FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Tuesday, April 30, 2019

Vodafone updates that it knew Huawei 5G espionage secrets 10 years ago

As Huawei is trying hard to convince the world that its 5G equipment is safe from espionage threats, Britain based Telecom company Vodafone has released an update against the Chinese vendor which will surely leave the former in a bit of disappointment.

Vodafone says that it has discovered several flaws between 2009 and 2012 in the equipment supplied to an Italian firm by Huawei. This includes internet routers which were alleged to have hidden back doors transmitting data to remote servers located in China.

However, a story published in Bloomberg says that the technical flaws were resolved back in 2012 and the susceptibility which the Vodafone is referring happens to be of Telnet- a protocol that is commonly used by vendors for performing diagnostic functions.

But US intelligence claims that Beijing could have asked Huawei to install backdoors in its 5G equipment supply so that the government can conduct eavesdropping in companies where the equipment is used to know secrets and to create ripples in the political stream.

Meanwhile, despite falling into the center of the debate about the company’s trustworthiness in offering 5G network equipment, Huawei has released its new P30 Pro mobile phone which is loaded with an Octa-core HiSilicon Kirin Processor of 8GB Ram and 6.47 inches drop notch display. It comes loaded with a 40MP+20MP+8MP camera at the rear and 32MP camera at the front.

Huawei P30 Pro’s sales might be restricted to Asian countries as almost all western nations except the UK are not in a mood to shrug off the alert issued by Trump Administration last year.

Note – Vodafone UK has started offering a trade into the populace of Britain who chose to exchange their old devices in working condition for a new Huawei Pro series of smartphones. But the exchange model comes with certain conditions.

The post Vodafone updates that it knew Huawei 5G espionage secrets 10 years ago appeared first on Cybersecurity Insiders.


May 01, 2019 at 10:40AM

Oracle Weblogic Servers are vulnerable to ransomware attacks

Cisco Talos security researchers have made a recent discovery that a zero-day vulnerability in Oracle Weblogic Servers is making them susceptible to ransomware attacks. Hackers are reported to be using the vulnerability to install a new strain of ransomware called Sodinokibi along with some versions of GandCrab ransomware.

What’s astonishing in the recent discovery is that web servers of Oracle often sit between frontend and backend applications leaving limited or no scope for interceptions. These servers do a job rerouting web traffic from backend apps to the front end apps- acting as middleware tools.

Researchers from the Cybersecurity firm Cisco Talos say that the campaign is similar to the one which targeted Magento or Drupal websites last year.
“It is like installing ransomware on web servers”, said Jason Schultz, the Technical Leader at Cisco Talos.

He added that in such incidents the scope of attack impact is severely limited as the servers can have backups, logs and even packet captures of abnormal activity which can be later analyzed by security teams.

Schultz says that his team of security analysts has discovered that attackers are seen exploiting CVE-2019-2725, a zero-day flaw in Weblogic’s WLS9_ASYNC and WLS-WSAT components.

Therefore, all Oracle Weblogic Server owners are requested to keep their OSes well updated with the latest patches.

Note- Cisco Talos feels that Sodinokibi ransomware was developed by hackers on a recent note. And since the impact scale of the developed ransomware is unknown, they chose to distribute GandCrab Ransomware in order to raise the threat severity.

The post Oracle Weblogic Servers are vulnerable to ransomware attacks appeared first on Cybersecurity Insiders.


May 01, 2019 at 10:38AM

PRODUCT REVIEW: TrueSight Cloud Security by BMC Software

Today, we are reviewing TrueSight Cloud Security from BMC Software. TrueSight Cloud Security is a SaaS based cloud security and compliance solution with automated scanning and remediation which manages cloud resource configurations consistently, securely, and with an audit trail. The platform also secures containers and container orchestration at the cluster, host, daemon, image, and container level.

Cloud security is a struggle for most enterprises: app complexity and velocity of change, across multiple cloud platforms, hundreds if not thousands of accounts, consuming innumerable resources. Managing this complexity and scope is well beyond human scale.
Cloud resources must be configured appropriately if they are to be secure. Customers need a means of visualizing their entire multicloud security posture automatically, from a single tool, not dozens. They need a built-in means of remediating security gaps automatically once they are found. TrueSight Cloud Security automates security checks *and remediation* of cloud resource configurations, so that they are consistently, securely configured across the organization’s entire cloud estate.

Key Capabilities

TrueSight Cloud Security delivers on all these fronts by automating policy-based cloud configuration security of the IaaS and PaaS resources and containers. Automated compliance checks and remediation for nearly any cloud asset further eliminates the manpower bottleneck so customers can make security agile.

Some of the key capabilities of the BMC cloud security platform include:

  1. Automated Cloud Security Posture Management. Designed for the cloud, in the cloud, to provide consistent, secure configuration of cloud-native PaaS and IaaS resources across cloud platforms, accounts, and apps.
  2. Full-Stack Container Security. From the Kubernetes cluster down to the Docker container, organizations can secure the entire container stack of their microservices.
  3. Enterprise Capabilities. Organizations can intelligently prioritize their security backlog. Manage exceptions, alert notifications, and reports. Integrate to change and incident management systems.
  4. Rapid Value Realization. Extensive library of out-of-the-box policies and remediation simplifies getting started. Organizations can quickly create any custom compliance or governance policies within the solution. Because it is SaaS, there is nothing to install. Users can simply subscribe and connect, and you can begin plugging cloud security gaps right away.

In a nutshell, the solution delivers three compelling benefits to organizations: (1) total visibility of their multi-cloud security posture with automated security checks, (2) diminished risk of cloud security failure with automated remediation, and (3) increased productivity of IT ops staff through automation of previously manual tasks.

INSERT VIDEO

About BMC Software

BMC helps customers run and reinvent their business with open, scalable, and modular solutions to complex IT problems.  Bringing both unmatched experience in optimization and limitless passion for innovation to technologies from mainframe to mobile to cloud and beyond, BMC helps more than 10,000 customers worldwide reinvent, grow, and build for the future success of their enterprises, including 92 of the Forbes Global 100.

More information: www.bmc.com

Try It Free:  https://www.bmc.com/forms/truesight-cloud-security-trial.html

Watch the 2-minute explainer video: https://youtu.be/KXQiZT6coYM

The post PRODUCT REVIEW: TrueSight Cloud Security by BMC Software appeared first on Cybersecurity Insiders.


May 01, 2019 at 03:25AM

New Electrum DDoS botnet steals $4.6M after infecting 152,000 hosts

By Ryan De Souza

The majority of the bots are located in Brazil and Peru but the number of victims is constantly increasing across diverse regions. Threat actors who previously targeted cryptocurrency wallets through Distributed Denial of Service (DDoS) attacks have now launched another malware loader to facilitate their botnet Trojan. This time, they have used the Smoke Loader […]

This is a post from HackRead.com Read the original post: New Electrum DDoS botnet steals $4.6M after infecting 152,000 hosts


May 01, 2019 at 12:43AM

The Bitglass Blog

When words like cyberattack are used, they typically conjure up images of malicious, external threats. While hackers, malware, and other outside entities pose a risk to enterprise security, they are not the only threats that need to be remediated. 

Insider threats, which involve either malicious or careless insiders, are another significant threat to corporate data that must be addressed. Fortunately, Bitglass has the latest information on this topic. Read on to learn more.

The post The Bitglass Blog appeared first on Cybersecurity Insiders.


April 30, 2019 at 09:09PM

(ISC)² Secure Summit EMEA in Review

Isc09-d3-closing-wesley-video-still-08On April 16, at the World Forum in The Hague, The Netherlands, (ISC)2 COO Wesley Simpson provided closing remarks to summarize some of the key sessions from the two-day Secure Summit EMEA event as it was wrapping up. To give you a window into the kinds of topics addressed during the Summit, what follows is an excerpt from his address.

[Edited for length]

Now, to close out the 2019 (ISC)² Secure Summit EMEA, let’s take a few minutes to look back at what we can take away from this year’s event.

I’ve had a chance to speak with many of you while we’ve been here this week, discussing the future plans for (ISC)², your excitement about our certifications and the changing cybersecurity landscape.

I really appreciate both the warm welcome our members and delegates here in Europe have given us, and value the feedback and candor you’ve shared.

The last three days have taken us on a journey into the inner workings of cybersecurity – from the technical to the complex regulatory, legal and professional challenges that we tackle every day.

Our workshops started this journey, dropping us deep into the world of GDPR and the public cloud.

Understanding the wide-ranging implications of a data breach in order to prevent one, and to ensure legislative compliance, is a powerful skillset to have at your disposal. The exercise we ran here on Sunday was a fascinating opportunity to experience, make mistakes and learn in a safe simulation environment.

We’ve had a clear reminder, both in our keynotes and throughout our sessions, that cybersecurity is not just a technology consideration, it is a people issue as well.

Dr. Jessica Barker explained how pessimism about cybersecurity can needlessly hold us back as professionals. We may be under constant pressure to keep our environments safe from cyber threats, but we also need to remain optimistic about the future — the potential for technology, knowledge and creativity to help us in combating challenges we face and keeping users, data and systems safe and secure.

And the importance of people in everything we do doesn’t stop there. There’s a lot we can learn from the experiences of polar explorer Felicity Aston, who was good enough to join us here on Monday. I’m sure her address on leading people into some of the most difficult and unfriendly terrain on the planet sounded very familiar to many of you.

The terrain may be digital, but it’s just as challenging. The importance of having the right mentality, outlook and intestinal fortitude is as important in security as it is in polar exploration.

Again, thank you to Felicity for a story not only about the importance of people, but also for showing us the value of diversity in a group of people, and how it can amplify the skills and creativity within a team.

The people theme continued in our conference tracks, where the role of professional development was at the forefront of day one. We learned more about the role of positive security, engaging with the small and medium-sized business community about information security, and dealing with security crisis management – which is all about us as people and how we react and respond to a difficult situation.

We also looked at the impact of social engineering on users, and what we can do to help protect them from the onslaught of phishing and other scams designed to trick unsuspecting individuals. We tackled incident forensics in a series of talks that looked at the steps needed to place your organization into a forensic mindset. Also, we discussed using a playbook to respond to incidents in a repeatable and transferrable manner.

Yesterday, we also had a glimpse of the future.

We took a deep dive into the world of blockchain and debated how much it will change things. Either way, the blockchain revolution is taking hold. As Joseph Carson covered, the blockchain hotbed of Estonia is embracing the technology as a means to improve information security and identity management for everything from voting to healthcare to banking. It’s clearly a technology we’ll be watching closely.

Our future gazing didn’t stop there, as Lorna Trayan took us through a range of future technologies that have major implications for cybersecurity professionals, including AI and quantum computing.

Last night’s networking reception was a chance to relax, reflect and network. It was great to spend time with so many of you at the museum and discuss what we’re doing to support you and add value to your (ISC)² membership. And of course, we also had a chance to explore some really great art exhibitions.

With The Hague being the home of Europol, the International Criminal Court and many other legal and policing bodies, I know I found today’s sessions on the role of law enforcement in cybersecurity particularly eye-opening . . . especially hearing what the City of London Police is doing through its Cyber Griffin team to educate and inform.

The work of police officers to teach people the basics when it comes to protecting themselves online is hugely valuable, and it’s work that we as cybersecurity professionals can support with information sharing, vigilance and evidence gathering.

On the flip side, enterprise victims taking matters into their own hands after an attack was also put into stark focus for us earlier today. The world of so-called “hack backs” works hard to remain in the shadows, but poses real threats to all of us.

We’ve looked at the public perception of our industry and how to improve public understanding of what we do to protect users and data. We were reminded how mainstream opinion is shaped by the portrayal of cybersecurity in the media. It’s just one of the outward educational challenges we face as cybersecurity professionals – communicating within our organizations and our communities about the real threats posed by cybercrime, inadequate policies and bad cyber safety habits.

I was also incredibly inspired by the story of the Human Genome Foundation that Susanne Baars shared with us. We use the term disruptive technology a lot in this industry, but I think we can all agree that data insights into the human genome and its potential for improving global health and well-being is disruptive technology we all welcome.

A very special thanks to all of our speakers – for taking time out from your busy schedules to join us and to share your insights and experiences.

Together, your sessions are the DNA of the Secure Summit, and the education and guidance you’ve shared with your peers over the last three days will have a lasting effect on everyone. Ultimately, it will foster best practice and keep us all on track to maintain a safe and secure cyber world.

So, again, thank you for being here and for being the base on which this event is built.

And finally….

Thank you to all of YOU for coming. Thank you for participating. Thank you for being the best and brightest our industry has to offer. Thank you for everything you do to help create and maintain a safe and secure cyber world.

It’s been our pleasure to host you this week and we look forward to seeing you in London next year.

But for now, please join us in the Onyx room for closing drinks.

Thank you.

The post (ISC)² Secure Summit EMEA in Review appeared first on Cybersecurity Insiders.


April 30, 2019 at 09:09PM

Ransomware attacks which will grab your attention in 2019

Ransomware attack has stood as a top malware threat in 2018 and is predicted to dominate as same in 2019. According to a study made by security researchers over 1,100 different ransomware infections are found to be preying on innocent web users in the current cyber landscape.
 
So, Cybersecurity Insiders brings to you a list of the most popular ransomware attacks of last year which might probably target most of the online users in this year as well.

Bad Rabbit– It’s one of the most popular ransomware attacks which have infected enterprises operating in Russia and Europe so far. It is basically in disguise as an adobe flash installer which drives by download on compromised websites. Hackers are seen using the said malware by injecting it into a Webpage in the form of a javascript. And once a victim clicks on the malicious installer, his/her PC or entire database locks down. Usually, those spreading this ransomware are found demanding $280 in Bitcoin and offer a 40-hour deadline for payments to make. Currently, a decryption key for this ransomware is not available.

Cerber– This ransomware variant is available on the dark web as ransomware as a service(RaaS) and demands 40% of profit share from those who are distributing it. It mainly targets Office 365 users via a phishing campaign and has so far infected millions of computers on a global note. Cerber is spread when an infected Microsoft Word document is sent as an attachment via email and when a user clicks on an infectious link. Presently, no free decryption key is available for this malware variant.

LockerGoga– This ransomware variant is seen mainly circulating on networks associated with manufacturing and industrial sectors and Altran & Norsk Hydro are few of the noted victims. The highlight of this ransomware is that it not only locks down a database but also wipes the encrypted data if the victim fails to follow the instructions. However, the good news is that all noted anti-malware solutions can detect this malware in time.

Ryuk- This is a ransomware variant which is seen spreading since Aug 2018 and the developers of this malware are reported to have gathered over $4.31 million in BTC from over 83 payments. RYUK ransomware spreaders mainly target only those companies which are large when it comes to yearly turnover and headcount. Ryuk encrypts its victim files with a robust military algorithm such as a ‘RSA4096’ and ‘AES-256’ and demands a ransom ranging between 15 to 50 bitcoins. A report published in Reuters says that the authors of the RYUK ransomware are based in Russia and a free decryption key is yet to be devised.

SamSam- This ransomware strain has so far targeted critical infrastructure of hospitals, healthcare, city municipalities, and industrial sector. Hackers are seen spreading this malware using Remote Desktop Protocol which goes undetected mostly. A cybersecurity firm from the UK says that the hacking groups involved in spreading SamSam Ransomware have succeeded in garnering over $6 million in ransom payments- demanding a minimum of $50,000 in BTC and causing over $60 million loss to victims.

The post Ransomware attacks which will grab your attention in 2019 appeared first on Cybersecurity Insiders.


April 30, 2019 at 08:59PM

Sensitive data of 80 million US households exposed online

By Uzair Amir

The 24 GB database was hosted on a Microsoft cloud server. Another day, another data breach; this time researchers have discovered an unprotected cloud repository containing personal and financial information of more than 80 million US households. This incident reminds us of two similar breaches in which highly sensitive data of 200 million and 82 […]

This is a post from HackRead.com Read the original post: Sensitive data of 80 million US households exposed online


April 30, 2019 at 08:30PM

Norsk Hydro ransomware attack costs $52 million

Norway based aluminum manufacturer Norsk Hydro has released a press statement today which says that the company could have incurred $52 million or 450 million Norwegian crowns in the 1st quarter.

Sources say that the malware attack has made the Oslo based firm to postpone its Q1 earnings update to June 5th this year as several of its restore systems pertaining to reporting, billing and invoicing have to be brought back to normalcy.

Norsk Hydro which is the producer and supplier of lightweight metals has mentioned in its media update that it has a cyber insurance policy on hand and so the more than half of the incurred losses can be covered from the policy cover.

The Norwegian National Security Authority along with the state law enforcement has said that the aluminum producer was hit by LockerGaga Ransomware variant which encrypted files in March’19 until a ransom demand is paid.

Sources reporting to Cybersecurity Insiders say that the company’s Extruded solutions section which offers aluminum for manufacturing of cars and construction material was severely hit by the attack. 

Prima facie reveals that the external sales volume of Extruded Solutions is said to have fallen from 333,000 tonnes in the 1st quarter from 362,000 tonnes in the same quarter of 2018.

Note- Ransomware is a kind of a malware variant which locks down files from access in a database until a ransom is paid to hackers. FBI is advising all victims of ransomware not to bow down to the demands of hackers as it will encourage crime and will also offer no guaranty that the decryption key will be surely given to the victim after receiving the payment.

The post Norsk Hydro ransomware attack costs $52 million appeared first on Cybersecurity Insiders.


April 30, 2019 at 02:37PM

Phishing attack on the mobile version of Google Chrome users

All those using the mobile version of Google Chrome are hereby requested to make a note of a phishing scam which is taking place in the current cyber landscape. According to a recent media update given by developer Jim Fisher, hackers are seen using a mix of coding and screenshot techniques to trick chrome users into giving up their private info such as passwords and credit card info.

Fisher said that the scam has been dubbed as ‘inception bar’ which targets Android mobile users for chrome by using fake address bars that not only use legitimate website names, but also SSL certificates for authenticity.

But in reality, these websites are fake and are created by cyber crooks to steal vital info from users.

“Hackers are using coding techniques to camouflage malicious webpages into legitimate ones and steal important info and in near future, the attack vector can become more sophisticated leading to more crises in the web world”, says Fisher.

James Fisher says that the only way to check whether your phone is compromised is to first lock your phone and then unlock it. In this way, Chrome for Android will be allowed to show the real address bar and leave the fake one- displaying two search browsers which are a sign of an attack.

Note 1- In the past couple of years, Google has added many features to its chrome bar which alerts users when they are browsing a potentially harmful website.

Note 2- In Feb’19, research firm StatCounter released an estimate that Chrome occupies 62% of browser market share on a global note across all platforms. But the fact is that the browser is being offered as a bundled default version on all Android OS loaded devices from the past 4 years.

The post Phishing attack on the mobile version of Google Chrome users appeared first on Cybersecurity Insiders.


April 30, 2019 at 02:35PM

Monday, April 29, 2019

Change your password: Docker suffers breach; 190k users affected

By Uzair Amir

Microsoft says its official Microsoft images hosted in Docker Hub have not been compromised. The company behind Docker, a computer program developed to manage operating-system-level virtualization has announced that it has suffered a data breach and as a result, one of Docker Hub databases have been accessed by unknown hackers. The attack was detected on […]

This is a post from HackRead.com Read the original post: Change your password: Docker suffers breach; 190k users affected


April 30, 2019 at 04:42AM

5 Cybersecurity Best Practices You Should Be Following Right Now

By Owais Sultan

If you have a business and you don’t have an online presence, you’re handicapping yourself. That’s just how it is today. Without harnessing the power of the internet and social media, you’re losing out on a substantial number of customers. But putting yourself and your business out in the digital world exposes you to threats. You […]

This is a post from HackRead.com Read the original post: 5 Cybersecurity Best Practices You Should Be Following Right Now


April 29, 2019 at 08:09PM

Apple Card and the future of payments

On March 25th 2019, Apple unveiled plans to release a new branded payment offer called “Apple Card” as part of its plans to boost its services business. Apple is increasing its portfolio of services with multiple new announcements in addition to the Apple Card, such as Apple News+, Apple Arcade and Apple TV+.

Apple Card, which is set to launch in the US this summer, comes first in Apple Wallet for Apple Pay payments in store, in-app and in-web. It has been created with Goldman Sachs as the issuing Bank and MasterCard as the payment scheme. In addition to the Digital Card, Apple Card will also come as a standard ISO credit card, made of Titanium with the EMV chip for contact mode payments at the Point-of-Sales terminal.  The card is not expected to support contactless payments (Apple likely wants its users to use Apple Pay for that). PAN and CVV are not displayed on the card but are available in the Wallet app for online purchases at eMerchants not accepting Apple Pay in-app or in-web yet. Apple CEO Tim Cook mentioned during the keynote that the total number of Apple Pay transactions (at stores, in-app or in-web) should pass the 10 billion mark in 2019. This is about 20 times less than the total amount of cards payments, at store or online in 2018. Having a physical card in addition to a digital card will clearly increase the number of transactions that this new Apple Card offer will be able to reach.

There were no comments during the March 25th keynote about the user experience for card activation. With the introduction of the NFC reader mode in iOS12 last fall, many observers anticipate a solution whereby a simple tap of the physical Apple Card on the iOS device where the digital version of the Apple Card is installed could offer a simple, seamless journey for activation. Cardholders in Regions like Europe do activate their cards today using PIN at the first ATM or POS transaction.  For the US market where credit cards don’t use PIN, alternatives to current IVR or web based solutions could be foreseen.

Cards and Mobile complement each other

The first strong take away is that, for any given payment solution to get significant usage, cards are still the only way to connect billions or consumers with millions of merchants in the years ahead.  Innovative payment solutions bring value, but none of those will totally displace card payments anytime soon.  My first impression on March 25th when discovering the ISO credit card version of the Apple Card is that it brings tremendous recognition to the EMV card industry. We strongly believe that a rich customer experience comes with the combination of mobile and card to get a seamless, broad and enjoyable payment experience.

Continuing the metal card trend

Perhaps most interestingly, Apple has chosen to create its EMV card using titanium, a trend we have seen increasing in popularity. Like our own range of metal EMV cards, which are now being used by payments card firm Curve. The EMV card industry is increasingly using metal for high-end cards segments.

The ISO version of the Apple Card is made entirely from metal, rather than a hybrid of metal and PVC like 4 out of 5 Gemalto cards in our Metal Cards portfolio. This means the card will not support contactless payments. Such transactions are using the NFC Card Emulation mode whereby the terminal powers the card via magnetic induction via a large coil (antenna) embedded in the card body. Metal cards can support contactless payments when at least on side of the card is made of plastic.Apple Card users can use the digital version of their card, in conjunction with the Apple Pay mobile payment service, for contactless payments at the Point-of-Sales terminal.

Accelerating Digital Payments for e-commerce

The ISO version of the Apple Card comes with no PAN and no CVV on the card body, but these data are available in the Wallet app for online purchases. In addition, Apple Pay payments in-app and in-web are increasingly adopted by eMerchants, accelerating the trend for new Digital Payments for eCommerce.  Gemalto also brings solutions such as DCV (Dynamic Code Verification) to protect cardholders from skimming frauds. Malicious web sites managed by skimmers are more likely to put PAN, CVV and expiration date data at risk than the card body itself.

Biometrics for Apple Card:  only for the Wallet App version today

The decision not to include cutting-edge biometric technology on the physical card is an interesting move by Apple. We believe that biometric technology on credit cards enhances both their convenience and security, hence why we developed our own biometric EMV card with a built in fingerprint sensor. On the US market, cardholders are used to credit cards with no PIN entry at the Point-of-Sales.  In most other regions in the world, Chip&PIN is used and the trend we observe is to use fingerprint in lieu of the PIN code.

The bottom line is that, on March 25th, I personally took the announcement of the new Apple Card as another strong proof of EMV cards value for a complete, universal payment experience. The fact that the ISO version of the Apple Card is using metal is also, to me, great news for the ongoing trend to adopt metal for high-end payment cards. Innovation in Digital payments for eMerchants is also something we like to push for.

Bottom line, a great day for the EMV cards industry and for the payment industry at large.

What do you think of the new card? Let us know in the comments or by tweeting @gemalto.

The post Apple Card and the future of payments appeared first on Cybersecurity Insiders.


April 29, 2019 at 09:09PM

Hackers targeting embassies with trojanized version of TeamViewer

By Ryan De Souza

Researchers believe the trojanized version of TeamViewer is being spread by a Russian speaking hacker. The latest report from Check Point reveals that multiple embassies in Europe were targeted with a trojanized version of TeamViewer. The embassies affected in the latest wave of attacks include Nepal, Lebanon, Italy, Kenya, Liberia, Guyana, and Bermuda. See: Hackers […]

This is a post from HackRead.com Read the original post: Hackers targeting embassies with trojanized version of TeamViewer


April 29, 2019 at 09:11PM

Biometric cards make UK debut in NatWest trial

The UK has officially begun a new era for payments with the introduction of its first biometric debit card. Available for use during a three-month trial period, 200 lucky NatWest and RBS customers will be able to verify their card purchases using their fingerprint instead of a PIN code, even on contactless transactions over £30.

The cards, based on Gemalto’s biometric payment technology, were launched at events held last week in London and Edinburgh where Gemalto representatives including Senior Vice president, UK Ireland and Switzerland,  Howard Berg and biometric card owner Frederic Martinez joined NatWest and Visa to reveal the cards to journalists and discuss the benefits they’ll bring to customers.

Above: Gemalto’s Howard Berg, NatWest’s Georgina Bulkeley and Visa’s Jeny Mundi at the London launch event

Those attending the London event had the chance to hear Howard talk about the benefits and security of the card, before Frederic explained how it works. They could see first-hand how a fingerprint is registered on the card, along with the opportunity to enrol their own fingerprint onto a card and take it away with them to use for the first time. You can watch the London Evening Standard’s video of the event here.

Gemalto also showcased a Photo Card Booth that displayed our Instant Issuance and AllAboutMe solutions. This allowed attendees to capture their photo holding biometric card props and then edit it, for example by inserting their name. These were then instantly printed on to a sample payment card as a memento of the launch.

Above: Gemalto’s Photo Card Booth, at the London launch event, allowing customization of sample cards that could be issued instantly

How will the biometric card trial work?

The launch of these debit cards in the UK has been highly anticipated, shown by the size of media presence at both the events, and represents the biggest development in card technology in recent years, according to NatWest and RBS.

Previous successful trials using our fingerprint technology in Cyprus, Lebanon and Italy have shown the many advantages of biometrics cards for consumers, which include greater convenience and increased security. Our partnership with NatWest and Visa to launch these cards has now started to make the adoption of biometric cards a reality across the UK, and will feature for the first time the possibility to enrol your finger on the biometric card at home, without having to visit a bank branch.

The biometric fingerprint sensor on the cards will make card payments at the till easier for the NatWest customers involved in the trial. Not only will it save them having to remember different PIN codes for their various cards, but it should also reduce queuing times in stores, as the technology will be quicker to use than the traditional chip and PIN method. If they want, the PIN code method will still be available for customers to use as a back-up.

The participants will also have the possibility to pay contactless over the £30 limit thanks to the fingerprint verification.

Above: Howard Berg discusses the benefits of the new card

Additionally, the card will reduce the risks associated with fraud for those involved in the trial as customers will no longer have to worry about people stealing their PIN code. And to ensure the cards are fit for purpose, the built-in fingerprint sensor is powered by payment terminals during transactions, meaning the cards work without needing an embedded battery.

Enrolment

The fingerprint enrolment process is quick and easy and, using our new technology, can be done at a customer’s own home for the very first time.

To complete the registration process we have created a state-of-the-art enrolment sleeve that the card will need to be inserted into to begin. Then, it is simply a case of presenting your finger on the card’s sensor several times until a green light on the card flashes 3 times. Once you take the card out of the sleeve, the enrolment is done.

Above: enrolling a fingerprint onto the card

After registering your fingerprint on the card, you’ll be asked to enter the PIN code during the first payment in order to prove that you’re the right cardholder and to activate the fingerprint verification feature with your registered template.

We have also made the data on the cards as secure and private as possible by ensuring that there is no central database controlled by the bank that contains their customers’ sensitive information.

The future

In the future, we hope the cards can be adopted across the nation, especially as more than half of UK consumers declared they’d use the biometric payment card if it was available from their bank today.

We’ll be back on the road with the new card later this week, at another event in Scotland with RBS to show media there how the card works, and what benefits it will bring.

What would you think these new biometric payment cards? Are you keen to get your hands on one? Let us know by tweeting to us @Gemalto.

The post Biometric cards make UK debut in NatWest trial appeared first on Cybersecurity Insiders.


April 29, 2019 at 09:08PM

Heavy Industrial Companies Grapple with Cybersecurity Problems

Companies in heavy industrial industries such as mining, oil and gas, electricity and chemicals have become a major target for cybercrime. But securing these companies is complicated as they must not only protect their IT infrastructure but also their OT (operational technology) assets.

Cybersecurity solutions and tools that work in IT environments do not transfer well to the OT side, potentially harming industrial devices. “Even merely scanning these devices for vulnerabilities has led to major process disruptions,” according to a recent McKinsey article.

But even though the same tools aren’t effective for both environments, links between OT and IT are creating vulnerabilities that need to be addressed. Industrial cybersecurity vendor CyberX has found that 40% of industrial sites have at least one direct public internet connection, and 84% have at least one device that is remotely accessible.

Breaches have already occurred. In 2018, nearly 60% of heavy industrial organizations in a Forrester poll reported that they had experienced an OT breach. Documented cases of breaches include the 2015 and 2016 attacks on an Eastern Europe power grid that caused a blackout for 230,000 people. In 2017, a Middle Eastern petrochemical plant’s industrial control system (ICS) was attacked in an attempt to cause an explosion.

Unique Security Challenges

The McKinsey article addresses unique security challenges that heavy industrials are facing, including their drive toward digital transformation. “When building the business case for these transformations, leaders often overlook the cost of managing the associated security risks. Security is not often a central part of the transformation, and security architects are brought in only after a new digital product or system has been developed.”

As a result, security tools are bolted on and less effective. Sometimes users circumvent them because they can be cumbersome.

Other unique challenges are the difficulty of securing highly customized, geographically distributed industrial infrastructures and exposure to third-party risks. Heavy industrials rely on OEMs to maintain and update their equipment, creating security blind spots. Contracts with OEMs typically don’t include cybersecurity reviews and buyers aren’t diligent about changing those contracts or adopting extra security measures when available.

“Several heavy industrials have reported that third parties frequently connect laptops and removable storage devices directly into the OT network without any prior cybersecurity checks, despite the obvious dangers of infection,” the article says.

Beyond technology, heavy industrials are facing a challenge that affects every other industry – a cybersecurity skills shortage. (ISC)2 estimates the current gap between skilled professionals and a ICS-lexicon fully staffed global cybersecurity workforce is nearly 3 million worldwide. “The problem is worse for heavy industrials, which need to staff both IT and OT security teams, and to attract talent to remote operational locations,” the McKinsey article says.

Emerging Solutions

McKinsey says heavy industrials, with the exception of U.S. electric production and distribution companies, have been slow to invest in cybersecurity for both IT and OT. That may be changing as OEMs and some startups introduce OT security technologies. Some of the solutions coming to market include:

  • Unified identity and access management
  • OT network monitoring and anomaly detection
  • Asset inventory and device authorization
  • Firewalls that block network access to attackers after one section is compromised

As these technologies are introduced, heavy industrials will be able to bridge the gap between OT and IT security. For more information on industrial security systems, check out (ISC)2’s ICS Lexicon.

The post Heavy Industrial Companies Grapple with Cybersecurity Problems appeared first on Cybersecurity Insiders.


April 29, 2019 at 09:08PM

Ransomware attack disrupts Sunday Newspaper edition of The Watertown Daily Times

A ransomware attack which took place on The Watertown Daily Times is said to have encrypted the database of the media company on a partial note. Highly placed sources say that the malware attack led to the disruption of the Sunday and Monday edition of printing and distribution of the daily edition, but did not compromise any info related to personal subscribers or advertisers data.

Cybersecurity Insiders learned that the hackers managed to intercept the database of the Johnson Newspaper Corp, impacting the servers used for the content sharing of newspaper editions to be distributed in Hudson, Massena, and Watertown.

Security analysts investigating the incident confirmed that no data related to the one hosted on the newspaper website, subscriptions and emails was affected.

Nate Nichols, the IT Manager of the Johnson Newspaper Corporation has confirmed the incident and said that the cyber attack wasn’t launched to compromise any personal data.

RYUK Ransomware variant is said to have encrypted the database of the media corporation on Saturday afternoon and the malware virus could have sneaked into the network via a phishing email attack.

For the Sunday and Monday editions, readers could access the content related to comic section, Life&Livelihood, and NY Auto Finder. The main news sections, sports, and Sunday weekly were available for reading on a partial note- despite the efforts of the IT staff who reportedly worked all through the Saturday night to bring back the services to normalcy.

NOTE 1- In a research conducted by Forbes, cyber crooks who are seen distributing RYUK ransomware have so far succeeded in reaping in $ 4 million in less than a year from private firms and individuals.

NOTE 2- Founded in 1861 in Watertown, New York, the Watertown Daily Times offers news coverage in Jefferson County, Lewis County, St Lawrence County, and Watertown. It is owned by Johnson Newspaper Corporation which has also recently invested in radio and TV stations broadcasting live news coverage.

The post Ransomware attack disrupts Sunday Newspaper edition of The Watertown Daily Times appeared first on Cybersecurity Insiders.


April 29, 2019 at 09:02PM

Ransomware attack on Cleveland Hopkins International Airport

A ransomware attack on Cleveland Hopkins International Airport is reported to have disrupted operations pertaining to baggage and flight booking since last Monday. But fortunately, no personal info was accessed by hackers and critical operations at the airport remained unaffected.

Frank Jackson, the Mayor of Cleveland has confirmed the impact of the malware on the database of the airport terminal and added that the incident has now been contained and the suspects behind the incident are being tracked down.

FBI is reported to have been investigating the attack and the severity of the infection and the disruption estimate are yet to be analyzed.

Highly placed sources say that the malware was detected first on April 21st, 2019 disrupting the flight info display, baggage info display, and email systems. As of now, details of ransom demand are yet to be disclosed to the media. And the extra staff has been deployed to sort of airport operations manually till May 1st, 2019.

Meanwhile, the news is out that an unknown malware has encrypted the entire database of Air India (AI), an Indian government-owned airline carrier delaying more than 91 national and international flights and stranding more than 8000 passengers at the airports located across India.

As a result of the disruption, flight cancellations made at the domestic level and international level is getting delayed adding more agony to the stranded passengers at the airport.

So, far the airliner has canceled more than 470 flights per day out of 670 flight services it operates on a daily basis.

SITA, an IT operations provider for Air India (AI) denied the news reports that the disruption was caused by ransomware. However, an AI source familiar with the entire situation confirmed the news and said that IT breakdown could make the airliner report losses in the third quarter.

The post Ransomware attack on Cleveland Hopkins International Airport appeared first on Cybersecurity Insiders.


April 29, 2019 at 02:33PM

Google bans apps developed by Chinese company Baidu

Google has made it official that it will be blocking over 100 apps developed by Chinese company ‘Do Global’ which is partly owned by internet service provider Baidu. The Alphabet subsidiary came to this decision after its security engineers reported that the applications developed by ‘Do Global’ and having over 600 million installs on their app store were found circulating malware and acting as access points to launch cyber attacks.

So far, over 46 apps were already removed from the play store as the internet juggernaut intends to cancel the app inclusion rights of the Chinese provider in the next few days.

“Malicious behavior and policy violations are strictly not entertained by Google and so Do Global will now not be allowed to monetize its app with AdMob or publish on Play store from this month end”, said a spokesperson from Google on Friday.

In the meantime, the subsidiary of Baidu claims that the policy changes might affect its 800 million user base coming from Android ad platform. Also, the company claims that they have started to conduct an investigation in this matter over the AdMob Advertisement irregularities.

Note- Apps from noted Chinese developers will also be facing the ban threat in coming weeks as Google has decided to take stringent action against large scale companies for abusing user permissions. In most cases, the web services giant discovered in its internal audit that most of the Chinese apps were collecting user info and were sending to remote servers in China. TV Remote apps, gaming apps, kids entertainment app and Flashlight apps developed by Chinese companies are about face special scrutiny from Google in the coming days.

The post Google bans apps developed by Chinese company Baidu appeared first on Cybersecurity Insiders.


April 29, 2019 at 02:31PM

Sunday, April 28, 2019

How to Respond to a Cyber Attack on Your Business

By Ryan De Souza

Cyber security affects businesses of all sizes, and in every industry. Today it is a board-level agenda item, which has been placed at number three on the Lloyds Risk Register (2013). When it comes to dealing with a cyber attack, every single person involved with the business should be concerned. It affects every team and […]

This is a post from HackRead.com Read the original post: How to Respond to a Cyber Attack on Your Business


April 28, 2019 at 02:50PM

Saturday, April 27, 2019

Watch as hackers send explicit messages to hacked e-scooter riders

By Uzair Amir

Lime believes that hackers somehow managed to swap the audio files on eight of the e-scooters. Lime, a Brisbane-based scooter manufacturer, has been testing its E-Scooters on the streets of Brisbane but sadly, the gadgets are in the news for all the wrong reasons. Reportedly, eight e-scooters manufactured by Lime have been taken off the […]

This is a post from HackRead.com Read the original post: Watch as hackers send explicit messages to hacked e-scooter riders


April 28, 2019 at 03:32AM

7 Times Apple Watch Saved Lives

By Uzair Amir

Technology is advancing day by day to make human life better and safe. This advancement in the technological fields are beneficial if used positively and can be extremely harmful when used in a negative way. It’s in the user’s hand whether to use it for beneficial purpose or for harm to his and other’s life. […]

This is a post from HackRead.com Read the original post: 7 Times Apple Watch Saved Lives


April 28, 2019 at 12:46AM

Best VPN for Torrenting

Is torrenting illegal? Can the government take legal actions against you if you begin torrenting? These are questions people ask every day. The conclusion is basically you cannot be arrested for simply using the service. However, legal action could be taken against you by a copyright holder. This is usually the case and copyright holders can be relentless. Is it worth the risk? Is an illegally downloaded movie worth dealing with legal action? The legal actions can range from a hefty fine to imprisonment.

Torrenting is different from downloading because you are not downloading an entire fire from one location.  Torrents are the collection of bits and pieces of the file from several to hundreds of different computers. The pieces are then compiled to create the full version. 

While torrenting you need to be able to protect your computer. Check out this compilation of the best VPN for torrenting. A VPN or virtual private network will hide your identity and allow you to access free from harm. It is important that you use a VPN that does not log your history. 

 

 

The post Best VPN for Torrenting appeared first on Cybersecurity Insiders.


April 27, 2019 at 11:16PM

Friday, April 26, 2019

CloudPassage named in Top 8 Cloud Security Solution Providers by Datamation

CloudPassage was named one of the Top 8 Cloud Security Solution Providers by Datamation, a property of eWeek. This is another in a series of awards and recognition for the Halo platform, along with a recent 5-star rating by SC Magazine.

Halo is an automated public cloud infrastructure security solution that delivers comprehensive visibility, protection, and continuous compliance monitoring for compute, storage, database, networking, and identity services to reduce cyber risk. In Datamation’s side-by-side product comparison, Halo was the only cloud security solution noted for its regulatory security and compliance policy use cases.

Recognized for a number of its core capabilities which are already helping organizations improve security posture and reduce risk. In his review, Sean Michael Kerner of Datamation, described CloudPassage Halo as “ideally suited to help organizations of any size identify and remediate cloud risks.”

In addition to touting the platform’s ability to provide security visibility across hybrid and multi-cloud environments, the review also highlighted Halos’s software vulnerability assessment and security configuration assessment capabilities as “key differentiators.” The publication included both a high-level overview and an in depth review of Halo as part of its comparison of the Top Cloud Security Solution Providers.

As more enterprises rush to reap the benefits of cloud computing as a way to optimize costs and resource utilization, many are finding new challenges in maintaining security and compliance. “Chances are, there is a vulnerability lurking somewhere in your enterprise’s cloud deployment, and by using CloudPassage Halo it’s more likely than not that you’ll find it,” added Kerner. Unlike point solutions that provide limited coverage for public cloud infrastructure, Halo finds critical risks other tools with its outside-in and inside-out security visibility of both the control plane and compute plane.

If you’d like to see how CloudPassage can provide security visibility and vulnerability assessment for your public cloud environments, take a test drive of Halo in our sandbox environment.

The post CloudPassage named in Top 8 Cloud Security Solution Providers by Datamation appeared first on Cybersecurity Insiders.


April 27, 2019 at 09:08AM

Thousands of firms hit by Beapy malware using NSA hacking tools

By Ryan De Souza

EternalBlue and DoublePulsar hacking tools are back in action. Symantec security researchers have identified that cybercriminals are still utilizing the classified exploits/hacking tools of the National Security Agency (NSA), which were stolen about two years back. The new malware has been dubbed Beapy by researchers. Beapy is a new malware that makes use of leaked […]

This is a post from HackRead.com Read the original post: Thousands of firms hit by Beapy malware using NSA hacking tools


April 26, 2019 at 09:44PM

Browser-based cyber attacks are surging up like Ransomware attacks

A recent survey conducted by RiskIQ says that browser-based cyber attacks are on rising and getting on par with ransomware and phishing with regards to seriousness. Researchers say that such attacks are appearing in different forms such as Magecart, Cryptocurrency mining, FingerPrinters, Waterholing and such were injecting malicious scripts is seen as a common feature in such attacks.

RiskIQ feels that many organizations are either unaware of such attacks or do not know about their severity.

Technically speaking there is a lot of info which can be exploited from such attacks like emails IDs, passwords, credit card numbers, phone numbers, addresses and browsing history.

So, hackers are seen exploiting more in this field in order to increase their profit margin.

How the browser-based cyber attack takes place?

We all know that Browsers rely upon a lot of 3rd party tools such as flash, javascript, ActiveX to perform various tasks and this is where cyber crooks are seen exploiting them to make money.

For instance, a browser-based attack led to the data breach of British Airways which is reported to have earned the cybercriminals $1.2 million.

So how to avoid becoming a victim of such attacks?

1.) Just make sure that you have an appropriate anti-virus/malware software installed on your PC and ensure that it is up to date with the latest security updates. Such proactive measures often help in stopping the execution of malicious code in initial attacks.

2.) Never click on suspicious email links coming from individuals as the link can act as an entry point for cyber crooks to exploit your network.

3.) If you feel the email is from a genuine contact, but not sure about the link; then just hover your mouse on the link and make conformity of the actual URL.

4.) While entering personal info like passwords and banking credentials make sure that the website URL begins with HTTPS link.

5.) Finally, awareness is key in saving your self from such attacks. So, better keep an update of the latest developments happening in the cyber landscape from time to time.

The post Browser-based cyber attacks are surging up like Ransomware attacks appeared first on Cybersecurity Insiders.


April 26, 2019 at 09:02PM

Best practices for securing your Azure SQL

This post was originally published here by gregg rodriguez.

Azure SQL enables you to maintain the security, integrity and consistency of your data, which is critical when customer information is at stake, but it requires using a new approach to security.

In Azure, you can have your SQL Server workloads running in a hosted infrastructure (IaaS) or running as a hosted service (PaaS). Within PaaS, you have multiple deployment options and service tiers within each deployment option. The decision between PaaS or IaaS comes down to deciding if you want to manage your database, apply patches, take backups, or if you want to delegate these operations to Azure.

In the Azure environment, Microsoft provides a secure foundation across physical infrastructure, and operational security, while you are responsible for the security of your application workloads, data, identities, on-premises resources, and all the cloud components that you control. This is referred to as the shared responsibility model.

You can ensure the security of your Azure resources by understanding the risks to misconfigured services and applying security best practices based on the shared responsibility model.

 What are the risks to misconfigured Azure SQL?

  • Restricted Server Access: If SQL Servers do not have restricted access from the Internet enabled, you will not be able to block unauthorized connections.
  • Data Encryption: If SQL Server Databases do not have transparent data encryption enabled you will not be protected against the threat of malicious activity through real-time encryption and decryption of the database.
  • Resource Locks: If SQL Server Databases do not use resource locks, your Azure resources will not be locked down and you will  not be able to prevent deletion or changing of a resource.
  • Auto Failover Groups: If SQL Servers do not use failover groups, you will not have the ability to manage replication and failover of a group of databases on a logical server or all databases in a Managed Instance to another region (currently in public preview for Managed Instance). It uses the same underlying technology as active geo-replication.
  • Database Auditing: If SQL Servers do not have auditing enabled you cannot ensure that all existing and newly created databases on the SQL server instance are audited.
  • Audit Retention: If SQL Servers do not  have auditing retention enabled for greater than 90 days, you will not be able to check for anomalies and get insight into suspected breaches or misuse of information and access.

How Halo Can Help Secure Your Azure SQL

Halo Can help you secure your SQL by ensuring that:

  • Restricted Server Access: SQL Servers do not have unrestricted access from the Internet to ensure that unauthorized connections are blocked from gaining access.
    • After creating your SQL Database, you can specify which IP addresses can connect to your database. You can then define more granular IP addresses by referencing the range of addresses available from specific data centers.
  • Data Encryption: SQL Server Databases have transparent data encryption enabled to help protect against the threat of malicious activity by performing real-time encryption and decryption of the database, associated backups, and transaction log files at rest without requiring changes to the application.
  • Resource Locks: SQL Server Databases are using resource locks to provide a way for administrators to lock down Azure resources and prevent deletion or changing of a resource.
    • These locks sit outside of the Role Based Access Controls (RBAC) hierarchy and, when applied, will place restrictions on the resource for all users. These are very useful when you have an important resource in your subscription that users should not be able to delete or change and can help prevent accidental and malicious changes or deletion.
  • Auto Failover Groups: SQL Servers are using failover groups that allow you to manage replication and failover of a group of databases on a logical server or all databases in a Managed Instance to another region (currently in public preview for Managed Instance).
  • Database Auditing: SQL Servers have auditing enabled to ensure that all existing and newly created databases on the SQL server instance are audited.
    • Auditing tracks database events and writes them to an audit log in your Azure storage account. It also helps you to maintain regulatory compliance, understand database activity, and gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations.
  • Audit Retention: SQL Servers have auditing retention configured for greater than 90 days enabled to ensure Audit Logs can be used to check for anomalies and give you insight into suspected breaches or misuse of information and access.

Photo:MageHit

The post Best practices for securing your Azure SQL appeared first on Cybersecurity Insiders.


April 26, 2019 at 08:33PM

THE TIME IS NOW TO BUILD ON WOMEN’S CYBERSECURITY GAINS

This post was originally published here by  (ISC)² Management.

There’s never been a better time to be a woman in cybersecurity than now. Granted, there are many gains to be made still, but recent research about progress already made by women in the field is very encouraging.

Although the industry is dominated by men, so many computing pioneers, such as the people who programmed the first digital computers were women. Ada Lovelace (1815–1852) is credited with being the world’s first computer programmer. She detailed applications for the Analytical Engine that relate to how computers are used today. Likewise, luminaries such as Grace Hopper, Katherine Johnson, Margaret Hamilton, Adele Goldberg, Stephanie “Steve” Shirley, Megan Smith have all made their mark on the IT industry.

Something changed in the 1980s, resulting in a staffing shift in the IT department. The ‘computer girls’ were replaced by male-dominated departments of computer enthusiasts who evolved into cybersecurity experts of today. It is time for women to take back their power with confidence.

Findings from the (ISC)² Cybersecurity Workforce Study 2018 show that women are succeeding in parlaying their education and professional certifications into positions of leadership in the profession. This is no small feat, considering female cybersecurity workers traditionally have comprised a very small portion of the overall cybersecurity workforce.

The survey found that female cybersecurity workers as a group are more educated than their male counterparts; 28% of women hold a cybersecurity or related graduate degree while the number of men with equivalent education is 20%. Higher levels of education are opening paths for women into leadership roles. Higher percentages of women have CTO jobs (7% of women vs. 2% of men), vice president of IT (9% vs. 5%), IT director (18% vs. 14%) and C-level executive (21% vs. 19%).

Currently, cybersecurity female professionals account for 24% of the overall workforce, compared to 11% in 2016, the last time (ISC)² polled for gender breakdown. Part of the difference owes to a change in research methodology but, nevertheless, it shows an upward trend for women.

Why Does It Matter?

Attracting more women to the cybersecurity profession is important for several reasons. It’s always a positive development whenever a profession dominated by one gender becomes more Women-in-Cybersecurity-Cover-3D-smallbalanced. It creates teams with more diversity, creativity and innovation.

Just as any other occupation, diversity has positive effects; it promotes, inclusive leadership, and new ways of thinking and problem solving. In the dynamic field of cybersecurity, which has to work incessantly to address new and evolving threats, innovation and creative thinking are valuable assets.

And let’s face it, cybersecurity needs women desperately. Currently, there is a worldwide cybersecurity skills gap of nearly 3 million. The cybersecurity profession stands no chance of addressing that gap without pulling qualified and vibrant, eager-to-learn female professionals. The same goes for people from a variety of ethnic backgrounds. The more diverse the field becomes, the more effective and successful it will be.

Reality Check

While gains made by cybersecurity professional are certainly noteworthy, we shouldn’t forget that a lot more work needs to be done. The industry, in partnership with academia and vocational institutions, needs to intensify efforts to attract women to the field. This should start early with STEM programs in schools that promote participation from girls as strongly as boys.

Women in cybersecurity also must help themselves by setting career goals and communicating them to their superiors, being assertive in vying for new opportunities, and continuing to educate themselves in the field by earning advanced degrees and certifications.

We need to build on the gains we’ve already made to get an equal seat at the table and make the cybersecurity field better and more inclusive. Cybersecurity is about understanding people. The more professionals we have who understand this, the closer we get to keeping the world a safe a secure cyber place. And no time is better than now.

Photo:GTG Technology Group

The post THE TIME IS NOW TO BUILD ON WOMEN’S CYBERSECURITY GAINS appeared first on Cybersecurity Insiders.


April 26, 2019 at 08:26PM

Thursday, April 25, 2019

Canada might ban Facebook in the region for breaching data privacy laws

The Canadian Data Watchdog has made it public that it might impose a ban on the operations carried over by Facebook (FB) in this region. The office of the Privacy Commissioner claims that the social media giant failed to keep up its public promise to mend its ways on handling its user data and addressing privacy concerns.

Daniel Therrien, the Privacy Commissioner of Canada said that the law doesn’t allow the governing agency to levy a financial penalty on the Mark Zuckerberg led company due to various concerns. But the Watchdog does have the right to take stringent action against the world’s leading social networking firm if it fails to mend its ways in handling data which it collects for users.

Mr. Therrien said that Facebook is refusing to act responsibly and sign a 5- year contract where it has to assure to submit audit reports on data privacy policies which it practices in its data centers- with regards to handling user data.

“If this continues, then we have taken stringent action against the operations carried out by the service provider in our region”, says Daniel Therrien.

Facebook is showing a lack of responsibility in handling people’s info and that means that the data is suspected to be exposed to potential harms.

Early this month, Canadian Democratic Institutions Minister- Karina Gould has issued a public statement that the government is thinking to regulate social media companies along with Facebook.

So, if FB fails to cooperate, then there is a high probability that a ban on its services can be imposed in Canada soon.

Although there is no official word from FB on the statement of Canadian Watchdog, a source familiar with the developments said that Zuckerberg’s company has/will always cooperate with the national governments to conduct its operations in the region smoothly.

The post Canada might ban Facebook in the region for breaching data privacy laws appeared first on Cybersecurity Insiders.


April 26, 2019 at 11:34AM

Ride-hailing app leaks personal data of millions of Iranians

By Ryan De Souza

The ride-hailing app database was hosted on an insecure MongoDB server. Another day, another data breach – This time, security researchers have identified a ride-hailing app exposing personal data of 1 to 2 million Iranian drivers, thanks to an insecure MongoDB database. The database (labeled named ‘doroshke-invoice-production) was discovered by Security Discovery’s researcher Bob Diachenko […]

This is a post from HackRead.com Read the original post: Ride-hailing app leaks personal data of millions of Iranians


April 26, 2019 at 02:07AM

Avengers: End Game leaked online soon after releasing in China

By Uzair Amir

Avengers: End Game has been leaked online because why not?  Marvel’s latest and perhaps the most anticipated flick ever to be released Avengers: End Game has become an object of controversy lately as hackers and cybercriminals are trying their best to benefit from the movie’s widespread, intense hype. See: Top The Pirate Bay Alternatives – […]

This is a post from HackRead.com Read the original post: Avengers: End Game leaked online soon after releasing in China


April 25, 2019 at 09:11PM

The Time Is Now to Build on Women’s Cybersecurity Gains

Deshini_newmanBy Deshini Newman, Managing Director, EMEA, (ISC)²

There’s never been a better time to be a woman in cybersecurity than now. Granted, there are many gains to be made still, but recent research about progress already made by women in the field is very encouraging.

Although the industry is dominated by men, so many computing pioneers, such as the people who programmed the first digital computers were women. Ada Lovelace (1815–1852) is credited with being the world’s first computer programmer. She detailed applications for the Analytical Engine that relate to how computers are used today. Likewise, luminaries such as Grace Hopper, Katherine Johnson, Margaret Hamilton, Adele Goldberg, Stephanie “Steve” Shirley, Megan Smith have all made their mark on the IT industry.

Something changed in the 1980s, resulting in a staffing shift in the IT department. The ‘computer girls’ were replaced by male-dominated departments of computer enthusiasts who evolved into cybersecurity experts of today. It is time for women to take back their power with confidence.

Findings from the (ISC)² Cybersecurity Workforce Study 2018 show that women are succeeding in parlaying their education and professional certifications into positions of leadership in the profession. This is no small feat, considering female cybersecurity workers traditionally have comprised a very small portion of the overall cybersecurity workforce.

The survey found that female cybersecurity workers as a group are more educated than their male counterparts; 28% of women hold a cybersecurity or related graduate degree while the number of men with equivalent education is 20%. Higher levels of education are opening paths for women into leadership roles. Higher percentages of women have CTO jobs (7% of women vs. 2% of men), vice president of IT (9% vs. 5%), IT director (18% vs. 14%) and C-level executive (21% vs. 19%).

Currently, cybersecurity female professionals account for 24% of the overall workforce, compared to 11% in 2016, the last time (ISC)² polled for gender breakdown. Part of the difference owes to a change in research methodology but, nevertheless, it shows an upward trend for women.

Why Does It Matter?

Attracting more women to the cybersecurity profession is important for several reasons. It’s always a positive development whenever a profession dominated by one gender becomes more Women-in-Cybersecurity-Cover-3D-smallbalanced. It creates teams with more diversity, creativity and innovation.

Just as any other occupation, diversity has positive effects; it promotes, inclusive leadership, and new ways of thinking and problem solving. In the dynamic field of cybersecurity, which has to work incessantly to address new and evolving threats, innovation and creative thinking are valuable assets.

And let’s face it, cybersecurity needs women desperately. Currently, there is a worldwide cybersecurity skills gap of nearly 3 million. The cybersecurity profession stands no chance of addressing that gap without pulling qualified and vibrant, eager-to-learn female professionals. The same goes for people from a variety of ethnic backgrounds. The more diverse the field becomes, the more effective and successful it will be.

Reality Check

While gains made by cybersecurity professional are certainly noteworthy, we shouldn’t forget that a lot more work needs to be done. The industry, in partnership with academia and vocational institutions, needs to intensify efforts to attract women to the field. This should start early with STEM programs in schools that promote participation from girls as strongly as boys.

Women in cybersecurity also must help themselves by setting career goals and communicating them to their superiors, being assertive in vying for new opportunities, and continuing to educate themselves in the field by earning advanced degrees and certifications.

We need to build on the gains we’ve already made to get an equal seat at the table and make the cybersecurity field better and more inclusive. Cybersecurity is about understanding people. The more professionals we have who understand this, the closer we get to keeping the world a safe a secure cyber place. And no time is better than now.

The post The Time Is Now to Build on Women’s Cybersecurity Gains appeared first on Cybersecurity Insiders.


April 25, 2019 at 09:08PM

Hong Kong’s Amnesty International hit by China’s APT Groups Cyber Attack

London based Amnesty International’s Hong Kong is reported to be reigning under the cyber attack from years and Chinese APT Group is suspected to be behind the campaign. The attack was discovered amidst growing concerns over Chinese global dominance in telecommunication networks- especially after the ban on Huawei’s 5G network equipment supply to different countries.

Highly placed sources say that the attack was detected when the human rights group chose to migrate its IT assets to a more secure international network. And as a part of the scheduled upgrade, auditing was conducted in which the fact that the equipment was sending data to remote servers located in China was detected.

IT experts identified the infiltration on March 15th of this year but chose to issue a public update after mentioning the same to the headquarters based in the United Kingdom.

Cybersecurity experts say that the equipment used in the Amnesty International’s Hong Kong office was supplied by a company which is being funded by Chinese intelligence. That means, all the whereabouts of the activity carried out on the IT infrastructure was probably being spied by the government of China.

APT Group aka Advanced Persistent Threats(APTs) cyber group has come under the scanner of western governments plenty of times. It was/is facing allegations of carrying corporate and political espionage overseas, which the group has denied so far.

“It’s an attack on the civil society and the NGO Community. And we are against such outrageous attempts to harvest information which is a clear cut violation of human rights”, said Man-Kei Tam, Director of Amnesty International Hong Kong.

Tam said that the investigation is still going on and the criminals behind the incident will be tracked down. He assured that no financial information was compromised in the cyber incident.

More details are awaited!

The post Hong Kong’s Amnesty International hit by China’s APT Groups Cyber Attack appeared first on Cybersecurity Insiders.


April 25, 2019 at 09:00PM

DNSpionage group’s Karkoff malware selectively pick victims

By Ryan De Souza

Karkoff creates a timeline of the command execution which can be “extremely” useful when responding to this type of threat. The IT security researchers at Cisco’s Talos threat research team have discovered a new malware that has been developed by the threat actors behind the infamous DNSpionage campaign – The researchers are calling it Karkoff, […]

This is a post from HackRead.com Read the original post: DNSpionage group’s Karkoff malware selectively pick victims


April 25, 2019 at 04:45PM

Wednesday, April 24, 2019

Follow these 3 mobile security measures to protect your Enterprise Networks

Following in-depth mobile security, the strategy can help protect your enterprise network from security, privacy, and compliance related cyber threats which often emerge from vulnerable mobile apps. It’s like strengthening the defense line against major threats which have the greatest potential impact and this simple move will help mitigate 80% of security risks.

But here arises the big question and that is on how to devise an in-depth security strategy….?

To make things easy for the corporate CTOs and CIOs; Cybersecurity Insiders brings to you 3 proactive measures to keep your organization isolated from the most prevalent risks in the cyber landscape. And those are as follows-

Choosing a more secure mobile device and OS- The foremost thing to keep in mind is to prefer a manufacturer and mobile OS that promptly pushes out security updates on time. So, here they are only two options for you- one is to use an iOS or an Android loaded device. In corporate environments where ‘Bring your own device (BYOD)’ mobility is prevailing, making such a decision always helps.

Configuring the device with MDM- A Mobile Device Management strategy also known as an Enterprise Mobility Management (EMM) tool also helps in managing employee mobile devices in a safe and secure manner. For instance, IBM MaaS360, MobileIron, VMware Airwatch, and Citrix XenMobile are some of the top-notch tools which have gathered the attention of the market with the highest number of positive reviews so far.

Here’ the functionality might differ a bit from vendor to vendor. But the objective remains the same- protect the device from all kinds of cyber threats by ensuring that the corporate policies are well incorporated along with a quarantining compromise option for non-compliant devices and app whitelisting and blacklisting capabilities.

Technically speaking an apt MDM solution helps admins to securely configure devices and set device usage policy levels in-line with the prevailing mobile app risks.

Involve in occasional auditing of apps- Some organizations especially those in the healthcare and manufacturing sector have over 50,000 apps in their MDM inventory. Time to time auditing of all such apps when it comes to security and privacy exposures will ensure that the digital assets in your enterprise remain isolated from the access of hackers.

Here’s where third-party mobile app vetting could help which can be subscribed for a premium. These systems often allow admins to feed into the EMM systems with info related to apps which can be whitelisted and blacklisted.

Such app vetting techniques can also help identify risky mobile apps in time before any data loss could take place.

Conclusion

When CIOs and company heads decide to put all such basic security measures in place, such initiatives will surely help in guarding the enterprise IT assets from all major cyber threats.

The post Follow these 3 mobile security measures to protect your Enterprise Networks appeared first on Cybersecurity Insiders.


April 25, 2019 at 10:29AM

Cyber Threat alert for those using Internet Explorer

A security researcher named John Page has discovered a flaw in Microsoft’s Internet Explorer (IE) browser which is reported to allow hackers to sneak into the victim files even if they are not using it.

John said that the said browser of Microsoft is vulnerable to XML External Entity Attack if in case a user opens a specially crafted.MHT file locally. The security research claims that when a victim opens such files, it will allow remote hackers to exfiltrate into the local files and conduct remote scouting on the program version info which is locally installed.

Readers of Cybersecurity Insiders should notify a fact over here that the IE browser has just a 7% usage rate in the world. But stats counter estimates that it has been installed on more than a billion computers running on Windows 7 and Windows 10.

As security researcher John claims that the vulnerability can expose even those who are not using the browser, the severity rate seems to be going full throttle.

What is the .MHT Threat in actual?

When the user of an online service saves a webpage, either manually or by tying CNTRL and S, it generally saves the webpage in .MHT format. And if users open the malicious.MHT file on their device it immediately launches the IE.

All modern day browsers save webpages in .HTML format. So, when a.MHT file is opened it automatically activates the IE.

Note- This is not the first time when Microsoft hit the news headlines for all wrong reasons when it comes to Internet Explorer. Last year, it issued a security alert when a security engineer from Google exposed a memory corruption in the IE which could be exploited by hackers who could later execute malicious code. Microsoft issued an immediate fix to it but did not say how many of the IE users could have been impacted by the susceptibility. But the Google engineer said that all users who were logged in with admin rights could have been exposed to hackers by the vulnerability as it allows cybercriminals to take control of the PC.

The post Cyber Threat alert for those using Internet Explorer appeared first on Cybersecurity Insiders.


April 25, 2019 at 10:26AM

2019 Insider Threat Solutions Guide

Shortcuts: Solution Evaluation Criteria | Insider Threat Solution Vendors

Attacks launched by hackers, malware authors, cyber criminals, and other bad actors account for a lot of the cyber security-related headlines we see today. And when most people think of cyber incidents, they imagine them coming from external sources.

That doesn’t mean all significant security incidents come from outside the organization, however. Plenty of intrusions and incidents are the responsibility of disgruntled employees who have both the motive and the opportunity to break into their organizations networks and systems, or from inadvertent or accidental actions by workers.

Insider threats have long been a concern of security executives, and industry research has shown that attacks launched from inside the enterprise have been on the rise.

Detecting insider threats can be challenging. For example, it’s difficult to know if a trusted employee with high-level access privileges has decided to engage in activities with malicious intent. There’s a fine line between someone accessing customer data as part of day-to-day job responsibilities v. using that data for personal financial gain.

Aside from those with malicious intent, insider threats can also stem from negligence, such as not following security policy, visiting risky cites, or other actions that put companies at risk. Industry research has shown that threats based on negligent actions or “human error” are actually the most common types of insider threats.

Adding to the complexity of managing insider threats is the fact that so many enterprises have multiple, dispersed operations—in many cases all over the world. They also have increasingly complex IT environments, with a growing number of cloud services and endpoint devices.

Among the signs of potential insider security threats are the downloading of large volumes of data, employees accessing sensitive information that is not related to their job responsibilities, multiple requests for access to IT resources not associated with a worker’s job function, the use of unauthorized devices, and attempts to bypass security mechanisms.

There are plenty of security tools on the market that can potentially address insider security threats. These include security information and event management (SIEM) systems that collect and aggregate log data from other systems; endpoint data loss prevention (DLP) tools that control access to certain files and file sharing; user behavior intelligence, which provides endpoint visibility with contextual understanding through advanced analytics; user behavior analytics tools, which apply behavioral analytics to IT infrastructure data; and employee or user activity monitoring software to track employee behavior.

The key is knowing which ones are the best fit for your organization and its cyber security needs. This guide is designed to help organizations with their evaluation process, by examining a number of key attributes.

Solution Evaluation Criteria

Visibility into threats

What does the solution actually provide in the way of visibility? That includes visibility into network activity, servers, the use of applications and Web sites, cloud access, etc. And this visibility needs to be comprehensive—spanning systems and networks throughout the enterprise—continuous, and in real time.

If security teams lack visibility into how systems and data are being accessed and used, what chance do they have of detecting and investigating suspicious insider activity?

Among the actions security teams need to see are which users accessed which systems and files, and when; whether critical files been changed, deleted, or moved outside the organization, and whether the user who took such actions has authority; whether unauthorized users have tried to access the accounts of systems administrators, or whether authorized users are doing so in an unusual manner.

Part of the visibility function includes knowing from which sources the security product is gathering data. It might be from endpoint devices, data center systems, log file repositories, Web applications, the cloud, or any number of other sources.

Another key consideration is whether the tools support visibility outside the traditional walls of the enterprise, to include remote offices, mobile devices, edge devices, Internet of Things (IoT) objects, etc.

Intelligence

Emerging capabilities powered by artificial intelligence (AI), machine learning (ML), and advanced analytics are making it possible for security tools to detect patterns that indicate a possible cyber security incident.

With an intelligence-focused approach to insider threat management, security teams can make decisions based on actionable insights rather than just relying on large amounts of data such as log events that don’t have context or are time consuming to evaluate using manual methods.

Analytics can help managers better understand and predict things such as human behavior, which can be a major factor in many insider threats. For example, analyzing usage data using behavioral analytics can help teams detect anomalies in events and the behavior of users. If something is out of the ordinary, it might indicate suspicious behavior that needs to be explored further.

A key component of systems using intelligence is their ability to send alerts when unusual behavior is detected. This can help avoid the ponderous task of examining seemingly endless reports of user activity, the vast majority of which is legitimate.

At the same time, these alerts can’t be a series of false positives that end up wasting the security team’s time and lead to “alert fatigue.” That can add to security risk because the team might end up missing actual security incidents.

Detection

How the security tool detects insider threats is a big consideration. For instance, does it provide rule- or signature-based detection, by looking for specific patterns in network traffic or known malicious instruction sequences? That could indicate a malware attack that might have been triggered by an employee’s actions.

Signature-based methods are good for detecting known attacks, but not as effective in identifying new attacks because of the lack of available patterns to use as a reference.

Another approach is detection based on behavior, which looks at the results of a particular activity or what the activity is attempting to accomplish, rather than looking for unique the characteristics of a threat. This method can be used to identify previously unknown threats.

Something else to consider is how accurately a tool detects actual malicious activity by insiders, rather than generating false positives that can lead to “alarm fatigue.” When an activity happens that’s outside an acceptable range, that might indicate some sort of security breach, or it might be detecting a spike in network traffic.

Response and Remediation

How an insider threat security tool responds to and remediates an incident is another key factor. Something to examine here is what type of alerting mechanisms are included with the product. If security teams are not quickly alerted to suspicious behavior or activity, the incident can quickly escalate into real damage including lost or stolen data.

Alerting features should indicate events such as the existence of malware, when users have disabled security features on one or more systems, when ownership of a device or a user group has been changed, or when some sort of high-risk behavior is taking place.

How quickly a tool responds after it detects suspicious behavior is also important for preventing or limiting the damage from insider attacks, so be sure to evaluate whether remediation is manual or automated. For example, does the product automatically respond to incidents and take action to remediate in real-time?

Some of the available security platforms automatically isolate and remediate user devices that have been infected with malware, as way to stop the malware from spreading to other devices and systems. They detect infected devices and isolate them from the corporate network, then remediate them.

A lot of insider threats come from users visiting restricted Web sites. As such, having the ability to detect and block these sites from employee access is vital for security. Among the sites to block are those that run JavaScript code to conduct cryptomining or harvest user authentication credentials.

Ease of Deployment and Impact on User Experience

Security tools need to be easy to deploy and manage, or they can become more of a hindrance than a help. They also should have a minimal impact on end-users’ experience and productivity.

Questions to ask include whether the product has requirements for policies, rules, and calibration; whether it has automatic, continuous updates to reduce the need for manual adjustments; if it is cloud-based or on-premises; and what the impact will be on CPU, memory, and device performance.

If security solutions have no policies, rules, and tuning needed, there is less of a management burden. With automatic updates, security teams do not need to be doing costly, manual interventions. Cloud-based management provides easier control. Minimal impact on CPU, memory, and performance results in low or no impact on user experience, which also means users will be less inclined to disable security features.

The insider threat solution should be simple to implement and maintain, without a need for custom services that can drive up costs. Ideally the solution should not require ongoing administrator action.

Scalability and agility of the solution

Because in theory anyone in an organization can potentially be an inside threat, security solutions need to be scalable to the extent that they can be deployed and used effectively throughout the enterprise, including remote sites around the world.

They also must be able to scale up as the organization grows in terms of number of employees, systems, locations, etc.

Also important to consider is the impact a solution will have on infrastructure such as the corporate network as it expands. A solution that is scalable should not affect the performance of networks, systems, and end-user devices.

Where problems can arise is when security tools generate huge volumes of data and the existing infrastructure is not designed to handle this volume.

Related to scalability, a good insider threat security solution should be adaptable to a cloud environment. With many organizations increasing moving applications to the cloud, including some security functionality, the ability to integrate with cloud services is important.

In addition to being scalable, an insider security tool needs to be agile. Today’s security environment is constantly changing, and technology needs to be able to adapt to shifting conditions in order to be effective.

Considerations with agility include whether the solution is capable of learning or self-tuning, or relies mainly on manual tuning; and how often data is uploaded and processed.

Data privacy features

Although the idea of using these tools is to thwart insider threats, companies also have to be aware of the need for employee privacy, and ensure that the data they are gathering is not running counter to compliance with privacy regulations.

The emergence of regulations such as the General Data Protection Regulation (GDPR) in the European Union has made data privacy top of mind for organizations.

Security and IT executives should be up to speed on the rules and determine whether they are gathering allowable data and using, storing, and sharing it correctly. Privacy considerations with tools include whether the solution has privacy features such as data anonymization, and is compliant with all the major regulations.

Insider Threat Solution Vendors

<insert>

 

The post 2019 Insider Threat Solutions Guide appeared first on Cybersecurity Insiders.


April 25, 2019 at 02:47AM