have discovered a sophisticated malware campaign targeting websites based on WordPress and Joomla content management system (CMS). The campaign works in such a way that hackers take advantage of a hidden directory on HTTPS and exploit vulnerabilities in extensions, plugins, and themes […]

This is a post from HackRead.com Read the original post: Hackers using hacked WordPress & Joomla sites to drop malware


March 30, 2019 at 04:30AM

Saturday, March 30, 2019

8 ways to achieve agile security

This post was originally published here by gregg rodriguez.

Between 2017 and 2021, worldwide spending on cybersecurity will top $1 trillion, according to predictions from Cybersecurity Ventures. The barrage of cyberattacks on enterprises and new threat vectors within networks due to the move to Infrastructure as a Service (IaaS), or public cloud, makes the need for agile security more important than ever for CIOs and CISOs managing cybersecurity.

Thanks to AWS and Azure, anyone can build their own applications or procure infrastructure by simply subscribing to IaaS services, with or without the permission or assistance of an IT team.  

While that’s great news for application owners who desire agility and faster time to market, it can be extremely challenging for security professionals tasked with protecting assets in cloud infrastructure environments.

Agile security for IaaS

If you are already using IaaS or are thinking about it, consider the following ways to help you begin driving an approach for more agile security within your organization:

  1. Standardize on core security principles: Make security an integral part of the development pipeline from day one so that your teams can address any vulnerabilities that arise as soon as they are detected, at any point in the process.
  2. Introduce a DevSecOps approach to security teams: In order to move on projects and continuously iterate and deploy new products and solutions, ensure rapid response teams are running 24/7, and that product security teams are aligned with the same trajectory as the rest of the organization.
  3. Adopt “API-driven security”: By taking the human element away from the process, you establish a continuous integration methodology, which allows for consistency of delivery. For example, if a security policy needed to be adjusted, you do it once, thus eliminating inconsistency in the system or unnecessary outages.
  4. Create a security rapid response team: Fast response times are imperative to giving a tech company competitive advantage. To enact “security at speed,” implement continuous measuring, testing and monitoring in an effort to iterate quickly.
  5. Make safe use of public cloud: Deploy cloud-based services to create the modern, agile application environment your developers and IT departments need to innovate faster and more continuously. Use security best practices based on the Shared Responsibility Model to avoid cloud misconfigurations and reduce risk.
  6. Deploy a code-driven security infrastructure: Security shouldn’t have to be built up from scratch over and over. Deployment of a code-driven security infrastructure allows for the repeatable and automated build and management of security systems.
  7. Prioritize visibility and management: End-to-end visibility allows you to take a granular approach to managing configuration of its open-source tools that have helped the security team keep track of deployment, usage, and management of cloud services.
  8. Adopt elasticity and automation: It’s essential that your tools can monitor, detect, and defend your workloads but also be able to expand as your usage does to ensure security from deployment to operations.

Halo Cloud Secure for agile security

Learn more about how Halo Cloud Secure can help you gain the critical comprehensive security and compliance visibility you need to effectively monitor and protect your IaaS environment, while driving a more agile approach to security. Download our product brief.

The post 8 ways to achieve agile security appeared first on Cybersecurity Insiders.


March 30, 2019 at 07:28PM

Securing Azure Application Gateway

This post was originally published here by gregg rodriguez.

Web applications are becoming frequent targets of malicious attacks that exploit common vulnerabilities, such as SQL injection attacks or cross site scripting attacks, which makes securing your Azure Application Gateway more critical than ever.

Preventing such attacks in application code can be a sizeable challenge, as it requires rigorous maintenance, patching and monitoring at multiple layers. Using a centralized web application firewall (WAF) can help you simplify security management. WAF is a feature of Azure Application Gateway that provides centralized protection of your web applications from those common threats and vulnerabilities.

A WAF can react to a security threat faster by blocking known attacks before they reach vulnerable endpoints, instead of securing each individual web application. In addition, your existing application gateway can be converted to a WAF-enabled application gateway relatively easily.

What is Azure Application Gateway?

Azure Application Gateway gives you application-level routing and load balancing services that let you build a scalable and highly available, web front end in Azure.

Benefits 

  • Control the size of the gateway and scale your deployment based on your needs
  • Get load balancing and application-level routing for building high-performing, scalable web front end
  • Manage traffic with round robin load balancing provided by Application Gateway. This is done for HTTP(S) traffic and at Layer7
  • Build a secure web front end with efficient backend servers and also streamline your certificate management by using SSL offload.

Risks to a misconfigured Azure Application Gateway

  • If your web application firewall (WAF) is not enabled, your application gateway will be vulnerable to attacks such as SQL injection, cross-site scripting, and session hijacks.
  • If your Application gateway does not have end-to-end SSL configured, you will not be able to securely transmit sensitive data to the backend encrypted, nor ensure that the application gateway only communicates with known instances.
  • If your Application Gateway does not have SSL enabled on front end, the gateway will not apply the routing rules to the traffic, nor forward the packet to the appropriate back-end server based on the routing rules you have defined.

Cloud security requires shared approach

Cloud computing is based on a new infrastructure model requiring a new approach to security. In the Azure environment, Microsoft provides a secure foundation across physical, infrastructure, and operational security, while you maintain responsibility for protecting the security of your application workloads, data, identities, on-premises resources, and all the cloud components under your control. This is referred to as the “Shared Responsibility Model.”

You can ensure the security of all your Azure resources by fulfilling your end of the shared responsibility model based on security best practices.

How Halo can help secure your Azure Application Gateway

Halo Cloud Secure can help ensure your Azure Application Gateway:

  • Includes a WAF using OWASP rules to protect your application against attacks such as SQL injection, cross-site scripting, and session hijacks
  • Includes properly configured SSL supporting end-to-end encryption of traffic by terminating the SSL connection at the application gateway, applying the routing rules, and forwarding the traffic to the appropriate back-end server.
  • Has SSL enabled on the front end to support defining custom SSL options and disabling the following protocol versions: TLSv1.0, TLSv1.1, and TLSv1.2, as well defining which cipher suites to use and the order of preference.

Photo:Training Industry

The post Securing Azure Application Gateway appeared first on Cybersecurity Insiders.


March 30, 2019 at 07:20PM

Friday, March 29, 2019

Family locator app leaked real-time location data of 238,000 individuals

By Waqas

We normally consider family locator app as a blessing because we are able to track our family members conveniently through them. But, what if your private data collected or shared on such an app gets misused by cybercriminals because the app fails to secure it properly? It would instantly become a nuisance…no? The same has […]

This is a post from HackRead.com Read the original post: Family locator app leaked real-time location data of 238,000 individuals


March 30, 2019 at 12:14AM

New Gustuff Android malware targets cryptocurrency & messaging apps

By Waqas

Gustuff Android malware from Russia with love. Group-IB, a cybersecurity firm, has discovered a new breed of Trojan horse malware called Gustuff, which specifically targets Android phones to steal banking credentials and digital assets of users. The malware targets customers of cryptocurrency exchanges and mainstream international banks. As per the analysis of Group-IB, the malware […]

This is a post from HackRead.com Read the original post: New Gustuff Android malware targets cryptocurrency & messaging apps


March 29, 2019 at 09:33PM

Things I hearted this week, 29th March 2019

I search long and hard each week to find the best and most interesting security stories. These aren’t just news stories, but also interesting blogs and experiences people share.

One thing I’ve felt (I say feel because I don’t have scientific proof to back this up) is that fewer people are blogging regularly. Of those that do regularly blog, many have left their blogs and moved over to Medium – and I have nothing against Medium, I just don’t want my list to end up being just a bunch of Medium articles every week. The second thing is that a lot of people end up sharing their thoughts on a social media platform, such as a long post on LinkedIn or Facebook. Or worse still – they have a Twitter thread.

I could link to Twitter threads, but I feel these don’t accurately convey the message in the same way a blog does.

For example, Magen Wu has a great Twitter thread on career success. About how she feels she wasted time comparing herself to others and setting goals she wasn’t necessarily aligned to. With some good comments from others.

The question I guess I’m asking is that are social media platforms taking away from blogging, and given the short life span of tweets in particular, does it lessen knowledge sharing? Should I start a “Tweet threads I Hearted this week”. All are important questions.

While you ponder on that, here’s your regular dose of security things I hearted this week.

Creating an Android open source research device on Your PC

While this was written last August, I only just saw this article on creating a virtual Android device on a PC to conduct open source research.

Androwarn

Androwarn is a tool whose main aim is to detect and warn the user about potential malicious behaviours developed by an Android application.

The detection is performed with the static analysis of the application’s Dalvik bytecode, represented as Smali, with the androguard library.

This analysis leads to the generation of a report, according to a technical detail level chosen from the user.

Free Debian VM with 5GB of storage

I have to thank Jerry Gamblin for sharing this gem, that Google gives anyone with a Gmail account a free* Debian VM with 5GB of storage.

*insert joke about nothing is free

 ** yes, there are some restrictions.

This Spyware data leak is so bad we can’t even tell you about it

A consumer spyware vendor left a lot of incredibly sensitive and private data, including intimate pictures and private call recordings, for all to see on a server freely accessible over the internet. And it still hasn’t taken the data down.

A little-known AI method can train on your health data without threatening your privacy

In 2017, Google quietly published a blog post about a new approach to machine learning. Unlike the standard method, which requires the data to be centralized in one place, the new one could learn from a series of data sources distributed across multiple devices. The invention allowed Google to train its predictive text model on all the messages sent and received by Android users—without ever actually reading them or removing them from their phones.

Despite its cleverness, federated learning, as the researchers called it, gained little traction within the AI community at the time. Now that is poised to change as it finds application in a completely new area: its privacy-first approach could very well be the answer to the greatest obstacle facing AI adoption in health care today.

How Lockergoga took down Hydro 

Last week Norsk Hydro, a large multinational manufacturer with 35,000 staff and over 100 years of history, had the nightmare scenario of a worldwide apparent ransom attempt — their systems began to malfunction, and attackers had placed a ransom note on their business and some production systems across the world.

Each impacted system had three key elements:

Cyber attacks targeting ICS on the rise

Malicious cyber activity increased to almost half of the industrial infrastructure protected by Kaspersky Lab in 2018, but the UK is among the most secure countries, the security firm reports. Malicious activity targeting industrial control systems (ICS) affected 47.2% of computers protected by security firm Kaspersky Lab in 2018, up from 44% in 2017.

Ukrainian man faces up to 6 years in jail for cryptojacking on his own websites

The cyber crime unit of the national police of Ukraine arrested a 32-year-old man from the Bukovina region who allegedly placed cryptojacking software on a number of educational websites that he created and administered.

The unspecified websites and internet resources had 1.5 million monthly visitors, the police reported.

The police also stated that the installed malware on the websites was deploying visitors’ devices’ CPU and GPU power to illegally mine cryptocurrencies.

Other things I hearted this week

      

The post Things I hearted this week, 29th March 2019 appeared first on Cybersecurity Insiders.


March 29, 2019 at 09:09PM

MWC Barcelona 2019 – what we learned

Another year, another MWC Barcelona. As the vibrant city winds down after the whirlwind of over 100,000 visitors, we’ve been reflecting on what we learned at the show.

Here’s a flavor of our key takeaways:

The movement towards our foldable future has begun

The foldable smartphone gave gadget lovers plenty to talk about over the opening weekend. It’s hard to overstate the splash the Huwaei Mate X made with its launch at the conference. This phone-tablet hybrid was the talk of the show thanks to its polished, uber-thin design and stunning display. At a price of €2,299 and with a release date of around June, the premium device gives us a real and eye-catching glimpse into our foldable phone future.

Did 5G live up to the promises?

MWC Barcelona 2019 previewed many of the hottest mobile trends, but 5G was the most anticipated. For years, the technology has had more promise than actual use cases, but execs announced it would debut this year, with wider adoption in 2020 and beyond.

ZTE programmed a band of industrial robots to play the piano and drums to show how the ultrafast networks can be used by heavy machinery. And Cisco Systems announced that 5G was ready for prime time, and would enable new applications in AI, health care and industrial factories.

5G smartphones that impressed us include the foldable Huawei Mate X, the Mi MIX 3 by Chinese smartphone maker Xiaomi, and the V50 ThinQ by LG.

The eSIM revolution

Despite the hype around 5G, many believe eSIM technology will deliver greater impact to the telecoms industry and content providers in 2019.

The eSIM revolution is among us and it was great to see its wide appeal at the show, and hear brands and consumers buzzing about the advantages it brings.

We lost count of the number of people who stopped by our booth to chat to our experts about ‘everything eSIM’ and learn all about Turning Things On, as well as our view on how the eSIM is paving the way for connecting the vast array of smart devices out there.

The future of IoT

MWC Barcelona 2019 was buzzing with key technology players demonstrating a wide range of IoT applications, from smart cities to robotic manufacturing and cloud VR.

As the number of connected devices and industrial machines grow rapidly, the IoT ecosystem is set to evolve to become a trillion-dollar market over the next decade. This rapid growth stresses the importance of keeping it secure and ready for the future. Future-proofing will be crucial in the years to come. 

Get involved!

What excites you most from our key takeaways from this year’s big show? What other trends that caught your eye? Share your thoughts in the comments section below, or you can tweet us at @GemaltoMobile.

The post MWC Barcelona 2019 – what we learned appeared first on Cybersecurity Insiders.


March 29, 2019 at 09:08PM

Apple Card and the future of payments

On March 25th 2019, Apple unveiled plans to release a new branded payment offer called “Apple Card” as part of its plans to boost its services business. Apple is increasing its portfolio of services with multiple new announcements in addition to the Apple Card, such as Apple News+, Apple Arcade and Apple TV+.

Apple Card, which is set to launch in the US this summer, comes first in Apple Wallet for Apple Pay payments in store, in-app and in-web. It has been created with Goldman Sachs as the issuing Bank and MasterCard as the payment scheme. In addition to the Digital Card, Apple Card will also come as a standard ISO credit card, made of Titanium with the EMV chip for contact mode payments at the Point-of-Sales terminal.  The card is not expected to support contactless payments (Apple clearly want its users to use Apple Pay for that) nor to perform online purchases as no PAN nor CVV is displayed on the card. Apple CEO Tim Cook mentioned during the keynote that the total number of Apple Pay transactions (at stores, in-app or in-web) should pass the 10 billion mark in 2019.  This is about 20 times less than the total amount of cards payments, at store or online in 2018.   Having a physical card in addition to a digital card will clearly increase the number of transactions that this new Apple Card offer will be able to reach.

There were no comments during the March 29th keynote about the user experience for card activation, but we’re hearing that a solution using a NDEF NFC tag approach to perform a card tap on the iPhone is foreseen.  That use case of contactless would be totally different than contactless payment. It would just be a simple tag (sticker?) carrying an Identifier. The iPhone would use its NFC reader mode to read than ID.  The matching of the card ID and the iPhone Wallet ID would be a fair way to perform a card activation remotely.

Cards and Mobile complement each other

The first strong take away is that, for any given payment solution to get significant usage, cards are still the only way to connect billions or consumers with millions of merchants in the years ahead.  Innovative payment solutions bring value, but none of those will totally displace card payments anytime soon.  Apple, with the ISO credit card version of its Apple Card, brings tremendous recognition to the EMV card industry. Apple’s positioning of the card is clearly coming with a mobile-first mindset, but they acknowledge that a real, rich customer experience comes with the combination of mobile and card to get a seamless, broad and enjoyable payment experience.

Continuing the metal card trend

Perhaps most interestingly, Apple has chosen to create its EMV card using titanium, a trend we have seen increasing in popularity. Like our own range of metal EMV cards (now being used by payments card firm Curve) these cards are a ‘top-of-the-line product’ for customers, supporting Apple’s brand image as a premium company. Unlike other cards, however, Apple has decided not to put the customer PAN and CVV on the card body, choosing only to engrave the Apple logo and the cardholder name. This is driven by an Apple logic whereby online purchases should rather be done using Apple Pay in-app or in-web. The message is clear to Merchants: go Digital for payment, if not done already.

Another difference from Gemalto’s metal cards portfolio is that the Apple Card is made entirely from metal, rather than a hybrid of metal and PVC for 4 out 5 Gemalto cards in the Metal Cards portfolio. This means the card will not support contactless payments. Instead, users will be expected to use the digital version of their card, in conjunction with the Apple Pay mobile payment service, in instances where they might now use contactless.

Accelerating Digital Payments for e-commerce

Apple has chosen to stretch the message but remove the ability to use the ISO version of the Apple Card for online purchases. That’s because the Wallet App version of the Apple Card is here for that matter.  It’s an abrupt way to push for Digital Payment at eMerchants, but it heads in the right direction. Apple Card users, in many instances, will still need to use another card with PAN, CVV (or DCV) and Expiration date for some of their purchases.  But it’s fair enough to see the Apple brand push for a change in that field.

Cashback and loyalty scheme with Apple

Apple is also offering a cashback incentive on every purchase made using Apple Pay or the physical card, aptly named “daily cash”. It wants to entice people with “clearer and more compelling” rewards than rivals. 2% cashback will be offered for all purchases using Apple Pay, 1% using the physical card and 3% when purchases are for Apple products or services. Cash is accumulated in the Apple Pay cash card on your mobile (US only for now) and can be redeemed via NFC payments, in-app or peer-to-peer via iMessage. Although many banks already offer cashback rewards, Apple’s drive to make them so easy to redeem will be an attractive prospect to many, especially as the scheme will apply to all purchases (many banks now offer cashback only when purchases are made from a specific company).

Biometrics for Apple Card:  only for the Wallet App version today

The decision not to include cutting-edge biometric technology on the physical card is an interesting move by Apple. We believe that biometric technology on credit cards enhances both their convenience and security, hence why we developed our own biometric EMV card with a built in fingerprint sensor. However since the only target market today for Apple Card is the US, the use of Biometrics in lieu of a PIN code was not a priority as US credit card are Chip&Nothing – i.e. no PIN code used at all.

 

The bottom line is that, on March 29th, Apple , the master of mobile user experiences, gave an impressively strong endorsement to EMV cards, the undisputed must-have for a real ubiquitous user experience in Payment for the years to come.  Apple has also validated that metal is the design edge for high value cards.  And last but not least, Apple sent a signal to eMerchants that Digital payment is the future.

Well done Apple!  We love those three messages at Gemalto and have been talking about them too for a long time.

What do you think of the new card? Let us know in the comments or by tweeting @gemalto.

The post Apple Card and the future of payments appeared first on Cybersecurity Insiders.


March 29, 2019 at 09:08PM

WordPress and Joomla websites serving ransomware

Research conducted by Cloud-based Information security company Zscaler says that websites which are built on WordPress and Joomla backgrounds are now reportedly acting as platforms to distribute ransomware and phishing links to hackers.

Zscaler security experts say that cyber crooks are exploiting the vulnerabilities exhibited by the said platforms to serve Shade ransomware and other malevolent content.

Technically speaking, a report from the San Jose based company says that attackers are using hidden directory skills like HTTPS to quench their objectives.

NOTE 1- HTTPS is utilized by owners to establish ownership of the web domain to the certificate authority that scans for the code to identify the web domain as legitimate.

However, hackers are somehow finding ways to gain access to such certificates and using them as source points to deliver malware and other forms of malicious content- all with the endorsement from website administrators.

“At present, we have figured out that over 500 websites have been compromised and thousands are on the verge to be hit by Troldesh or shade ransomware, phishing links and other spurious content”, said Deepen Desai, VP of Security research & operations at Zscaler.

Mr. Desai added that some cyber crooks have found ways to exploit Joomla hosted websites to such an extent that they are inducing phishing pages with SSL validated hidden directories and are fooling victims to pass on their usernames and passwords.

NOTE 2 – Zscaler argues that only those websites running on WordPress versions of 4.8.9 to 5.1.1 with obsolete CMS themes or server-side software are falling prey to hackers.

NOTE 3– Zscaler has already informed the website owners who were found affected and is busy tracking down those behind the campaign.

The post WordPress and Joomla websites serving ransomware appeared first on Cybersecurity Insiders.


March 29, 2019 at 08:46PM

Microsoft seizes 99 websites used by Iranian hackers for phishing attacks

By Uzair Amir

Microsoft has announced that it has seized some key websites that Iranian hackers used for stealing sensitive information from unsuspecting users in the US as well as launching cyber attacks. Reportedly, 99 websites have been seized by Microsoft of an Iranian hacker group that is known by many names including Phosphorus, Charming Kitten and APT […]

This is a post from HackRead.com Read the original post: Microsoft seizes 99 websites used by Iranian hackers for phishing attacks


March 29, 2019 at 04:11PM

Thursday, March 28, 2019

UK Security board offers limited assurance that National Risks from Huawei can be mitigated

Huawei Cyber Security Evaluation Center (HCSEC) which offers an official evaluation for the security of the Chinese company’s products used in United Kingdom’s telecom networks has offered a limited assurance that the national risks gained from Huawei can be smartly mitigated.

The oversight board monitoring the Huawei equipment usage in the UK says that some engineering flaws in the units can bring in new cyber risks to the government.

Experts who are supervising the operations of HCSEC have come to a conclusion that the Chinese vendor did not address the flaws previously exposed by security vendors and this might haunt the usage of products from the company in near future.

These startling comments were notified in the annual report of HCSEC which discusses the progress made by the board- founded by Huawei to evaluate its products supplied to UK markets.

All the finds of the board have been submitted to the UK National Cybersecurity Center which after reviewing will be presenting the logic as an advice to the government.

The good news is that the telecom operators of the UK have already come up with a backup plan to smartly mitigate and take control of the risks of attackers who might exploit the vulnerabilities in the future.

Upon finding the response of the report, a source from Huawei said that the report doesn’t suggest that UK networks are more vulnerable than in 2017 which in-turn recognizes the effectiveness of the center.

Note- In Sept’18, a $2 billion transformation investment has been made by the Chinese vendor to enhance the software engineering capabilities of its products. So, the insights provided by the oversight board are said to prove vital for the transformation success of the HCSEC board.

The post UK Security board offers limited assurance that National Risks from Huawei can be mitigated appeared first on Cybersecurity Insiders.


March 29, 2019 at 10:31AM

Microsoft Azure offers Cloud support for IoT Security

Microsoft Azure has announced that it is going to offer cloud support for IoT security. Thus, with the official declaration, the said cloud services provider happens to be the world’s first cloud platform to deliver end-to-end and unified approach towards the security of the Internet of Things.

“Azure Security Center for IoT has been specifically designed for manufacturing units which like to keep a tab on the security condition of their IoT used in industrial applications connected to Azure Cloud”, said Caglayan Arkan, Global Head of Manufacturing and resources, Microsoft.

The new offering helps it easy for partners and customers to build enterprise-grade industrial IoT solutions with open standards and ensures their security added Arkan.

A highlight of Azure Security is that it assists customers to find missing security configurations on edge, cloud and on IoT devices. For instance, the admins can have a view of the open ports on their IoT devices and see whether the database is encrypted or not.

“As industries desire to have security integrated into every layer to protect data and applications in industrial processes, they want it to be on the edge. Microsoft Azure Security is being offered with a similar stance to improve the pace of innovation and learning to help scale quickly and on an effective note”, says Sam George, IoT director of Microsoft Azure.

Mr. George added Cloud-based Azure Security gets threat intelligence inputs from over 6 trillion-plus signals that the Redmond giant collects daily and provides info to the security center which then integrates with Azure IoT Hub to gain access to information related to IoT security.

That means, manufacturing companies can get a view of security across Azure solutions through a single pane of glass.

An overview and other technical updates of Azure Security Center for IoT will be offered by Microsoft at the Industrial Technology Trade show to be held in Hannover, Germany.

The post Microsoft Azure offers Cloud support for IoT Security appeared first on Cybersecurity Insiders.


March 29, 2019 at 10:28AM

Privacy in 2019: 6 Basic Steps to Keep Yourself Protected

By John Mason

2019 has barely started, and indications show that this year could very well be one of the worst for Internet users as far as privacy and data security is concerned. As HackRead has reported, below are some of the biggest privacy breaches already exposed this year: Security researchers revealed that 773 million unique email IDs […]

This is a post from HackRead.com Read the original post: Privacy in 2019: 6 Basic Steps to Keep Yourself Protected


March 28, 2019 at 03:35AM

Do You Know Your Numbers?  No, Your Cyber Health Numbers!

Last year, as in years prior, was a year full of cyber-attacks.  But what was interesting was the trend of small and medium businesses being targeted more often.  Generally, those types of businesses have either rested in the false impression that they’re not a big enough target or didn’t have plentiful valuable information hackers are seeking.  The reality is the opposite and the stakes couldn’t be higher.

You’ve probably heard the phrase, “small businesses are the lifeblood of our economy.”  A powerful word like lifeblood is defined as an indispensable factor that gives something its strength and vitality.  That is to say, they are critical to the health of our national economy and prosperity.  And as we’ve all seen on TV, in order to protect our own physical health, it’s important to “know your numbers” as the ad says.

Well, this should hold true for small businesses.  We’re not talking about physical health, but something just as important, cyber health.  But how many businesses are currently measuring their cyber health numbers?  A better question to ask is how do you even do it?  And what can you do with it?  Is there a standard out there that’s recognized by industry peers and cyber insurers alike?

AT&T, a leader in world-class security solutions, has pondered these same questions and has come up with a solution to answer some of them.  Cybersecurity Rating from AT&T, is exactly what the doctor ordered. This new solution, powered by BitSight, will equip small business owners with actionable data that can help protect data and assets, but also help you maintain a pulse on your own cyber health.  And it’s perfect for business owners who don’t have large IT staffs, or who lack some of the technical expertise necessary to stay ahead of today’s evolving cyber-threat landscape.

Cybersecurity Rating helps an organization maintain an effective security posture by providing valuable insight into vulnerabilities with data collected by Bitsight over the last seven years.  Cybersecurity Rating is non-intrusive and does not disrupt your network.  Results are grouped into the following categories of risk vectors:  compromised systems, diligence, user behavior, and data breaches.  It helps a business owner answer the question of just how protected it is against cyber risk. 

So, with these numbers in hand, as a business owner, you now have the ability to make data-driven, informed decisions about cyber risk mitigation, or cyber risk transfer through a cyber insurance policy.  The cyber insurance market is rapidly expanding, especially in the small and medium business space, because it’s a relatively new concept, but also referring to the earlier point about perceived permeability.  Cyber rating products like Cybersecurity Rating will become even more important as cyber insurers gather more cyber risk actuary data and develop more effective policies that address the unique threat landscape faced by small and medium businesses.

More cybersecurity help is on the horizon to help navigate these menacing cyber-attack waters.  Proposed legislation like HR 1648, cyber-awareness training for employees, and comprehensive risk management products like Cybersecurity Rating can help to facilitate a deeper conversation about uncomfortable topics like cybersecurity, risk of data breaches, and cyber insurance.

It’s akin to going to the doctor’s office after the holidays, but since you have all of your data and you know your numbers, you’re really just seeking a recommendation for a good gym.  It should be easy to find one that’s not crowded now since the January rush is over!

      

The post Do You Know Your Numbers?  No, Your Cyber Health Numbers! appeared first on Cybersecurity Insiders.


March 28, 2019 at 09:08PM

Fact sheet of LockerGoga ransomware which hit Norsk Hydro

Last week, Norway based Aluminum manufacturer Norsk Hydro was hit by a new variant of ransomware called LockerGoga. And as per the initial financial estimate, the ransomware is said to have caused a loss ranging between $30m to $40m for the Norwegian company which is now struggling to conduct automated operations in branches laid across Europe and North America.

While security researchers are still busy finding the notable features and capabilities of LockerGoga, a group of security analysts from noted Cybersecurity companies has come up with some facts related to LockerGoga Ransomware. And here’s a quick update on them-

LockerGoga has potential to change passwords- Some security researchers argue that the ransomware has the ability to change passwords of all local user accounts to “Huhuhuhoho283283@dJD” which later boots out local and remote users out of the system. But researchers from F-Secure say that the said malware has the potential only to change the admin account passwords and doesn’t interpret the admin passwords of local users.

Logs out victims- While earlier versions of the said ransomware have the capability to just encrypt files, the latest version of malware is said to have the potential to log out the victim out of an infected system and remove their noesis to log in back. Cisco Talos has also made this disclosure in its blog on a recent note.

LockerGoga disables the network- Researchers from ESET say that the said ransomware has the ability to locally disable all network interfaces to such an extent that it further isolates the affected computer and makes the recovery of the system too complicated necessitating manual intervention.

Doesn’t propagate- Since LockerGoga does not rely on a network, security researchers from Palo Alto Networks say that malware moves in the compromised network via server message protocol(SMB). So, the hackers need to manually copy the files from one system to another. However, this process might get enhanced in the future versions of the said malware.

Crafted for targeted victims- As LockerGoga doesn’t propagate on its own via a network, analysts say that the malware has been designed for targeted attacks. Also, the code of the malware is designed to evade sandboxes and machine learning tools which can make it hard to detect in the future.

LockerGoga or CryptoLocker- As LockerGoga uses Crypto++, an open source crypto library as a project folder name, Chris Elisan, the Director of Intelligence Flashpoint has come to an opinion that the authors of the said malware are trying to make it appear as a notorious CryptoLocker Ransomware which doesn’t decrypt the files due to buggy encryption even after receiving the ransom.

The post Fact sheet of LockerGoga ransomware which hit Norsk Hydro appeared first on Cybersecurity Insiders.


March 28, 2019 at 09:02PM

Bitglass at RSA 2019: CASBs and Cocktails

This post was originally published here by Radhika Khatod.

Bitglass attended RSA just a couple of weeks ago, and what a fun, action-packed week it was! Our booth was filled attendees who were eager to ask about our CASB and get their hands on one of our highly popular, tongue-in-cheek “I’m not a decision maker” shirts.

 

 

 

 

With CASBs continuing to be a trending topic in the security space, we had a busy time meeting potential customers that were eager to learn more about Bitglass and how we can help them protect their data in the cloud. From conversations at the Bitglass booth, the booths of our partners Cylance and General Dynamics, and speaking sessions, one key takeaway was readily apparent: cloud security, now more than ever, is table stakes.

Industries and enterprises of all shapes and sizes are seeking a dynamic cloud security solution that not only provides visibility and control, but also maintains a seamless end user experience. Our reverse proxy and patented AJAX-VM technology were very popular topics, and our team did a great job answering questions and guiding visitors through the Bitglass demo that was playing throughout the event.

Last but not least, we had a blast at our joint happy hour party with Jazz Networks, complete with delicious pizza and bougie cocktails. We want to give a huge thank you to everyone that was able to stop by and spend time with us – it was great getting to know you and having deeper discussions.

We’re looking forward to an even bigger and better presence next year, and are excited to see you again soon!

Photo: Fortinet

The post Bitglass at RSA 2019: CASBs and Cocktails appeared first on Cybersecurity Insiders.


March 28, 2019 at 03:57PM

Bitglass Security Spotlight: Dow Jones, TurboTax, and Indane Data Breaches

This post was originally published here by  Will Houcheime.

Here are the top cybersecurity stories of recent weeks: 

  • Dow Jones’ watchlist of high-risk individuals breached

  • $7.7 million in EOS cryptocurrency stolen by hacker

  • TurboTax credential stuffing attacks exposes tax returns

  • US security agency targets Russia’s ‘troll factory’

  • Millions of Aadhaar numbers leaked by gas company, Indane

    Dow Jones’ watchlist of high-risk individuals breached

    Dow Jones’ watchlist was recently exposed via a server with unencrypted data. Independent security researcher, Bob Diachenko, came across the list containing more than 2.4 million records of business entities and individuals on the Elasticsearch database. Dianchenko stated that personally identifiable information (PII) including names, addresses, locations, and some photos were disclosed. The watchlist is used by companies as a part of their risk and compliance endeavors. The list also helps financial institutions and government agencies decide whether to approve or deny certain banking loans. Dow Jones spokesperson, Sophie Bent, stated that a particular “authorized third party” was at fault for the leak.

    $7.7 million in EOS cryptocurrency stolen by hacker

    On Saturday, February 23rd, a public post reported that a hacker had stolen $7.7 million in cryptocurrency. Although one of the 21 mainterners of an EOS blacklist followed security protocol, it was not done in time to avoid the exposure. In light of the data leak, EOS42, a web-based community of EOS cryptocurrency owners, is requesting a more secure system of data protection protocol where 15 of 21 EOS producers would update their blacklists. To follow, an account key would be created, blocking access to vulnerable accounts.

    TurboTax credential stuffing attacks exposes tax returns

    Intuit, a financial software company, recently learned that an unauthorized party breached an undisclosed number of TurboTax accounts in a credential stuffing attack. A credential stuffing attack occurs when attackers are able to use usernames and passwords leaked from prior security breaches to infiltrate access to accounts on other sites. This type of attack is made possible when users recycle passwords. Intuit informed those that had their accounts compromised that it is likely that the unauthorized party may have collected information such as prior or current tax return information, Social Security numbers, addresses, and other financial information. To limit further data leaks, Intuit had the affected accounts disabled temporarily, until a secure plan could be in place.

    US security agency targets Russia’s ‘troll factory’

    A US security agency was successfully able to target the Internet Research Agency (IRA), Russia’s ‘troll factory.’ The Washington Post first reported the cyberattack against the troll factory, which, in past encounters, had been able to propagate fake news and affect polls. US Cyber Command (USCC) was able to launch the attack in November 2018, a day before the US midterm elections. US officials report that the attack brought down the IRA’s IT network, disallowing the Russian agency to hinder the voting process. US hackers were able to infect one of the IRA servers by destroying data from two of the four hard drives attached, as confirmed by the Russian news site.

    Millions of Aadhaar numbers leaked by gas company, Indane

    India’s state-owned gas company, Indane, recently leaked part of its website that dealt with dealers and distributors. It was reported that the site was indexed in Google in such a way that allowed a bypass of the login page and admittance to very sensitive information. A security researcher, who asked to stay anonymous, was able to yield a simple Google search which contained consumer names, addresses, and personal identification numbers. Aadhaar’s regulator, the Unique Identification Authority of India (UIDAI), rapidly denied reports of the data breach, claiming certain news articles as “fake news.” French security researcher, Baptiste Robert, who has previously investigated Aadhaar data breaches, confirmed finding 5.8 million Indane consumer records through a custom-made script. Prior to his script being blocked, Robert claims that the number of affected consumers could surpass 6.7 million.

Photo:Nehemiah Security

The post Bitglass Security Spotlight: Dow Jones, TurboTax, and Indane Data Breaches appeared first on Cybersecurity Insiders.


March 28, 2019 at 03:47PM

NEW CYBERSECURITY REPORTS POINT TO INCREASED NEED FOR RETRAINING AND VULNERABILITY MANAGEMENT

This post was originally published here by (ISC)² Management .

By now you’re well aware of the widely-reported (ISC)² research that shows there is a global cybersecurity shortage of 2.93 million professionals. Identifying, recruiting and training skilled talent to adequately secure organizational data assets obviously remains a top priority in our industry.

Well, over the past few weeks, both Tripwire and IBM have published reports that focus on different layers of the problem and add to the conversation.

In its Cybersecurity Skills Gap Survey 2019, Tripwire found that 80% of IT security professionals believe it’s becoming more difficult to find skilled cybersecurity professionals. Not a surprising figure. The interesting wrinkle here? 93% of the respondents also indicated that the reason it’s so difficult is that the required skills have changed over the past few years, hinting at a need for retraining and continuous learning opportunities.

According to Tripwire’s CTO, David Meltzer, “security teams are in search of new skillsets to deal with evolving attacks and more complex attack surfaces as they include a mix of physical, virtual, cloud, DevOps and operational technology environments.”

This evolution of needed skills was one of the driving forces behind the creation of the recently-launched (ISC)² Professional Development Institute (PDI). PDI provides a growing portfolio of on-demand courses whose content reflects feedback from members and the cybersecurity community on burgeoning areas in which skills development will help them better secure their organizations.

The Tripwire report also found that with limited cybersecurity staffs, 68% of respondents are concerned with losing the ability to stay on top of vulnerabilities. According to IBM’s new report they are right to be concerned, as the 2019 IBM X-Force Threat Intelligence Index found that the average company had an estimated 1,440 cybersecurity vulnerabilities in its technology systems in 2018, up 4% from 1,380 the year before.

All of this points to not only the need for training and continuous learning opportunities for cybersecurity professionals to flesh out security department teams, but also opportunities for both MSSPs and new technologies such as artificial intelligence to support vulnerability monitoring and identification processes.

How is your organization tackling keeping cybersecurity staff up to speed on the latest attack surfaces, techniques and threats?

Photo:Information Security Newspaper

The post NEW CYBERSECURITY REPORTS POINT TO INCREASED NEED FOR RETRAINING AND VULNERABILITY MANAGEMENT appeared first on Cybersecurity Insiders.


March 28, 2019 at 03:21PM

Wednesday, March 27, 2019

Apple releases iOS 12.2 with bug fixes for over 50 mobile security issues

Apple Inc has addressed almost 50 mobile security issues with the release of its latest iOS 12.2 updates. And the fix is said to support various issues maligning the company Airpods (eavesdropping), Animoji, AirPlay 2 and the newly launched Apple News+.

Security analysts of Apple suggest that the iPhone maker has also covered the critical flaw that allows hackers to take control of the device’s microphone to listen and record an iPhone user’s conversation.

To those who aren’t aware of updating their devices with the latest fix, here’s a guiding procedure. Just go the ‘Settings’ tab and click on ‘General’. Then tap on ‘software update’ and then press download and install on the displayed iOS 12.2 feature.

Apple’s iOS 12.3 update is said to resolve the security flaw along with 49 others which include the ‘WebKit’ flaw.

Note 1- In the first week of March’19, news reports started to spread that microphone vulnerability is allowing hackers to eavesdrop on the conversations of iPhone users. Technically speaking, a flaw labeled as CVE-2019-8566 in the ‘ReplayKit’ feature which allows game developers to let users’ record video and audio from their devices to share with others was also allowing cybercrooks to listen to the conversations through malicious apps accessing microphone without the knowledge of the actual user.

Note 2- The update is in align with the advisory issued by the US National Cybersecurity and Communications Integration Center.

Note 3- On Monday this week, Apple unveiled the news subscription service named Apple News+ which is said to cost $9.99 a month and will give content access to over 300 magazines which includes topics such as sports illustrated, National Geographic, People, content from New York magazine, Esquire, Food & Wine, Entertainment Weekly, Bon Appétit, Elle, Time, Vanity Fair, Wired, Vogue, Los Angeles Times and the Wall Street Journal.

Note 4- Early this week, the iPhone giant also announced that its AirPlay 2 feature will now on let users stream wireless videos, music, and photos onto smart TVs made by Sony, LG, Samsung, and Vizio.

The post Apple releases iOS 12.2 with bug fixes for over 50 mobile security issues appeared first on Cybersecurity Insiders.


March 28, 2019 at 10:26AM

Securing Azure Application Gateway

Web applications are becoming frequent targets of malicious attacks that exploit common vulnerabilities, such as SQL injection attacks or cross site scripting attacks, which makes securing your Azure Application Gateway more critical than ever.

Preventing such attacks in application code can be a sizeable challenge, as it requires rigorous maintenance, patching and monitoring at multiple layers. Using a centralized web application firewall (WAF) can help you simplify security management. WAF is a feature of Azure Application Gateway that provides centralized protection of your web applications from those common threats and vulnerabilities.

A WAF can react to a security threat faster by blocking known attacks before they reach vulnerable endpoints, instead of securing each individual web application. In addition, your existing application gateway can be converted to a WAF-enabled application gateway relatively easily.

What is Azure Application Gateway?

Azure Application Gateway gives you application-level routing and load balancing services that let you build a scalable and highly available, web front end in Azure.

Benefits 

  • Control the size of the gateway and scale your deployment based on your needs
  • Get load balancing and application-level routing for building high-performing, scalable web front end
  • Manage traffic with round robin load balancing provided by Application Gateway. This is done for HTTP(S) traffic and at Layer7
  • Build a secure web front end with efficient backend servers and also streamline your certificate management by using SSL offload.

Risks to a misconfigured Azure Application Gateway

  • If your web application firewall (WAF) is not enabled, your application gateway will be vulnerable to attacks such as SQL injection, cross-site scripting, and session hijacks.
  • If your Application gateway does not have end-to-end SSL configured, you will not be able to securely transmit sensitive data to the backend encrypted, nor ensure that the application gateway only communicates with known instances.
  • If your Application Gateway does not have SSL enabled on front end, the gateway will not apply the routing rules to the traffic, nor forward the packet to the appropriate back-end server based on the routing rules you have defined.

Cloud security requires shared approach

Cloud computing is based on a new infrastructure model requiring a new approach to security. In the Azure environment, Microsoft provides a secure foundation across physical, infrastructure, and operational security, while you maintain responsibility for protecting the security of your application workloads, data, identities, on-premises resources, and all the cloud components under your control. This is referred to as the “Shared Responsibility Model.”

You can ensure the security of all your Azure resources by fulfilling your end of the shared responsibility model based on security best practices.

How Halo can help secure your Azure Application Gateway

Halo Cloud Secure can help ensure your Azure Application Gateway:

  • Includes a WAF using OWASP rules to protect your application against attacks such as SQL injection, cross-site scripting, and session hijacks
  • Includes properly configured SSL supporting end-to-end encryption of traffic by terminating the SSL connection at the application gateway, applying the routing rules, and forwarding the traffic to the appropriate back-end server.
  • Has SSL enabled on the front end to support defining custom SSL options and disabling the following protocol versions: TLSv1.0, TLSv1.1, and TLSv1.2, as well defining which cipher suites to use and the order of preference.

Read our solution brief to learn more about how Halo Cloud Secure can help reduce your cloud attack surface with security best practices.

The post Securing Azure Application Gateway appeared first on Cybersecurity Insiders.


March 28, 2019 at 09:09AM

Ransomware attack cost on Aluminum producer Norsk Hydro estimated to be $41m

Norway based Aluminum producer Norsk Hydro which was hit by a ransomware attack last week has released a press statement today saying 60% of its servers have recovered from the malware impact and running normally. The firm also disclosed that the ransomware attack could cost it over 460 million Norwegian Kroner or appx.41 million pounds.

Hydro says that the production division of its firm which makes doors and windows has come to a standstill and might take a week or a fortnight to recover from the malware.

LockerGoga is said to be the malware which is reported to have locked up the data servers from access.

However, the authorities decided not to pay the ransom to hackers and instead used the backup systems to recover the data.

Most of the higher degree operations are now taking place manually in energy, bauxite and alumina divisions of Hydro.

An overview of the financial impact says that the attack impact could cost the firm between $35m to $40.8m.

“The company specified in its statement that it has a cyber insurance policy cover for its IT assets and that too from a reputed insurer named AIG in the lead. So, most of the incurred losses could be covered from the cyber insurance cover”,  said Eivind Kallevik, the Chief Financial Officer of Norsk Hydro.

Note 1- Ransomware is a malware variant which locks the database from access until a ransom is paid in cryptocurrency in exchange of a decryption key.

Note 2- Most of the damage was observed in the firm’s Extruded Solutions division which is into the making of facades made of aluminum.

Note 3- Notices have been placed at the entrances of the company branches in the United States urging employees not to log into the computer network using tablets or other modes of computing devices.

Note 4- Hydro’s Facebook page is being used to provide the latest updates over the incident.

The post Ransomware attack cost on Aluminum producer Norsk Hydro estimated to be $41m appeared first on Cybersecurity Insiders.


March 27, 2019 at 08:51PM

Tuesday, March 26, 2019

Facebook Cyber Attack impacts 110,000 Australians

Facebook internal documents suggest that more than 110,000 Australians were impacted by a cyber attack launched in September last year on FB servers. The attack is said to have leaked personal info of more than 60,589 users from Australia giving access to details such as their movements, phone number, most recent check-ins, DOB, Education, work history, gender, relationship status, religion, residence location, search history, email address to contact and their shopping activities.

A source reporting from FB headquarters say that the attack has impacted more than 28 million FB users worldwide, out of which 111,813 were Australians. Among them, 60K people’s sensitive data is reported to have reached the hacker which includes their stand on the current political developments which are taking place in Australian regions such as Melbourne, Sydney, Tasmania, and Perth.

Highly placed sources say that personal conversations of more than 1600 Facebook Messenger users were also accessed by hackers.

Note- Facebook did not officially reveal this incident which took place in Sept’18 to the world, but accepted its fault in the confidential correspondence with Australian Information Commission (AIC) – the Australian Privacy Watchdog.

The data leak from the email correspondence of Facebook suggests that the social media giant discovered the data breach on Sept 25th, 2018 and identified that hackers made an intrusion into its network on September 14th, 2018.

After taking a review of the situation, the Mark Zuckerberg led company notified the Office of Australian Information Commissioner (OAIC)’s Principle Director, Amie Grierson on October 7th, 2018 and assured that they will keep the updates posted to her from time to time.

As the data breach did not meet the requirements of the ‘Australia’s notifiable data breach laws’, it decided not to release a media statement on the note last year and dropped down the plan to inform its users on an individual note via email.

On January 3rd, 2019 and on the insistence of OAIC, Facebook decided to contact the individuals in Australia to advise them on the breach.

Facebook has invalidated access tokens to almost 90 million accounts to nullify the impact of the breach and believed that the cyber incident could have impacted over 50 million people on a worldwide note.

The post Facebook Cyber Attack impacts 110,000 Australians appeared first on Cybersecurity Insiders.


March 27, 2019 at 10:36AM

Cyber attacks to cost the world $6 trillion by 2020

Businesses operating around the world are likely to lose $6 trillion by 2020 due to cyber attacks said Professor Kerem Alkin, the head of Turkey’s Mobile Service Providers Association(MOBILSIAD).

“Earlier in the year 2015, it was $3 trillion loss and it reached $4 trillion last year. Now, the estimate suggests that the figure could touch six trillion dollar mark by the end of 2020”, said Prof. Alkin.

Furthermore, an increase would also be witnessed in the world’s cybersecurity expenses as it is said to reach $1 trillion from $100 billion.

Coming to the number of devices connected to the internet, Prof. Alkin said that the figure will touch 200 billion mark and people are expected to use over 300 billion passwords for everyday life.

When it comes to businesses falling prey to ransomware, on an average a company is said to get exposed to ransom for every 40 seconds. And these figures were counted in the year between 2015 and 2017. Now the exposure rate is predicted to reach 14 seconds mark this year.

As hackers gain more profits with minimal investment, launching cyber attacks is proving as a good earning profession for those active in dark web. Ransomware as a service, phishing attack campaigns, crypto mining campaigns, and Distributed denial of service attacks will prove as super- earning streams for hackers in 2019 and 2020.

Note- MOBILSIAD is a 2009 founded organization comprising of 24 members and developed in solidarity and cooperation between Mobile services providers offering value-added products, services, and technologies over telecommunication platform.

The post Cyber attacks to cost the world $6 trillion by 2020 appeared first on Cybersecurity Insiders.


March 27, 2019 at 10:31AM

ShadowHammer: ASUS software updates exploited to distribute malware

By Waqas

The victims of ShadowHammer malware attack are Windows users. Kaspersky Lab researchers have made a startling new revelation that the world’s leading computer maker ASUS’s live software update system was compromised by cybercriminals to install a backdoor, which affected thousands of ASUS customers. The attack occurred in 2018 and according to Kaspersky Lab, the attackers compromised […]

This is a post from HackRead.com Read the original post: ShadowHammer: ASUS software updates exploited to distribute malware


March 27, 2019 at 03:11AM

Great find! The ThreatTraq Internet Weather Report

Every week, the AT&T Chief Security Office produces a set of videos with helpful information and news commentary for InfoSec practitioners and researchers.  I really enjoy them, and penned a blog on a segment on the impact the banning of smartphones in some secure federal facilities  a few weeks ago.

The Internet Weather Report is a look at what’s happening on the vast network AT&T oversees as evaluated by the AT&T CSO team. So on the 2/21/19 Internet Weather Report, for example, here was the situation overall:

Matt Keyser, Principle Technology Security, AT&T typically leads the discussion with a couple of guests for commentary. He covers the most probed ports and the most sources probing, ranking them and comparing them with the previous week. Then he dives into the interesting stories. For example, on the 2/21 episode, Matt drilled into the scans on port 8080, which looks to be exploiting a common bug in a couple of Netgear routers.

It’s a great resource for InfoSec practitioners and researchers alike!   John Hogoboom. Lead – Technology Security, Security Platforms,  and Stan Nurilov, Lead Member Of Technical Staff, Security Platforms, also present the Internet Weather in other episodes. To subscribe to watch the Internet Weather Report each week and other features, subscribe to the AT&T Tech Channel.

 

      

The post Great find! The ThreatTraq Internet Weather Report appeared first on Cybersecurity Insiders.


March 26, 2019 at 09:09PM

Information Security alert as Google manipulates 2018 midterm election results

A research conducted by Psychology researcher Dr. Robert Epstein of the American Institute for Behavioral Research and Technology says that Google manipulated the 2018 US Midterm elections in such a way that its search engine algorithms helped in influencing the decision of over 78 million votes to go in favor of Democrats.

Epstein argues that three seats from California which were in favor of Republicans were hand over to Dems as Google played a vital role in flipping those seats towards Democrats by influencing millions of undecided voters by controlling/influencing their minds by manipulating 500 election-related keywords.

When the same search terms were looked on Bing and Yahoo, different results appeared. And when the same terms were searched on Google- which constitutes 90% of market share in the US, the search results were biased and enormously influenced.

“The search engine results were biased and were in favor of Democrats,” said Robert in a statement released to the media. Epstein who has received a Ph.D. in psychology said that his research methodology was perfect and meticulous.

“People trust algorithmic results and trust Google when it comes to digital search as they think that the results are generated by Computer will never have a human indulgence. However, this is not the case in reality as most of the results are now being offered impartially and are highly objectified”, says Dr. Robert.

Meanwhile, Google has denied the manipulation of its search results during the 2018 midterm elections and said that it doesn’t play with the political sentiments of its users by making election specific tweaks.

Note- Dr. Robert is a guy who spent almost 6 years in investigating the role of Google search algorithms in influencing web traffic- Search Engine Manipulation Effect(SEME).

The post Information Security alert as Google manipulates 2018 midterm election results appeared first on Cybersecurity Insiders.


March 26, 2019 at 08:58PM

Monday, March 25, 2019

Asus Computers are vulnerable to software supply chain Cyber Attacks

A security alert issued by Russian Cybersecurity firm Kaspersky Lab says that all those using Asus computers around the world are vulnerable to software supply chain cyber attack. The research firm said on Monday that an Asus software update which took place between June and November’18 could have potentially opened up an exploiting backdoor for hackers.

Jennifer Duffourg, the spokeswoman for Symantec confirmed the news and added that ASUS users using the company’s computing devices could have fallen prey to trojanized updates called Shadowhammer made through URIs during Asus Live Update server sessions in between June- Nov’18.

“For some reason, the hackers were seen targeting an unknown section of users, identified through Mac addresses”, said Ms. Jennifer.

According to the info available to Kaspersky, more than 57,000 users of Asus computers could have fallen prey to fraudulent Asus live updates.

Kaspersky has already disclosed the issue to Asus through proper channel on January 31st, 2019. But since the authorities failed to acknowledge, the security firm decided to go public and alert all ASUS laptops users as a precautionary measure.

Note 1- Gartner says that Asus has reportedly shipped more than 4.2 million PC units in the 4th quarter of 2018. Means, it has clasped over 6.1 percent PC market share which is predominantly occupied by Microsoft.

Note 2- In October 2018, Asus made an official statement that its PC business will take a negative hit in H1 2019 due to issues like components shortage and inventory regulations as per the Cryptocurrency demand and due to trade conflicts hitting economies of countries with which it does business.

The post Asus Computers are vulnerable to software supply chain Cyber Attacks appeared first on Cybersecurity Insiders.


March 26, 2019 at 10:41AM

Better put these 10 cloud security questions to your Cloud Services Provider CSP

As Trump administration is advising companies to move their data and apps to the cloud, most of the company heads are concerned about the security concerns which arrive in parallel to the benefits of cloud migration.

Regardless of whether or not you are aware of all the technicalities involved in the cloud, security happens to be the most important factor to consider while doing a cloud migration. Especially, they are certain queries you should put forward to your cloud services provider to understand how they defend the apps and data when on their premises.

Cybersecurity Insiders makes it easy for you by crafting the 10 most important questions to ask your cloud provider before you move your data and apps to cloud platforms.

1.) Better to make an inquiry about the security features being hosted by the cloud provider. Make sure that the CSP holds multiple layers to a security plan to thwart most of the threats lurking in the cyber landscape.

2.) Make an inquiry on how does the cloud provider secure its hardware assets which help keep its cloud business operational. Ensure that the security measures for hardware like servers and data centers should be summarized by the provider.

3.) In order to prevent any fraudulent parties like hackers to access the in-house data, CSPs should encrypt data and at the same time educate their customers on how they keep the stored data safe and encrypted. Traditionally, many cloud providers encrypt data on a different note like in transit or at rest. So, better find out with your CSP the way they protect the data while on transmit and at rest.

4.) Keep a tab on how the CSP monitors its storage environment in order to watch for any security or performance issues. If in case, a CSP offers monitoring capabilities, then they should let you know what they are monitoring and how the data is kept out of reach from such monitoring tools.

5.) Go for a cloud services provider who has a SOC 2 and CCSP certification. As the former meets AICPA requirements needed for cloud security in the future. And the later CCSP is given to those companies which practice technical expertise in designing and delivering cloud security practices.

6.) Find out whether the CSP is in-charge of the security in its environment or the customer. Better to make it a point in the service level agreement.

7.) Know how each client data is separated and remains non-accessible to the CSP. This is important as maintaining data sanctity for certain applications is much needed in today’s world.

8.) The CSP should specifically specify how the provider notifies the customer when any security breaches take place.

9.) Also, make sure that the CSP provides a 100% guaranty over data which is being destroyed when the need for it arises.

10.) Furthermore last but not the least, make sure that the CSP mentions a remedy to customers in circumstances when it fails to meet the security obligations.

Hope, all is covered in the above-said points. If not, please feel free to share your knowledge through the comments section below.

The post Better put these 10 cloud security questions to your Cloud Services Provider CSP appeared first on Cybersecurity Insiders.


March 26, 2019 at 10:32AM