What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-04-10 19:28:00 | (Déjà vu) Microsoft Patches Two Dozen Critical Flaws in Windows, Browsers (lien direct) | Microsoft's Patch Tuesday updates for April 2018 resolve a total of 66 vulnerabilities, including nearly two dozen critical issues affecting Windows and the company's web browsers. | |||
|
2018-04-10 18:39:01 | Adobe Patches Vulnerabilities in Six Products (lien direct) | Adobe has patched a total of 19 vulnerabilities across six of its products, including Flash Player, Experience Manager, InDesign CC, Digital Editions, ColdFusion and the PhoneGap Push plugin. | |||
|
2018-04-10 16:53:00 | What Social Media Platforms And Search Engines Know About You (lien direct) | The Facebook scandal involving the harvesting of data from tens of millions of users has raised a lot of questions about social media and search engines. As Facebook founder and CEO Mark Zuckerberg testifies before the US Congress this week on protecting user data, here is a primer on what they know about you: | |||
|
2018-04-10 15:53:03 | Facebook to Offer \'Bounty\' for Reporting Data Abuse (lien direct) | Facebook said Tuesday it would begin offering rewards to people who report misuse of private information from the social network, as part of an effort to step up data protection in the wake of a firestorm. | |||
|
2018-04-10 15:47:01 | Top Music Videos Including \'Despacito\' Defaced by Hackers (lien direct) | Some of the most popular music videos on YouTube including mega-hit "Despacito" momentarily disappeared Tuesday in an apparent hacking. Fans looking for videos by top artists including Drake, Katy Perry and Taylor Swift found the footage removed and replaced by messages that included "Free Palestine." | |||
|
2018-04-10 13:59:00 | Karamba Security Raises $10 Million for Inorganic Growth (lien direct) | Karamba Security, a firm that specializes in cybersecurity solutions for autonomous and connected cars, on Tuesday announced that it has raised another $10 million, bringing the total raised to date to $27 million. | |||
|
2018-04-10 12:27:03 | Critical Infrastructure Threat Is Much Worse Than We Thought (lien direct) | 
Adversaries Most Likely Want to Acquire a “Red Button” Capability That Can be Used to Shut Down the Power Grid
|
|||
|
2018-04-10 12:16:04 | SirenJack: Hackers Can Remotely Trigger Warning Sirens (lien direct) | 
|
|||
|
2018-04-10 07:39:01 | Business-Critical Systems Increasingly Hit by Ransomware: Verizon 2018 DBIR (lien direct) | Ransomware has become the most prevalent type of malware and it has increasingly targeted business-critical systems, according to Verizon's 2018 Data Breach Investigations Report (DBIR). | |||
|
2018-04-09 17:50:02 | DMARC Not Implemented on Most White House Email Domains: Analysis (lien direct) | Over 95% of the email domains managed by the Executive Office of the President (EOP) haven't implemented the Domain Message Authentication Reporting & Conformance (DMARC) protocol, the Global Cyber Alliance (GCA) has discovered. | |||
|
2018-04-09 16:37:02 | SecurityWeek\'s ICS Cyber Security Conference Returns to Singapore With Strong Lineup (lien direct) | 
|
|||
|
2018-04-09 15:27:00 | Malware Activity Slows, But Attacks More Sophisticated: Report (lien direct) | Malicious Cryptomining Spikes, While Virtually All Other Malware Declines | |||
|
2018-04-09 14:26:01 | Schneider Electric Patches 16 Flaws in Building Automation Software (lien direct) | Schneider Electric informed customers last week that the latest version of its U.motion Builder software patches a total of 16 vulnerabilities, including ones rated critical and high severity. | |||
|
2018-04-09 12:40:05 | Zuckerberg to Face Angry Lawmakers as Facebook Firestorm Rages (lien direct) | Mark Zuckerberg will appear before US lawmakers this week as a firestorm rocks Facebook over its data privacy scandal, with pressure mounting for new regulations on social media platforms. | |||
|
2018-04-09 12:35:00 | A Deep Dive Into Decision Advantage (lien direct) | 
|
|||
|
2018-04-09 12:18:02 | Vulnerabilities Found in Linux \'Beep\' Tool (lien direct) | Several vulnerabilities have been found in the Linux command line tool Beep, including a potentially serious issue introduced by a patch for a privilege escalation flaw. | |||
|
2018-04-09 05:36:05 | Cisco Switches in Iran, Russia Hacked in Apparent Pro-US Attack (lien direct) | A significant number of Cisco switches located in Iran and Russia have been hijacked in what appears to be a hacktivist campaign conducted in protest of election-related hacking. However, it's uncertain if the attacks involve a recently disclosed vulnerability or simply abuse a method that has been known for more than a year. | |||
|
2018-04-08 17:42:05 | NetSupport Manager RAT Spread via Fake Updates (lien direct) | A campaign that has been active for the past few months has been leveraging compromised websites to spread fake software updates that in some cases delivered the NetSupport Manager remote access tool (RAT), FireEye reports. | |||
|
2018-04-07 16:58:01 | New Agent Tesla Spyware Variant Discovered (lien direct) | A new variant of the Agent Tesla spyware has been spreading via malicious Microsoft Word documents, Fortinet reports. | Tesla | ||
|
2018-04-06 15:28:01 | Facebook\'s Sandberg Says Other Cases of Data Misuse Possible (lien direct) | Facebook was aware more than two years ago of Cambridge Analytica's harvesting of the personal profiles of up to 87 million users and cannot rule out other cases of abuse of user data, chief operating officer Sheryl Sandberg said. | |||
|
2018-04-06 15:04:04 | RSA to Acquire Behavioral Analytics Firm Fortscale (lien direct) | RSA on Thursday announced that it has entered an agreement to acquire Fortscale, a company that provides behavioral analytics solutions. Financial terms of the deal have not been disclosed. | |||
|
2018-04-06 14:54:05 | Researchers Link New Android Backdoor to North Korean Hackers (lien direct) | The recently discovered KevDroid Android backdoor is tied to the North Korean hacking group APT37, Palo Alto Networks researchers say. | Cloud | APT 37 | |
|
2018-04-06 14:27:05 | Necurs Botnet to Erupt This Month? (lien direct) | The Necurs Botnet Has a Modular Architecture, Which Allows it to Remain Agile and Switch the Distribution Type Based on historical patterns and recent activity, including what I consider three small-volume test attacks in the past month, it's looking extremely likely that another major Necurs malware outbreak is looming just around the corner. | |||
|
2018-04-06 13:37:00 | Critical Flaws Expose Natus Medical Devices to Remote Attacks (lien direct) | >Researchers at Cisco Talos have identified several critical vulnerabilities that expose Natus medical devices to remote hacker attacks. The vendor has released firmware updates that patch the flaws. The vulnerabilities allow remote code execution and denial-of-service (DoS) attacks and they impact the Natus NeuroWorks software, which is used by the company's Xltek electroencephalography (EEG) equipment to monitor and review data over the network. According to Cisco, an attacker with access to the targeted network can remotely execute arbitrary code on the device or cause a service to crash by sending specially crafted packets. An attack does not require authentication. “Vulnerable systems are searched for by attackers as points of ingress and persistence within computer networks. A vulnerable system can be compromised by threat actors, used to conduct reconnaissance on the network, and as a platform from which further attacks can be launched,” Talos warned. Remote code execution on vulnerable Natus devices is possible due to four different functions that can cause a buffer overflow. All of the code execution flaws have been rated “critical” with CVSS scores of 9 or 10. The DoS vulnerability, rated “high severity,” is caused by an out-of-bounds read issue. Cisco said it reported the vulnerabilities to Natus in July 2017, but the bugs were only confirmed in October. The flaws have been tested on Natus Xltek NeuroWorks 8 and they have been patched with the release of NeuroWorks 8.5 GMA2. Healthcare facilities that use the affected products have been advised to install the update as soon as possible. The risk of attacks involving these vulnerabilities is relatively high considering that the devices are widely deployed – Natus was recently reported to have a 60 percent share in the global neurodiagnostic market. Furthermore, Cisco has made available technical information for each of the vulnerabilities. The healthcare industry has been increasingly targeted by malicious actors, including in attacks involving ransomware and theft of sensitive information. The infosec community and authorities have issued numerous warnings, and recent reports show that there are plenty of healthcare product vulnerabilities that hackers could exploit in their operations. Related: | |||
|
2018-04-06 12:08:04 | New Strain of ATM Jackpotting Malware Discovered (lien direct) | >A new type of ATM jackpotting malware has been discovered. Dubbed ATMJackpot, the malware appears to be still under development, and to have originated in Hong Kong. There are no current details of any deployment or use. ATMJackpot was discovered and analyzed by Netskope Threat Research Labs. It has a smaller footprint than earlier strains of jackpotting malware, but serves the same purpose: to steal money from automated teller machines (ATMs). ATM jackpotting -- also known as a logical attack -- is the use of malware to control cash dispensing from individual ATMs. The malware can be delivered locally to each ATM via a USB port, or remotely by compromising the ATM operator network. Jackpotting has become an increasing problem in recent years, originally and primarily in Europe and Asia. In 2017, Europol warned that ATM attacks were increasing. "The malware being used has evolved significantly and the scope and scale of the attacks have grown proportionately," said Steven Wilson, head of Europol's EC3 cybercrime center. The first attacks against ATMs in the U.S. were discovered in January 2018 following an alert issued by the Secret Service. In March 2018, the alleged leader of the Carbanak group was arrested in Spain. Carbanak is believed to have stolen around $1.24 million over the preceding years. Its method was to compromise the servers controlling ATM networks by spear-phishing bank employers, and then use foot soldiers (mules) to collect money dispensed from specific ATMs at specific times. It is not clear whether the ATMJackpot malware discovered by Netskope is intended to be manually installed via USB on individual ATMs, or downloaded from a compromised network. Physical installation on an ATM is not always difficult. In July 2017, IOActive described how its researchers could gain access to the Diebold Opteva ATM. It was achieved by inserting a metal rod through a speaker hole and raising a metal locking bar. From there they were able to reverse engineer software to get access to the money vault. Jackpotting malware is designed to avoid the need to physically break into the vault. It can be transferred via a USB port to the computer part of the ATM that controls the vault. Most ATMs use a version of Windows that is well understood by criminals. ATMJackpot malware first registers the windows class name 'Win' with a procedure for the malware activity. The malware then populates the options on the window and initiates a connection with the XFS manager. The XFS subsystem provides a common API to access and manipulate the ATM devices from different vendors. The malware then opens a session with the service providers and registers to monitor events. It opens a session with the cash dispenser, the card reader and the PIN pad servic | Guideline Cloud | APT 37 | |
|
2018-04-06 11:30:03 | VirusTotal Launches New Android Sandbox (lien direct) | >Google-owned VirusTotal announced on Thursday the launch of a new Android sandbox designed to provide detailed information on potential threats targeting the mobile operating system.
The new sandbox, named VirusTotal Droidy, is designed to replace a system introduced back in 2013. Droidy can help researchers obtain information on network communications and SMS-related activities, file system interactions, SQLite database usage, permissions, Java reflection calls, process and service actions, registered receivers, and crypto-related activity.
Information from the Droidy sandbox is available in the Behavior section, and it can be selected from the dropdown menu that also includes the Tencent HABO analysis system. VirusTotal noted that the data from Droidy complements Tencent HABO - they are both part of a multisandbox project that aims to aggregate malware analysis sandbox reports.
Selecting Droidy from the behavior menu displays some general information about the analyzed file (example), but users can also obtain a detailed report that allows them to “dig into the hooked calls and take a look at the screenshots generated when running the apps.”
Droidy integrates with other services, such as VirusTotal Graph and VirusTotal Intelligence. VirusTotal says its goal is to generate as much information as possible in order to help investigators get a better understanding of a particular threat.
“Very often during an investigation, you might not have enough context about an individual threat, and so being able to look at the connected URLs, domains, files, IP addresses, etc. becomes crucial in understanding what is going on,” explained VirusTotal's Emiliano Martinez.
VirusTotal also announced recently that it has made several improvements to the MacOS sandbox.
Related: VirusTotal Now Scans Firmware Images
Related: VirusTotal Policy Change Rocks Anti-Malware Industry
Related: |
|||
|
2018-04-06 05:43:04 | Best Buy Hit by [24]7.ai Payment Card Breach (lien direct) | >After Delta Air Lines and Sears Holdings, Best Buy has also come forward to warn customers that their payment card information may have been compromised as a result of a breach suffered by online services provider [24]7.ai. Similar to Delta and Sears, Best Buy contracted [24]7.ai for online chat/support services. The retailer says it will contact impacted customers and provide free credit monitoring if needed. Best Buy has not specified exactly how many of its customers are impacted, but noted that “only a small fraction of our overall online customer population could have been caught up in this [24]7.ai incident, whether or not they used the chat function.” San Jose, CA-based [24]7.ai provides customer acquisition and engagement solutions to organizations in a wide range of sectors and any of them could be impacted by this incident. Its website lists several major firms, but some of them apparently no longer do business with the company. Delta has set up a dedicated page on its website and it has provided some new information regarding the incident. According to the airline, cybercriminals planted a piece of malware in [24]7.ai software, which captured some payment card data between September 26 and October 12, 2017. “[The malware] made unauthorized access possible for the following fields of information when manually completing a payment card purchase on any page of the delta.com desktop platform during the same timeframe: name, address, payment card number, CVV number, and expiration date,” Delta explained. The airline believes the incident may impact hundreds of thousands of customers, but it cannot say definitively whether any information has actually been stolen by the attackers. It appears that the malware involved in this attack is capable of harvesting payment card information entered on websites that use the [24]7.ai chat software. Consumers may be impacted even if they have not directly used the chat functionality, which has only been leveraged as a point of entry to the websites of major organizations. These types of attacks have been common in the past years. Sears Holdings, the company that owns the Sears and Kmart retail store brands, says the incident has impacted the credit card information of less than 100,000 customers. Sears and Delta said they were only notified by [24]7.ai in mid and late March, several months after the breach had been supposedly contained. | |||
|
2018-04-05 18:50:04 | Microsoft Adds New Security Features to Office 365 (lien direct) | >Microsoft today announced new protections for Office 365 Home and Office 365 Personal subscribers, aimed at helping them recover files, protect data, and defend against malware. Courtesy of the newly announced protections, Office 365 Home and Office 365 Personal users can now recover their files after a malicious attack like ransomware, Kirk Koenigsbauer, Corporate Vice President for Office at Microsoft, says. The new functionality is available through a Files Restore option that has been long available for OneDrive for Business customers. The feature is now available for personal OneDrive accounts and is enabled for both work and personal files. With the help of Files Restore, users can restore their entire OneDrive to a previous point in time within the last 30 days. The feature should prove highly useful in a variety of situations, ranging from an accidental mass delete to file corruption, ransomware encryption, or another catastrophic event. To further protect users, Microsoft is bringing ransomware detection and recovery features to Office 365. This feature ensures that ransomware attacks are detected and also helps users restore their OneDrive to a point before files were compromised. “If an attack is detected, you will be alerted through an email, mobile, or desktop notification and guided through a recovery process where you'll find the date and time of attack preselected in Files Restore, making the process simple and easy to use. As these threats evolve, we are continuously | |||
|
2018-04-05 16:59:01 | Financial Services DDoS Attacks Tied to Reaper Botnet (lien direct) | >Recorded Future's "Insikt" threat intelligence research group has linked the Mirai variant IoTroop (aka Reaper) botnet with attacks on the Netherlands financial sector in January 2018. The existence of IoTroop was first noted by Check Point in October 2017. At that point the botnet had not been used to deliver any known DDoS attacks, and its size was disputed. What was clear, however, was its potential for growth. In January 2018, the financial services sector in the Netherlands was hit by a number of DDoS attacks. Targets included ABN Amro, Rabobank and Ing; but at that time the source of the attack was unknown. Insikt researchers now report that at least one these financial services attacks -- and possibly more -- was the first known use of IoTroop to deliver a DDoS attack. "IoTroop is a powerful internet of things (IoT) botnet," reports Insikt, "primarily comprised of compromised home routers, TVs, DVRs, and IP cameras exploiting vulnerabilities in products from major vendors including MikroTik, Ubiquity and GoAhead." The attack itself was not excessively high by modern standards. "The initial attack was a DNS amplification attack with traffic volumes peaking at 30Gb/s," reports Insikt -- far short of the 1.7Tb/s attack that occurred in February. If the IoTroop assumption is correct, it is clear the botnet has evolved extensively since its discovery last year. Fortinet's SVP products and solutions reported last month, "the Reaper [IoTroop] exploit was built using a flexible Lua engine and scripts, which means that instead of being limited to the static, pre-programmed attacks of previous exploits, its code can be easily updated on the fly, allowing massive, in-place botnets to run new and more malicious attacks as soon as they become available." Insikt reports that the malware can use at least a dozen vulnerabilities and can be updated by the attackers as new vulnerabilities are exposed. "Our analysis," it says, "shows the botnet involved in the first company attack was 80% comprised of compromised MikroTik routers with the remaining 20% composed of various IoT devices ranging from vulnerable Apache and IIS web servers to routers from Ubiquity, Cisco and ZyXEL. We also discovered Webcams, TVs and DVRs among the 20% of IoT devices, which included products from major vendors such as MikroTik, GoAhead, Ubiquity, Linksys, TP-Link and Dahua." This list adds new devices now vulnerable to IoTroop in addition to those noted in the original October 2017 research -- which suggests, says Insikt, "a widespread and rapidly evolving botnet that appears to be leveraging publicly disclosed vulnerabilities in many IoT devices." | Cloud | APT 37 | |
|
2018-04-05 16:37:03 | (Déjà vu) Unprotected Switches Expose Critical Infrastructure to Attacks: Cisco (lien direct) | >Cisco has advised organizations to ensure that their switches cannot be hacked via the Smart Install protocol. The networking giant has identified hundreds of thousands of exposed devices and warned that critical infrastructure could be at risk. The Cisco Smart Install Client is a legacy utility that allows no-touch installation of new Cisco switches. Roughly one year ago, the company warned customers about misuse of the Smart Install protocol following a spike in Internet scans attempting to detect unprotected devices that had this feature enabled. It also made available an open source tool for identifying devices that use the protocol. Attackers can abuse the Smart Install protocol to modify the configuration file on switches running IOS and IOS XE software, force the device to reload, load a new IOS image, and execute high-privilege commands. These attacks rely on the fact that many organizations fail to securely configure their switches, rather than an actual vulnerability. According to Cisco, sophisticated nation-state groups have also abused Smart Install in their campaigns, including the Russia-linked threat actor tracked as Dragonfly, Crouching Yeti and Energetic Bear, which has been known to target critical infrastructure. Cisco has decided to once again warn organizations of the risks associated with Smart Install following the disclosure of a critical vulnerability discovered recently by researchers at Embedi. The flaw, tracked as CVE-2018-0171, allows a remote and unauthenticated attacker to cause a denial-of-service (DoS) condition or execute arbitrary code by sending specially crafted Smart Install messages to an affected device on TCP port 4786. Researchers said they had identified roughly 250,000 vulnerable Cisco devices with TCP port 4786 open. Cisco's own Internet scans revealed 168,000 systems potentially exposed due to their use of the Cisco Smart Install Client. The company says the number of impacted devices has decreased considerably since 2016, when security firm Tenable identified more than 250,000 exposed systems. Throughout the end of 2017 and early 2018, Cisco's Talos group noticed attackers increasingly looking for misconfigured clients. Now that CVE-2018-0171 has been found, the risk of attacks has increased even more, especially since Embedi has released technical details and proof-of-concept (PoC) code. There is no evidence that CVE-2018-0171 has been exploited in malicious attacks. Cisco also noted that much of the activity it has seen is likel | ★★★ | ||
|
2018-04-05 15:23:03 | New macOS Backdoor Linked to Cyber-espionage Group (lien direct) | >A recently discovered macOS backdoor is believed to be a new version of malware previously associated with the OceanLotus cyber-espionage group, Trend Micro says. Also known as APT 32, APT-C-00, SeaLotus, and Cobalt Kitty, OceanLotus is believed to be operating out of Vietnam and has been targeting high-profile corporate and government organizations in Southeast Asia. Well-resourced and determined, the group uses custom-built malware and already established techniques. | APT 32 | ||
|
2018-04-05 14:28:05 | Intel Discontinues Keyboard App Affected by Critical Flaws (lien direct) | >Serious vulnerabilities have been found in Intel's Remote Keyboard application, but the company will not release any patches and instead advised users to uninstall the app. Introduced in June 2015, the Intel Remote Keyboard apps for Android and iOS allow users to wirelessly control their Intel NUC and Compute Stick devices from a smartphone or tablet. The Android application has been installed more than 500,000 times. Researchers discovered recently that all versions of Intel Remote Keyboard are affected by three severe privilege escalation flaws. The most serious of them, rated “critical” and identified as CVE-2018-3641, allows a network attacker to inject keystrokes as a local user. The vulnerability was reported to Intel by a UK-based researcher who uses the online moniker trotmaster. Another vulnerability, tracked as CVE-2018-3645 and rated “high severity,” was reported to Intel by Mark Barnes. The researcher discovered that Intel Remote Keyboard is affected by a privilege escalation flaw that allows a local attacker to inject keystrokes into another keyboard session. The third security hole is CVE-2018-3638, which allows an authenticated, local attacker to execute arbitrary code with elevated privileges. Intel has credited Marius Gabriel Mihai for finding this vulnerability. Intel does not plan on releasing patches for these vulnerabilities. The company has decided to discontinue the product and advised users to uninstall the apps at their earliest convenience. Intel Remote Keyboard has been removed from both Google Play and the Apple App Store. Intel also published a security advisory this week to warn customers of an important denial-of-service (DoS) vulnerability affecting the SPI Flash component in multiple processors. The flaw was discovered by Intel itself and mitigations are available. The company also informed users of a privilege escalation flaw in 2G modems, including XMM71xx, XMM72xx, XMM73xx, XMM74xx, Sofia 3G, Sofia 3G-R, and Sofia 3G-RW. The issue impacts devices that have the Earthquake Tsunami Warning System (ETWS) feature enabled. A network attacker can exploit the vulnerability to execute arbitrary code. “Devices equipped with an affected modem, when connected to a rogue 2G base station where non-compliant 3GPP software may be operational, are potentially at risk,” Intel said. Related: Intel Will Not Patch Spectre in Some CPUs | |||
|
2018-04-05 14:03:01 | Improved Visibility a Top Priority for Security Analysts (lien direct) | >Security Analysts Require Improved Visibility as well as Improved Threat Detection Vendors listen to existing and potential customers to understand how to improve their products over time. At the smallest level, they use focus groups. At the largest level they employ market research firms to query thousands or more respondents from relevant employments and industry sectors. Some way in-between, they run their own relatively small-scale surveys primarily for their own benefit. This is what Boston, MA-based next-gen endpoint protection firm Barkly did, querying some 70 IT and security professionals to understand what mid-market users look for and are not currently getting from their endpoint security controls. Not surprisingly, 60% of the respondents say that adding to or improving protection is their top priority -- possibly because 88% of them consider that there are types of attacks (for example, the growing practice of employing fileless attacks) that current security simply does not block. More surprising, however, is that 40% of the respondents prioritize improving forensic and response capabilities as their current top priority. This may partly be driven by the new breed of regulations -- and in particular, GDPR -- that demand increasingly rapid incident disclosure, and remediation of the breach vector to prevent repeats. Alternatively, this may simply be down to a high ratio of alerts (including both true-positives and false-positives) to human-resources with their current products. While the sample size of the survey is small, forty-five percent of the respondents, Barkly says, "admit they currently don't have enough time to investigate and respond to the incidents they're already seeing now. Adding to that workload with complex endpoint detection and response (EDR) solutions without considering current limitations is obviously not a productive answer." The need for improved automation to reduce the time for manual involvement also shows in users' top frustrations with current solutions. Twenty-seven percent of the respondents are concerned with poor visibility into incidents, and 25% are concerned about limited investigative/response features. A further 18% find current solutions difficult and time-consuming to manage. The need to make incident response faster and simpler is the driving force behind Barkly's new version 3.0 launched today. Rapid response comes from two new features: endpoint isolation; and file quarantine and delete. The first enables an administrator to instantly remove an affected device from the network while the incident is investigated. | |||
|
2018-04-05 13:43:05 | 1.5 Billion Sensitive Documents on Open Internet: Researchers (lien direct) | >Some 1.5 billion sensitive online files, from pay stubs to medical scans to patent applications, are visible on the open internet, security researchers said Thursday.
Researchers from the cybersecurity firm Digital Shadows said a scanning tool used in the first three months of 2018 found mountains of private data online from people and companies across the world.
The unprotected data amounted to some 12 petabytes, or four thousand times larger than the "Panama Papers" document trove which exposed potential corruption in dozens of countries.
"These are files that are freely available" to anyone with minimal technical knowledge, said Rick Holland, a vice president at Digital Shadows.
Holland told AFP his team scanned the web and found unsecured files, adding "we didn't authenticate to anything."
The availability of open data makes it easier for hackers, nation-states or rival companies to steal sensitive information, Holland said.
"It makes attackers' jobs much easier. It shortens the reconnaissance phase," he added.
The researchers said in the report that even amid growing concerns about hackers attacking sensitive data, "we aren't focusing on our external digital footprints and the data that is already publicly available via misconfigured cloud storage, file exchange protocols, and file sharing services."
A significant amount of the data left open was from payroll and tax return files, which accounted for 700,000 and 60,000 files respectively, Digital Shadows said.
It noted medical files and lists were also weakly protected, with some 2.2 million body scans open to inspection.
Many corporate secrets were also out in the open including designs, patent summaries and details of yet-to-be-released products.
"While organizations may consider insiders, network intrusions and phishing campaigns as sources of corporate espionage, these findings demonstrate that there is already a large amount of sensitive data publicly available," the report said.
The researchers said about 36 percent of the files were located in the European Union. The United States had the largest amount for a single country at 16 percent, but exposed files were also seen around the world including in Asia and the Middle East.
|
Guideline | ||
|
2018-04-05 13:32:05 | (Déjà vu) Mitigating Digital Risk from the Android PC in Your Pocket (lien direct) | >Security Teams Must Prioritize Risk Mitigation Against Android Malware
Few of us could have imagined that a device that allows us to talk to anyone from anywhere at any time would morph, in just a few years, into many users' computing device of choice. The latest numbers from StatCounter reveal that mobile devices are outpacing desktops and are the preferred method for accessing the Internet. The most popular operating system worldwide? Android.
Threat actors watch these trends too. They're opportunistic and will focus their efforts where they believe their success rate will be the highest. So naturally, many are targeting Android devices and taking advantage of malware to launch attacks.
As an open-source tool, Android provides the benefits of collaborative applications (apps) and innovation; however, its accessibility inherently exposes it to exploitation by malicious actors. In the past year, while some users fell victim to targeted social engineering campaigns that infect their devices, most malware was embedded in malicious apps users inadvertently downloaded from official and unofficial sources. With the greatest number of users, Android's official app store Google Play has been the largest single source of infection. However, most of the sources of infection were other third-party stores.
 Users are duped by apps that pose as legitimate resources or services, or that are advertised fraudulently by displaying branding associated with credible organizations. Apps have been found that impersonate Uber, any number of financial institutions, gaming apps and perhaps most galling, security apps. Mobile malware is generally delivered and deployed via a multi-step process requiring some user interaction. This presents threat actors with many opportunities to infiltrate a device. For example, once installed, many malicious apps request users to approve unnecessary privileges, such as administration access, to execute processes. Overlays (superimposing phishing screens on a legitimate app) are also used to prompt users to provide sensitive information, such as credentials or financial data.
So, what's the ultimate endgame for cyber criminals? The most prevalent objective is espionage – gathering information through profiling device data or recording phone calls and messages. Mobile banking malware, such as Marcher and BankBot, uses sophisticated techniques to harvest user banking data, including overlays specific to target banks, and intercepts SMS messages to obtain multi-factor authentication codes. Recently, mobile devices have also been targeted for cryptocurrency mining. While less powerful than desktops and servers used for this purpose, more Android devices exist, and they are often less protected and, thus, more easily accessible. You can expect t |
Uber | ||
|
2018-04-05 12:51:00 | Delta, Sears Hit by Card Breach at Online Services Firm (lien direct) | >Delta Air Lines, Sears Holdings and likely other major companies have been hit by a payment card breach suffered last year by San Jose, CA-based online services provider [24]7.ai. In a brief statement published on Wednesday, [24]7.ai revealed that it had notified a “small number” of client companies of a security incident impacting payment card information. According to the firm, the intrusion occurred on September 26 and it was contained on October 12, 2017. “We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers' online safety. We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed,” [24]7.ai said. [24]7.ai provides customer acquisition and engagement solutions to organizations in a wide range of sectors, including agencies, education, financial services, healthcare, insurance, retail, telecom, travel and hospitality, and utilities. Its customers include Adobe, Copa Airlines, Duke Energy, Grainger, Merrill Lynch, Scotiabank, and Vodafone. Two of [24]7.ai's customers have come forward to date to inform customers that they have been hit by the security breach. One of them is Delta, which told customers that their payment card information may have been compromised. The company said no other information, such as government IDs, passports, security or Skymiles details, was impacted. “At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers' information was actually accessed or subsequently compromised,” Delta stated. The airline, which used [24]7.ai's online chat services, has promised to set up a dedicated page at delta.com/response where it will post updates regarding this incident. Sears Holdings, the company that owns the Sears and Kmart retail store brands, says [24]7.ai has provided online support services. Sears believes the incident has impacted the credit card information of less than 100,000 customers. “We believe the credit card information for certain customers who transacted online between September 27, 2017 and October 12, 2017 may have been compromised,” Sears stated. “Customers using a Sears-branded credit card were not impacted. In addition, there is no evidence that our stores were compromised or that any internal Sears systems were accessed by those responsible. [24]7.ai has assured us that their systems are now secure.” Sears and Delta said they only learned of the data breach from [24]7.ai in mid and late March, respectively. SecurityWeek has reached out to the vendor to find out why it has waited so long to notify impacted companies. | |||
|
2018-04-05 05:19:03 | (Déjà vu) AWS Launches New Tools for Firewalls, Certificates, Credentials (lien direct) | >Amazon Web Services (AWS) announced on Wednesday the launch of several tools and services designed to help customers manage their firewalls, use private certificates, and safely store credentials.
Private Certificate Authority
One of the new services is called Private Certificate Authority (CA) and it's part of the AWS Certificate Manager (ACM). The Private CA allows AWS customers to use private certificates without the need for specialized infrastructure.
Developers can now provision private certificates with just a few API calls. At the same time, administrators are provided central management and auditing capabilities, including certificate revocation lists (CRLs) and certificate creation reports. Private CA is based on a pay-as-you-go pricing model.
AWS Secrets Manager
The new AWS Secrets Manager is designed to make it easier for users to store, distribute and rotate their secrets, including credentials, passwords and API keys. The storage and retrieval of secrets can be done via the API or the AWS Command Line Interface (CLI), while built-in or custom AWS Lambda functions provide the capabilities for rotating credentials.
“Previously, customers needed to provision and maintain additional infrastructure solely for secrets management which could incur costs and introduce unneeded complexity into systems,” explained Randall Hunt, Senior Technical Evangelist at AWS.
AWS Secrets Manager is available in the US East and West, Canada, South America, and most of the EU and Asia Pacific regions. As for pricing, the cost is $0.40 per month per secret, and $0.05 per 10,000 API calls.
AWS Firewall Manager
The new AWS Firewall Manager is designed to simplify administration of AWS WAF web application firewalls across multiple accounts and resources. Administrators can create policies and set up firewall rules and they are automatically applied to all applications, regardless of the region where they are hosted.
“Developers can develop and innovators can innovate, while the security team gains the ability to respond quickly, uniformly, and globally to potential threats and actual attacks,” said Jeff Barr, Chief Evangelist for AWS. |
|||
|
2018-04-04 20:23:00 | Facebook to Offer \'Clearer\' Terms on Privacy, Data Use (lien direct) | Facebook said Wednesday it is updating its terms on privacy and data sharing to give users a clearer picture of how the social network handles personal information. The move by Facebook follows a firestorm over the hijacking of personal information on tens of millions of users by a political consulting firm which sparked a raft of investigations worldwide. "We're not asking for new rights to collect, use or share your data on Facebook," said a statement by Facebook chief privacy officer Erin Egan and deputy general counsel Ashlie Beringer. "We're also not changing any of the privacy choices you've made in the past." Facebook is under intense pressure to fix the problems which led to the harvesting of some 87 million user profiles by Cambridge Analytica, a consulting firm working on Donald Trump's 2016 campaign. The company has already unveiled several measures aimed at improving privacy and transparency, but chief executive Mark Zuckerberg has said it may take several years to address all the issues raised in the scandal. Egan and Beringer said that with the new terms of service, "we explain how we use data and why it's needed to customize the posts and ads you see, as well as the groups, friends and pages we suggest." They wrote that "we will never sell your information to anyone" and impose "strict restrictions on how our partners can use and disclose data." The statement said the new terms will offer better information on how Facebook advertising operates as well. "You have control over the ads you see, and we don't share your information with advertisers," the statement said. "Our data policy explains more about how we decide which ads to show you." Egan and Beringer said Facebook will go further in explaining how it gathers information from phones and other devices. "People have asked to see all the information we collect from the devices they use and whether we respect the settings on your mobile device (the short answer: we do)," they wrote. Users may offer feedback on the new policy for seven days before Facebook finalizes the new rules and asks its members to accept them. | |||
|
2018-04-04 20:15:00 | Facebook Says 87 Million May be Affected by Data Breach (lien direct) | >Facebook said Wednesday personal data on as many as 87 million users was improperly shared with British political consultancy Cambridge Analytica. The new figure eclipses a previous estimate of 50 million in a further embarrassment to the social network roiled by a privacy scandal. The announcement came as Facebook unveiled clearer terms of service to enable users to better understand data sharing, and as a congressional panel said chief executive Mark Zuckerberg would appear next week to address privacy issues. Facebook's chief technology officer Mike Schroepfer released the new figures on affected users as he discussed implementation of new privacy tools for users of the huge social network. "In total, we believe the Facebook information of up to 87 million people -- mostly in the US -- may have been improperly shared with Cambridge Analytica," he said. The new estimate could deepen the crisis for Facebook, which has been pressured by the disclosures on hijacking of private data by the consulting group working for Donald Trump's 2016 campaign. Related: Would Facebook and Cambridge Analytica be in Breach of GDPR? Schroepfer said new privacy tools, which had been announced last month, would be in place by next Monday. "People will also be able to remove apps that they no longer want. As part of this process we will also tell people if their information may have been improperly shared with Cambridge Analytica," he said. "Overall, we believe these changes will better protect people's information while still enabling developers to create useful experiences." Zuckerberg on the Hill Earlier Wednesday, the House of Representatives' Energy and Commerce Committee announced what appeared to be the first congressional appearance by Zuckerberg since the scandal broke on the hijacking of data on tens of millions of users. The April 11 hearing will "be an important opp | |||
|
2018-04-04 18:58:04 | (Déjà vu) Companies Have Little Control Over User Accounts and Sensitive Files: Study (lien direct) | >Lack of Control Over Sensitive Files Leaves Companies Open to GDPR Failure Security teams are urged to assume intruders are already on their networks. The quantity and frequency of data loss breaches lends credence to that assumption. The implication is that perimeter defenses are insufficient, and that sensitive data needs to be locked down as far as possible within the networks. A new study shows, however, that 41% of companies have more than 1.000 sensitive files open to everyone with access to the network. Each year, New York, NY-based data protection and governance firm Varonis analyzes the results of its risk assessments on new and potential customers. Its 2018 Global Data Risk Report (PDF) contains the findings of 130 corporate risk analyses conducted during 2017. It looks for free-form data at risk from existing intruders and potential malicious insiders; and the process examined more than 6 billion individual files from 30 different industries across more than 50 countries. The results clearly show that companies are struggling to control sensitive data contained in free-form text documents. A common problem is leaving files open to global access groups. For example, 58% of companies have more than 100,000 folders open to everyone -- and the bigger the company, the worse the problem. Eighty-eight percent of companies with more than 1 million folders have more than 100,000 open folders. The problem becomes more pressing when those files contain sensitive data -- defined here as information subject to regulations such as GDPR, PCI, and HIPAA. The Varonis platform works by looking at both the structure of the network, and the content of the files. In this study it found that 41% of companies have more than 1,000 sensitive files open to everyone. For these companies any malicious insider or low-privileged intruder can simply access and potentially steal sensitive data, bringing the company into immediate compliance failure. Most regulations either require the principle of least privilege or imply its requirement. The basis of protecting sensitive files requires two things in particular: the principle of least privilege to restrict access to sensitive documents to authorized persons only; and privileged account management to prevent attackers' access to and unauthorized use of privileged accounts to access restricted documents. However, the Varonis study shows that companies have as little cont | |||
|
2018-04-04 17:40:00 | North Korean Hackers Behind Online Casino Attack: Report (lien direct) | >The infamous North Korean hacking group known as Lazarus is responsible for attacking an online casino in Central America, along with various other targets, ESET says. The Lazarus Group has been active since at least 2009 and is said to be associated with a large number of major cyber-attacks, including the $81 million cyber heist from Bangladesh's account at the New York Federal Reserve Bank. Said to be the most serious threat against banks, the group has shown increased interest in | Medical | APT 38 | |
|
2018-04-04 15:24:02 | Critical Vulnerability Patched in Microsoft Malware Protection Engine (lien direct) | >An update released this week by Microsoft for its Malware Protection Engine patches a vulnerability that can be exploited to take control of a system by placing a malicious file in a location where it would be scanned. The Microsoft Malware Protection Engine provides scanning, detection and cleaning capabilities for security software made by the company. The engine is affected by a flaw that can be exploited for remote code execution when a specially crafted file is scanned. The malicious file can be delivered via a website, email or instant messenger. The Malware Protection Engine will automatically scan the file (if real-time protection is enabled) and allow the attacker to execute arbitrary code in the context of the LocalSystem account, which can lead to a complete takeover of the targeted system. On systems where real-time scanning is not enabled, the exploit will still get triggered, but only when a scheduled scan is initiated. The vulnerability, tracked as CVE-2018-0986 and rated “critical,” affects several Microsoft products that use the Malware Protection Engine, including Exchange Server, Forefront Endpoint Protection 2010, Security Essentials, Windows Defender, and Windows Intune Endpoint Protection. While the flaw is dangerous and easy to exploit, Microsoft believes exploitation is “less likely.” The company pointed out that the patch for this vulnerability will be automatically delivered to customers within 48 hours of release – users and administrators do not have to take any action. Google Project Zero researcher Thomas Dullien, aka “Halvar Flake,” has been credited for finding CVE-2018-0986. The details of the vulnerability have yet to be disclosed, but considering that the patch is being delivered automatically to most systems, the information will likely become available soon. This is not the first time Google Project Zero researchers have discovered critical vulnerabilities in Microsoft's Malware Protection Engine. While Google may occasionally disclose flaws in Microsoft products before patches become available, in the case of the Malware Protection Engine, Microsoft typically releases patches within a few days or weeks. A similar flaw in the Malware Protection Engine was also found recently by employees of UK's National Cyber Security Centre (NCSC). Related: | Guideline | ||
|
2018-04-04 14:20:05 | IoT Security Firm Red Balloon Raises $22 Million (lien direct) | >Red Balloon Security, a provider of embedded device security solutions, announced on Wednesday that it has secured $21.9 million through a Series A funding round led by Bain Capital Ventures.
This latest round of funding brings the company's total funding to $23.5 million.
The company's flagship Symbiote Defense technology helps customers to detect and defend against emerging threats targeting embedded devices. The technology behind Symbiote was originally developed within Columbia University's Intrusion Detection Systems Lab, with support of the Defense Advanced Research Projects Agency (DARPA) and the Department of Homeland Security Science and Technology Directorate (DHS S&T).
Symbiote, Red Balloon explains, “defends devices without requiring changes to source code or hardware design, all without impacting the functionality or performance of the device,” adding that the solution has “demonstrated the ability to defend against both n-day and zero-day attacks on embedded devices, even if the attacker has succeeded in bypassing traditional cybersecurity measures.”
Red Balloon claims that Symbiote technology has operated for more than 15 billion continuous hours without a single failure, protecting millions of endpoints around the world.
“Symbiote Defense is a critically important technology for today's businesses because it is able to prevent malware and other cyber attacks from hijacking, disrupting or corrupting any embedded device,” said Ang Cui, PhD, founder and CEO of Red Balloon Security. “This technology has considerable commercial potential because it is highly effective within any type of embedded device environment, from consumer electronics to factories, connected cars and even power plants. Thanks to the strong support of our investors, we will now be able to make this advanced technology more widely available to commercial users across all major industries.”
Greycroft, American Family Ventures and Abstract Ventures also participated in the funding round.
Related: Mocana Receives Strategic Investment from GE Ventures
|
Guideline | ||
|
2018-04-04 14:00:03 | Breaches Increasingly Discovered Internally: Mandiant (lien direct) | >Organizations are getting increasingly better at discovering data breaches on their own, with more than 60% of intrusions in 2017 detected internally, according to FireEye-owned Mandiant.
The company's M-Trends report for 2018 shows that the global median time for internal detection dropped to 57.5 days in 2017, compared to 80 days in the previous year. Of the total number of breaches investigated by Mandiant last year, 62% were discovered internally, up from 53% in 2016.
On the other hand, it still took roughly the same amount of time for organizations to learn that their systems had been compromised. The global median dwell time in 2017 – the median time from the first evidence of a hack to detection – was 101 days, compared to 99 days in 2016.
Companies in the Americas had the shortest median dwell time (75.5 days), while organizations in the APAC region had the longest dwell time (nearly 500 days).
Data collected by Mandiant in 2013 showed that more than one-third of organizations had been attacked again after the initial incident had been remediated. More recent data, specifically from the past 19 months, showed that 56% of Mandiant customers were targeted again by either the same group or one with similar motivation.
In cases where investigators discovered at least one type of significant activity (e.g. compromised accounts, data theft, lateral movement), the targeted organization was successfully attacked again within one year. Organizations that experienced more than one type of significant activity were attacked by more than one threat actor.
Again, the highest percentage of companies attacked multiple times and by multiple threat groups was in the APAC region – more than double compared to the Americas and the EMEA region.
When it comes to the most targeted industries, companies in the financial and high-tech sectors recorded the highest number of significant attacks, while the high-tech, telecommunications and education sectors were hit by the highest number of different hacker groups.
Last year, FireEye assigned names to four state-sponsored threat groups, including the Vietnam-linked APT32 (OceanLotus), and the Iran-linked APT33, APT34 (OilRig), and APT35 (NewsBeef, Newscaster and Charming Kitten).
|
Conference | APT33 APT 35 APT 33 APT 32 APT 34 | |
|
2018-04-04 13:59:02 | WAF Security Startup Threat X Raises $8.2 Million (lien direct) | Cybersecurity startup Threat X, which offers cloud-based web application firewall (WAF) solutions, today announced that it has closed an $8.2 million Series A funding round.
The Denver, Colorado-based company says the new funding will be used to fuel growth and support adoption of its WAF technology and managed security services.
The company explains that its SaaS-based solution “employs kill-chain based, progressive profiling to identify and neutralize threats."
“Our goal is to help organizations protect their applications with a SaaS based web application firewall that provides a holistic view of every attack, the techniques being utilized, and target vulnerabilities,” Bret Settle, Founder and CEO of Threat X, said. “Our behavioral profiling and correlation engine analyzes each attack and eliminates false positives by grading risk level and progress throughout the 'kill-chain'. Our customers can also leverage our deep analytics and expert security team for greater threat intelligence and visibility into preventative measures.”
The funding round was co-led by Grotech Ventures and Access Venture Partners.
No active ads were found in t47 -->
(function() {
var po = document.createElement("script"); po.type = "text/javascript"; po.async = true;
po.src = "https://apis.google.com/js/plusone.js";
var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(po, s);
})();
Tweet
|
Guideline | ||
|
2018-04-04 13:48:05 | (Déjà vu) Security for the Ages: Make it Memorable (lien direct) | >Those of us That Spend our Lives in Security Sometimes Forget How our Field Looks and Sounds to Others
Recently, on way to work, I heard the song “Mr. Jones” for the first time in years. For my younger readers, this Counting Crows song was quite popular when I was in High School. I found hearing this song again after so many years fascinating. Why? Because I still knew every word of the song.
Whether or not you are a fan of the song, you are likely asking yourself what this could possibly have to do with security. That's certainly a fair question. To understand the connection here, we need to ask ourselves why I still remember the words to this song after all these years.
In my opinion, the answer to that question lies in the fact that the song was fun for me. For whatever reason, it found favor in my eyes. I internalized it. I heard a lot of songs in the 1980s and the 1990s. But the number of songs from that period whose lyrics I still remember is relatively small.
We can learn a lesson from this in security. Those of us that spend our lives in security sometimes forget how our field looks and sounds to others. When presenting or discussing our work, it's important to focus on how that message is received and internalized by the people on the other side of the conversation. Let's take a look at ten situations in which we can leverage this powerful lesson.
 1. Conferences: I've sat through a fair number of conference talks in my life. Some have been better than others. Know your audience and stay focused on what will resonate with them and/or help them understand what you've been working hard on and the value it provides to the greater security community. The best talks are those that people still remember after a year or two has gone by.
2. Board: In previous roles, I've had a few opportunities to present at board meetings. What I took away from these encounters is the extremely high level at which the board thinks about risk. It's incredibly strategic and miles away from tactical. Something to keep in mind when formulating your board presentation. Your job is to get the board's attention and cause them to focus on what's important, not to overwhelm them with details.
3. Executives: While perhaps not as high level as the board, executives are still pretty high level. Tactical mumbo jumbo will put them into a trance. Best to tune your message to the audience and ensure it will resonate and stay with them. For example, if you need to make the case for additional budget, try doing so in the language of mitigating risk to the business and return on investment.
4 |
Guideline | ||
|
2018-04-04 13:22:01 | Google Patches 9 Critical Android Vulnerabilities in April 2018 Update (lien direct) | >Google this week has released its April 2018 set of Android security patches which address more than two dozen Critical and High severity vulnerabilities. 19 vulnerabilities were found to affect components such as Android runtime, Framework, Media framework, and System. These include 7 issues rated Critical and 12 considered High risk. All of the flaws were patched as part of the 2018-04-01 security patch level. Successful exploitation of these security bugs could result in elevation of privileges, information disclosure, remote code execution, and denial of service. “The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google notes in its advisory. | |||
|
2018-04-04 11:08:03 | Intel Will Not Patch Spectre in Some CPUs (lien direct) | >Intel has informed customers that some of the processors affected by the Meltdown and Spectre vulnerabilities will not receive microcode updates due to issues related to implementation and other factors. Two weeks after announcing that microcode updates have been made available for all recent processors vulnerable to speculative execution side-channel attacks, Intel updated its microcode revision guidance to say that some chips will not receive patches. The list includes Core, Xeon, Celeron, Pentium, and Atom processors with Bloomfield (Xeon), Clarksfield, Gulftown, Harpertown Xeon, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale (Xeon) and Yorkfield (Xeon) microarchitectures. These products have been assigned a “stopped” status, which indicates they will not receive updates due to one or more reasons. Intel says it has conducted a comprehensive investigation of the microarchitecture and microcode capabilities of these CPUs and determined that some of their characteristics prevent a practical implementation of mitigations for Spectre Variant 2 (CVE-2017-5715). Other possible reasons for not releasing fixes include limited commercially available system software support and low risk of attacks. “Based on customer inputs, most of these products are implemented as 'closed systems' and therefore are expected to have a lower likelihood of exposure to these vulnerabilities,” Intel explained. Intel revealed recently that its upcoming processors for data centers and PCs will include built-in protections against Meltdown (Variant 3) and Spectre (Variant 2) attacks. The chip giant expects to roll out these protections in the second half of 2018. “We have redesigned parts of the processor to introduce new levels of protection through partitioning that will protect against both Variants 2 and 3,” explained Intel CEO Brian Krzanich. “Think of this partitioning as additional 'protective walls' between applications and user privilege levels to create an obstacle for bad actors.” Dozens of lawsuits have been filed against Intel by customers and shareholders over the disclosure and handling of Meltdown and Spectre. Related: IBM Releases Spectre, Meltdown Patches for Power Systems | ★★★★ | ||
|
2018-04-04 05:47:00 | (Déjà vu) Several U.S. Gas Pipeline Firms Affected by Cyberattack (lien direct) | >Several natural gas pipeline operators in the United States have been affected by a cyberattack that hit a third-party communications system, but the incident does not appear to have impacted operational technology.
Energy Transfer Partners was the first pipeline company to report problems with its Electronic Data Interchange (EDI) system due to a cyberattack that targeted Energy Services Group, specifically the company's Latitude Technologies unit.
EDI is a platform used by businesses to exchange documents such as purchase orders and invoices. In the case of energy firms, the system is used to encrypt, decrypt, translate, and track key energy transactions. Latitude says it provides EDI and other technology services to more than 100 natural gas pipelines, storage facilities, utilities, law firms, and energy marketers across the U.S.
Bloomberg reported that the incident also affected Boardwalk Pipeline Partners, Chesapeake Utilities Corp.'s Eastern Shore Natural Gas, and ONEOK, Inc. However, ONEOK clarified that its decision to disable the third-party EDI service was a “purely precautionary step.”
“There were no operational interruptions on ONEOK's natural gas pipelines,” the company stated. “Affected customers have been advised to use one of the alternative methods of communications available to them for gas scheduling purposes.”
Few details are known about the cyberattack, but Latitude did tell Bloomberg that it did not believe any customer data had been compromised and no other systems appeared to have been impacted. A status update provided by Latitude on its website on Tuesday informed customers that the initial restoration of EDI services had been completed and the company had been working on increasing performance.
SecurityWeek has reached out to Latitude Technologies and Energy Services Group for more information about the attack and will update this article if they respond.
Learn More at SecurityWeek's ICS Cyber Security Conference
|
|||
|
2018-04-03 20:52:03 | (Déjà vu) Police Confirm \'Active Shooter\' at YouTube Offices (lien direct) | Police said Tuesday they were responding to an "active shooter" at YouTube's offices in California as social media images showed employees evacuating the campus.
San Bruno police warned on Twitter to stay away from the area housing the headquarters of the Google-owned video sharing service near San Francisco.
"We are responding to an active shooter. Please stay away from Cherry Ave & Bay Hill Drive," the police department tweeted.
Google tweeted: "Re: YouTube situation, we are coordinating with authorities and will provide official information here from Google and YouTube as it becomes available.
This is Breaking News - Please Check Back for Updates
 © AFP 2018 |
To see everything:
