FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Friday, January 31, 2020

A new twist on “Parental consent”

An independent guest blogger wrote this blog.
I was at breakfast the other day with some family friends, and the topic of genealogy came up.  Over the past few years, various sites have sprouted up that offer to trace your origins all the way back in time; in some cases, all the way back to the eras of early human development.  One of my favorite authors has actually written a book about the results of his test.
The idea behind the test is simple.  You order a “kit” online, and when the kit arrives, all you have to do is dribble into a test tube, seal it up with your information, and send it on its way and await the results.
While I was at breakfast with my friends, they were discussing how they were going to send away for their kit to trace their…

Bob Covello Posted by:

Bob Covello

Read full post

      

The post A new twist on “Parental consent” appeared first on Cybersecurity Insiders.


January 31, 2020 at 09:09PM

Google trending Cyber Attack news headlines

Greenville Water Utility of South Carolina reportedly became a recent victim of a cyber attack where hackers were either trying to lock down the database through malware or were interested in transmitting the data and then selling the info on the dark web.

Spokeswoman Emerald Clark said that the disruption could have impacted over 500,000 customers. But she assured that no data was compromised in the incident. As the servers of Greenville Utility never store the credit card info of its customers, the question of hackers accessing that data is ruled out.

Meanwhile, Bank of Japan(BoJ) which happens to be the country’s main bank has issued a special warning yesterday that cyber attacks on financial institutions are expected ahead of the 2020 Tokyo Olympic games. The

BoJ said that the progress in digital technology might lead to a surge up in cyber attacks on financial institutes as technology will surely play a vital role in making the July-Aug Olympic games a grand success.

Coming to the third news, Port St. Lucie located on the coast of Florida is reported to have become a victim of a cyber attack on Wednesday this week. Sources say that the attack was a malware incident which was isolated and contained by the IT officials on time.

Russ Blackburn, the City Manager has confirmed the incident and said that the data related to the parks and Recreational zones were impacted in the incident. As no sensitive info was compromised in the incident, the residents need not worry about the repercussions of the attack.

The 4th news happens to be related to the arrests made by the National Crime Agency of the UK early this week. Almost the same time last year, a massive malware attack that took place on the IT assets of Bank of Valletta made hackers transfer funds to the accounts of overseas banks.

As the government of Valletta on the orders of Prime Minister Joseph Muscat launched an investigation on an immediate note, a team of experts pertaining to the cyber cell was able to reverse the fraudulent transactions made through the cyber attack to recover a large portion of the money.

Now, the news is out that UK’s National Crime Agency(NCA) has made three arrests in Belfast and London as a part of money laundering investigations and arrested Two males aged 17 & 22 and a 39-year-old male in a separate incident.

Malta Police Force Economic Crime Unit has discovered that the three arrested pupils were culprits behind the Malta cyber-attack where over 13 million Euros were stolen in Feb’19 as a part of a cyber conspiracy.

As the three arrested culprits were found spending the stolen funds, the cops tracked them through their credit card transactions where there were found to purchase an expensive Rolex watch, an Audi A5 and a Jaguar from a British Card Dealer.

NCA has a plan to recover all the spent amount from the culprits through various means and is said to produce the arrested before the law by Wednesday next week.

The post Google trending Cyber Attack news headlines appeared first on Cybersecurity Insiders.


January 31, 2020 at 08:39PM

Thursday, January 30, 2020

Cloud Security vulnerability detected on Microsoft Azure

Check Point security researchers seem to be taking their job seriously as every week a study made by them discloses to the world vulnerability or the detection of malware in the cyberspace.

 

The latest flaw happens to be with Microsoft’s Prestigious Azure Cloud Platform as Check Point’s research says that their study has found not one by two flaws on a recent note.

 

While the first happens to be with the Azure Stack, the second is found hidden in Azure App Services. In both cases, the Israel based Cybersecurity company found that hackers can easily exploit the flaw to take control of the servers and the code by dodging the security settings.

 

Technically, the detected Azure Stack Flaw is reported to allow the hackers to gain screenshots of the user data running on the machines of Azure. And in the second case, it offers the privilege to bad guys to exploit the app and take control of the server, leading them to the enterprise business code.

 

Microsoft was alerted about the flaws last year (1st flaw in Jan’19 and second flaw in June’19) and it then agreed to work closely with the researchers of Check Point on the issue.

 

Cloud Security patches for the security flaws were issued to the public by the end of 2019, and details on whether the data of Azure tenants were breached through the flaws are yet to be investigated.

 

Note- On Wednesday this week, Satya Nadella was seen speaking about cybercrime at a media briefing and he added that cyberattacks could cost individuals, public and private entities $1 trillion loss this year. He added in his statement that Azure was driven by technologies like end-to-end encryption; security and compliance which will help users protect their valuable digital apps and data on Cloud.

The post Cloud Security vulnerability detected on Microsoft Azure appeared first on Cybersecurity Insiders.


January 31, 2020 at 11:00AM

Facebook to pay $550 million as Privacy Concerns settlement

As Facebook (FB) has failed to comply with the Illinois Biometric Information Privacy Act, it has agreed to pay $550 million as a penalty settlement over a lawsuit. This was disclosed by Facebook’s Chief Financial Officer who called it the largest currency settlement in the history of social media over privacy fears.

Reports are in that the web services company had to shell out the said amount as it failed to prove before the law that it legally collected the biometric data of users with their full consent. As the current data protection laws suggest that companies must first take the permission of their users before playing with their data, Mark Zuckerberg led company was found guilty in doing so and so had to face the harsh penalty.

Meanwhile, Zuckerberg has taken account of the situation and disclosed that his company will try to upgrade all its privacy laws to avoid the outcomes of any such lawsuits in the future.

Sheryl Sandberg, the COO of Facebook added that his company will remain committed to offering the best privacy to its users shortly.

Conversely, the lawsuit announcement did partial damage to the stocks of the FB Company early this week as the price dropped by 7.3% which is a loss to think deeply upon- as per the trade analysts.

Since, 2018, Facebook which has been marred by various data privacy-related controversies is trying its best in winning back the trust of its customers these days. On one hand, the company is hitting the news headlines for data leaks and collection of sensitive info from users without their consent; it is also found doing its best in protecting all concerns related to the privacy of users on a full scale.

The post Facebook to pay $550 million as Privacy Concerns settlement appeared first on Cybersecurity Insiders.


January 31, 2020 at 10:57AM

Cloud Workload Security – Part 1: Introducing the Forrester Wave Report

An independent evaluation published by leading global research and advisory firm Forrester provides an excellent overview of the security challenges posed by the transition to cloud-based environments—and discusses the cloud workload security solutions best poised to address them.

Why is this important?

As the shift to cloud-based technology progresses, a growing number of organizations are exposed to the widening gap between traditional security coverage, and the unique needs of the cloud environment.

The enterprise of today faces a dual challenge: it must not only monitor and control the proliferation of cloud workloads, it must do so comprehensively across multiple environments, layers, and tiers.

INTRODUCING: CLOUD WORKLOAD SECURITY

In this blog series, we’ll offer a detailed exploration of four criteria, as defined by the report entitled The Forrester Wave™: Cloud Workload Security Q4 2019 that we think are key areas of critical importance. The Forrester report outlines the need for comprehensive solutions, designed to address the quickly shifting needs of the cloud-based environment—and presents a clear picture of the most significant providers in the space.

Using a 30-criterion evaluation, Forrester analyzed, assessed, and scored thirteen cloud workload security (CWS) providers—all focused on the protection of cloud-based data, infrastructure, and applications (including cloud-hosted servers, containers, IaaS services, and serverless compute models).

The four criteria we’ll cover in our series are:

  1. API level connectivity and API control for IaaS and PaaS. AWS, Azure, and Google Cloud Platform enable high rates of change and scalability—but you can’t secure them with traditional tools. Secure API level connectivity and control requires built-in configurations for security assurance, best practice, evaluation, monitoring, and compliance.
  2. Containerization and container orchestration platform protection. Use of containerized infrastructure requires more than just hardening of the containers themselves. Hardening of the hosting and orchestration layer is critical—as is increased visibility into containerized stacks and lifecycles.
  3. Scalability of protected cloud instances and protected containers. As instantly deployable and highly scalable infrastructure as code environments become the standard, scalability becomes a key requirement for security tooling. Rapid and dramatic increases in load often occur as customer environments burst or scale and security platforms need to adjust instantaneously to secure new assets—with zero operational overhead for the customer. Transparent and effortless security deployment and scalability are critical for a robust cloud workload security solution.
  4. Centralized Agent framework plans. Cloud environments are full of diverse assets that require appropriate agents and sensors to properly secure. A robust, unified framework is required to deploy, track, and coordinate these various agents and sensors. It must be able to rapidly deploy at arbitrary scale on a variety of systems with scattered locations—all while maintaining secure, consistent, and reliable communication. Excellent security architecture for this framework as well as the ability to self-verify, heal, and automatically update is required to provide comprehensive, adaptable, and scalable security coverage.

CloudPassage Halo was ranked by Forrester as a Strong Performer in Cloud Workload Security, receiving a score of five (5) out of five (5) in seven different criteria. In fact, we were the only offering to receive the highest scores possible in all of the four criteria outlined above.

CloudPassage Halo: a Strong Performer in Cloud Workload Security

Designed from the ground up to address the unique challenges of the cloud computing environment, Halo provides a unified, battle-tested platform.

When we launched in 2010, our ground-breaking innovations received the first-ever patents granted in the cloud security domain. Today, we safeguard cloud infrastructure for some of the world’s most-recognized brands. We’ve achieved this success by focusing on the areas of control we identified as critical to every complete cloud security solution.

In its report, Forrester advises customers to seek out cloud security solution providers which “Offer solutions for guest operating system native protection”, “Provide templatized API-level configuration management to IaaS and PaaS platforms”, and “Secure container runtimes and orchestration platforms natively”.

We believe these key factors align with the strategic components of CloudPassage Halo—and we believe that the report validates our efforts to provide a comprehensive, unified cloud security solution.

In regards to CloudPassage Halo, the Forrester report states, “We recommend the solution to those clients that need a single vendor for agent-based and agentless protections for guest OSes, AWS and Azure compute, and containers.”

OUR TAKEAWAY: A COMPREHENSIVE SOLUTION IS CRITICAL

We’re pleased to have been included in The Forrester Wave for Cloud Workload Security report—and believe it is an important reference for enterprises seeking to adopt a cloud workload security platform. We encourage you to leverage its insights to explore your options.

How to use the Cloud Workload Security Report
You’ll gain the most from Forrester’s efforts by reviewing the scoring models closely, to ensure they align with your own priorities and needs. Nobody knows your environment like you do.

In addition, please follow along with us as we explore in-depth each of the criteria we feel are most relevant to those seeking a comprehensive, unified cloud security solution to handle the growing needs of today’s distributed environment.

Ready to explore your options? Access a complimentary copy of The Forrester Wave™: Cloud Workload Security, Q4 2019 or use the links below to learn how CloudPassage Halo delivers the best in cloud workload security.

Schedule a call with one of our cloud security experts.
Request a live demonstration of the Halo platform.
• Sign up for a free Halo trial and assess your own cloud environment.

The post Cloud Workload Security – Part 1: Introducing the Forrester Wave Report appeared first on Cybersecurity Insiders.


January 31, 2020 at 09:09AM

Security pros hampered by burnout, lack of diversity – how do we fix this?

The cybersecurity profession is in a somewhat precarious state. Not only are cyber pros faced with increasing threats from insiders, but threats from external adversaries also continue to rise and are becoming more sophisticated. At the same time, companies are challenged by a crippling cybersecurity skills shortage: ESG/ISSG recently found that a whopping 74% of organizations have been affected by it. These conditions are combining to take a toll on the cybersecurity profession and the industry.

The most obvious and immediate impact is burnout. As an example, in Exabeam’s 2019 Cybersecurity Professionals Salary, Skills and Stress Survey, 62% of cybersecurity professionals said they found their jobs stressful or very stressful, with only 6% saying their job was not stressful at all. Similarly, 44% said they don’t feel they are achieving a work-life balance. And while 71% said they are satisfied with their jobs and responsibilities, that’s down sharply from 83% just a year earlier.

Burnout is also leading cybersecurity professionals to look elsewhere for career opportunities. In the survey, 40% said they are currently looking for a job, and more than half of those cited poor compensation and unsupportive senior leadership as reasons for their roving eyes.

The demographic makeup of the cybersecurity industry is concerning as well. Despite the tremendous need for more talent, the profession is failing to draw interest from diverse groups. An overwhelming majority (91%) of survey respondents were male, and 65% were white. Less than 3% were African-American. Given that threats are coming from any and all directions, a multidisciplinary approach is needed to build a more complete defense, and having a more diverse team with diverse points of view will help companies accomplish that.

However, embracing diversity is an aspect of culture, and we know that changing corporate culture can take time. While lack of diversity can’t be solved overnight, leaders can support their teams and create opportunities for populations that are underrepresented today. Some examples of how companies can help encourage a more diverse workforce include job shadowing, internships, broadening recruitment requirements and more. Leaders who succeed at broadening their teams will be the ones who ultimately create a more inclusive, comfortable and productive environment where professionals believe they can deliver exceptional work, engaging with confidence and without ego.

Not everything in the cybersecurity profession is gloomy, however. The upside of a skills shortage is that it leads to job security, and 76% of those surveyed said they do feel secure or very secure in their current role. Workers’ salaries were in a median range between $75,000 and $100,000. And nearly half of cybersecurity professionals said they have been building a career in the industry for 10 years or more.

Without question, there is an opportunity for companies to attract top cybersecurity talent by demonstrating support for their teams, building a positive environment and promoting diversity. It’s telling that 78% of respondents would recommend a career in cybersecurity. The stress can be handled – it just has to be done the right way.

As we look toward 2020, companies can take appropriate steps to support their security teams and help them guard against burnout. There are opportunities and rewards to protecting people, privacy and the world’s data, and if the cybersecurity industry can determine compelling ways to invest in people, even more talent will be drawn to this exciting and evolving space.

Bio

Steve Moore is vice president and chief security strategist at Exabeam, helping drive solutions for threat detection and advising customers on security programs and breach response. He is the host of the “The New CISO Podcast” and a Forbes Tech Council member. Prior to Exabeam, Moore served as Staff VP of Cybersecurity Analytics at Anthem, a Fortune 30 healthcare company. Moore’s experience includes leading the investigation of state sponsored cyberespionage campaigns, breach response, associated legal depositions, and client management. He’s passionate about cybersecurity, teamwork and leadership excellence.

The post Security pros hampered by burnout, lack of diversity – how do we fix this? appeared first on Cybersecurity Insiders.


January 30, 2020 at 09:55PM

Ransomware Attack on US DOD Contractor

RYUK Ransomware is reported to have targeted the servers of a DOD Contractor last week and news is out that the contractor might take some to recover its data from this incident. The contractor in the discussion is Electronic Warfare Associates (EWA) which is a 40 years old company serving the Department of Defense of the United States from the past 13 years.

News is out that EWA websites related to EWA Technologies, EWA Government Systems Inc and Simplicikey along with Homeland Protection Institute were completely disrupted by the invasion of the file encryption malware.

DOD has launched an inquiry on this issue and is busy accessing the damage contoured to the company’s internal network

Meanwhile, in another survey conducted by the Cybersecurity Firm Proofpoint, it was revealed that over half of the government organizations became victims of a cyber attack in 2019.

Releasing a report entitled “State of Phish”, Proofpoint says that last year cyber crooks mainly focused on launching Phishing, Ransomware and Cryptojacking attacks.

Proofpoint says that it compiled the 2020 cyber threat report after analyzing over 9 million vindictive emails, analyzed the response from over 600 industry leaders and over 3500 IT respondents.

The report also confirmed that hackers are becoming a lot more sophisticated these days and are seen more focusing on healthcare services providers, federal agencies, manufacturers and critical infrastructure which see data as their lifeblood.

More details can be found in the ‘resources’ section of the Proofpoint website.

The post Ransomware Attack on US DOD Contractor appeared first on Cybersecurity Insiders.


January 30, 2020 at 08:37PM

Wednesday, January 29, 2020

Cyber Attack on UN offices in Geneva and Vienna

A statement released by United Nations yesterday says that its offices in Geneva and Vienna fell prey to a cyber attack which was caused in the middle of last year. Sources say that the hackers managed to access the database storing user accounts, but then after establishing their position went dormant for reasons.

 

UN’s Geneva Office has clarified that the cyber incident was discovered on August 30th, 2019 and Prima Facie confirmed that the infiltration could have been possibly taken place a month ago i.e. in July’19.

 

It is confirmed that Dozens of Servers in the United Nations including those related to Human Rights Offices as well as Human Resource Departments were compromised in the incident as admin level accounts were breached. All the staff, organizations and individuals related to the UN were asked to change their passwords to curb any security failure.

 

What’s interesting in this incident is the fact that the UN did not disclose this incident to the World or the Data Protection authorities. In fact, it circulated an alert to his staff in early September and briefed them only some facts in the email alert.

 

According to a senior UN official, the incident accounted for a major IT meltdown affecting core infrastructure works. But the authorities chose not to disclose the incident for reasons.

 

Note- As Geneva and Vienna are a home to many UN offices like the International Atomic Energy Agency, the Office of Drugs and Crime, The World Health Organization, the High Commissioners office for Refugees, The World Trade Organization, The High Commissioner for Human Rights, and the Human Rights Council the incident is reported to be very serious.

 

Stephane Dujarric, the spokesperson of the UN confirmed the incident and said that the organization which works for International Peace has taken all necessary measures to avoid such IT failures in the future.

 

Note- Security Analysts suggest that the hackers could have been aiming for something big and so succeeded in infiltrating the network and then just chose to lay dormant.

 

The post Cyber Attack on UN offices in Geneva and Vienna appeared first on Cybersecurity Insiders.


January 30, 2020 at 10:19AM

Largest Airports in the world are vulnerable to Cyber Attacks

Almost all large airports in the world are said to be vulnerable to cyber attacks says research compiled by Web Security Company ImmuniWeb. It was discovered in the study that only three airports in the world were found without any single major IT issue and those are as follows- Amsterdam Airport Schiphol (EU), Helsinki Vantaa Airport (EU) and Dublin Airport (EU).

Some of the highlights of the ImmuniWeb’s report are 97% of the websites were found to be using outdated software, 24% of websites had security vulnerabilities, 24% of websites had no SSL Encryption or use Obsolete SSLv3 and over 76% were not complying with GDPR and PCL DSS rules.

When it came to the security offered by the mobile applications of airports, most of the apps were displaying vulnerabilities either related to encryption, software frameworks or privacy.

Out of 100 airports, 66 were found to be exposed on the Dark Web in one way or the other.

Ilia Kolochenko, CEO and Founder of ImmuniWeb, is advising all airports to implement continuous web monitoring solutions, to avoid any intrusions phishing and password re-use attacks.

Also implementing a 3rd part risk management program encompassing consistent monitoring of vendors and suppliers is also required. Creating awareness among the staff, explaining them the risks while handling emails will also be helpful.

The post Largest Airports in the world are vulnerable to Cyber Attacks appeared first on Cybersecurity Insiders.


January 30, 2020 at 10:18AM

Cyber attack headlines trending on Google

Finally what we did not expect is happening as a British court has ordered Bitfinex to freeze a Bitcoins payments as it was leading to the wallets of those distributing ransomware.

 

Yes, you have read it right! As most of the cryptocurrency variants can easily be tracked now, an England and Wales High Court has asked Bitfinex to lock down the bitcoins worth $860,000 stored in one of its user wallets until it submits the KYC form details of the customer.

 

As some of the amounts have been converted to fiat currency and only the left out residue of $800,000 has been frozen as per the court orders.

 

In other news related to ransomware, Israel based Cybersecurity firm Otorio disclosed that a petroleum-based company named Bahrain Petroleum has become a potential victim of cyber attack and research has found that its Industrial Control Systems were targeted by a new variant of Snake ransomware developed by Iran.

 

The most interesting part of this malware is that it removes all files from the infected systems after sending them to remote servers which eventually prevents the victims from recovery.

 

Going with the third news which is trending on Google, reports are in that hackers distributing REvil Ransomware infection are demanding a minimum of $260,000 to decrypt files.

 

For those who do not know much about REvil, it is a gang offering ransomware as a service where the operators rent the malware to cybercriminals who then customize the malware as per their requirements.

 

According to a study made by KPN, Revil has so far earned its developers and affiliates over $38 million over the last few months, with $260,000 as an average demand per targeted company.

 

Coming to the 4th cyber-attack news related to ransomware, hackers from Turkey were found targeting governments and private companies operating in Europe and the Middle East. 

 

It is believed that around 30 organizations have been targeted by the attack so far and this includes government ministries, embassies and security services. And some of the victims include Cypriot, Greek email services and the advisory agency for the Iraqi government.

 

A report published in Reuters says that interception of web traffic to targeted websites and offering prohibited access to hackers to the network government agencies and other organizations have been the main motive of the Turkish hackers so far.

 

Turkey has denied this news published in the American news resource and said that the nation has itself become a victim of cyber attacks on a frequent note launched by state-funded foreign nations.

 

Fifthly, speaking at the Cybertech Global Tel Aviv 2020 Conference, Israel Energy Minister Yuval Steinitz said that the nation’s power plants were being constantly targeted by foreign nations. However, all the attacks were neutralized on a successful note and could have proven serious due to their sophistication of pushing an entire nation in a blackout. Note- Israel has been cooperating with the United States in the field of Cybersecurity and has been putting a special emphasis on protecting the energy infrastructure from devastating cyber threats.

The post Cyber attack headlines trending on Google appeared first on Cybersecurity Insiders.


January 29, 2020 at 08:46PM

Tuesday, January 28, 2020

China could Cyber Attack UK without Huawei 5G

All these days we have heard from cyber experts that China could launch cyber attacks if in case 5G equipment from Huawei is used in their network upgrades. But now, experts suggest that Beijing could find easier ways to attack the critical infrastructure of the UK, rather than using Huawei equipment.

 

In the meantime, Downing Street which houses the current Prime Minister of Britain Boris Johnson has given a ‘green signal’ for Huawei to use its 5G network equipment for the network upgrades.

 

And this solely happened after the National Cyber Security Center (NCSC) gave a clean chit to Huawei after claiming that the cyber risks exhibited by the 5G equipment of the Chinese vendor were negligible.

 

Ciaran Martin, the Chief of NCSC stated publicly last week saying that Huawei placing backdoors in its equipment is of lowest risks as China can perform a major cyber attack on UK Telecoms networks if it wants to by other means.

 

Ciaran added that Huawei 5G network equipment will be monitored by NCSC in a timely manner and any anomalies related to the network equipment supplier will be treated accordingly. At the same time, the UK will also put in some efforts not to become dependent on a particular overseas supplier.

 

Note- NCSC has issued advice to telecom network operators to roll out 5G by upgrading their full Fibre networks in line with the government objectives.

 

Therefore, Chinese vendor Huawei has asked its Cyber Security Evaluation Center (HCSEC) nicknamed CELL to look into the development activities on a sincere note from now on.

The post China could Cyber Attack UK without Huawei 5G appeared first on Cybersecurity Insiders.


January 29, 2020 at 11:00AM

Microsoft wants to curb the growing menace of Cyber Threats in the following way

Microsoft made it official on Tuesday that it has ways to curb the growing menace of cyber threats on government infrastructures across the world. The American tech giant says that the threats can be curbed by collaborating with governments, tech companies, and 3rd party Cybersecurity agencies who in-turn will share data afterward.

 

According to Rob Lefferts, the Program Manager of 365 Security, Microsoft; the company has taken a strategic stand against cyber-attacks hitting around the world by collecting information on the nations which are launching, their objectives behind attacks and their success rate. When all this data is shared between governments around the globe, Mr. Rob feels that it will help protect citizens against cyber attacks.

 

As per the latest stats released by Microsoft, the tech giant is found spending over $1 billion on an annual note on Cybersecurity, and uses Artificial Intelligence and Machine Learning (ML) in gaining insights and rapid automated responses to the current threats prevailing in the cyber landscape.

 

Apart from the investments, the company is also reported to have deployed several sensors that are looking for data on cyber incidents across the globe- like metadata from PCs, Servers, and Cloud storage platforms. And over 8 trillion of those messages are being analyzed by over 3,600 Microsoft Security Professionals who keep on analyzing for threats to enforce protective measures for customers.

 

If all public and private agencies collaborate around the globe, then all incidents can be timely detected and curbed on machines- a part of Microsoft’s behavioral analytics campaign.

 

Note- In early 2018, over 34 tech companies signed a pact called “Cybersecurity Tech Accord” to help people defend their machines against malicious cyber attacks. And companies like Cisco, HP, Nokia, Oracle, VMware, Dell, CA Technologies, Symantec and Bitdefender were all a part of this campaign.

The post Microsoft wants to curb the growing menace of Cyber Threats in the following way appeared first on Cybersecurity Insiders.


January 29, 2020 at 10:58AM

Avast antivirus caught selling user data

According to a report published in Motherboard, a science & technology blog belonging to VICE, Anti-Virus software offering firm Avast software has been caught selling its users’ web browsing data and other sensitive information to those interested.

 

However, the fact to be notified here is that the firm is not doing it directly, but is indulging in the sales activities through a subsidiary company called Jumpshot.

 

Security researchers from Motherboard say that the Avast software can track users and google searches and collects data from all web related services used by the Avast Antivirus user including LinkedIn pages, YouTube Videos, and X rated sites(only if the user who has installed Avast, browses the A-rated sites for reasons).

 

A report released by Motherboard says that the software firm is found selling data via Jumpshot in the name of selling data of its users’ actions.

 

What’s interesting in the report is that almost all major companies like Microsoft, Pepsi, Google, Amazon, Sephora, Home Depot, Intuit, and others are found buying this data which was discovered by the Motherboard researchers in Jan’2020.

 

Avast has reacted to the news and clarified that it doesn’t record any of its users’ personal identification information like Mac addresses, phone numbers, email addresses, and IP addresses. It also clarified at the same time that users do have the option to customize the data sharing option with Jumpshot via a pop-up message in the antivirus software- but God knows who is aware of this fact in real.

 

Note- Jumpshot claims to create a profile data of Avast users with their user consent and says that it does so to build trend analytics related products and services which then is analyzed by large tech giants to serve better.

 

The post Avast antivirus caught selling user data appeared first on Cybersecurity Insiders.


January 28, 2020 at 08:51PM

Do you need certifications to get an InfoSec job?

I’ve seen Tweets and heard many discussions about certifications, like CISSP, CEH, OSCP  and so on, in InfoSec. No doubt certifications have value – in many situations hiring managers are quickly going through resumes and certifications are symbolic of at least book-learning, and some degree of dedication to InfoSec. Certifications can be expensive and time consuming so having them clears the bar of at least slightly dedicated.
While certifications are arguably a “good thing” inferring a recognized value understood in the InfoSec community, do people really need them to land jobs? After all, job seekers are existentially in need of employment and not likely to want to spend time and money on certifications if they are not necessary.
We have published previous blogs on certifications in InfoSec. But I was still curious as to whether certifications are required to get a job in InfoSec. So…

Kate Brew Posted by:

Kate Brew

Read full post

      

The post Do you need certifications to get an InfoSec job? appeared first on Cybersecurity Insiders.


January 28, 2020 at 09:09PM

Monday, January 27, 2020

World Data Privacy Day on January 28

Every year, January 28th stands as International Data Privacy Day which is being celebrated as said since 2007. The objective of celebrating this day is to promote data protection practices across the world and to raise awareness related to it. However, this day is being celebrated only in the United States, Canada and Israel and 47 other European Countries from the past 13 years or so and the Indian subcontinent from Asia happens to be the only nation celebrating it since 2014.

 

Historically speaking, the Convention for the Protection of Individuals with regards to Automatic Processing of Personal Data was opened for endorsement on the same day in 1981 by the Council of Europe. But as technology has evolved tremendously in the past two decades, new legal challenges have to be worked out on this issue.

 

In the past decade or so, a Convention on Cybercrime is being held to protect the integrity of data systems and privacy in Cyberspace. And this has been spaced in Article 8 of the European Convention on Human Rights.

 

Nevertheless, still millions are unaware of or ill-informed on how to protect their personal info and how companies are using that data for business purposes with or without consent of the respective users.

 

This is where Data Privacy Day which is being celebrated on January 28th every year is generating dialogue for the world to empower individuals and companies to take action on how the data is being protected as per the standards.

 

Note- This year the International Data Privacy Day is being celebrated on Tuesday, January 28th, 2020.

The post World Data Privacy Day on January 28 appeared first on Cybersecurity Insiders.


January 28, 2020 at 09:59AM

No more Ransomware payments from Taxpayers funds says, New York

State Senators of New York have proposed two new bills that would disallow usage of taxpayers’ funds to pay ransom payments when government agencies fall prey to ransomware attacks.

S7246 happens to be the first bill that was proposed by Senator Phil Boyle on January 14th, 2020. And it simply restricts the usage of tax money when it comes to paying a ransom to free up the database of small cities or towns from the file-encrypting malware. However, the bill implies only when the population of the city/town is less than 1 million.

If the bill is passed then a $5m funding is expected to push forward as a part of re-establishing the IT infrastructure of small towns and cities- as per the requirement of the current cyber landscape.

S7289 happens to be the second bill that is being pushed forward by Senator David Carlucci on January 16th, 2020. This bill if passed restricts the government agencies from paying a ransom in the event of the cyber attack on critical infrastructure.

Therefore, New York will be the first state to pass on the legislation (If/when passed) to restrict the payment of ransom when the critical infrastructure gets infected by ransomware.

However, security analysts like Bill Siegel, the founder of Coveware says that such kind of legislation will in no way demotivate the hackers in launching cyberattacks on towns and municipalities and might increase their proportion.

The post No more Ransomware payments from Taxpayers funds says, New York appeared first on Cybersecurity Insiders.


January 28, 2020 at 09:56AM

How Smart Cards Work

An independent guest blogger wrote this blog.
In this modern age, there’s been a significant improvement in the digitization of traditional payment methods. We live in a technologically advanced era, and as such, advancements in payment infrastructures makes life easier, transactions faster, swifter, and smoother.
Almost all countries in the world are adopting the cashless economy policy. Smart cards are generally utilized by these countries to implement the cashless economy because they aid the seamless transaction of trade and settlement of other financial instruments.
What is a smart card?
A smart card is a type of pocket-sized device which looks like a credit card but has an embedded Integrated Circuit (IC) that can process data and allow the user to perform any transaction. The IC chip on the Smart card can be a microprocessor with memory capacity or a simple memory circuit that processes, manipulates exchange, and stores…

David Smith Posted by:

David Smith

Read full post

      

The post How Smart Cards Work appeared first on Cybersecurity Insiders.


January 27, 2020 at 09:10PM

Solving Public Cloud Security Challenges with Automation

As enterprise workloads move to the cloud, more cybersecurity professionals are experiencing the complications of protecting their workloads in these faster and more dynamic environments. These are  typical public cloud security challenges. Part of the reason is because cloud infrastructure is very easy to set up, so more and more people are now able to do it, even without the help of IT. 

With almost anyone having the ability to spin-up cloud services, the rise of net new public cloud security challenges was inevitable. You can quickly end up with a huge number of assets and no effective way to track them or monitor them. 

We took a quick poll in our recent Security Visibility webinar with Cyber Security Insiders to learn about the biggest day-to-day operational headaches cybersecurity professionals experience in the context of protecting these cloud environments. 

In this blog post we’re highlighting three of the biggest public cloud security challenges security operations said they are facing, along with some of the key requirements for solving those issues through automation. 

  1. Infrastructure changes happening too fast to keep up (58%) 
  2. Legacy data center tools don’t work in public cloud (50%)
  3. Replicating network perimeter strategy is hard or failed (38%)

To learn more about the top five public cloud security challenges from our QuickPoll, listen to our webinar recording linked at the end of this post.

Top Public Cloud Security Challenges

1. Cloud infrastructure changes happening too fast to keep up

If things are changing too fast, you can quickly lose visibility into your infrastructure security. And if you don’t know what you have, you can’t protect it. Additionally, without tools developed with cloud infrastructure in mind, you can’t keep up with the speed of change.

Simply put, due to the rate of change, security and compliance stakeholders often can’t see what’s in their cloud infrastructure, and not knowing how they’re configured can be an enormous hidden risk, as those assets could have major vulnerabilities in them, making them ticking time bombs. This year alone, we’ve seen multiple, significant compromises, including at Capital One and Facebook, both of which included the compromise of an S3 environment. 

This S3 type of issue comes primarily from not knowing the asset is out there and not knowing that it’s misconfigured, which is both a very big problem, and a broad-based problem. It’s usually the first of the public cloud security challenges that’s tackled with a security solution.

When you move to an environment where you have microservices, for example implemented in containers which may be driven by Mesos or Kubernetes, those microservices, can come up, do one small job, then vanish after a very brief period of time. They might be up for literally minutes or even seconds in some cases. In that kind of rapidly moving environment, if you don’t have continuous visibility into it, there’s just no way to manage it. So, the automation there is key. 

While continuous visibility is only part of the equation, automated notification and tracking of remediation is also critical to solve public cloud security challenges. Remediation usually starts out with routing information to the right owners, which generally entails informing the system owners of how they need to remediate certain issues and ensuring they have a solid understanding of the level of priority and  urgency required. They also need to understand it on their own terms. 

In a traditional environment, which was more slow-moving, remediation was a much slower process. You might send out a lengthy report, once a month or once a quarter—with a list of all the issues that needed to be resolved. Today, with these cloud environments being in constant motion that remediation data stream needs to be constant and it needs to be in whatever form your Ops teams want in order to make it truly efficient and effective.

2. Legacy data center tools don’t work in public cloud

Traditional network security tools made sense when users and applications were hosted in more static, centralized data centers, but they’re not designed for the dynamic distributed virtual environments. In the AWS Cloud Security Survey 2019, 85% of respondents confirmed that legacy security solutions either don’t work at all in their cloud environments or only have limited functionality.

Based on this type of cloud infrastructure security research and what we’ve heard from our customers through the years on the kind of solution that would actually meet their security requirements, below we’d like to share what we’ve learned. And we’re happy to report that it seems to coincide with what we heard in our webinar from the participants. In a nutshell, to address public cloud security challenges and maintain security and compliance visibility, security professionals need and want the ability to:

  • Discover their assets
  • Inventory those assets, once they’re aware they exist
  • Assess those assets for anything that may create the threat of compromise
  • Remediate any issues and provide verification and monitoring of this process

In addition to looking for issues to clean up on the attackable surface areas, people are also looking for issues related to compliance. These are consistently the two key missions in many cases for the CSO’s organization:

  • One, to make sure they pass audits, and 
  • Two, to make sure they don’t get compromised

From a compliance perspective, verification tracking and monitoring are equally important. As part of an audit, you would need to show that these types of issues were found, remediated, and that you verified that they were remediated, a process that should also be automated in order to keep up with the rate of change.

3. Replicating network perimeter strategy is hard or failed

A traditional data center environment was relatively simple. It had fewer types of components that were more homogenous, where modern applications—cloud-based app environments—have more components. Typically, they have more of the smaller components, and they’re more varied. Additionally, in most cases, the perimeter orientation goes away in the cloud environment creating additional public cloud security challenges. While there are still perimeter controls, the centrality of the perimeter as the primary security control point changes dramatically.

When you take that traditional data center environment and you introduce private cloud infrastructure, you’re likely adding multiple virtualization environments, such as containerization. You will also begin to introduce automation tools, such as Chef and Puppet, which also increases the rate of change dramatically in these environments. This creates a lot of complexity, even in a data center. While there’s additional complexity here, the basic security model which is perimeter-driven is very much the same.

Adding public cloud infrastructure to the mix, is more of a huge leap for many organizations because you now have the shared responsibility model, which on the one hand is great for security and compliance, because they no longer have to deal with a lot of components in the data center. However, there are net new public cloud security challenges that have to be addressed with a new approach to security, such as monitoring and safeguarding the configuration of these environments and the services that run in them. 

Within the shared responsibility model, as opposed to having total ownership, you now have a shared control model in which you share some responsibility with that public cloud provider. In addition, the hardware appliances that were once part of a very straightforward security model turn into these virtual cloud environments. Which means, you have to deal with virtual networking and virtual servers which are very easy for application infrastructure teams to change, making the rate of change go through the roof and driving greater challenges for security and compliance.

While these types of changes used to happen very much on security’s terms, this is no longer the case due to the rise of public cloud infrastructure, which creates somewhat of a cultural shift within enterprises.

The key thing to remember is, while there are things you can absolutely depend on your public cloud provider to do, you are still responsible for maintaining your part of the shared responsibility model. Ensuring you are clear on the details of your cloud infrastructure security responsibilities will help you understand the capabilities you need in a security solution.

 So what should you look for in a security solution in order to enable these capabilities?

7 Cloud Security Solution Requirements

While automation is critical in securing your public cloud infrastructure, your ideal cloud security visibility solution should have the following characteristics to support it:

  • FAST – Aligns with dynamic IaaS with automatic deployment and assessment
  • PORTABLE – Works across multiple IaaS providers and components  
  • SCALABLE – Expands or contracts to meet shifting needs
  • INTEGRATED – Visibility mechanisms are part of the infrastructure
  • CONTINUOUS – Supports rate of change demands with continuous issue visibility
  • COMPREHENSIVE – Covers all critical aspects of both security and compliance
  • ACTIONABLE – Presents actionable security and compliance intelligence

Why Public Cloud Security Challenges Need Automation

In these dynamic public cloud environments, if you don’t have ongoing insight into your infrastructure it is impossible to manage its security posture or tackle the public cloud security challenges. Because continuous discovery, inventory, and assessment is critical, effective automation of these needs in a dynamic IaaS environment is a must. 

 Automation relieves the burden of manual monitoring inherent in legacy systems. It also drastically streamlines the management of IaaS, which allows your organization to quickly and effectively mitigate risk, remediate issues, and maintain compliance—all while reducing burden to your IT security team. That is why continuous risk assessment and issue visibility which supports daily, hourly, and on demand needs is critical.

Watch this Cyber Security Insiders On-demand Webinar

How To Automate Security Visibility for IaaS Environments To Reduce Risk and Satisfy Regulatory Standards”. 

Hear cybersecurity experts Carson Sweet, CloudPassage CEO and founder, and Holger Schulze, Cybersecurity Insiders CEO and founder discuss public cloud security challenges and:

  • Why achieving security and compliance visibility is critical to protecting your public cloud infrastructure
  • How IaaS environments have created net new security challenges requiring specific technical and operational needs
  • How the right automation coupled with a “cloud-aligned” issue discovery and remediation process can create a highly efficient and effective process for securing your public cloud infrastructure

Watch the webinar now

CloudPassage is here to help security teams improve threat prevention and vulnerability management for cloud infrastructure. Learn more about Cloud Secure, our Cloud Security Posture Management solution,

The post Solving Public Cloud Security Challenges with Automation appeared first on Cybersecurity Insiders.


January 27, 2020 at 09:09PM

Securing Kubernetes Master and Workers

Monolithic applications are outdated. We are now solidly in a development revolution as rapid software development and deployment have become standard. Microservices and containers are key to enabling this new way of working driven by DevOps practices such as Continuous Integration and Continuous Delivery. As a result, securing Kubernetes master and worker nodes has become critical.

Harnessing the Value of Microservices and Kubernetes

As we welcome 2020, we expect mass migration to microservices. By enabling you to structure an application into several modular services, microservices bring:

  • Improvements to scale
  • The ability to withstand high server loads 
  • Faster deployments 
  • Easy fault isolation

Microservices offer flexibility in using a wide mix of technologies and having autonomous, cross-functional teams. But as microservices grow in popularity, so does the attack surface, so they require a different approach to security.

Kubernetes is one of the fastest-growing container orchestration platforms used to implement microservices and has more than a 50% market share. The idea behind the tool is to operate with containers, which contain a microservice—a small part of your application. Kubernetes by itself is secured, but no one can be safe from server misconfiguration, which was identified as one of the biggest threats in public cloud for security leaders in 2018

For example, in 2018 hackers got access to Tesla`s Kubernetes and ran cryptocurrency miners on their cluster. So how do you secure the Kubernetes cluster?

CloudPassage Policy Templates Support Securing Kubernetes

Support for securing Kubernetes was released in CloudPassage Server Secure enabling customers to evaluate the security posture of their Kubernetes infrastructure. 

Users can now perform security assessment scans of Kubernetes Master nodes and Worker nodes using our two Kubernetes policy templates, which are based on the CIS Benchmark standard. The master node policy template has 73 security configuration assessment rules, e.g. Ensure that the — anonymous-auth argument is set to false; while the worker node policy template has 23 security configuration assessment rules, e.g. Ensure that the –event qps argument is set to 0. 

Figure 1. List of Master Rules

Kubernetes Security Scan Results

Let’s take a closer look at how our Kubernetes security support works. The scan results below are the output of a scan on a freshly installed default Kubernetes master node installation. 

As you can see, a default Kubernetes installation needs a lot of work to be completely secure. Many benchmark rules produce ‘fail’ results which implies that the configuration needs hardening.

Securing Kubernetes Master Fail Rules

Figure 2. Master Fail Rules

Users can select any individual rule and go over the ‘Description’ and ‘Rationale’ fields to understand the check. If required, users can perform manual tests using the steps from the ‘Audit’ section. And finally, follow the guidance from the ‘Remediation’ section to secure their configuration. An example of one such rule is shown below:

Rule Details for: Ensure that the — anonymous-auth argument is set to false

Securing Kubernetes Rule Details

Figure 3. Rule Details

Similar results are seen with the scan of the worker node. The CSM scan produces many fail results as seen below which implies that these settings need to be hardened to secure the configuration.

Securing Kubernetes Worker Fail Rules

Figure 4. Worker Fail Rules

 Configuration Checks of Note

Some of my favorite configuration checks for securing Kubernetes in this policy template are listed below with links to find more information:

Securing Container Runtimes

In addition, Kubernetes can be configured to use different container runtimes, with Docker being a popular choice in most cases. This implies that users should harden Docker as well as securing Kubernetes, which can be done using the CloudPassage Docker template that evaluates the security posture of a Docker configuration. Users should also keep in mind that all of these applications are running on the operating system which itself has many attack vectors. 

  • Users managing Kubernetes’ master and worker by themselves should use CloudPassage OS policy templates for a security evaluation. 
  • If users are using a public cloud (like AWS or Azure) to run their workers they should use CloudPassage Cloud Secure to evaluate the security posture of their cloud infrastructure.

Conclusion

To conclude, Kubernetes and microservices are great infrastructure choices. Although when it comes to securing Kubernetes, users should assess not only Kubernetes but container runtimes as well as operating systems or cloud infrastructures to get a complete end-to-end view of their security posture.

Learn how the CloudPassage Halo cloud security platform for servers can help secure the servers in your Kubernetes infrastructure.

Learn more about how the CloudPassage Halo platform helps with container security.

Get a free vulnerability assessment of your infrastructure in 30 minutes.

The post Securing Kubernetes Master and Workers appeared first on Cybersecurity Insiders.


January 27, 2020 at 09:09PM

Citrix Server Vulnerability leads to Ransomware Attack

Citrix Server which allows centrally hosted applications to be delivered to mobile and desktop clients is found to be vulnerable to cyber-attacks which when exploited by hackers can lead to ransomware infections and bitcoins mining.

 

Citrix has however released a patch for CVE-2019-19781 bug infecting its Application Delivery Controller (ADC) systems and Gateways last week in a hope that all its users will patch their systems to keep away their servers from malware attacks.

 

Security researchers from FireEye have warned that attackers are exploring the flaw and are succeeding in deploying a backdoor named “NotRobin” which then leads them to install malware such as coin miners and file encryption.

 

Germany automobile spare parts manufacturer Gedia reportedly became a victim of a ransomware attack last week through the Citrix vulnerability alerting manufacturing companies all over the world. And this was confirmed by the researchers from FireEye early today.

 

FireEye confirms that the new vector of infecting enterprise victims with malware has emerged through the Citrix Vulnerability and in some cases, the servers were being infected by a new ransomware variant named as “Ragnarok” that appears to have been created in Mid-January this year to use the Gateway to deploy ransomware via Central Pivot Point. And hackers are seen demanding a ransom of 1BTC to decrypt one machine or 5 BTC/ $43,000 for decrypting all machines.

 

Researchers claim that currently 4-5 hacking groups are trying to exploit the Citrix Flaw in ransomware attacks and might have succeeded in infiltrating 2-3 companies(including GEDIA) by now.

 

Note- GEDIA has to endorse the news that it was hit by a ransomware attack. However, the officials of the German manufacturer did release a press statement on Thursday last week saying their systems were experiencing downtime due to a cyber attack.

 

The post Citrix Server Vulnerability leads to Ransomware Attack appeared first on Cybersecurity Insiders.


January 27, 2020 at 08:49PM

Sunday, January 26, 2020

UK PM Boris Johnson phone hacked by Saudi Prince Salman

Just when the reports are emerging that Amazon founder Jeff Bezos phone was hacked by Saudi Ruler Mohammad Bin Salman in 2018 to access sensitive information, here comes a piece of information from a source from Daily Mail that the Saudi ruler might also have access to UK Prime Minister Boris Johnson’s mobile phone as the latter had exchanged his number with the former during his regime as a foreign secretary of UK in 2016-18.

Last Wednesday, some of the media resources alleged the Saudi Prince had hacked the Amazon Chief’s mobile phone in 2018 through WhatsApp by sending him a video file of cladily lady dressed up resembling Jeff Bezos Pilot girlfriend Lauren Sanchez.

Security analysts now suggest that the message was infected by a spying malware that had the capability of analyzing and sending all the data from the victim’s device to remote servers.

Bezos could have been made the target as he owns The Washington Post which first published a detailed article on the murder mystery of Journalist Jamal Khashoggi, who was brutally murdered by the ruler of Saudi in 2018.

Now, news is out that the mobile phone of Boris Johnson was also bombarded by ‘Emoji-laden’ WhatsApp messages by Saudi Ruler Mohammad Bin Salman in 2016 which has sparked fears that the UK Prime Minister’s phone might have also been under control of the Saudi Prince- as Ms. Johnson seems to be in regular contact with the Prince Mohammad Bin Salman Bin Abdul AI Saud.

While the PM’s office in Downing Street has refused to comment on the article published in Daily Mail, cyber experts say that opening such files can allow hackers or the threat actors’ access data, photographs and contacts on the infected device.

However, Officials who provide security in all ways to Johnson have assured that the smartphone used by Britain’s PM has all necessary security measures in place which protect the device from all malicious ‘Stuff’.

Meanwhile, Saudi Foreign Minister Prince Faisal Bin Farhan Al Saud has dismissed all allegations as absurd and added that Prince Salman does not need to peep into the lives of his friends through their devices.

The post UK PM Boris Johnson phone hacked by Saudi Prince Salman appeared first on Cybersecurity Insiders.


January 27, 2020 at 10:13AM

Deloitte acquires Cybersecurity consulting firm SecurePath

New York-based Professional Services firm Deloitte has made it official that it is going to acquire Malaysian Cybersecurity Consulting firm SecurePath. The objective is to strengthen the services of blockchain technology-based Deloitte’s Cyber Risk Services with SecurePath’s Risk Advisory practices such as data loss prevention, cyber threat defense and such.

Founded in the year 2011, SecurePath is known to offer cyber threat defense-line to governments and private entities that need Risk & Compliance and Information Management & Protection. Some of the partners and vendors of the company include VERITAS, NetIQ and Symantec.

“As businesses are investing more on projects and programs which help them monitor and thwart cyber threats in real-time, SecurePath’s inclusion will help our clients accelerate their insights needed to detect, analyze and block the threats before they cause any untoward incident”, said James Nunn Price, the Cyber Leader of Deloitte Asia Pacific.

“Joining Deloitte will create unparalleled Synergy in the market both locally and regionally, with the credentials of the SecurePath’s team”, said Kim Chung, the founder of SecurePath.

As per the details available to our Cybersecurity Insiders, SecurePath’s Kim Chuen( Chung) and his staff will be joining Deloitte by early next month and will work full force to strengthen the latter’s cybersecurity capabilities within the Asia Pacific.

Thus, with this latest deal, Deloitte seems to have completed its sixth purchase from last year’s resolution of investing heavily in risk and cyberspace which includes purchase o Converging Data Australia, CBIG Consulting, Connected Analytics, Practical Smarts, Qubit Consulting.

The post Deloitte acquires Cybersecurity consulting firm SecurePath appeared first on Cybersecurity Insiders.


January 27, 2020 at 10:11AM

Friday, January 24, 2020

Ransomware payments and downtime grew in 2019

Ransomware which is a file-encrypting malware has been tagged as the most disruptive cyber-attack of 2019. And this was confirmed by a study carried out by Connecticut based Cybersecurity firm Coverware.

In a recent Ransomware Marketplace report released by Coverware, the downtime caused by the malware is reported to have grown by 60% in the last 3Q of 2019 i.e from an average of 12.1 days in 2018 to 16.2 days in 2019.

Security researchers who conducted the research say that the rise in the downtime was because hackers were seen targeting mostly large-sized organizations where the staff needed some time to remediate and restore the systems- as they had to deal with humongous data sets.

Furthermore, the report confirmed that the average ransom payment to free up the database from the file-encrypting malware in the Q4 was $84,116, up by 104% from the previous 3 quarters of last year.

“As hackers spreading Ryuk and Sodinokibi ransomware were mainly concentrating on large-sized firms, they were found demanding a seven-figure payout($780,000) as a minimum ransom for such incidents. On the other hand, smaller ransomware variants such as Dharma, Snatch and Netwalker kept their focus still on the small business space with a minimum ransom demand of $1500”, says the Coveware Ransomware Marketplace report.

That said, the most number of ransomware cases spotted in Q4 of 2019 were of Sodinokibi(29%) and Ryuk(22%) where hackers are seen first stealing data and then encrypting the database for ransom- which forces the victims to bow down to the demands at any cost.

Professional services, healthcare and financial sector along with software services were seen as the top 5 sectors most targeted by hackers. And Phishing, attacks on RDP and vulnerability exploit topped as the most popular attack methods in the past year as per the Coveware report.

The highlight of the report is that the inclusion of certain points which confirm that 98% of organizations that paid ransom received a decryption key and out of them over 96% of them succeeded in decrypting their data on a complete note.

So, now comes the million-dollar question- should we pay if we are targeted by a ransomware attack….?

The post Ransomware payments and downtime grew in 2019 appeared first on Cybersecurity Insiders.


January 24, 2020 at 08:49PM

SO YOU HAVE DECIDED TO BECOME CYBER SECURITY CERTIFIED, NOW WHAT?

This post was originally published by (ISC)² Management.

Toward the end of 2019, I met many aspiring women and men who approached me and said, “Tony, I want to become cyber security certified, how do I do it?”

Read more here: https://blog.isc2.org/isc2_blog/2020/01/so-you-have-decided-to-become-cyber-security-certified-now-what-.html

Photo:www.mcvts.org

The post SO YOU HAVE DECIDED TO BECOME CYBER SECURITY CERTIFIED, NOW WHAT? appeared first on Cybersecurity Insiders.


January 24, 2020 at 08:31PM

MOST EMPLOYERS DON’T PAY FULL COST OF CERTIFICATIONS

This post was originally published by  (ISC)² Management.

One of the most common complaints cybersecurity professionals voice about their employers is that they have to pay for certifications out of their own pockets. It’s not a trivial issue, since workers consider certifications their number one career hurdle, according the (ISC)2 Cybersecurity Workforce Study 2019.

Read more here: https://blog.isc2.org/isc2_blog/2020/01/most-employers-dont-pay-full-cost-of-certifications.html

The post MOST EMPLOYERS DON’T PAY FULL COST OF CERTIFICATIONS appeared first on Cybersecurity Insiders.


January 24, 2020 at 08:25PM

SWITCHING FROM OTHER FIELDS TO CYBERSECURITY IS PROFITABLE

This post was originally published by (ISC)² Management.

Here’s a bit of good news for anyone contemplating a career in cybersecurity: Cybersecurity workers who started their careers in other fields tend to get paid more than career-long cybersecurity professionals, according to new research.

Read more here: https://blog.isc2.org/isc2_blog/2020/01/switching-from-other-fields-to-cybersecurity-is-profitable.html

Photo:blog.eccouncil.org

The post SWITCHING FROM OTHER FIELDS TO CYBERSECURITY IS PROFITABLE appeared first on Cybersecurity Insiders.


January 24, 2020 at 08:18PM