Here are information security events in North America this month: BSides Huntsville 2017 : February 4 in Huntsville, AL, USA BSides Seattle 2017 : February 4 in Redmond, WA, USA BSides Tampa Bay 2017 : February 10 in Tampa, FL, USA BSides San Francisco 2017 : February 12 […]
The post Information Security Events For February appeared first on Infosec Events.
The rush to connect ever more devices with sensitive data and often insecure connections has created an exponential increase in associated security issues. Every day brings new reports of attacks, hacks, malware and data breaches. Fortunately, the TPM, or Trusted Platform Module, includes several widely vetted ways that help prevent many of these incidents and … Continue reading "Webcast: How to Use the Trusted Platform Module (TPM) for Trust and Security"
The post Webcast: How to Use the Trusted Platform Module (TPM) for Trust and Security appeared first on Trusted Computing Group.
Industrial Control Systems (ICS) attacks have a direct impact on people’s lives. The consequences of these attacks can be unpredictable, which is why ICS protection is a hot topic in security right now. Defining the right protection layer and best approach to secure communications in this environment is crucial. Historically, ICS departments operated independently from…
The post 3 Steps to a Secure ICS Network appeared first on Speaking of Security - The RSA Blog.
A security researcher has described how he uncovered a severe security hole in dozens of different Netgear routers, meaning that “hundreds of thousands, if not over a million” devices could be at risk of having their admin passwords stolen by hackers.
Read more in my article on the We Live Security blog.
Attackers held an Austrian hotel network for ransom, demanding $1,800 in bitcoin to unlock the network. Among other things, the locked network wouldn't allow any of the guests to open their hotel room doors.
I expect IoT ransomware to become a major area of crime in the next few years. How long before we see this tactic used against cars? Against home thermostats? Within the year is my guess. And as long as the ransom price isn't too onerous, people will pay.
EDITED TO ADD: There seems to be a lot of confusion about exactly what the ransomware did. Early reports said that hotel guests were locked inside their rooms, which is of course ridiculous. Now some reports are saying that no one was locked out of their rooms.
 |
|
| The developers of Locky Bart already had very successful ransomware campaigns running called “Locky” and “Locky v2”. After some users reported being infected with Locky Bart, we investigated it to find the differences as to gain greater knowledge and understanding of this new version.
Categories: Tags: analysisAnti-Ransomwarebackend serverbartbinaryLockyLocky Bart ransomwareransomware |
|
|
| The developers of Locky Bart already had very successful ransomware campaigns running called “Locky” and “Locky v2”. After some users reported being infected with Locky Bart, we investigated it to find the differences as to gain greater knowledge and understanding of this new version.
Categories: Tags: analysisAnti-Ransomwarebackend serverbartbinaryLockyLocky Bart ransomwareransomware |
Earlier this month my colleague Carl Herberger wrote a blog post regarding how the internet was rolling back our freedoms. I would agree with him. As time moves forward, we are seeing more situations where no one can hide from their government as the internet closes around them. An open internet as we know it […]
The post Internet Censorship / Open Internet appeared first on Radware Blog.
You spin the top and wait to see if it continues in kinetic motion or if it falls to the pull of gravitational force. You trust that the road chosen to walk the path of serendipity toward an anticipated culmination of the correct state of scientific innovation – which, in this case, has been forged to […]… Read More
The post Inception and the Road from Security Serendipity appeared first on The State of Security.
Choosing to upload your data to the cloud is, for the most part, a moot point; the advantages of mobility, scalability and convenience have proven that cloud platforms are a necessary and vital tool for the advancement of modern-day industry. However, some issues are still a challenge for the online world, including that of regulatory […]… Read More
The post Regulatory Compliance in the Cloud appeared first on The State of Security.
 |
|
| If you’ve been given responsibility for network security in a non-technical area of the business, there’s one eternal question that has been bedeviling. How do you get your employees to stop clicking on everything?
Categories: Tags: Business Email Compromisebusiness securityCISOphishingscamThreat Intelworkforce |
In the first two posts of the Dynamic Security Assessment series, we delved into the limitations of security testing and then presented the process and key functions you need to implement the concepts.
To illuminate the concepts and make things a bit more tangible, let’s look at a plausible scenario involving a large enterprise in financial services with hundreds of locations. The organization has a global headquarters on the West Coast of the US and 4 regional HQ locations across the globe. Each region has a data center and IT operational folks to run things. The security team is centralized under a global CISO, but each region has a team that works specifically with the business leaders to ensure proper protection and jurisdiction. The organization’s business plan includes rapid expansion of its retail footprint and additional regional acquisitions, so the network and systems will continue to become more distributed and more complicated.
From a technology standpoint, new initiatives are being built in the public cloud. This was controversial at first, but there isn’t much resistance anymore. Yet migration of existing systems remains a challenge, but due to cost and efficiency needs the strategic direction is to consolidate their regional data centers into a single location to support legacy applications within 5 years. This centralization is made possible by moving a number of back-office systems to SaaS as their back office software provider just launched a new service and using the SaaS offering makes deploying in new locations and integrating acquired organizations much easier. They are heavy users of cloud storage, as initial fears were allayed due to the economic leverage of not having to continue investing in their complex and expensive storage architecture.
Clearly security is both an area of focus and a big concern, given the amount and sensitivity of financial data the organization manages. They are constantly phished and spoofed and their applications are under attack daily. There are incidents, but nothing rising to the need of disclosure to customers, but the fear is always there regarding adversary activity that they miss.
From a security operations standpoint, they currently scan their devices and have a reasonably effective patching/hygiene processes, but it still takes on average 30 days to roll out updates across the enterprise. They also undertake an annual pen test, and to keep their key security analysts engaged, they allow them to spend a few hours a week hunting for active adversaries and other malicious activity.
The CISO has a number of concerns regarding the organization’s security posture. Compliance mandates require vulnerability scans, which find what is theoretically vulnerable. But working through the list and making the changes takes a month. They always get great information from the annual pen test, but it only happens once a year and they can’t invest enough to find all of the issues.
And that’s just the existing systems spread across the existing data centers. The move to the cloud is significant and accelerating. As a result, sensitive (and protected) data is all over the place and they need to understand which ingress and egress points present risk of both penetration and exfiltration.
Compounding the issue is the direction to continue opening new branches and acquiring regional organizations. Doing the initial diligence on the newly acquired environment takes time that the team doesn’t have, and they usually have to make compromises on security to hit the aggressive timelines to integrate new organizations and drive cost economies.
To try to get ahead of attackers, they do undertake some hunting activity. But it’s a part time endeavor for their staff and they tend to find the easy stuff since that’s what their tools identify first.
The bottom line is that the window of exposure is open for at least a month, and that’s if everything works well. They know it’s too long and need to understand what they should focus on knowing they can’t get everything done and how they should most effectively deploy their staff.
The CISO understands the importance of assessment (given they already scan/patch and undertake an annual pen test), and is definitely interested in evolving towards a more dynamic assessment methodology. DSA would look like this in their environment:
So bringing to bear the new capabilities associated with Dynamic Security Assessment can provide a clear advantage over traditional scanning and pen testing approaches. Again, the idea isn’t to supplant the existing method, but supplement in a way that provides a more reliable means of prioritizing effort and detecting attacks.
So in our sample company, the initial step is to deploy sensors across the environment, in each location and within all of the cloud networks. This provides the initial data to model the environment and build a map of the networks. Once you have the environment modeled, then you can start analyzing the risk for sensitive data stores. Identifying a handful of “missions” that the adversaries would likely undertake helps to focus efforts on clear and present danger, as opposed to every potential hole in the environment.
This initial assessment and resulting triage helps the organization focus their efforts on the attacks that can really cause a bunch of damage. The CISO understands there is a 30 day window before everything can be addressed (optimistically), but can ensure the team is focused on eliminating the issues with those high profile networks and devices that put sensitive data at risk.
Once the initial triage is done, the team can undertake a more detailed analysis of the environment turning the map into a baseline, understanding the typical traffic flows and activities within all of the organization’s systems and networks. This allows both the simulation activities and ongoing assessment activities to be able to identify anomalous activity, which warrants further investigation and/or immediate action.
The leveraging of threat intelligence data also plays into the ongoing assessment enabled by DSA. Instead of just patching everything, the CISO can marshal resources to address new attacks that are seen in the wild and would be successful in their environment, based on the ongoing simulation. This again helps the CISO focus resources on the issues that could the most significant damage.
DSA also helps with change control. As new changes are requested, driven by business needs and application upgrades, the impact of those changes can be modeled and the risks understood. So when an application is deployed into the cloud, the network map can be updated quickly to factor in these new potential exposure points. Similarly, diligence on opening new offices and integrating acquired companies is accelerated since the new locations can be easily modeled and the risks evaluated. What used to be an ad hoc, unscientific process can be quick and fact-based. Thus the CISO can present concerns not based on a gut feel, but with hard data about potential risks.
Finally, the DSA capability ensures that changes are made completely and accurately, as the ongoing assessment will identify whether issues found previously have been remediated and if not, what else needs to be done. The CISO is able to address the biggest concerns, which are to ensure they focus on the biggest risks and they get a full view of their entire infrastructure, including the resources that now run in the cloud.
So with that, we wrap up the Dynamic Security Assessment series. We’ll be assembling the paper over the next couple of weeks, so we’re always happy to get feedback on any of the posts to help us improve our research.
- Mike Rothman (0) Comments Subscribe to our daily email digest
Even if notable punishments and fines for HIPAA non-compliance have only been doled out over the last 6 years, data privacy regulations have been around for 14. And with each passing year, these rules evolve in ways that make it near impossible to keep up without an expert on hand.
The post 3 Reminders for HIPAA compliance in 2017 appeared first on Health Security Solutions.
As I discussed in my previous post, the security industry often feels dangerously reactive to innovation. Instead of looking forward to the future, we are constantly playing catch up and filling in gaps as they emerge. Short term resolutions will always tend to be more reactive as a whole, but we can use the tools we develop today to prognosticate the future of our industry. Ultimately, our sector needs to find a proper balance between anticipation and reaction. Today, most […]
The post New Innovations for the New Year, Part Two: The Long Term appeared first on Data Security Blog | Vormetric.
Last week, President Trump signed an executive order affecting the privacy rights of non-US citizens with respect to data residing in the US.
Here's the relevant text:
Privacy Act. Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.
At issue is the EU-US Privacy Shield, which is the voluntary agreement among the US government, US companies, and the EU that makes it possible for US companies to store Europeans' data without having to follow all EU privacy requirements.
Interpretations of what this means are all over the place: from extremely bad, to more measured, to don't worry and we still have PPD-28.
This is clearly still in flux. And, like pretty much everything so far in the Trump administration, we have no idea where this is headed.
Banks and payment service providers sometimes rely on SMS to verify the identity of a person who wishes to make a wire transfer or confirm a payment. They send an SMS message with a one-time password (OTP) to the person’s mobile phone, and the user has to enter this OTP into the application of the bank or payment service provider. In this blog post I discuss whether SMS-based authentication will... Read more
The post PSD2: Is this the End of SMS-based Authentication? appeared first on VASCO Data Security - Blog.
Without turning off Surge Pricing, Uber's computers would notice the spike in demand, as would-be taxi customers switch to Uber. The computers would then institute surge pricing around JFK automatically. This would notify the drivers in the area, who would then flock to JFK, chasing the higher income. This would be bad for the strike.Surge pricing has been turned off at #JFK Airport. This may result in longer wait times. Please be patient.— Uber NYC (@Uber_NYC) January 29, 2017
Uber's announcement was at 7:30pm, half hour after the strike was over. They may not have been aware of the strike until after it started, when somebody noticed an enormous surge starting at 6pm. I can imagine them running around in a panic at 6:05pm, trying to figure out how to respond.BREAKING: NYTWA drivers call for one hour work stoppage @ JFK airport today 6 PM to 7 PM to protest #muslimban! #nobannowall— NY Taxi Workers (@NYTWA) January 28, 2017
A Configuration Management Database (CMDB) is a repository that is an authoritative source of information of what assets are on the corporate network. At least, that’s what it’s supposed to be. However, in many of my recent discussions , the more common definition given for CMDB is “a struggle”. Does that sound familiar? If so, […]… Read More
The post Authoritative Asset Repository: What’s That?! appeared first on The State of Security.
One of the best friends a user can have in today’s digital age is a virtual private network (VPN). This tool masks a user’s IP address and tunnels their data through a network of servers. In so doing, a VPN helps a user anonymously and more securely browse the web. Unfortunately, not all VPNs fulfill […]… Read More
The post Dozens of Android VPN Apps Fail to Protect Users’ Privacy, Study Reveals appeared first on The State of Security.
As the software world still reels from the major hacks and breaches that occurred, and surfaced, in 2016, it’s critical […]
The post Cybersecurity in 2017: Interview with OWASP Author Jim Manico appeared first on Checkmarx.
The Autofill feature fills a void in the web browsing habits of many. It eliminates the need to enter all your details when logging on your social media accounts or when checking out your basket after e-shopping. On Chrome and Safari browsers, however, danger lurks when you rely too much on autofill.
The post Browsers leak sensitive info to hackers appeared first on Health Security Solutions.
 |
| OLE object contained in the Office document |
 |
| C&C configuration |
 |
| HTTP request to the C&C |
 |
| The DNS requests on the CC view on Cisco Umbrella |
 |
| Second HTTP request |
 |
| decryption of the download SWF file |
 |
| third HTTP request |
 |
| execution of the SWF exploit with the payload in argument |
Advanced Malware Protection (AMP) is ideally suited to prevent the execution of the malware used by these threat actors.
New fossil bed discovered in Alberta:
The finds at the site include 16 vampyropods, a relative of the vampire squid with its ink sac and fine details of its muscles still preserved in exquisite detail.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Over the past couple of weeks, we’ve written a lot about the current state of security in the healthcare industry, and why things need to change.
We’ve also covered the main causes of healthcare data breaches, and noted that powerful security awareness training is the most natural starting point for security conscious healthcare organization.
But so far, we haven’t really covered what should be included in a healthcare specific security awareness training program. After all, while some aspects of security are relevant to every industry, healthcare organizations are faced with a few highly specific problems that need to be addressed.
Before we consider what should be included, though, it’s worth looking at things from another perspective.
It takes a lot of bravery to create a small business. Putting yourself out there and taking risks is not for the faint of heart. Having a website is just one aspect of your business, but it’s an important one. A website helps you develop a brand identity, communicate the value of your offerings, and attract new customers.
These days, more business owners are leveraging open-source content management systems to create and maintain their website.
Continue reading Spotlight: Website Security Response for Photographers at Sucuri Blog.
Major Dark Web Marketplace Hacked Recently, a hacker using the alias cypher0007 reached out to AtlasBay, a large dark web market, with information on two significant vulnerabilities that allowed him to access over...read more
The post Cyber News Rundown: Edition 1/27/17 appeared first on Webroot Threat Blog.
BSidesSD 2017 San Diego has finally joined the Security BSides (@SecurityBSides) circuit. This year, the first annual BSidesSD took place Jan 13th-14th held at National University on the northern side of San Diego. This author was one of twenty speakers accepted to talk at the inaugural event. My talk was once again centered around our […]
The post BSidesSD 2017 Recap appeared first on OpenDNS Umbrella Blog.
Facebook has added a new feature to further strengthen the protection of users’ accounts. The social media giant announced on Thursday that users could now register a physical security key with their accounts to verify their identity. “Most people get their security code for login approval from a text message (SMS) or by using the Facebook […]… Read More
The post Facebook Introduces USB Security Key for Stronger Account Protection appeared first on The State of Security.
Semafone’s patented payment method has been recognised as an industry-leading solution at the inaugural PCI Awards for Excellence, run by AKJ Associates. The award was given to Semafone for its “outstanding PCI DSS projects” delivered to insurance giant AXA and global telecommunications company Sky. Working with AXA, Semafone’s solution was rolled out across 11 of […]
The post Semafone Kicks off 2017 with a PCI Award for Excellence appeared first on Semafone.
There are a lot of them.
In a world where the number of fans, friends, followers, and likers are social currency -- and where the number of reposts is a measure of popularity -- this kind of gaming the system is inevitable.
Today is Data Protection Day – a day established to remind us about the importance of improving our understanding of cyber threats and all things data security. This day was established 11 years ago and its purpose is more important than ever. Every organisation is, of course, well aware of the cyber security risks they currently face. The various high-profile hacks that occurred since Data Protection Day last year tell a cautionary tale – from Yahoo, in which one billion […]
The post Today is the day you rethink your data security strategy appeared first on Data Security Blog | Vormetric.
Since cloud technology first appeared on the scene, companies have been battling with the concept of cloud security. The reality is that the cloud presents you with three unique challenges from a security perspective. 1. You need to think differently It may sound obvious, but the cloud is different from a physical data centre. When […]… Read More
The post Moving to a Virtualized Environment? The Key Things You Need to Know about Your Security appeared first on The State of Security.
February is almost here, and while this means we are one month closer to spring, it also means it is time for the RSA Conference. The RSA Conference is an exciting time as thousands of people descend on Moscone Center in San Francisco to attend the world’s largest information security conference. This year the conference […]
The post RSA Conference 2017 – Data is the New Commodity appeared first on HPE Security - Data Security.
Mike Specter has an interesting idea on how to make biometric access-control systems more secure: add a duress code. For example, you might configure your iPhone so that either thumb or forefinger unlocks the device, but your left middle finger disables the fingerprint mechanism (useful in the US where being compelled to divulge your password is a 5th Amendment violation but being forced to place your finger on the fingerprint reader is not) and the right middle finger permanently wipes the phone (useful in other countries where coercion techniques are much more severe).
The United States takes the number one spot worldwide in data breaches disclosed last year, revealed a new report analyzing breach activity in 2016. Risk Based Security’s annual report released on Wednesday found that the U.S. accounted for nearly half – 47.5 percent – of all incidents, and a whopping 68.2 percent of all exposed […]… Read More
The post U.S. Top-Ranked Globally in 2016 Data Breaches, Finds Report appeared first on The State of Security.
Data security and compliance will become call centers’ top priority Guildford, U.K. – Jan. 26, 2017 – Semafone, which provides secure payment software for contact centers, shares its top predictions for call centers in 2017. In the year ahead, the company expects data security to be a top priority, as call centers take a more […]
The post Semafone Unveils Predictions for Call Centers in 2017 appeared first on Semafone.
 |
|
| Recently, among the payloads delivered by exploit kits, we often find Terdot.A/Zloader - a downloader installing on the victim machine a ZeuS-based malware.
Categories: Tags: bankerbanking malwaremalwareterdotzbotZeus malwareZloader |
Reports are that President Trump is still using his old Android phone. There are security risks here, but they are not the obvious ones.
I'm not concerned about the data. Anything he reads on that screen is coming from the insecure network that we all use, and any e-mails, texts, Tweets, and whatever are going out to that same network. But this is a consumer device, and it's going to have security vulnerabilities. He's at risk from everybody, ranging from lone hackers to the better-funded intelligence agencies of the world. And while the risk of a forged e-mail is real -- it could easily move the stock market -- the bigger risk is eavesdropping. That Android has a microphone, which means that it can be turned into a room bug without anyone's knowledge. That's my real fear.
I commented in this story.
