Friday, September 30, 2016

Friday Squid Blogging: Cannibal Squid

The Gonatus squid eats its own kind.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.



from Friday Squid Blogging: Cannibal Squid

Hack An iPhone And Earn $1.5 Million Instantly

Hacking the new iPhone can make you rich instantly

Hacking the new iPhone can make you rich instantly

A private company that sells exploits has just announced a huge reward for exploiting Apple’s new iOS platform. For anyone who is able to find an exploit in the new OS, the company will pay $1.5 million in prize money.

Zerodium is behind this challenge. It is a company that purchases zero day vulnerabilities and exploits and then pays heavy rewards to anyone who is able to discover any known flaws or security loopholes within popular system software.

Zerodium is going to only pay for finding exploits in fully patched iPhones and iPads. They are encouraging researchers to find these exploits by putting large prizes on the board.

Read more details http://www.zdnet.com/article/you-can-now-earn-1-5-million-for-hacking-the-iphone/

The post Hack An iPhone And Earn $1.5 Million Instantly appeared first on Cyber Security Portal.



from Lavina Bentley – Cyber Security Portal https://cybersecurityportal.com/hack-iphone-earn-1-5-million-instantly/

Imitation uBlock Origin app spotted on Chrome Store

Today, one of our researchers noticed a fake version of uBlock Origin, uploaded on the 29th of September, on the Chrome Web Store. If ever you find yourself searching for the said app within the store, you'll want to avoid imitations...

Categories:

Tags:

(Read more...)



from Imitation uBlock Origin app spotted on Chrome Store

Microsoft’s Brad Smith fires back at Salesforce: Looking forward to making CRM more competitive

Microsoft President Brad Smith isn't one to shy away from a fight when he thinks his company is in the right — see his fight with the U.S. government over secret access to customer information.

read more



from Microsoft’s Brad Smith fires back at Salesforce: Looking forward to making CRM more competitive

Microsoft’s Brad Smith fires back at Salesforce: Looking forward to making CRM more competitive

Microsoft President Brad Smith isn't one to shy away from a fight when he thinks his company is in the right — see his fight with the U.S. government over secret access to customer information.

read more



from Microsoft’s Brad Smith fires back at Salesforce: Looking forward to making CRM more competitive

Security Barriers in the Adaptation of Cloud Technology

Cloud computing adoption continues accelerating; research by IDG found that 69% of enterprises have either applications or infrastructures running in the cloud. As organizations are adopting cloud... Go on to the site to read the full article

from Security Barriers in the Adaptation of Cloud Technology

Penetration Testing: Job Knowledge & Professional Development

Interested in starting a career in penetration testing? This is actually a good time to get in the field, as security has taken center stage in the IT activities of all companies and organizations... Go on to the site to read the full article

from Penetration Testing: Job Knowledge & Professional Development

Microsoft Ignite: Microsoft Reveals the Location for Ignite 2017

As Microsoft Ignite wraps up here in Atlanta, Microsoft has let everyone know where the mega conference will be next year. read more

from Microsoft Ignite: Microsoft Reveals the Location for Ignite 2017

Facebook, Google, Amazon, Microsoft and IBM team up on AI

The group says it wants to ensure that AI benefits as many people as possible

from Facebook, Google, Amazon, Microsoft and IBM team up on AI

The Hacking of Yahoo

Last week, Yahoo! announced that it was hacked pretty massively in 2014. Over half a billion usernames and passwords were affected, making this the largest data breach of all time. Yahoo! claimed it was a government that did it: A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company's...

from The Hacking of Yahoo

Avast and AVG become one

Avast CEO Vince Steckler with Avast Threat Labs analysts In July, we announced our plan to acquire AVG Technologies. Today, I am proud to announce the completion of the acquisition of a majority stake in AVG. So we will operate as a single company as ...

from Avast and AVG become one

Debunking fuel in the gas tank, case closed.

Picking up from yesterday’s post:

Imagine a time when carburetors ruled the earth (or at least car’s fuel systems), and a time before emissions controls extended to evaporating fuel vapor, say perhaps in the 70s when I began my career as a mechanic, working on cars of that era and older.  Back then, in ye olden days, fuel systems were open to the environment, both in cars and in the tanks at gas stations.  That meant that water vapor could condense in the fuel tanks and drip or run down the sides and pool at the bottom of the tanks.  This is why the fuel pickups in gas stations’ underground tanks were a few inches above the bottom, and why we always used water-detecting paste on the giant tank sticks used to measure the amount of fuel in the ground.  An inch or two of water at the bottom of the tank and no one cared as long as the amount didn’t increase rapidly- it would stay down there harmlessly.  Unless, of course, you got a fuel delivery which churned up everything on the bottom of the tanks, water, sediment, whatever.  Still, it would eventually settle back down- but if you happened fill up your car while the much was stirred up you could get the nasties, including water, into your car’s tank.  And no, most stations didn’t have great fuel filtration between the tank and the pumps.  To this day I avoid filling up my vehicles if I see a fuel truck in the gas station lot- I had to deal with too many dirty fuel systems to take the chance.  And even if you didn’t get water from a bad gas station fill up you could build up water from condensation on the roof of your fuel tank settling to the bottom.

Now we have a couple of paths to getting water into your car’s gas tank, where does that take the sugar myth?  It doesn’t take a lot of water to dissolve sugar that finds its way into the tank, especially given the constant vibration and sloshing that happens in a moving vehicle, so now we can move the sugar solution along with the gasoline towards the engine.  We still have a fuel filter to deal with, but they were generally simple paper filters designed to stop solids, not liquids, so our mix of gasoline and sugar water wouldn’t get stopped there.  This assumes that the vehicle has a fuel filter at all- which is not a safe assumption if you go far enough back in time, or if you happen to be dealing with someone who bypassed their fuel filter “because it kept clogging up”.  (If you think no one would ever do something that dumb, you have probably never worked a helpdesk).

And now the fuel hits the carburetor, where a little bowl acts as a reservoir for fuel before it finds its way into the intake system.  Carburetors are full of tiny orifices, the kind that don’t like dirt, or much of anything other than clean gasoline and clean air.  Sugar water can gum things up, block holes, or settle out into the bottom of the fuel bowl- and that’s where things are no longer theoretical.  I had to clean out a few carburetors with sticky goo in them in my “gas station mechanic” days, and I recall one where we dropped the gas tank and found an ugly mess in the tank.  Sugar in the tank could, under some circumstances, be annoying.  Not catastrophic but mildly disruptive, and a genuinely unpleasant thing to do to someone.

What’s the moral of the story?  I don’t think there is one, other than exaggeration and hyperbole feed urban legends whether they’re based on complete nonsense or a tiny grain of truth.

Bottom line, don’t put sugar in gas tanks.  Not just because it won’t work, but because it’s a rotten thing to do.

 

Jack



from Debunking fuel in the gas tank, case closed.

Thursday, September 29, 2016

The Cost of Cyberattacks Is Less than You Might Think

Interesting research from Sasha Romanosky at RAND:

Abstract: In 2013, the US President signed an executive order designed to help secure the nation's critical infrastructure from cyberattacks. As part of that order, he directed the National Institute for Standards and Technology (NIST) to develop a framework that would become an authoritative source for information security best practices. Because adoption of the framework is voluntary, it faces the challenge of incentivizing firms to follow along. Will frameworks such as that proposed by NIST really induce firms to adopt better security controls? And if not, why? This research seeks to examine the composition and costs of cyber events, and attempts to address whether or not there exist incentives for firms to improve their security practices and reduce the risk of attack. Specifically, we examine a sample of over 12 000 cyber events that include data breaches, security incidents, privacy violations, and phishing crimes. First, we analyze the characteristics of these breaches (such as causes and types of information compromised). We then examine the breach and litigation rate, by industry, and identify the industries that incur the greatest costs from cyber events. We then compare these costs to bad debts and fraud within other industries. The findings suggest that public concerns regarding the increasing rates of breaches and legal actions may be excessive compared to the relatively modest financial impact to firms that suffer these events. Public concerns regarding the increasing rates of breaches and legal actions, conflict, however, with our findings that show a much smaller financial impact to firms that suffer these events. Specifically, we find that the cost of a typical cyber incident in our sample is less than $200 000 (about the same as the firm's annual IT security budget), and that this represents only 0.4% of their estimated annual revenues.

The result is that it often makes business sense to underspend on cybersecurity and just pay the costs of breaches:

Romanosky analyzed 12,000 incident reports and found that typically they only account for 0.4 per cent of a company's annual revenues. That compares to billing fraud, which averages at 5 per cent, or retail shrinkage (ie, shoplifting and insider theft), which accounts for 1.3 per cent of revenues.

As for reputational damage, Romanosky found that it was almost impossible to quantify. He spoke to many executives and none of them could give a reliable metric for how to measure the PR cost of a public failure of IT security systems.

He also noted that the effects of a data incident typically don't have many ramifications on the stock price of a company in the long term. Under the circumstances, it doesn't make a lot of sense to invest too much in cyber security.

What's being left out of these costs are the externalities. Yes, the costs to a company of a cyberattack are low to them, but there are often substantial additional costs borne by other people. The way to look at this is not to conclude that cybersecurity isn't really a problem, but instead that there is a significant market failure that governments need to address.



from The Cost of Cyberattacks Is Less than You Might Think

[SANS ISC Diary] SNMP Pwn3ge

I published the following diary on isc.sans.org: “SNMP Pwn3ge“. Sometimes getting access to company assets is very complicated. Sometimes it is much easier (read: too easy) than expected. If one of the goals of a pentester is to get juicy information about the target, preventing the IT infrastructure to run

[The post [SANS ISC Diary] SNMP Pwn3ge has been first published on /dev/random]



from [SANS ISC Diary] SNMP Pwn3ge

Emsisoft Anti-Malware earns itself another AV-Test seal

The Emsisoft team are delighted to count another AV-Test seal among many of Emsisoft Anti-Malware’s industry certifications.

from Emsisoft Anti-Malware earns itself another AV-Test seal

Yahoo could have reset all user passwords two years ago, but chose not to

Yahoo insiders say that protecting against hackers took a back seat.

from Yahoo could have reset all user passwords two years ago, but chose not to

Some technical notes on the PlayPen case

In March of 2015, the FBI took control of a Tor onion childporn website ("PlayPen"), then used an 0day exploit to upload malware to visitors's computers, to identify them. There is some controversy over the warrant they used, and government mass hackin...

from Some technical notes on the PlayPen case

Louisville InfoSec 2016 – Kristen Bell’s Building Our Workforce

Permalink

from Louisville InfoSec 2016 – Kristen Bell’s Building Our Workforce

2,000-Qubit D-Wave Quantum Annealing Computational Device, The Future

Sadly, not a 2K qubit chip,, only a 1K model... D-Wave schools us all on how to build the future... In this case, and via Tom's Hardware, comes a story of the company's newly constructed ann...

from 2,000-Qubit D-Wave Quantum Annealing Computational Device, The Future

2,000-Qubit D-Wave Quantum Annealing Computational Device, The Future

Sadly, not a 2K qubit chip,, only a 1K model... D-Wave schools us all on how to build the future... In this case, and via Tom's Hardware, comes a story of the company's newly constructed ann...

from 2,000-Qubit D-Wave Quantum Annealing Computational Device, The Future

Clinton, Trump Debate ‘Twenty-First Century War’ Of Cyberattacks

Lester Holt led with topic of cybersecurity as the first question on national security in Monday's Presidential debate. [...]

The post Clinton, Trump Debate ‘Twenty-First Century War’ Of Cyberattacks appeared first on SecurityOrb.com.



from Clinton, Trump Debate ‘Twenty-First Century War’ Of Cyberattacks

A cyber-safe government starts with the people

cybersec.jpg

Federal government agencies face sophisticated, persistent cyber attacks that present a major strategic and economic threat to the nation. Meeting this challenge takes a combination of technology and human ingenuity. But it is skilled human capital that is in short supply, says the Office of Management and Budget.



from A cyber-safe government starts with the people

Endpoint Advanced Protection: The Endpoint Protection Lifecycle

As we get back to our Endpoint Advanced Protection series, let’s dig into the lifecycle we alluded to at the end of the intro post. We laid out a pretty straightforward set of activities required to protect endpoint devices. Though to be clear, just because it’s straightforward, doesn’t mean it’s easy to do.

The reality is that at some point you have deice where endpoint protection starts and where it ends. Additionally, figuring out how it integrates with the other defenses you use in your environment is critical because we know that today’s attacks require more than just a single control, rather an integrated system to protect the devices. The other caveat we’ll add before we jump into the lifecycle is that we are actually trying to address the security problem here, not a compliance problem. We aim to actually protect the devices from advanced attacks. Yes, that is a very aggressive objective, and some would say probably crazy given the rate of change on the part of adversary sophistication. But all the same, we wouldn’t be able to sleep at night accepting mediocrity of our defenses, and we figure you are similar – so we’ll aspire to this lofty goal.

Lifecycle

  1. Gaining Visibility: You cannot protect what you don’t know about — that hasn’t changed and isn’t about to. So the first step is gaining visibility into all the devices that have access to sensitive data within your environment. It’s not enough to just find the devices, you need to assess and understand the risk associated with the devices. And although we’ll focus most of our efforts on more traditional computing devices, smartphones and tablets count because they are increasingly being used to gain access to corporate networks.
  2. Reducing Attack Surface: Once you know what’s out there, you want to make it as difficult as possible for the attacker to compromise those devices. That means practicing good hygiene on the devices, making sure they are properly configured, patched and monitored. And yes, we are aware that many organizations aren’t the best when it comes to operational excellence, but you’ll find protection to be more effective if you get rid of the low hanging fruit making it easy for the attackers.
  3. Preventing Threats: Next you try to stop successful attacks and despite the continued investment, and promise of better results, the reality is still less than stellar. And with new attacks like Ransomware making a compromise worse, the stakes are getting higher. Technology continues to advance, but there still isn’t a silver bullet that prevents every attack. It is now a question of reducing your attack surface as much as practical. If you can stop the simplistic attacks, you can focus on the advanced ones.
  4. Detecting Malicious Activity: You cannot prevent every attack, so you need a way to detect attacks after they penetrate your defenses. There are a number of different options for detection — most based on watching for patterns that indicate a compromised device, but there are many other indicators that can provide clues as to a device being attacked. The key is to shorten the time between when the device is compromised and when you realize it.
  5. Investigating and Responding to Attacks: Once you determine a device has been compromised you need to verify the successful attack, determine your exposure, and take action to contain the damage as quickly as possible. This typically involves a triage effort and quarantining the device, then moving to a formal investigation, including a structured process to gather forensic data from devices, establishing an attack timeline to determine the root cause of the attack, an initial determination of any potential data loss, and a search to determine how widely the attack spread within your environment.
  6. Remediation: After the attack has been investigated you can put a plan in place to recover. This might involve cleaning the machine or re-imaging it and starting over again. This step can leverage ongoing hygiene tools (such as patch and configuration management) because there is no purpose to reinventing the wheel relative to additional tools to do activities already within the organization’s operational capabilities.

Gaining Visibility

You need to know what you have, how vulnerable it is, and how exposed it is. With this information you can prioritize your exposure and design a set of security controls to protect it. You start by understanding what an adversary would be interested in within your environment. To be clear, there is something of interest in every organization. It could be as simple as compromising devices to launch attacks on other sites, or as focused as gaining access to your environment to steal your crown jewels. When trying to understand what an advanced attacker will probably come looking for, there is a fairly short list, including intellectual property, protected customer data, and business operational data (proposals, logistics, etc.)

Once you understand the potential targets you can begin to profile adversaries likely to be interested in them. The universe of likely attacker types hasn’t changed much over the past few years. You’re facing attacks from a number of groups across the sophistication continuum. These start with unsophisticated attackers (which may include a 400 pound hacker in a basement), organized crime, competitors, and/or state-sponsored adversaries. Understanding likely attackers provides insight into their tactics, which enables you to design and implement security controls to address the risks. But before you can design a security control set, you need to understand where the devices are, as well as their vulnerabilities.

Discovery

This process finds the devices accessing critical data and makes sure everything is accounted for. This simple function helps avoid “oh crap” moments, as it’s no good to stumble over a bunch of unknown devices with no idea what they are, what they have access to, or whether they are cesspools of malware.

A number of discovery techniques are available, including actively scanning your entire address space for devices and profiling what you find. This works well enough and is traditionally the main method of initial discovery. You can supplement active discovery with a passive discovery capability, which monitors network traffic and identifies new devices based on network communications. Depending on the sophistication of the passive analysis, devices can be profiled and vulnerabilities can be identified, but the primary goal of passive monitoring is to find new unmanaged devices faster. Passive discovery is also helpful for identifying devices hidden behind firewalls and on protected segments which active discovery cannot reach.

As if you needed complications, this cloud and mobility thing that everyone keeps talking about does make discovery a bit more challenging. Embracing software as a service (SaaS), as pretty much everyone has, means that you may never get a chance to figure out exactly which devices are accessing critical resources. For these devices that don’t need to to through the corporate networks, you’ll need to use other means to ensure they are properly protected. That may involve a trigger upon authentication to a SaaS service or possibly having the endpoint protection capability leverage the cloud and phone home to relay telemetry about the device to a central management function. We’ll dig into these new (and emerging) use cases when we discuss detection and forensics.

Assessment

Once you know what’s out there you need to figure out how vulnerable it is. That typically requires some kind of vulnerability scan on the devices you discovered. Key features to expect from your assessment function include:

  • Device/Protocol Support: Once you find an endpoint you need to determine its security posture. Compliance demands that we scan all devices with access to private/sensitive/protected data, so any scanner should assess all varieties of devices running in your environment that have access to this critical data.
  • External and Internal Scanning: Don’t assume adversaries are purely external or purely internal — you need to assess devices from both inside and outside your network. Look for a scanner appliance (which might be virtualized) to scan your environment from the inside. You will also want to monitor your IP space from the outside (either with a scanner on the outside of your network or cloud service) to identify new Internet-facing devices, find open ports, etc.
  • Accuracy: False positives waste your time, so verifiable accuracy in scan results are key. Also pay attention to the ability to get prioritized results. Some vulnerabilities are more equal than others, so being able to identify the one’s truly presenting risk to the organization is critical.
  • Threat Intelligence: The adversaries move fast and come up with new attacks daily. You’ll want to ensure you factor new indicators into the assessment of security posture.
  • Scale: You likely have many endpoints. Today’s large enterprises can have hundreds of thousands (if not millions) of devices that require assessment. Also make sure the tool has the ability to assess devices that aren’t always on the corporate network, smartphones/tablets, and potentially resources residing in the cloud (like a desktop virtualization service).

The assessment provides perspective on how the specific device is vulnerable, but that doesn’t necessarily equate to risk. You presumably have a bunch of defenses in place on the network in front of your endpoints, so attackers may not be able to reach a vulnerable device. So you’ll need to factor that probability into the prioritization of the vulnerable devices.

It may not be as sexy as advanced detection or cool forensics technology, but these assessment tasks are necessary before you can even start thinking about building a set of controls to prevent advanced attacks. In the next post, we’ll dig into reducing attack surface and new and updated technologies that can help prevent the endpoint attacks in the first place.

- Mike Rothman (0) Comments Subscribe to our daily email digest

from Endpoint Advanced Protection: The Endpoint Protection Lifecycle

Wednesday, September 28, 2016

Malware Tries to Detect Test Environment

A new malware tries to detect if it's running in a virtual machine or sandboxed test environment by looking for signs of normal use and not executing if they're not there.

From a news article:

A typical test environment consists of a fresh Windows computer image loaded into a VM environment. The OS image usually lacks documents and other telltale signs of real world use, Fenton said. The malware sample that Fenton found...looks for existing documents on targeted PCs.

If no Microsoft Word documents are found, the VBA macro code execution terminates, shielding the malware from automated analysis and detection. Alternately, if more than two Word documents are found on the targeted system, the macro will download and install the malware payload.



from Malware Tries to Detect Test Environment

Using Neural Networks to Identify Blurred Faces

Neural networks are good at identifying faces, even if they're blurry:

In a paper released earlier this month, researchers at UT Austin and Cornell University demonstrate that faces and objects obscured by blurring, pixelation, and a recently-proposed privacy system called P3 can be successfully identified by a neural network trained on image datasets­ -- in some cases at a more consistent rate than humans.

"We argue that humans may no longer be the 'gold standard' for extracting information from visual data," the researchers write. "Recent advances in machine learning based on artificial neural networks have led to dramatic improvements in the state of the art for automated image recognition. Trained machine learning models now outperform humans on tasks such as object recognition and determining the geographic location of an image."

Research paper



from Using Neural Networks to Identify Blurred Faces

Tuesday, September 27, 2016

Microsoft Ignite: Satya Nadella positioning Microsoft to be Gutenberg Press of the AI age

Yesterday I wrote that Microsoft is [moving beyond its "mobile first, cloud first" mantra](http://windowsitpro.com/ignite/microsoft-ignite-microsoft-chasing-whats-next-after-mobile-first-cloud-first), and in yesterday afternoon's keynote, Satya Nadella...

from Microsoft Ignite: Satya Nadella positioning Microsoft to be Gutenberg Press of the AI age

Microsoft Ignite: What’s new with Windows 10 Deployment

This in-depth session during Microsoft Ignite provided updated information on deploying Windows 10 in the Enterprise. read more

from Microsoft Ignite: What’s new with Windows 10 Deployment

Donald Trump says hackers sit in their bedrooms, weighing 400lb

Some are tall, some are short, some may even be Mexican. But Donald Trump takes prime-time TV to paint a stereotypical portrait of hackers.

from Donald Trump says hackers sit in their bedrooms, weighing 400lb

Aerospace industry warned of targeted attacks from the Komplex OS X trojan

The Sofacy hacking group (also known as APT28, Sednit, and Fancy Bear) has developed a new trojan called 'Komplex' to help it target OS X users. David Bisson reports.

from Aerospace industry warned of targeted attacks from the Komplex OS X trojan

Louisville InfoSec 2016 – Max Aulakh’s Emerging Governance Frameworks for Healthcare Security

Permalink

from Louisville InfoSec 2016 – Max Aulakh’s Emerging Governance Frameworks for Healthcare Security

The Internet of Things in Healthcare

The Internet of Things (often referred to as IoT) is an exciting new development in connectivity and technology that is happening as you read this. Essentially, IoT allows our multitude of devices to... Go on to the site to read the full article

from The Internet of Things in Healthcare

From my Gartner Blog – Building a Business Case for Deception

So we’ve been working on our deception technologies research (have we mentioned we want to hear YOUR story about how YOU are using those?) and one of the things we are trying to understand is how organizations are building business cases for deceptions tools. As Anton said, most of the times deception will be seen as a “nice to have”, not a “must have”. With so many organizations struggling to get money for the musts, how would they get money for a should?

Anton mentioned two main lines to justify the investment:

  1. Better threat detection
  2. Better (higher quality) alerts

In general, most arguments will support one of the two points above. However, I think we can add some more:

– More “business aligned” detection: with all these vendors doing things such as SCADA and SWIFT decoys, it looks like one of the key ideas to justify deception tools is the ability to make them very aligned to the attacker motivations. However, in the end, isn’t that just one way of supporting #1 above?

– Cheap (ok, “less expensive”) detection: most of the products out there are not as expensive as other detection technologies, and certainly are cheaper when you consider the TCO – Total Cost of Ownership. They usually cost less from a pure product price point of view and also require less gear/staff to operate. This is, IMO, the #3 on the list above, but could also be seen as an expansion of #2 (high quality alerts -> less resources used for response -> less expensive).

– Less friction or reduced risk of issues: Some security technologies can be problematic to implement, but it’s hard to break anything with deception tools; organizations that are too sensitive about messing with production environments might see deception as a good way to avoid unnecessary risks of disruption. I can see this as an interesting argument for IoT/OT (sensitive healthcare systems, for example). Do we have a #4?

– Acting as an alternative control: This is very similar to the point above. Some organizations will have issues where detection tools relying on sniffing networks, receiving logs or installing agents just cannot be implemented. Think situations like no SPAN ports or taps available/desirable, legacy systems that don’t generate events, performance bottlenecks preventing the generation of log events or installation of agents, etc. When you have all those challenges and still want to improve detection, what do you do? Deception can be the alternative to not doing anything. This looks like a strong #5 to me.

– Diversity of approaches: This is a bit weak, but it makes some sense. You might have many detection systems at network and endpoint level, but you’re still looking for malicious activity among all the noise of normal operations.  Doesn’t it just make sense to have something that approaches the problem differently? I know it’s a quite weak argument, but surprisingly I believe many attempts to deploy deception tools start based on this idea. At least for me it is worth a place on the list.

With all these we have a total of 6 points that could be used to justify an investment in deception technologies. What else do you see as a compelling argument for that? Also, how would you compare these tools to other security technologies if you only have resources or budget to deploy one of them? When does deception win?

Again, let us hear your stories!

The post Building a Business Case for Deception appeared first on Augusto Barros.



from Augusto Barros http://ift.tt/2d7o3v6
via IFTTT


from From my Gartner Blog – Building a Business Case for Deception

Top 5 Emerging Security Technologies in Healthcare

Data breaches continue to be a primary concern for the security of healthcare organizations. Although there will most likely never be a day where the threat of ransomware attacks and attempted thefts... Go on to the site to read the full article

from Top 5 Emerging Security Technologies in Healthcare

Emerging Technologies in Healthcare

Technology development has been transforming and adding values to healthcare service providers and practitioners. Many technological innovations have been introduced to the field in the last decade.... Go on to the site to read the full article

from Emerging Technologies in Healthcare

Komplex Mac backdoor answers old questions

A new piece of Mac malware, dubbed Komplex, has been discovered by Palo Alto Networks. This malware provides a backdoor into the system, like most other recent Mac malware. Where it gets most interesting, though, isn't in its capabilities, but in the connections it allows us to make.

Categories:

Tags:

(Read more...)



from Komplex Mac backdoor answers old questions

Brian Krebs DDoS

Brian Krebs writes about the massive DDoS attack against his site. In fact, the site is down as I post this.



from Brian Krebs DDoS

Monday, September 26, 2016

Brian Krebs DDoS

Brian Krebs writes about the massive DDoS attack against his site. In fact, the site is down as I post this....

from Brian Krebs DDoS

The Era of Proportional Ransomware Has Arrived

According to the FBI the incursion of ransomware has just gone from bad to worse. In a recent alert, the U.S. Federal Bureau of Investigation (FBI) warned that recent ransomware variants have targeted and compromised vulnerable business servers to identify and target hosts, thereby multiplying the number of potential infected servers and devices on a network. More…

The post The Era of Proportional Ransomware Has Arrived appeared first on Speaking of Security - The RSA Blog.



from The Era of Proportional Ransomware Has Arrived

Why Data Security is Important for Startups?

It is hard to overstate the importance of data security, especially for small firms like start ups. The 2016 threat environment for hacking and breaching is quite dangerous. Bad actors overseas in places like Russia and China frequent...

from Why Data Security is Important for Startups?

Problem with OpenSSL Patches of September 22, 2016

Today, OpenSSL has released an update advising of a problem with patches that was released last week on September 22. The first offending patch was for CVE-2016-6309, and it could result in a crash or even execution of attacker-supplied code resulting in compromise of the patched machine. This issue only affects OpenSSL 1.1.0a, released on 22nd September […]

from Problem with OpenSSL Patches of September 22, 2016

FFIEC updates (finally) their Information Security IT Examination Handbook

Well, after ten years, the FFIEC has finally updated their Information Security IT Examination Handbook.So probably some are wondering what this is and why should they care.  If you don't work in the financial industry, you may not be aware of all...

from FFIEC updates (finally) their Information Security IT Examination Handbook

Microsoft Ignite: Microsoft chasing what’s next after Mobile First, Cloud First

One of the things that struck me watching today's Ignite keynote announcement was what wasn't said, at least not immediately: That Microsoft is a mobile-first, cloud-first company.

The company still definitely is: They boasted that they're one of the biggest app publishers on Android and iOS and showcased endless datapoints showing Azure's successes, including noting that it now has 34 regions, twice the number of AWS.

read more



from Microsoft Ignite: Microsoft chasing what’s next after Mobile First, Cloud First

Looking For Talent In All The Wrong Places

9-26
Zero percent. That’s the current unemployment rate in cybersecurity. Twenty jobs open for every qualified candidate. Over 1.4 million positions open listed as “Information Security Analyst” Less than 10% of people employed in the information security field are women. The average compensation for security analysts in California is $129,000 annually. The average pay for a […]

from Looking For Talent In All The Wrong Places

Project APT: How to Build an ICS Network and Have fun at the Same Time

The Industrial Control System (ICS) security team at Talos frequently see requests from peers and from students on how to build an ICS test lab. After all, the best way to learn is to get some equipment and learn with good old-fashioned hands-on tinkering. Unfortunately, many frame their test lab inquiries based on more traditional IT standards and network topologies. This is an easy error to make. After all, we can all generally name the components of a modern IT network - workstations, servers,switches, routers and firewalls for example. It’s easy to fall back on things for which we are most familiar.  It’s only natural. It would be easy to assume building an ICS network is just assembling the usual suspects of ICS equipment, and soon you will have an ICS test lab.

The truth is, nothing is atypical with industrial control system networks. Understanding industrial control systems and how they work together to deliver a process is not an easy thing. An electrical utility and an oil refinery may make use of the exact same ICS equipment in completely different environments and configurations, which effectively makes understanding implementation difficult. With such a diversity of industries and verticals, it can be difficult to even find a starting point much less procure (often expensive) equipment to start a proper ICS test lab. 

Members of the ICS team (Joe Marshal, Patrick DeSantis II & Carlos Pacho) were challenged with this problem by Talos senior leadership, and were told to find a way to build a ICS test lab. No easy task! As it turns out, the answer was easy, but the road to get there would not be.


Project Advanced Persistent Thirst


After much deliberation and research, the team decided to build a test lab that combines our love of hacking and libations. Thus, Project APT was born. We would create an ICS actuated fluid dispersal system (read: Kegerator), capable of dispensing fluid either automatically or manually as determined by the process. And ‘process’ is the key word here! As you look upon our work, understand we knew what process we wanted to create before we started to purchase equipment. As you build your own test labs, understand what the end goal is before you obtain equipment - as the process will define what you equip your test lab with. In our case, our process was the automated pouring of beer out of a kegerator. Insofar as we can tell tell, we’re the first to ever attempt a pure ICS automated keg pouring for refreshing SCADA beer.

This is our test lab, Advanced Persistent Thirst.



The Guts of APT




At the heart of our process control network (PCN), is an Allen-Bradley MicroLogix 1400 Programmable Logic Controller (PLC). The PLC processes the logic which is executed for beer pouring.This in turn connects to our industrial unmanaged switch which creates a simple but effective PCN. Controlling external access we have a Moxa wireless access point configured to allow remote connectivity to the PCN.

Up Top




Our Human Machine Interface (HMI) is an Allen-Bradley PanelView 800. It runs a custom GUI that allows our custom designed nozzles to dispense beer at a touch. Notice that we have two nozzles, ideal for multiple container support and fluid dispersal. After several design iterations and many engineering challenges, we had a custom tap tower designed in CAD and then 3D-printed it. It allows for both beer shanks/nozzles, and for our linear solenoids to actuate the beer taps to the open position. The ‘muscle’ pushing our taps open are linear 68 oz. push solenoids, which are connected to a unique assembly that allows for lateral connection to a ball joint on the tap handle, which allows for smooth operation and optimal beer flow. The taps are self retracting, as linear solenoids typically only actuate in one direction (in this case, pushing taps open).

The PCN



As process control networks go, Project APT is simple and effective. Only once process is executing, and the logic it requires to operate is uncomplicated - and was intended to be so. The open secret of Project APT is that our PCN is hackable. Vulnerable conditions exist on all devices within our PCN, that, if an attacker were to exploit, would stop our process. These vulnerable conditions aren’t necessarily 0-days or even deliberately designed exploits - an attack could be as devastating as overwriting firmware, to as simple as creating a denial of service condition on the HMI or PLC. And this is the dirty secret of ICS - while designed to be robust for process driven reliability, ICS devices can be very fragile against many cyber attacks (or even benign IT processes). Compounding the fragility of ICS devices, many operational technology (OT) networks are often very ‘flat’ and unsegmented, and usually connected to more modern information technology networks to support business processes. Project APT mimics that, and painfully demonstrates what happens when your ICS devices are attacked - your process is stopped, and in our case, the pint glasses stay empty. 






On The Road



Once we created APT, we realized we could make a great ICS challenge for others to try - we bolted on a Moxa Wireless AP - and a Rockwell Stratix 5950 Industrial Firewall to provide protection and segmentation. This allowed us to create a great ICS hacking challenge - could someone figure out ICS protocols and actuate a beer tap without touching the HMI? To find out, we took Project APT on the road! We recently presented our kegerator in Louisville Kentucky, at DerbyCon 6.0. 


The convention was a fantastic success for Advanced Persistent Thirst - our presentation was well received. Over the course of the weekend we let conference attendees hack our kegerator - and it was a tough challenge!

Conference goers busy hacking APT!

To hack an ICS network, you really need to do your homework! Understanding process control networks and manipulating PLC’s requires dedication and time. We had many attendees try, and had four successful conference goers hack APT to wireless actuate our kegerator! A big congrats to Andrew, Jonathan, Nick, and Jared for being the first to crack the tough challenge of hacking Advanced Persistent Thirst! For their efforts they earned a well deserved congrats, and the much coveted Talos challenge coins.



If we bring Advanced Persistent Thirst to a conference near you, we hope you’ll hack it and maybe pour yourself a beer. Thank you to everyone who came to us and complimented us on our project, and showed an interest in learning about ICS and how we put our project together. We appreciated all the kind words and interest, and hope we inspired others to learn about ICS.


from Project APT: How to Build an ICS Network and Have fun at the Same Time

NAND’d

Apple Inc. (NasdaqGS: AAPL) iPhone passcode protection defeated by NAND Mirroring... Ooops.

from NAND’d

Don’t drill a headphone jack hole into your iPhone 7! It’s a hoax

Clamp your phone safely into a vice grip, get a 3.5mm drill, and then bore a hole into your hard drive so you can't jump onto YouTube and tell other people "It WORKS!"

from Don’t drill a headphone jack hole into your iPhone 7! It’s a hoax

Sunday, September 25, 2016

The Democratization of Censorship

John Gilmore, an American entrepreneur and civil libertarian, once famously quipped that “the Internet interprets censorship as damage and routes around it”. This notion undoubtedly rings true for those who see national governments as the principal threats to free speech. However, events of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely powerful cyber weapons with transnational reach.

from The Democratization of Censorship

What’s the Likely Future of Cybersecurity in the States?

John Gilmore, an American entrepreneur and civil libertarian, once famously quipped that “the Internet interprets censorship as damage and routes around it”. This notion undoubtedly rings true for those who see national governments as the principal threats to free speech. However, events of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely powerful cyber weapons with transnational reach.

from What’s the Likely Future of Cybersecurity in the States?

Your iOS 10 device iTunes backup is still perfectly safe

This week a security issue was found with the way iTunes secures  iOS 10 device backups. Described as a “major security flaw” by Elcomsoft this issue allows an attacker to attempt and break the passcode on the backup 2500 times faster than before. For some reason Apple uses an alternative password verification method for iOS ...

The post Your iOS 10 device iTunes backup is still perfectly safe appeared first on SecuritySpread.



from Your iOS 10 device iTunes backup is still perfectly safe

Louisville InfoSec 2016 – Matt Bianco’s Cloud Access Security Broker: 6 Steps To Addressing Your Cloud Risks

Permalink

from Louisville InfoSec 2016 – Matt Bianco’s Cloud Access Security Broker: 6 Steps To Addressing Your Cloud Risks

Louisville InfoSec 2016 – Matt Bianco’s Cloud Access Security Broker: 6 Steps To Addressing Your Cloud Risks

Permalink

from Louisville InfoSec 2016 – Matt Bianco’s Cloud Access Security Broker: 6 Steps To Addressing Your Cloud Risks

Camouflage

David Weiller's strikingly beautiful cinematography detailing the astounding natural implementation of the notion of hiding in plain sight. via Kottke...Permalink

from Camouflage

Camouflage

David Weiller's strikingly beautiful cinematography detailing the astounding natural implementation of the notion of hiding in plain sight. via Kottke...Permalink

from Camouflage

Show vulnerable packages on Arch Linux with arch-audit

Vulnerable Software Packages on Arch Linux Vulnerabilities happen and are usually fairly quickly fixed. This is also true for Arch Linux. This rolling distribution can be considered to be always up-to-date, as it uses the latest versions of software packages from the upstream. When there is an update, it doesn’t take long that is becomes available in the package manager pacman. One problem that remained was the inability to quickly test if you have any vulnerable packages. After all running pacman -Suy daily [...]

The post Show vulnerable packages on Arch Linux with arch-audit appeared first on Linux Audit.



from Show vulnerable packages on Arch Linux with arch-audit

Saturday, September 24, 2016

New Mobile Malware Hits Google Play, Hundreds of Users Affected

We've, recently, intercepted, a, currently, circulating, malicious, campaign, affecting, hundreds, of, Google, Play, users, potentially, exposing, their, devices, to, a, multi-tide, of, malicious, software, potentially, exposing, the, confidentiality, ...

from New Mobile Malware Hits Google Play, Hundreds of Users Affected

A Blog of the Past – Using Secure Managers for Passwords

data-1590455_960_720_724x260Today we bring back a blog of the past. With the Yahoo Breach still a hot topic of cyber news we here at AsTech cannot stress enough the importance of password security whether it’s using salted hashes or as in … Continue reading

The post A Blog of the Past – Using Secure Managers for Passwords appeared first on AsTech Consulting.



from A Blog of the Past – Using Secure Managers for Passwords

Louisville InfoSec 2016 – Sese Bennet’s Cloud Security: Introduction To FedRAMP

Permalink

from Louisville InfoSec 2016 – Sese Bennet’s Cloud Security: Introduction To FedRAMP

Weekly Cyber Risk Roundup: Yahoo One of Many New Data Breaches

The past week has been full of various data breach announcements that have flown mostly under the radar. One exception is the breach at the World Anti-Doping Agency (WADA). New batches of information on Olympic athletes continue to be leaked, and the Entertainment sector’s cyber risk score has steadily risen to reflect those leaks. Another… Read More

from Weekly Cyber Risk Roundup: Yahoo One of Many New Data Breaches

Friday Squid Blogging: Space Kraken

A Lego model of a giant space kraken destroying a Destroyer from Star Wars. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....

from Friday Squid Blogging: Space Kraken

Podcast Provides Actionable Tips for Driving BI Awareness, Adoption

Business intelligence solutions can help companies make sense of data in order to make more informed business decisions—if there’s critical mass in terms of adoption and awareness.

read more



from Podcast Provides Actionable Tips for Driving BI Awareness, Adoption

Does the Yahoo Breach Have You Worried About Your Online Security?

Unlock.jpg

The recent news of the Yahoo breach and leak of hundreds of millions of passwords, names, dates of birth, and other
 personal information has led to headlines across the country. Understandably, given Yahoo’s popularity, people are worried. Especially as a summer dominated by news of leaks, hacks, and foreign intelligence agencies with nefarious agendas comes to an end. 

Given that reports suggest that the initial breach of this data occurred in 2014, one of the primary concerns about this type of data dump are password reuse attacks, where cybercriminals take previously compromised credentials and use them to break into accounts on other platforms where the victim used the same username/password combination.  It’s only a matter of time before criminals use the credentials leaked in the Yahoo breach to attempt to compromise other accounts, such as financial accounts or social media profiles. 



from Does the Yahoo Breach Have You Worried About Your Online Security?

The 50% e-Crime rise and Yahoo revelations show how right the CMS Select Committee was

In July we learned that 10% of the UK population have been the victims of e-Crime – albeit nearly always reimbursed, having “only” suffered the hassle of a refused card and a couple of days struggle to get the cash to survive until they received a new card.  Earlier this week we learned that on-line...

The post The 50% e-Crime rise and Yahoo revelations show how right the CMS Select Committee was appeared first on When IT Meets Politics.



from The 50% e-Crime rise and Yahoo revelations show how right the CMS Select Committee was

Secure Code?

Word is getting around of so-called 'hacker-proof code'. You be the judge.Permalink

from Secure Code?

Threat Recap: Week of September 19th

  It’s that time of week again. Our Threat Recap is bringing you the top news in cybersecurity from new OS releases to remote access of popular cars. Here are five of the...read more

The post Threat Recap: Week of September 19th appeared first on Webroot Threat Blog.



from Threat Recap: Week of September 19th

Friday, September 23, 2016

Friday Squid Blogging: Space Kraken

A Lego model of a giant space kraken destroying a Destroyer from Star Wars.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.



from Friday Squid Blogging: Space Kraken

iPhone 7 Jailbreak

It took 24 hours.

Slashdot thread.



from iPhone 7 Jailbreak

Amtrak Security Awareness

I like this Amtrak security awareness campaign. Especially the use of my term "security theater."



from Amtrak Security Awareness

What Can Automation and Innovation do for your Organization?

Organizations are learning (don’t worry, most have done the learning) that if they don’t do encryption right – people will have access to sensitive data. With encryption and other cryptographic technologies acting as building blocks within a larger, layered IT security strategy, it’s clear that there are multiple needs for these technologies across enterprises, as more information is collected, stored and used throughout organizations. But these basic security needs don’t just stop at the enterprise level. Cloud service providers need […]

The post What Can Automation and Innovation do for your Organization? appeared first on Data Security Blog | Vormetric.



from What Can Automation and Innovation do for your Organization?

Yahoo, The Largest Data Breach in History…so far

Yahoo have just disclosed over 500 million of its user accounts have been compromised, that's a huge number, think about it for second, that's half a billion people across the globe affected and at risk. This is largest known data breach in history to date. We know the Yahoo account data were stolen in late 2014, said the hack is said to have been orchestrated by state-sponsored actors, although there's no evidence to back this claim up.

Yahoo has not disclosed how the data was hacked, or why it has taken almost two years to either discover the breach or disclosure the breach publically. A cynic might say Yahoo delayed informing its massive user base until after it's recent £3.7 billion sale to Verizon was done and dusted. However in late July 2016 hackers were found offering 200 million Yahoo accounts for sale on the dark web (www.telegraph.co.uk/200-million-yahoo-account-details-for-sale-online), so it is likely the 2014 data theft was discovered on the back of investigating that.

The stolen Yahoo account data included names, email addresses, telephone numbers, dates of birth, and security questions and answers. Surprisingly a chunk of the security questions and answers were not encrypted by Yahoo. I always recommend companies treat the protection of account security questions and answers at the same degree as account passwords, given they can be typically used just like a password access an account via a password reset function, including accounts used with other websites. This is especially important on email accounts, as often that is where the password reset links are sent as part of the password reset process.

Advice 1: Reset Your Yahoo Password
Yahoo stated account passwords were stored as a hashed value using bcrypt. That's good practice, especially in using bcrypt. However my advice is to play it safe and reset the password, it's good practice to change your password regularly anyway. And if you use that same password on any other websites, change it there too. 

Advice 2: Change Your Security Questions and Answers
Yahoo users should change their security question and answers, click here to do this on the Yahoo website. If users use the same Yahoo security questions and answers on other accounts, they also need to be changed, especially where they can be used to reset passwords and/or gain access to the account. Sure this will be a difficult task to check and complete, but Yahoo users should assume their Yahoo 'security questions and answers' together with their name, email address and date of birth, are known by cyber criminals.

Advice 3: Be Extra Vigilant
Yahoo users should be extra vigilant for phishing scam emails, which may be crafted using the stolen Yahoo personal information to look highly authentic. Also check for any suspicious activity in the email account, especially any signs that someone else has been using it.


from Yahoo, The Largest Data Breach in History…so far

Yahoo, The Largest Data Breach in History…so far

Yahoo have just disclosed over 500 million of its user accounts have been compromised, that's a huge number, think about it for second, that's half a billion people across the globe affected and at risk. This is largest known data breach in history to date. We know the Yahoo account data were stolen in late 2014, said the hack is said to have been orchestrated by state-sponsored actors, although there's no evidence to back this claim up.

Yahoo has not disclosed how the data was hacked, or why it has taken almost two years to either discover the breach or disclosure the breach publically. A cynic might say Yahoo delayed informing its massive user base until after it's recent £3.7 billion sale to Verizon was done and dusted. However in late July 2016 hackers were found offering 200 million Yahoo accounts for sale on the dark web (www.telegraph.co.uk/200-million-yahoo-account-details-for-sale-online), so it is likely the 2014 data theft was discovered on the back of investigating that.

The stolen Yahoo account data included names, email addresses, telephone numbers, dates of birth, and security questions and answers. Surprisingly a chunk of the security questions and answers were not encrypted by Yahoo. I always recommend companies treat the protection of account security questions and answers at the same degree as account passwords, given they can be typically used just like a password access an account via a password reset function, including accounts used with other websites. This is especially important on email accounts, as often that is where the password reset links are sent as part of the password reset process.

Advice 1: Reset Your Yahoo Password
Yahoo stated account passwords were stored as a hashed value using bcrypt. That's good practice, especially in using bcrypt. However my advice is to play it safe and reset the password, it's good practice to change your password regularly anyway. And if you use that same password on any other websites, change it there too. 

Advice 2: Change Your Security Questions and Answers
Yahoo users should change their security question and answers, click here to do this on the Yahoo website. If users use the same Yahoo security questions and answers on other accounts, they also need to be changed, especially where they can be used to reset passwords and/or gain access to the account. Sure this will be a difficult task to check and complete, but Yahoo users should assume their Yahoo 'security questions and answers' together with their name, email address and date of birth, are known by cyber criminals.

Advice 3: Be Extra Vigilant
Yahoo users should be extra vigilant for phishing scam emails, which may be crafted using the stolen Yahoo personal information to look highly authentic. Also check for any suspicious activity in the email account, especially any signs that someone else has been using it.


from Yahoo, The Largest Data Breach in History…so far

Louisville InfoSec 2016 – Brian Vecci’s Insiders are the New Malware

Permalink

from Louisville InfoSec 2016 – Brian Vecci’s Insiders are the New Malware

Louisville InfoSec 2016 – Brian Vecci’s Insiders are the New Malware

Permalink

from Louisville InfoSec 2016 – Brian Vecci’s Insiders are the New Malware

5 Ways a Data Breach Coach Can Restore Order to Incident Response

A data breach coach is equipped, trained, and qualified to help you through an incident as it unfolds. This individual is able to guide your existing teams through the whirlwind of incident response so you can minimize losses (monetary and reputational), and resume normal operations. 

from 5 Ways a Data Breach Coach Can Restore Order to Incident Response

September Starts Strata + Hadoop World NYC

Strata + Hadoop World in NYC, set for the end of September, is quickly coming up.  The Strata + Hadoop World Conference is a unique experience that helps attendees tap into the opportunity that big data presents. Hadoop, an open-source software framework for storing and processing big data, has become so popular because its unique […]

The post September Starts Strata + Hadoop World NYC appeared first on HPE Security - Data Security.



from September Starts Strata + Hadoop World NYC

Top 5 Takeaways from #BeatTheBreach DC

“I see the laws made in Washington, D.C. I think of the ones I consider my favorites, I think of the people that are working for me” – from Don’t Worry About the Government by The Talking Heads We recently held our #BeatTheBreach event at the National Press Club in Washington, DC along with our […]

from Top 5 Takeaways from #BeatTheBreach DC

Planning for a Breach Crisis

If your company doesn’t have a crisis communication function, and doesn’t have a breach readiness plan, in the event of a public security incident it’s highly likely you will be the one everyone looks at when the CEO says ‘now what do we do?’ How do we manage the media? What do we tell customers, analysts, investors?…

The post Planning for a Breach Crisis appeared first on Speaking of Security - The RSA Blog and Podcast.



from Planning for a Breach Crisis

Yahoo confirms: hackers stole 500 million account details in 2014 data breach

Yahoo has confirmed that at least 500 million Yahoo accounts were put at risk by a data breach in 2014. Here is what you need to know, and what you need to do.

from Yahoo confirms: hackers stole 500 million account details in 2014 data breach

Thursday, September 22, 2016

Tesla Model S Hack

Impressive remote hack of the Tesla Model S.

Details. Video.

The vulnerability has been fixed.

Remember, a modern car isn't an automobile with a computer in it. It's a computer with four wheels and an engine. Actually, it's a distributed 20-400-computer system with four wheels and an engine.



from Tesla Model S Hack

Wednesday, September 21, 2016

Who on earth would want to use Google’s Allo chat app?

Google makes a u-turn on privacy with its new chat app, Allo.

from Who on earth would want to use Google’s Allo chat app?

Danger USB! Oz police warn of malware in the letterbox

Residents in a suburb of Melbourne, Australia, have been blighted by a plague of malicious USB sticks.

from Danger USB! Oz police warn of malware in the letterbox

Louisville InfoSec 2016 – Tom Kopchak’s The Domain Name System – Operation, Threats, and Security Intelligence

Permalink

from Louisville InfoSec 2016 – Tom Kopchak’s The Domain Name System – Operation, Threats, and Security Intelligence

Almost any file is up for grabs when this Android banking trojan attacks

At first glance, Tordow behaves like other mobile banking malware targeting the Android operating system. But then things get somewhat more sophisticated... David Bisson reports.

from Almost any file is up for grabs when this Android banking trojan attacks

Hacked Website Report – 2016/Q2

Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights and analysis performed by our Incident Response Team (IRT) and Malware Research Team (MRT). CMS Analysis Our analysis consisted of over 9,000 infected websites. The graphs below show a side-by-side...

The post Hacked Website Report – 2016/Q2 appeared first on Sucuri Blog.



from Hacked Website Report – 2016/Q2

A Basket of Deadly Skittles

9-20
One of the most troubling trends in information security is the fact that data is escaping our organizations at an alarming pace. Sometimes it leaves with insiders, but for the most part, it is stolen by outside actors and it is leaving in multiple forms and channels. Organizations are trying to stop this outflow, but […]

from A Basket of Deadly Skittles

Stop Helping. Please.

9-17
New York is about to institute cyber rules for banks and insurers. In their infinite wisdom, the State regulators in New York have decided that what we need now is a set of global security standards and they are going to be crafted and administered by none other than the eminently qualified Governor, Mr. Andrew […]

from Stop Helping. Please.

Top 10 ways to secure your mobile phone

To get a leg up against a rising tide of mobile malware activity, don't just phone it in—secure your mobile phone with these tried and true methods.

Categories:

Tags:

(Read more...)



from Top 10 ways to secure your mobile phone

How can retailers meet the rising expectations of mobile shoppers in Asia?

Mobile is a key part of the shopping journey, both online and offline. 55 percent of Chinese consumers rate the smart phone as the most important device in making a purchase decision compared to only one-third of consumers in the...

from How can retailers meet the rising expectations of mobile shoppers in Asia?

How can retailers meet the rising expectations of mobile shoppers in Asia?

Mobile is a key part of the shopping journey, both online and offline. 55 percent of Chinese consumers rate the smart phone as the most important device in making a purchase decision compared to only one-third of consumers in the...

from How can retailers meet the rising expectations of mobile shoppers in Asia?

Two Good Essays on the NSA's "Upstream" Data Collection under Section 702

Both are worth reading.



from Two Good Essays on the NSA's "Upstream" Data Collection under Section 702

More on the Equities Debate

This is an interesting back-and-forth: initial post by Dave Aitel and Matt Tait, a reply by Mailyn Filder, a short reply by Aitel, and a reply to the reply by Filder.



from More on the Equities Debate

Tuesday, September 20, 2016

Driving Connected Car Security Forward

Like the Internet, the Internet of Things (IoT) is going to be a part of our everyday life, with an increasing number of devices establishing connections – from smart light bulbs to connected cars and everything in between. However, as businesses and individuals alike begin to enjoy the conveniences associated with increased connectivity, these clear benefits lead to clear vulnerabilities. Increased Connectivity = Increased Risks As we’ve seen many times, attackers can often hack into connected products with shocking ease. […]

The post Driving Connected Car Security Forward appeared first on Data Security Blog | Vormetric.



from Driving Connected Car Security Forward

Two Good Essays on the NSA’s "Upstream" Data Collection under Section 702

Both are worth reading....

from Two Good Essays on the NSA’s "Upstream" Data Collection under Section 702

How to Strengthen Your Human Firewall

HumanFirewall.jpg

When it comes to security, it pays to be completely honest with yourself. After all, you may be able to hide weaknesses in your network from yourself, but that won’t stop threat actors from finding them.

If you are totally honest with yourself, you’ll realize there’s no way to completely shield your users from attacks.

You can tighten your spam filter, keep a watchful eye on user permissions, and buy in the best endpoint security package you can afford… but still, some attacks will make it through. And if your users are like most people, right now they aren’t even close to being ready to cope with that. We explored this previously in Why Some Phishing Emails Will Always Get Through Your Spam Filter.

We believe people can be the last line of your network defense – and do a damn good job of it – but first they have to be trained.

Here are a few ideas to get you started.



from How to Strengthen Your Human Firewall

What could possibly go wrong? – a journey with your Cloud Co-Pilot, part 3

Do you remember playing capture the flag as a kid? I sure do! My friends and I would split up into even teams - usually about 6 kids per team. Then each team would hide our precious flag on our...

from What could possibly go wrong? – a journey with your Cloud Co-Pilot, part 3

What could possibly go wrong? – a journey with your Cloud Co-Pilot, part 3

Do you remember playing capture the flag as a kid? I sure do! My friends and I would split up into even teams - usually about 6 kids per team. Then each team would hide our precious flag on our...

from What could possibly go wrong? – a journey with your Cloud Co-Pilot, part 3

Cybersecurity is a process, not a one-time solution

Avast for Business security

Digitization - the use of social, mobile, analytics, and cloud technologies to generate, process, store and communicate data - is transforming everything, with profound implications on how we learn, work and play.

“Digital transformation is not just a technology trend, it is at the center of business strategies across all industry segments and markets,” stated IDC.



from Cybersecurity is a process, not a one-time solution

Just For Men website serves malware

The website for Just For Men, a company that sells various products for men, had their website breached and was serving a password stealing Trojan. The malicious code embedded in the WordPress site was part of the EITest campaign and pushed the RIG exploit kit.

Categories:

Tags:

(Read more...)



from Just For Men website serves malware

Cisco customers targeted by hackers using leaked NSA hacking tools

Cisco has announced it will be releasing a patch for a zero-day vulnerability exploited by a group of NSA hackers. David Bisson reports.

from Cisco customers targeted by hackers using leaked NSA hacking tools

The Rise of Nation-State Cyber Attacks Makes Encryption More Crucial Than Ever

No entity is immune from a cyber attack. A successful, jaw-dropping cyber assault against a seemingly impenetrable target occurred again last month. This time, the humbled target was the National Security Agency, the nation’s premier electronic eavesdropper. Three hundred megabytes of sophisticated code developed by the NSA to penetrate computer security systems was posted online for all to see. Shortly afterward, the NSA web site went down for almost a full day. In both cases, Russia is the suspected culprit. Encryption is Crucial I’ve argued before and today feel even more strongly that…

from The Rise of Nation-State Cyber Attacks Makes Encryption More Crucial Than Ever

House panel looking into Reddit post linked to Clinton’s deleted email

A Redditor submitted a request 2 years ago, seeking advice on how to strip out a "VERY VIP" email address "from a bunch of archived email."

from House panel looking into Reddit post linked to Clinton’s deleted email

Periscope ATM Skimmers

"Periscope skimmers" are the most sophisticated kind of ATM skimmers. They are entirely inside the ATM, meaning they're impossible to notice.

They've been found in the US.



from Periscope ATM Skimmers

Monday, September 19, 2016

Microsoft Brings Resilient Change Tracking (RCT) in Windows Server 2016

Microsoft finally brings a long-awaited feature in Windows Server 2016 that enables native change block tracking. Learn how it helps you dramatically save storage space and reduce the risks of VM failure. read more

from Microsoft Brings Resilient Change Tracking (RCT) in Windows Server 2016

Misspelled Malwarebytes isn’t the real deal. It’s ransomware!

A piece of software masquerading as a security product from Malwarebytes is making its rounds on the web and distributing ransomware to unsuspecting users. David Bisson reports.

from Misspelled Malwarebytes isn’t the real deal. It’s ransomware!

‘the Art of Secure Application Deployment’

Well engineered conversational interview over at Linux.com, with Tim Mackey, an evangelist at Black Duck Software; in which the two participants in the conversation hold forth in 'DevOps and the Art of Secu...

from ‘the Art of Secure Application Deployment’

FBI or no FBI – how one man says he can crack an iPhone for less than $100

The FBI said it wasn't possible but a University of Cambridge researcher has proved them wrong.

from FBI or no FBI – how one man says he can crack an iPhone for less than $100

Uninstall your anti-virus says Amazon, if you want to work for us from home

You may want to earn money working from home as a customer service rep for Amazon, but they have some worrying rules about what you should (and shouldn't) be running on your computer. Watch my latest video to learn more.

from Uninstall your anti-virus says Amazon, if you want to work for us from home

324,000 payment cards breached, CVVs included, source still unknown!

When you decide to add debugging logs to your payment application, the PCI DSS rules about what you are allowed to store DO NOT CHANGE!

from 324,000 payment cards breached, CVVs included, source still unknown!

Bullocks need privacy too! Google Street View blurs ruminant’s face

It's not a cow. It's a bullock. We know that because it was a nude photo. Would that make it unacceptable on Facebook?

from Bullocks need privacy too! Google Street View blurs ruminant’s face

How cyber security can enable a better NHS.

Neil Mellor, Business Development Director, Security, BT.By Neil Mellor, Business Development Director, BT. The NHS’ move to paperless working can expose patient records to significant risk. Mitigating these, and retaining public confidence, requires effective security.  Cyber Security in Healthcare event. With the Cyber Security in Healthcare conference happening very soon, it’s a good time to look at this important area of […]

from How cyber security can enable a better NHS.

Mooncake thieves fired from Alibaba’s infosec department

Mooncakes: they're like Christmas fruitcakes, except that the recipients actually eat them.

from Mooncake thieves fired from Alibaba’s infosec department

Password-protect your Wi-Fi hotspots and ask for user details too, rules ECJ

The ECJ has ruled that Wi-Fi hotspot operators aren’t liable for copyright infringements, but they may have to demand users' identities and password-protect their networks.

from Password-protect your Wi-Fi hotspots and ask for user details too, rules ECJ

A 17 Year Old Kid Discovers A Way To Get Free Data On Phone

teen-hacks-phone-to-get-free-data

T-Mobile network exposed by teen for free phone data

Jacob Ajit, a 17 year old teen from Alexandria, Virginia has just hacked his way into getting free data for his phone.

When asked how he figured it all out, he casually said that he was just investigating how networks are configured until he found a little loophole. He discovered the loophole inside the T-Mobile network.

He knows that T-Mobile will quickly fill in the loophole, but in the meantime, he just wanted to share his findings with the community.

He figured out how to get free data while playing with a prepaid T-mobile service on his phone.

Read more http://motherboard.vice.com/read/a-teenage-hacker-figured-out-how-to-get-free-data-on-his-phone-t-mobile

The post A 17 Year Old Kid Discovers A Way To Get Free Data On Phone appeared first on Cyber Security Portal.



from Lavina Bentley – Cyber Security Portal https://cybersecurityportal.com/17-year-old-kid-discovers-way-get-free-data-phone/

Sunday, September 18, 2016

Online Customer Service: Do This — Not That



from Online Customer Service: Do This — Not That

Protect your sensitive data with HPE ESKM

ESKMFIPS.png

It's becoming increasingly challenging to protect sensitive date--whether you're an organization in the public sector, or private, and across all industries. Sensitive informaton such as cardholder data, intellectual property, are ending up exposed due to unauthorized user access, accidental disclosure, and theft. 



from Protect your sensitive data with HPE ESKM