FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Sunday, May 31, 2020

Hackers spreading fake news to induce fight between the US and Poland

According to Lt. General Chris G Cavoli of the United States, some polish websites came under the influence of cyberattacks aimed at Damaging Poland’s military alliance with North America.

Gen. Cavoli said that the servers of national and regional polish websites were being influenced by some state-funded hackers who were trying to spread misinformation by posting articles on the news websites without the knowledge of the owners and shaming the efficacy and vigilance of Polish Soldiers and their warfare related equipment.

Showing a doctored sentence from the article and a fake interview in a renowned website, Gen. Cavoli is seen quoting that the Poland soldiers can only fire Knicker Elastic and can never use artillery.

As the false article was reposted on other news websites like- Telewizja Republika, Olsztyn24.com, ePoznan.pl, Radio Szczecin and Niezalezna.pl, the fake news was speculated as original leading to much chaos among the government officials of Poland and posing as a big threat to the relation-buildup event titled Defender –Europe-20 to be held in Poland from June 5th, 2020.

Although Polish officials have never made official, they suspect the play of Russian Intelligence from Kremlin in this whole exercise of spreading misinformation as the attacks are in line with Russian Propaganda and were launched from different IPs originating from Russia.

Reacting to the news, Wojciech Surmacz, the head of the Polish Press Agency (PAP) has claimed the news posts as false and confirmed that the content was induced into the website through fraudulent means.

The post Hackers spreading fake news to induce fight between the US and Poland appeared first on Cybersecurity Insiders.


June 01, 2020 at 10:41AM

Minnesota has witnessed a surge in Cyber Attacks

Minnesota is witnessing a surge in cyberattacks as hackers are trying to induce political unrest and pressure on the law enforcement after the death of George Floyd on May 25th, 2020.

 

But Minnesota’s Security Operations Center says that all the attacks launched on the government infrastructure of the state have been thwarted or neutralized after they learned that the hackers were targeting the government servers with DDoS- distributed denial of service attacks.

 

A source from the MNIT, a state Information Technology Agency say that the surge in attacks has been witnessed from the day a white police officer knelt on the neck of a black man named George Floyd leading to his death and a backlash from a certain section of the populace about the racial discrimination.

 

MNIT is the same organization that works closely with the Public Safety Department and the intelligence unit of the federal government.

 

Tarek Tomes, the Chief Information Officer of the State and Commissioner of MNIT have confirmed the news, and Gov. Tim Walz has confirmed it in the briefing of Sunday morning.

 

Note- Many Americans from Minnesota and neighboring states started to sympathize with the George Floyd Death Scene which was being circulated on social media and via various media resources since Saturday. And Minnesota’s law enforcement department felt that the surge in cyberattacks could have been the work of some tech geeks who retaliated the death of African-American man’ after seeing the circulated George Floyd Video Tape on Twitter and WhatsApp. As they wanted to create political unrest in the state they might have launched DDoS attacks to retaliate the deed of Police Officer Derek Chauvin who knelt on Floyd’s neck for almost 9 minutes causing traumatic asphyxia- thus death.

The post Minnesota has witnessed a surge in Cyber Attacks appeared first on Cybersecurity Insiders.


June 01, 2020 at 10:40AM

Saturday, May 30, 2020

What You Need to Know About Reverse Proxy

Cloud access security brokers (CASBs) are the go-to solutions for securing the use of cloud-based tools. Whether it’s major software-as-a-service apps, niche or long-tail SaaS apps, custom apps built on IaaS platforms, or something else entirely, CASBs are used to protect data wherever it goes. However, not all CASBs are created equal. In this blog we will review the different CASB architectures and the importance of one deployment option in particular–reverse proxy. 

The post What You Need to Know About Reverse Proxy appeared first on Cybersecurity Insiders.


May 31, 2020 at 09:09AM

Friday, May 29, 2020

Russia hacked Exim Email Server program says NSA

US National Security Agency aka NSA has issued a press update yesterday that hackers funded by Russian military agency have launched a malicious malware campaign to exploit the Exim Internet Email Server program since Aug’19.

 

And the news is out that the hacking group which was previously involved in hacking the US Elections 2016 has achieved the feat by exploiting the vulnerability in Exim Mail Transfer Agent which operates on the UNIX Operating system.

 

Precisely, Exim is a message transfer agent that was developed by the University of Cambridge and is being termed with a GNU General Public License. It is used by some government agencies and contractors. And security experts say that all unpatched UNIX Operating systems exhibiting the vulnerability might be exploited.

 

Jake Williams, a former hacker who worked for the US Government and now the President of Rendition Infosec disclosed the vulnerability to the world on Thursday and it took only a few minutes for him to break into a government server in Britain.

 

Note 1- Sandworm is the same group that works for Russian intelligence named GRU and was into hacking the 2016 US polls which eventually went in favor of Donald Trump. So, NSA has issued an alert to all government agencies over the Russian Military Group Sandworm which is found using newly drafted emails from the email server with malicious links aimed to infect the victims.

 

Note 2- The 2017 NotPetya Cyber Attack was also launched by GRU propelled Sandworm which targeted most businesses operating in Ukraine. It caused around $10 billion damage and reportedly hit the Maersk shipping company from Denmark very badly.

 

The post Russia hacked Exim Email Server program says NSA appeared first on Cybersecurity Insiders.


May 29, 2020 at 08:39PM

Thursday, May 28, 2020

Ransomware attack on New Mexico County and Intl Fisheries in Halifax

Ransomware menace seems to be a never-ending saga and the latest victim happens to be New Mexico County and International Fisheries Organizations of Halifax. Going with the first, servers related to Rio Arriba County were discovered to be having encrypted files and databases as a result of Ransomware attack early this week. And the bad news is that those spreading the file-encrypting malware have also managed to lock down the county’s backup servers from access.

Thomas Campos the manager of the County was not ready to issue a press update on this note. But a source close to him has admitted that most of the servers related to the county were reigning under the cyber attack.

Raymond Ortiz, the Information Technology Consultant has said that the attack was notified to the law enforcement and the insurance company which was covering the digital assets of Rio Arriba County under a cyber insurance cover.

In another incident related to Ransomware, an International Fishing Organization named the Northwest Atlantic Fisheries Organization(NAFO) which manages to keep a count and stock of the fish caught in the international waters has reported having become a victim of a cyber attack.

The Halifax based organization stated in a press statement released yesterday that attack was discovered and notified to the stakeholders on May 24th of this year and the extent of the impact is yet to be known.

Lisa LeFort, a senior executive assistant to the executive secretary of NAFO stated that all the compromised servers were taken down and more details related to the attack will be provided shortly.

The post Ransomware attack on New Mexico County and Intl Fisheries in Halifax appeared first on Cybersecurity Insiders.


May 29, 2020 at 10:34AM

C-Level Executives are vulnerable to mobile-based cyber attacks

According to a study conducted by MobileIron, C-Level executives are most vulnerable to mobile-based cyber attacks as hackers target them as soft targets to infiltrate a corporate network.

“Trouble at the Top” report compiled by MobileIron has made its analysis based on the response given by over 300 enterprises IT decision makers which includes those from France, Benelux, Germany, UK, and United States and have included the responses of over 50 C-Level executives from developed nations such as UK and US.

The highlight in the findings is the fact that over 68% of executives feel that IT security is invading their privacy as 62% of them feel that the security limitations curb the use of devices and 58% of them finding it extremely difficult to understand.

Therefore, as a result of this kiosks, over 76% of C- Level executives have admitted that they bypassed one or more of their company’s security protocols last year.

What’s concerning in the find is the fact that the IT decision-makers of the companies operating across the world have overwhelmingly stated that C-Suite level employees are proving as the most vulnerable targets to hackers as 71% of them have fallen prey to phishing attacks last year.

MobileIron argues that C-Level executives often evade the multi-factor identification which is designed to protect businesses from data breaches and password steal. And this is what is making them prone to cyber-attacks.

So, all you guys out there which include those whose designations start with “Chief” like CFO, CIO, CTO, CHRO, CMO, COO, and CFO should make a note of the changes taking place in the current cyber landscape and act accordingly which benefits you and the company in a wholesome way.

The post C-Level Executives are vulnerable to mobile-based cyber attacks appeared first on Cybersecurity Insiders.


May 29, 2020 at 10:32AM

How To Catalog Vendors With Access to Your Network

Working with vendors, business partners, and other third parties is a fact of life for most organizations. However, once vendors are selected, vetted, and onboarded, they will often be given remote access to your network, and that’s where problems can arise. Even one vendor can increase the risk that your network might be compromised; when the number of vendors grows into the dozens or hundreds, the risk increases exponentially. This leads to an ongoing tug of war: the need to give each approved vendor access to your network in order to get to the resources they require to do their job versus the need to maintain the security of your network and your organization’s vital assets.

Hence, any organization that works with vendors who access corporate resources remotely must identify relevant and effective steps that can help mitigate the risk exposure caused by working with vendors, and one important step towards achieving that goal is implementing a system to properly catalog these vendors.

In this blog post, we’ll explore what vendor cataloging is, why profiling each vendor to gauge individual risk is a key element in this process, the main benefits of vendor cataloging, and some final thoughts.

What is vendor cataloging?

Among the best practices that organizations should implement for reducing the risks caused by vendor remote access is cataloging new vendors. This is one of the most important, since this process helps share vital detailed information within the organization about the services provided by these third parties, the departments they are intended to serve, and their level of risk (determined by vendor profiling and other assessment techniques).

Vendor cataloging is the gold standard for reducing risk when vendors are first hired. By using this process, an organization can fully assess and document each new vendor and supplier that will come in contact with their network. Then, after vetted and approved vendors are onboarded, risk can be continuously monitored and mitigated by maintaining ongoing records for all third parties, and updating these records as working relationships begin and end over time.

Profiling vendors to gauge risk: the key to vendor cataloging

It’s a given that working with third parties brings risk, but the level of risk tends to vary from vendor to vendor. Hence, organizations striving for optimal security and compliance should conduct an internal profile of each third party they work with, in order to determine the inherent risk of hiring them.

Talk to departments hiring vendors

Organizations can start the profile development process by talking to the department or unit that needs to hire each vendor. One should ask for important vendor data, such as:

  • What products or services does the vendor provide for your organization?
  • Are the vendor’s products or services critical to your organization?
  • What types of data are they processing?
  • Will the vendor need to handle confidential information (and if so, how much information)?
  • The vendor’s location.
  • Will they require access to your organization’s network?

Each profile provides a guide for deciding which mitigation controls may be needed for each vendor. The complete catalog listing, containing all of your organization’s vendor profiles, should be made available to everyone in your organization who deals with these vendors and updated regularly.

Group similar vendors into categories

To help streamline the vendor cataloging process, one useful strategy is to assign a category to each vendor, grouping similar vendors together. Such groupings can speed up vendor cataloging, since similar vendors tend to have several risk factors in common and thus require the same or similar questioning, assessment, and risk mitigation strategies. Example categories might be “sales automation” or “HR”, but the actual categories should fit your group of vendors and your organization’s use cases.

Vendor assessment via questionnaires

Creating a questionnaire that lets third parties assess themselves can make the vendor cataloging process much easier and more useful. Giving each vendor a self-assessment survey is not only standard practice, it’s also good practice – especially for third parties rated as high or medium risk. Questionnaires should be used to determine new vendors’ core policies, procedures, and processes around security and compliance, which helps organizations discover the true risk level of each vendor.

The category and degree of risk assigned to each vendor should guide question type and depth. However, in an ideal cataloging questionnaire, one should not bombard vendors with too many questions. Overly long forms with vague, obscure, or complicated questions can often engender partial answers that are not fully thought out or accurate. Questions that are relatively simple and objective, exploring topics of genuine concern, tend to work best.

The benefits of vendor cataloging

There are several benefits gained when an organization implements a robust process for cataloging incoming vendors.

Helps standardize workflow

Vendor cataloging helps organizations formalize the necessary procedures and workflow for assessing, hiring, and onboarding vendors, which in turn leads to increased efficiency.

Reduces risk of security breaches

Once vendors have been categorized, questioned, assessed, approved, and onboarded, the risk of potential problems caused by vendor access to your organization’s network can be known, and thus proper steps can be put in place to monitor and mitigate that risk. Risk mitigation is especially important; according to one report, 65% of organizations that outsourced work to a vendor have experienced a consumer data breach, and 64% indicated that this occurred multiple times.

Ensures compliance

Vendor cataloging helps ensure that third parties meet compliance requirements related to regulations (governmental or industrial), as well as compliance guidelines set forth in an organization’s internal policies. This is especially important with new privacy laws such as GDPR and CCPA put new requirements in place for organizations to track vendors who handle their data.

Final thoughts

The goal of vendor cataloging is to provide a coherent process by which organizations can closely manage vendor relationships. By creating and maintaining a detailed catalog of all third parties employed by your organization, including information about what services they provide and which departments they serve, the inherent risk due to vendor network access can be managed and substantially reduced.

Even though the risk is clear, and many organizations are aware of it, they may not take the steps necessary to address this risk, either because the available options seem too complicated or the IT department feels too tied up with other tasks to carve out time for this added burden. However, the fact remains: it is a major Achilles heel if your system is not equipped to both properly catalog incoming vendors and outboard vendors when their working relationship with your organization ends.

Ideally, what organizations need is a simple yet comprehensive method for handling these tasks, within a single integrated platform. The optimal solution would be a process that is separate from your employee onboarding. Automation of the process is also important, in order to reduce the burden on your IT department.

 

The post How To Catalog Vendors With Access to Your Network appeared first on Cybersecurity Insiders.


May 29, 2020 at 02:04AM

Gartner: 5 Things You Must Absolutely Get Right for Secure IaaS and PaaS

Cloud adoption has revolutionized the way that businesses share and access information. It has stretched across all industries, including those that are regulated or highly security conscious. Today, infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) solutions provide extensive flexibility and productivity gains to enterprises around the world.

The post Gartner: 5 Things You Must Absolutely Get Right for Secure IaaS and PaaS appeared first on Cybersecurity Insiders.


May 28, 2020 at 09:09PM

Bitglass and the Rise of the Remote Workforce

Organizations across all industries are struggling to shift gears and acclimate to the changes brought forth by the recent events around the globe. Due to these worldwide developments, enterprises have had to shift from the familiar, primarily on-premises way of doing things to a highly remote, cloud-first workforce. As such, Bitglass, the Next-Gen Cloud Security Company, partnered with a leading cybersecurity community and surveyed IT professionals in order to gain insight as to how organizations are enabling and securing the remote workforce.

The post Bitglass and the Rise of the Remote Workforce appeared first on Cybersecurity Insiders.


May 28, 2020 at 09:09PM

IoT Masters: What you need to know before you get started in the Internet of Things

Smart devices and internet-enabled products can increasingly be found in all walks of life as our previously unconnected cities and towns are transformed into versatile and evolving digital hubs. Such is the universality of these devices, that the term the ‘Internet of Things’ has transitioned from being a phrase reserved solely for technology enthusiasts to a household term in just a handful of years. This boom has, in term, acted as a catalyst for the widespread development of connected products.

Yet this enthusiasm for smart technologies hasn’t always been accompanied by the necessary expertise required to deploy connected products. In the last few years, countless of examples of insecure and ineffective IoT products have hit the headlines – including the likes of serious security flaws found in popular smart toys.

Yet despite such activity in this space, it’s not always completely obvious how IoT beginners should take their first steps in the sector. After all, the prospect of taking your once ‘dumb’ coffee machine or car and making it ‘smart’ can be a seriously daunting prospect.

That’s why we’ve developed a video series called IoT Masters where we guide new entrants through a series of steps designed to help you kick off your exciting IoT project – from the key principles underpinning the Internet of Things, through to how to manage effective lifecycle management.

In this blog, we boil the IoT down to the basics to get you set off on your smart journey.

Build to succeed

Before getting started, it’s important to understand some of the theory underpinning the IoT. There are seven key building blocks that make up any smart project, all of which need to be accounted for at the start of any IoT venture. These are; the sensors, connectivity, application logic, the network, application on The Cloud, data analytics and security.

While the video above will give some more insight into how these elements all work together, it’s important to note that for a device to successfully and securely connect to the IoT, it needs to make sure all of these elements are fully accounted for.

Know your business

The above building blocks should be baked into any IoT campaign, but that doesn’t mean that every project is the same. There’s an ocean of difference between the needs of a smart car and a connected vending machine, for example.

The main question you need to ask yourself is why you are doing this IoT project. Are you looking to transition from a pure manufacturing business – where you are developing products – to an always-on serviced based one? Are you hoping to use customer data to improve your product iteratively or to monetise usage trends and share with the wider IoT ecosystem? These sorts of questions will determine the kind of connectivity, security and energy source you use.

For example, a connected car moves at high speeds, across borders and the connectivity element will have to live in a high temperature, high vibration environment under the vehicle’s bonnet. Since it will invariably be driving between countries, it needs the versatility to transition between networks too. This instantly presents a very different use case to a smart meter, which has to contain elements that are less obviously durable but have a battery that can last for up to 15 years as well as a supremely energy efficient network.

With that in mind, it’s vital that business owners weigh up characteristics such as performance, resilience, mobility, lifetime management and power availability at the genesis of any IoT project.

If you are interested in finding out more about becoming an #IoTMaster, check out our other great IoT content below, and do get in touch with the team with any questions.

  • Thales’ IoT portal
  • To view all IoT Masters videos, check out our playlist here

The post IoT Masters: What you need to know before you get started in the Internet of Things appeared first on Cybersecurity Insiders.


May 28, 2020 at 09:09PM

Michigan University Ransomware Attack and Microsoft PonyFinal Ransomware attack

Hackers gang spreading NetWalker Ransomware has targeted Michigan State University which is one of the oldest educational institutes in the United States. And they have reportedly given 7 days to the university officials to pay the ransom or they have threatened to release some stolen files via a website on the dark web.

To support their claims NetWalker ransomware spreading gang has already released a portion of data that they accessed before locking down the servers from being accessed by the university authorities.

Although the staff of the Michigan University is confident that they can recover the data from the backups, they are a bit worried about the data leak.

In the meantime, Technology giant Microsoft has issued an alert to the online world about PonyFinal Ransomware which is reportedly targeting PCs in the United States, Iran, and India.

Technically, PonyFinal is Java-based ransomware that is induced by human-operated ransomware attacks where hackers are seen inducing the file-encrypting malware on a manual note into corporate networks unlike phishing emails and exploit kits.

It’s done by first launching a brute force attack where hackers break into online accounts by guessing passwords and then start encrypting files by spreading to local computers.

As per the research conducted by MalwareHunterTeam, the PonyFinal Ransomware was first found early this year targeting selected victims from the Healthcare sector mainly from Iran and the United States. And after lockdown, it spread to east like India and its neighboring countries.

More details are awaited!

The post Michigan University Ransomware Attack and Microsoft PonyFinal Ransomware attack appeared first on Cybersecurity Insiders.


May 28, 2020 at 08:37PM

Wednesday, May 27, 2020

NHS Corona Virus Tracking app, not safe say, users

NHS which released a COVID 19 tracking app in early May this year for testing purposes is back in news for all wrong reasons. More than 50% of users using the NSHX COVID 19 Tracking app say that they do not trust the fact that the government of the UK will keep the data safe from hackers and state-funded snooping eyes.

 

Technically, NHS released the app to slow down the spread of the Coronavirus by tracking down COVID 19 contacts and its objective is to stop the spread of the virus warning the people as soon as they come into the vicinity of the people who are already exposed to the virus.

 

According to a study conducted by Censuswide on behalf of Anomali- a Cybersecurity solutions provider, most of the respondents who participated in the survey say that cybercriminals might use the app to send smishing messages and phishing emails. And some say that the app might be used by governments for other purposes such as keeping a track of a user and his/her whereabouts. Moreover, there is no guaranty that the app loaded phone is carried by the infected person for sure- just in case to alert those who are free from the virus.

 

So, currently, the NHSX app is riddled with a lot of dubiety even before its release.

 

Note- The NHSX app is a spinoff version of the Indian COVID 19 tracking app named ‘Aarogya Setu’ which is a mixed bag version of various COVID 19 tracking apps prevailing in South Korea. The app was tested initially on the populace of Isle of Wight and will be launched on a National note by this month-end- provided all goes as per the plan of the Boris Johnson government.

The post NHS Corona Virus Tracking app, not safe say, users appeared first on Cybersecurity Insiders.


May 28, 2020 at 10:28AM

McAfee says corporate cloud networks being targeted with Cyber Attacks

As corporate companies across the world have initiated their employees to work from home, the pressure on corporate cloud networks is said to have increased immensely. And according to a report released by Cybersecurity firm McAfee a spike in external hacks by 600% is being observed from the past few weeks.

 

McAfee reached the said estimate after analyzing the data from over 30 million users visiting its MVision Cloud service and concludes that the security delivery models need to be changed on a fundamental note to cater to the needs of the current cyber landscape.

 

“To maintain communication and collaboration between their staff to complete tasks during remote working, companies have adopted to new cloud services. And this is where it is getting hard to isolate the infrastructure from cyber threats” said Nigel Hawthorn, the Data Privacy expert for Cloud Security, McAfee.

 

Threat events from external actors have surged by 630% in the past two months and the most affected was Microsoft 365 users which were targeted on a frequent note by hackers to steal credentials.

 

If used formidably, Cloud services are the safest platforms to do business and can help achieve immense business growth through innovation and resiliency.

 

So, to mitigate risks associated with cloud usage, users should deploy cloud-native security solutions that can detect and prevent external attacks and data loss from the cloud and the use of unmanaged devices.

 

Note- McAfee Cloud Adoption & Risk Report was compiled from the data gathered by 30 million McAfee MVision Cloud users who spawn over billions of distinctive transactions and policy events in the cloud every day.

 

The post McAfee says corporate cloud networks being targeted with Cyber Attacks appeared first on Cybersecurity Insiders.


May 28, 2020 at 10:26AM

How malware mimics the spread of COVID-19

It’s a weird time to be alive. Millions of people globally are living under government lockdowns, as we collectively endure the COVID-19 pandemic. COVID-19 has brought to light some fundamental truths about humanity, including our deep-seated need for social interactions. It has also highlighted how reliant we are on critical infrastructure like our healthcare systems and internet connections, both of which are currently strained.
One of the most fascinating by-products of the COVID-19 pandemic for me personally, however, is how it has suddenly brought science and public health back to the fore of conversation. We are all washing our hands more, practicing social distancing, and acutely aware of how our choices may impact other people. Those of us in white-collar professions, including the technology field, are also now working from home in order to practice safe social distancing, which has created a host of significant cybersecurity vulnerabilities.
I…

Katelyn Ilkani Posted by:

Katelyn Ilkani

Read full post

      

The post How malware mimics the spread of COVID-19 appeared first on Cybersecurity Insiders.


May 27, 2020 at 09:08PM

The Bitglass Blog

With an ever changing, and increasingly more perilous, threat landscape, real-time data protection has become an imperative. Malware, specifically, presents a unique hazard to SaaS data, as malicious programs rapidly change with both an increase in complexity and scope of attack surface. Traditional methods of prevention, sandboxing or signature-based detection, no longer serve as an effective means of protection. With this in mind, Bitglass, the leader in advanced threat protection,  has engaged in a best-of-breed partnership with Antivirus industry leader, CrowdStrike. 

The post The Bitglass Blog appeared first on Cybersecurity Insiders.


May 27, 2020 at 09:08PM

Cyber Attack on easyJet will fetch £18 Billion compensation to customers

The Cyber Attack which took place on the EasyJet database in January 2020 might fetch the customers of the airline services provider £2000 as compensation. Highly placed sources suggest that over 9 million customers who were impacted by the data breach might get the financial compensation if all goes well as per the law and through proper channels.

 

Cybersecurity Insiders learned that the London based budget airliner identified the cyber incident in the first month of this year and notified it to the Information Commissioner’s Office at that time. But failed to notify its customers and instead, it waited almost 4 months to notify its customers i.e in May 2020.

 

Privacy advocates argue that the leaked details include personal travel patterns of those who traveled through easyJet in the past year which includes sensitive information such as email addresses, full names, travel data, departure dates, and arrival dates along with booking dates.

 

Under the article 82 of EU General Data Protection Regulation aka GDPR, all those who were impacted will have been financially compensated and so International Law firm PGMBM has filed a ‘Class Action’ suit against the airliner which could yield £2000 compensation(a total of £18 billion) to the impacted customers for causing distress, inconvenience, annoyance, and loss of control over their personal information which could be used by hackers in phishing and spam campaigns.

 

Tom Goodhead, the Managing partner of PGMBM has confirmed the news and added in the statement that the steal of monumental data is a terrible failure of EasyJet and could lead to serious consequences shortly.

 

NOTE- All those who have been affected in the EasyJet cyber-attack, can join the claim on a “no-win, no-fee” basis at theeasyjetclaim.com

 

The post Cyber Attack on easyJet will fetch £18 Billion compensation to customers appeared first on Cybersecurity Insiders.


May 27, 2020 at 08:40PM

Tuesday, May 26, 2020

American Chemical Facilities are Vulnerable to Cyber Attacks

According to a report compiled by the Government Accountability Office (GAO), most of the chemical facilities are vulnerable to cyber attacks as they are either using obsolete hardware out of date software which is against the federal training guidelines.

 

The Federal Watchdog says that most of the 3,300 chemical facilities are running against the Cybersecurity standards outlined by the Department of Homeland Security Chemical Facilities Anti Terrorism Standards (CFATS) program.

 

“ A strike of a cyber attack on chemical facilities could lead to serious consequences such as health-based risks to the populace living in the nearby facility and might also lead to life loss” says the GAO. The report states that cyber crooks might manipulate the control systems to release hazardous material leading to mass casualties.

 

DHS is advising the following standards to those inspecting the chemical facilities and that includes

 

  • Assess whether the performance goals are being met as per the Cybersecurity standards

 

  • Document every process for reviewing at the later stage
  • Ensure that the Cybersecurity training such as webinars, courses and refresher training is performed on an efficient note

 

  • Maintaining data regarding cyber integration levels in chemical facilities

 

Note- From the past two years, DHS and its cyber wing Cybersecurity Infrastructure Security Agency (CISA) have been warning the public and private entities operating in the United States about possible cyberattacks on the IT infrastructure.

 

The post American Chemical Facilities are Vulnerable to Cyber Attacks appeared first on Cybersecurity Insiders.


May 27, 2020 at 10:25AM

NSA has been secretly recording phone calls of American Populace

Barton Gellman, a journalist by profession and the man who shared NSA contractor Edward Snowden’s classified documents to the world has revealed in his book that the National Security Agency has been recording phone calls of the American populace for years and has created a database which could create a profile of a person based on the calls they made with just a push of a button.

 

Gellman claimed in his book named ‘Dark Mirror’ that NSA’s tool named ‘Mainway’ secretly records billions of phone records a day and has been doing so from the Former US President Barack Obama regime.

 

Although, NSA insists that the phone recordings are being done in the name of National Security like to keep a tab on Terrorists; Gellman argues that the service is being misused to sneak into the private lives of the American populace.

 

Note 1- In June 2013, Edward Snowden disclosed to the world about the NSA’s surveillance program to keep a tab on the US populace. And it was Gellman along with two of his other colleagues revealed the US populace was constantly being monitored on a secret note. And as soon as the story broke through the Washington Post, NSA acted softly on the intrusion of privacy clause and revealed that it was just recording the metadata from the online and phone activity of its populace such as the number dialed, or web pages visited, as well as the date and time and duration of the call.

 

Note 2- In the year 2014, the Washington Post revealed that the staff at the NSA’s secret data center were also recording the phone calls of those leading developed and developing nations across the world which includes Canada, Australia, UK, India, Singapore, Russia, China, and Iran along with North Korea. But the media resource failed to provide any circumstantial evidence.

 

Note 3- Since the day Edward Snowden whistle blew the NSA mass surveillance program he has been hiding in Russia. And after his 3 years of asylum, Russia provided him with a permanent residency in Oct’19 along with his 2017 married wife Lindsay Mills.

The post NSA has been secretly recording phone calls of American Populace appeared first on Cybersecurity Insiders.


May 27, 2020 at 10:24AM

Stories from the SOC – System compromise with lateral movement

Executive Summary
Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers.
Malicious network traffic from foreign IPs was observed trying to establish communication to a compromised internal system. The internal system was then observed trying to execute lateral movement to other internal systems by undertaking nefarious actions that were essentially blocked by the on-premises Host Intrusion Detection System (HIDS). 
Investigation
Initial Alarm Review
Indicators of Compromise (IOC)
Image 1 – Initial Alarm
Observing the initial alarm, the first event captured was an internal IP out-calling to a known malicious C2 IP (208[.]100[.]26[.]245). This simple event is an initial clue into the internal system potentially being compromised. A hasty review could suggest that the alarm could be closed out as auto-mitigated, given that we&rsquo…

Josh Gomez Posted by:

Josh Gomez

Read full post

      

The post Stories from the SOC – System compromise with lateral movement appeared first on Cybersecurity Insiders.


May 27, 2020 at 09:09AM

Don’t Shoot the Messenger – Securing Communication Apps

In today‘s world, workers use messaging applications to communicate more than ever, regardless of the industry they work under. With bring your own device (BYOD) at about 85% adoption, and with many people working remotely, messaging tools enable employees productivity to be unbothered by this modern environment. In many cases, these mobile-enablement strategies increase productivity for employees, as they are able to complete projects on the go. However, if these unmanaged devices and applications that individuals use are not secured properly, this can be a major security risk for the enterprise. 

The post Don’t Shoot the Messenger – Securing Communication Apps appeared first on Cybersecurity Insiders.


May 27, 2020 at 09:09AM

Secure Remote Work for Contractors

Securing contract employees is a challenge even in ordinary times.  Harder yet during a pandemic lockdown. Bitglass to the rescue.

The post Secure Remote Work for Contractors appeared first on Cybersecurity Insiders.


May 27, 2020 at 09:09AM

Securing Remote Work Part 3: Web Traffic, SWG, & a Smarter Digital Edge

Enterprises are embracing digital transformation and moving their applications and data to the cloud. This is accelerated by today’s expansion of the remote workforce. Despite the obvious benefits of embracing a modern cloud environment, many organizations still hang on to their legacy security practices – secure web gateways (SWG) are no exception. 

 

The post Securing Remote Work Part 3: Web Traffic, SWG, & a Smarter Digital Edge appeared first on Cybersecurity Insiders.


May 27, 2020 at 09:09AM

Bitglass Security Spotlight: Pharmaceutical Giant Is the Latest Victim of Ransomware Attack

Here are the top stories of recent weeks:

  • Ransomware Attack Results in Pharmaceutical Data Leak
  • Chegg Suffers Breach for the Third Time Since 2018
  • Fitness App Exposes Over 42 Million User Records
  • Over Two Million Card Transaction Records Exposed in Leaky Server 
  • With Over 160k Compromised Accounts, Nintendo Shuts Down Portal

The post Bitglass Security Spotlight: Pharmaceutical Giant Is the Latest Victim of Ransomware Attack appeared first on Cybersecurity Insiders.


May 27, 2020 at 09:09AM

Bitglass adds South Asia & ANZ Local Edge Data Centers

May 13, 2020, Bangalore: Bitglass is pleased to announce Local Edge Data centers in Bangalore, Chennai, Hyderabad, Mumbai, and New Delhi, India; Melbourne and Perth, Australia.

The post Bitglass adds South Asia & ANZ Local Edge Data Centers appeared first on Cybersecurity Insiders.


May 27, 2020 at 09:09AM

Beware of Counterfeits

May 14, 2020, Campell, CA: Beware of competitors distributing counterfeit Bitglass product brochures to confuse customers.

The post Beware of Counterfeits appeared first on Cybersecurity Insiders.


May 27, 2020 at 09:09AM

Securing Remote Work Part 4: ZTNA

My colleagues Wayne Phillips and Jonathan Andresen recently delivered a webcast titled, “Who moved my VPN and why should I care?” It covers a host of topics related to securing today’s remote workforce, but the title does raise a valid question: are VPNs still relevant?

 

The post Securing Remote Work Part 4: ZTNA appeared first on Cybersecurity Insiders.


May 27, 2020 at 09:09AM

Bitglass and CrowdStrike for Agentless ATP in the Cloud

With an ever changing, and increasingly more perilous, threat landscape, real-time data protection has become an imperative. Malware, specifically, presents a unique hazard to SaaS data, as malicious programs rapidly change with both an increase in complexity and scope of attack surface. Traditional methods of prevention, sandboxing or signature-based detection, no longer serve as an effective means of protection. With this in mind, Bitglass, the leader in advanced threat protection,  has engaged in a best-of-breed partnership with Antivirus industry leader, CrowdStrike. 

The post Bitglass and CrowdStrike for Agentless ATP in the Cloud appeared first on Cybersecurity Insiders.


May 27, 2020 at 09:09AM

Stories from the SOC – System compromise with ateral movement

Executive Summary
Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers.
Malicious network traffic from foreign IPs was observed trying to establish communication to a compromised internal system. The internal system was then observed trying to execute lateral movement to other internal systems by undertaking nefarious actions that were essentially blocked by the on-premises Host Intrusion Detection System (HIDS). 
Investigation
Initial Alarm Review
Indicators of Compromise (IOC)
Image 1 – Initial Alarm
Observing the initial alarm, the first event captured was an internal IP out-calling to a known malicious C2 IP (208[.]100[.]26[.]245). This simple event is an initial clue into the internal system potentially being compromised. A hasty review could suggest that the alarm could be closed out as auto-mitigated, given that we&rsquo…

Josh Gomez Posted by:

Josh Gomez

Read full post

      

The post Stories from the SOC – System compromise with ateral movement appeared first on Cybersecurity Insiders.


May 26, 2020 at 09:09PM

Please end Medical Cyber Attacks says Red Cross

Hackers who are launching cyber attacks on medical facilities such as Universities researching COVID 19 Vaccine and hospitals treating patients are being urged to stop cyber-attacks on medical facilities. 

 

In an open letter signed by some prominent personalities like foreign ministers, ex-Presidents, and seven Nobel laureates the signees’ are urging the government and United Nations (UN) to help thwart cyber attacks that are targeting medical and research facilities during the coronavirus spread.

 

The letter which is being led by the Cyber peace Institute and supported by the International Committee of the Red Cross is urging governments across the world to unite in fighting cyber attacks on hospitals and public health organizations.

 

“There needs to be a blueprint of international rules to be followed by governments to fight against cybercrime” the letter adds.

 

Some of the big names who have signed the letter include Microsoft President Brad Smith, Eugene Kaspersky- the head of Russian Cybersecurity firm Kaspersky, World Health Organizations head, Former Mexican President Ernesto Zedillo, Ban ki-Moon the general secretary for the UN, a few of Interpol agents, and Micheal Gorbachev who is the Ex-president of Soviet Union.

 

Titled “The Time to Act is Now” the letter states that the world should stop tolerating cyberattacks on health infrastructure and must also not tolerate cybercrime on an overall note.

 

Note- Cyber Peace Institute is a Microsoft established organization found in 2019 and backed by Mastercard and Hewlett Foundation. It was a spin-off another vocal campaign of Satya Nadella led campaign titled “Digital Peace”- chiefly related to the siphoning of cyber tools which eventually end up in the hands of cybercriminals.

The post Please end Medical Cyber Attacks says Red Cross appeared first on Cybersecurity Insiders.


May 26, 2020 at 08:49PM

Monday, May 25, 2020

Samsung offers Hardware Chip and Software for utmost Mobile Security

Samsung Electronics which happens to be a world-renowned electronics giant has introduced a turnkey mobile security solution in the form of a hardware chip and related software. And the newly developed hardware has also succeeded in obtaining Common Criteria Evaluation Assurance Level (CC EAL) 6+ which happens to be the high-security level obtained by any mobile component.

 

Technically speaking, the silicon chip dubbed as Secure Element (SE) Chip (S3FV9RR) is hardware that offers the utmost protection for tasks such as mobile payments, isolated storage, and boot up instances with support for hardware-based Root of Trust (RoT), device authentication and secure booting. And if integrated well, it can prove as a boon in the era of mobility driven by contactless interactions.

 

Samsung has highlighted the fact that its new Secure Element can work independently from the regular security performances observed in the main processor. Additionally, the new solution meets the hardware security module requirements for cryptographic operations which are outlined in the upcoming operating system versions.

 

To strengthen its position in offering 5G devices, the electronics giant is planning to offer various technologies related to data transfer, signal processing, and mobile security. And Samsung’s Secure Element happens to be one such technology that might be packed into all Galaxy series phones from the end of this year.

 

Note- A similar security chip was installed in Galaxy S20 series smartphones from Feb this year and so the devices were all CC EAL 5+ certified.

 

The post Samsung offers Hardware Chip and Software for utmost Mobile Security appeared first on Cybersecurity Insiders.


May 26, 2020 at 10:10AM

Apple iOS 14 leaked on iPhone 11 in China Gray market

In what qualifies as a technological embarrassment to Apple Inc, hackers seem to have reportedly got a hands-on on the next version of Apple’s operating system i.e iOS 14. News is out that the gray market in China is selling iPhone 11 devices loaded with the latest iOS 14 operating systems which were scheduled to release as a beta version in June 2020 and as the commercial version from mid-September 2020.

 

What is amazing in this OS leak is that some iPads and iPhones sold in China are also seen loaded with the latest version of iOS giving a glimpse of new features that ought to be released in the spring.

 

However, a highly placed source from Apple Inc says that the loaded OS versions might be those meant for developers who were working on the development of iPhone and iPad software.

 

“The pre-release could prove as a trove for a lot of information” says Ryan Duff, the security researcher working for Cybersecurity firm SIXGEN which was the first to discover the latest OS version. Duff highlighted the fact that the technology giant has miserably failed in defending its upcoming releases from Chinese spying eyes.

 

As of now, details are in that Apple is planning to show a glimpse of its upcoming iOS 14 at the Worldwide Developers Conference which is scheduled to be held on a virtual note on June 22nd, 2020.

 

Note- Apple iOS 14 is said to offer a mouse cursor support along with a trackpad enabled iPad Keyboards.

 

The post Apple iOS 14 leaked on iPhone 11 in China Gray market appeared first on Cybersecurity Insiders.


May 26, 2020 at 10:08AM

Ransomware news trending on Google

In Sport a New South Wales (NSW), Australia based retailer has released a press statement yesterday that the servers at its head office were impacted by REvil or Sodinokibi ransomware attack which has resulted in some data loss which includes email addresses, shipping addresses, and contact numbers.

However, the sports equipment dealer has assured that most of the data was recovered and no information on its Shopify cart was compromised in the cyber incident which could have taken place on Saturday May 16.

Meanwhile, in other news related to ransomware, Sri Lanka Telecom(SLT) has made it official that some of its internal systems were impacted by REvil Ransomware attack which could have impacted some of its hosting services.

But the company also released an affirmation that no government and business services; services related to voice and broadband; PeoTV and Hosting Services along with Broadband were impacted in the internal incident and none of the customer information was compromised.

As SLT’s threat monitoring solutions detected the file-encrypting malware attack at the earliest, the IT staff took all precautions in time to contain the incident.

Coming to the third news related to Maze Ransomware, the news is out that the renowned hacker’s gang has started releasing payment card details of customers related to Banco BCR, a state-owned Bank of Costa Rica, Central America.

Cybersecurity firm Emsisoft stated in its latest blog report that from Thursday last week, the operators of Maze started to release the stolen details from Banco BCR as it might have failed to bow down to the demands of hackers.

The post Ransomware news trending on Google appeared first on Cybersecurity Insiders.


May 25, 2020 at 08:42PM

Born In the Cloud acquired by Open Systems

Born in the Cloud, a Cyber Threat Detection firm also recognized as a security partner of Microsoft Azure was acquired by Open Systems last week for a formidable amount which is yet to be disclosed.

Trade analysts argue that the new acquisition will technically help Open Systems ability to serve businesses that are looking for cloud automation, strategy and migration goals as Born in the cloud has expert engineers in Cybersecurity, Microsoft Security Stack, Cloud Automation, Artificial Intelligence, data science, and DevOps.

“Born in the Cloud which has an experience in securing Microsoft cloud environments will from now on help customers of Open Systems accelerate companies which are looking for digital transformation by providing them sure-shot Cybersecurity solutions such as Managed Detection and Response (MDR) Services which has been recently incorporated into Azure Sentinel Security Information and Event Management (SIEM) solutions,” says Jeff Brown, the CEO of Open Systems.

Paul Keely is the founder of the 2010 startup Born in the Cloud. He has been a cloud security expert and was recognized by Microsoft as Most Valuable Professional at least 10 times. Mr. Paul is also known to be the author of Microsoft Cloud Security at the C-Level, a well-renowned book related to Azure Security.

Keely will from now stick to the payrolls of Open Systems as a General Manager and will be assigned the task of overseeing the Born in the Cloud company business.

The post Born In the Cloud acquired by Open Systems appeared first on Cybersecurity Insiders.


May 25, 2020 at 12:02PM

A vulnerability in Google Cloud earns $31k

A security researcher from South America was awarded $31,337 as a bug bounty reward for finding a bug in the Google Cloud. And the researcher’s name is being reported as Ezequiel Pereira who has found a remote code execution vulnerability in Google Cloud Deployment Manager.

Cybersecurity Insiders has learned that the Uruguayan computer science student discovered the flaw when he managed to infiltrate the secure APIs such as issuetracker.corp.googleapis.com using the gslbTarget parameter.

The web search giant appreciated the find by paying the security researcher a good amount as it could have exposed the internal infrastructure of Google to the hacker if left unpatched.

Google Cloud issued an immediate fix to the security vulnerability on May 7th and thus appreciated the researcher accordingly.

In technical terms, Google Cloud Deployment Manager is an Infrastructure related service that allows us to create, deploy, and manage cloud resources related to Google.

Coming to the other news related to Google Cloud, Dell Technologies has announced that it is offering Dell Technologies Cloud OneFS for customers of Google Cloud to cater to organizations’ data and applications structural flow.

Thus, with the latest offering, Dell Technologies wants business firms to improve and ease the complexities involved in hybrid cloud deployments with its ‘Cloud Advancements’ which allows customers to move their data and applications across public and private clouds and that too with minimal costs.

On an overall note, Dell Technologies Cloud wants to bring the best in the public cloud to data centers and vice versa by eliminating all the complexities which in turn helps companies in focusing their resources on delivering value to their clients rather than spending time on infrastructure management.

The post A vulnerability in Google Cloud earns $31k appeared first on Cybersecurity Insiders.


May 25, 2020 at 12:01PM

Friday, May 22, 2020

What’s the cost of not implementing a vendor management platform

Regularly the conversation around any sort of platform revolves around what the costs are: what is the base cost, if there are any add ons, and if you have to pay for support. However, sometimes it makes more sense to think about what the costs are if you forgo to implement a software platform. And what’s harder is that usually the task of optimizing security and efficiency is too often a paradoxical relationship. When you boost one, you end up compromising the other. Especially when it comes to managing your vendors, this balancing act between granting network access and keeping your data and systems safe can be difficult.

Luckily, Vendor Privileged Access Management (VPAM) platforms provide an easy, effective solution to this problem, giving organizations an efficient way to stay secure. There are plenty of reasons why businesses benefit from investing in VPAM tools, but what about the costs of not investing in VPAM? Here’s an outline of the risks associated with foregoing a systemized, automated approach to securing your network from third-party vendor breaches.

Manual risk management processes are ineffective

When organizations choose not to use software to help them manage their network access controls, especially for vendors, they find themselves needing to monitor their systems with manual systems, either on paper or using ineffective tools like spreadsheets. Tracking and managing vendors via these methods can prove time-intensive and costly. The average company spends 17,000 hours annually – amounting to over nine full-time employees – compiling compliance reports and investigating security anomalies.

Vigilance is needed to secure networks against vendor vulnerabilities, as nearly two-thirds of all breaches are due to third-parties. Unfortunately, it only takes one vendor to cause an incident. No matter how much time and money an organization spends on efforts to maintain data security, it won’t be enough to protect the network without proper software tools. A 2019 study conducted by the Ponemon Institute, focused on the economic impacts of third-party vendor risk management in the healthcare industry, found that nearly two-thirds of respondents believe manual risk management processes cannot keep pace with cyber threats and vulnerabilities. In short, not only is manual risk management costly and time-consuming, most organizations don’t even believe that it works.

Third-party noncompliance penalties

Compliance regulations can be a headache, especially because if your third-party vendors aren’t compliant, neither are you. In many industries, even if your vendors cause a breach but the systems or data are yours, the fines are your responsibility.  Fines and penalties vary by industry, so here’s a quick explainer on how they specifically apply to HIPAA/HITECH, ITAR, PCI DSS, and GLBA.

HIPAA/HITECH

The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH Act) provide regulations for ensuring the security of Personal Health Information (PHI), a specifically defined and protected class of data  under the law. Protecting people’s information is critical, especially details concerning personal health, so the penalties for violating these regulations are severe. HIPAA noncompliance violations can range from $100 to $50,000 per violation (or per record), depending on the level of negligence related to the specific case. The maximum fine, imposed for uncorrected, willful neglect, is $1.5 million. Remember that this is a fine your organization could have to pay, even if it’s your vendor who is noncompliant.

ITAR

International Traffic in Arms Regulations (ITAR) require that companies maintain security in the import and export of defense-related articles and services on the United States Munitions List (USML). For technology companies, this law is aimed at protecting important data from reaching the hands of foreign nationals. As matters of national security are strictly enforced, noncompliance fines for organizations and their vendors are steep. ITAR violations can lead to business restrictions, criminal or civil penalties, and imprisonment. Civil fines can reach up to $500,000 per violation, and criminal fines can reach up to $1 million and 10 years in prison per violation.

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a set of standards that apply to any business that accepts credit card payments. The goal is to keep financial information secure, and the major credit card companies are tasked with ensuring compliance and administering fines for violations, both by merchants and their vendors. Fines are not widely published or reported, but they vary between $5,000 and $100,000 per month of PCI non-compliance.

GLBA

The Gramm-Leach-Bliley Act (GLBA) is a U.S. federal law that requires financial institutions to prove they keep their clients’ nonpublic personal information (NPI) secure. Under this law, institutions that disclose NPI to third-party vendors are obligated to enter into a contractual agreement with their vendors, ensuring the NPI will not be used for anything other than to carry out the task required in the contract. This means that organizations and institutions applicable to GLBA are responsible for the compliance of themselves and their vendors. GLBA violations are penalized with fines of $100,000 per violation for institutions and $10,000 per violation, plus up to five years in prison for individuals.

Data breach costs

Expenses can pile up quickly for non-compliance violations, but the costs associated with insufficient cybersecurity don’t end there. Data breaches can be incredibly expensive, especially in the United States. A 2019 study published by the Ponemon Institute and IBM Security found that the average cost of a data breach in the U.S. is now up to $8.19 million – or $242 per stolen record. And certain industries are hit even harder than others, particularly in healthcare. The study found that the average cost of a healthcare data breach in the U.S. is a whopping $15 million.

Ransomware costs

Ransomware attacks are growing in frequency and scale and becoming increasingly expensive to resolve. According to Coveware, the average cost of a ransom payment in Q4 2019 “increased by 104% to $84,116, up from $41,198 in Q3 of 2019.” However, other metrics gauge ransomware attacks as even more expensive. When taking into account the ransom payments and associated losses, such as the value of lost data, the expense of repairing infrastructure, and the rebuilding of brand image, research by Kapersky Labs shows that a single ransomware attack costs companies more than $713,000 on average. These figures make clear that it’s far wiser to invest in preemptive security, rather than trying to react to an attack after the fact.

Invest now, save later

Even though many cybersecurity platforms can seem expensive initially, the benefits of having a secure network far outweigh the costs of the alternative. Between noncompliance violations, data breaches, ransomware attacks, and damages to brand image, the costs of having a vulnerable network can be insurmountable. VPAM tools can help you lock down your data and protect against third-party breaches, saving you the time and money to help your company succeed.

 

The post What’s the cost of not implementing a vendor management platform appeared first on Cybersecurity Insiders.


May 23, 2020 at 03:55AM