What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-04-06 15:04:04 | RSA to Acquire Behavioral Analytics Firm Fortscale (lien direct) | RSA on Thursday announced that it has entered an agreement to acquire Fortscale, a company that provides behavioral analytics solutions. Financial terms of the deal have not been disclosed. | |||
|
2018-04-06 14:54:05 | Researchers Link New Android Backdoor to North Korean Hackers (lien direct) | The recently discovered KevDroid Android backdoor is tied to the North Korean hacking group APT37, Palo Alto Networks researchers say. | Cloud | APT 37 | |
|
2018-04-06 14:27:05 | Necurs Botnet to Erupt This Month? (lien direct) | The Necurs Botnet Has a Modular Architecture, Which Allows it to Remain Agile and Switch the Distribution Type Based on historical patterns and recent activity, including what I consider three small-volume test attacks in the past month, it's looking extremely likely that another major Necurs malware outbreak is looming just around the corner. | |||
|
2018-04-06 13:37:00 | Critical Flaws Expose Natus Medical Devices to Remote Attacks (lien direct) | >Researchers at Cisco Talos have identified several critical vulnerabilities that expose Natus medical devices to remote hacker attacks. The vendor has released firmware updates that patch the flaws. The vulnerabilities allow remote code execution and denial-of-service (DoS) attacks and they impact the Natus NeuroWorks software, which is used by the company's Xltek electroencephalography (EEG) equipment to monitor and review data over the network. According to Cisco, an attacker with access to the targeted network can remotely execute arbitrary code on the device or cause a service to crash by sending specially crafted packets. An attack does not require authentication. “Vulnerable systems are searched for by attackers as points of ingress and persistence within computer networks. A vulnerable system can be compromised by threat actors, used to conduct reconnaissance on the network, and as a platform from which further attacks can be launched,” Talos warned. Remote code execution on vulnerable Natus devices is possible due to four different functions that can cause a buffer overflow. All of the code execution flaws have been rated “critical” with CVSS scores of 9 or 10. The DoS vulnerability, rated “high severity,” is caused by an out-of-bounds read issue. Cisco said it reported the vulnerabilities to Natus in July 2017, but the bugs were only confirmed in October. The flaws have been tested on Natus Xltek NeuroWorks 8 and they have been patched with the release of NeuroWorks 8.5 GMA2. Healthcare facilities that use the affected products have been advised to install the update as soon as possible. The risk of attacks involving these vulnerabilities is relatively high considering that the devices are widely deployed – Natus was recently reported to have a 60 percent share in the global neurodiagnostic market. Furthermore, Cisco has made available technical information for each of the vulnerabilities. The healthcare industry has been increasingly targeted by malicious actors, including in attacks involving ransomware and theft of sensitive information. The infosec community and authorities have issued numerous warnings, and recent reports show that there are plenty of healthcare product vulnerabilities that hackers could exploit in their operations. Related: | |||
|
2018-04-06 12:08:04 | New Strain of ATM Jackpotting Malware Discovered (lien direct) | >A new type of ATM jackpotting malware has been discovered. Dubbed ATMJackpot, the malware appears to be still under development, and to have originated in Hong Kong. There are no current details of any deployment or use. ATMJackpot was discovered and analyzed by Netskope Threat Research Labs. It has a smaller footprint than earlier strains of jackpotting malware, but serves the same purpose: to steal money from automated teller machines (ATMs). ATM jackpotting -- also known as a logical attack -- is the use of malware to control cash dispensing from individual ATMs. The malware can be delivered locally to each ATM via a USB port, or remotely by compromising the ATM operator network. Jackpotting has become an increasing problem in recent years, originally and primarily in Europe and Asia. In 2017, Europol warned that ATM attacks were increasing. "The malware being used has evolved significantly and the scope and scale of the attacks have grown proportionately," said Steven Wilson, head of Europol's EC3 cybercrime center. The first attacks against ATMs in the U.S. were discovered in January 2018 following an alert issued by the Secret Service. In March 2018, the alleged leader of the Carbanak group was arrested in Spain. Carbanak is believed to have stolen around $1.24 million over the preceding years. Its method was to compromise the servers controlling ATM networks by spear-phishing bank employers, and then use foot soldiers (mules) to collect money dispensed from specific ATMs at specific times. It is not clear whether the ATMJackpot malware discovered by Netskope is intended to be manually installed via USB on individual ATMs, or downloaded from a compromised network. Physical installation on an ATM is not always difficult. In July 2017, IOActive described how its researchers could gain access to the Diebold Opteva ATM. It was achieved by inserting a metal rod through a speaker hole and raising a metal locking bar. From there they were able to reverse engineer software to get access to the money vault. Jackpotting malware is designed to avoid the need to physically break into the vault. It can be transferred via a USB port to the computer part of the ATM that controls the vault. Most ATMs use a version of Windows that is well understood by criminals. ATMJackpot malware first registers the windows class name 'Win' with a procedure for the malware activity. The malware then populates the options on the window and initiates a connection with the XFS manager. The XFS subsystem provides a common API to access and manipulate the ATM devices from different vendors. The malware then opens a session with the service providers and registers to monitor events. It opens a session with the cash dispenser, the card reader and the PIN pad servic | Guideline Cloud | APT 37 | |
|
2018-04-06 11:30:03 | VirusTotal Launches New Android Sandbox (lien direct) | >Google-owned VirusTotal announced on Thursday the launch of a new Android sandbox designed to provide detailed information on potential threats targeting the mobile operating system.
The new sandbox, named VirusTotal Droidy, is designed to replace a system introduced back in 2013. Droidy can help researchers obtain information on network communications and SMS-related activities, file system interactions, SQLite database usage, permissions, Java reflection calls, process and service actions, registered receivers, and crypto-related activity.
Information from the Droidy sandbox is available in the Behavior section, and it can be selected from the dropdown menu that also includes the Tencent HABO analysis system. VirusTotal noted that the data from Droidy complements Tencent HABO - they are both part of a multisandbox project that aims to aggregate malware analysis sandbox reports.
Selecting Droidy from the behavior menu displays some general information about the analyzed file (example), but users can also obtain a detailed report that allows them to “dig into the hooked calls and take a look at the screenshots generated when running the apps.”
Droidy integrates with other services, such as VirusTotal Graph and VirusTotal Intelligence. VirusTotal says its goal is to generate as much information as possible in order to help investigators get a better understanding of a particular threat.
“Very often during an investigation, you might not have enough context about an individual threat, and so being able to look at the connected URLs, domains, files, IP addresses, etc. becomes crucial in understanding what is going on,” explained VirusTotal's Emiliano Martinez.
VirusTotal also announced recently that it has made several improvements to the MacOS sandbox.
Related: VirusTotal Now Scans Firmware Images
Related: VirusTotal Policy Change Rocks Anti-Malware Industry
Related: |
|||
|
2018-04-06 05:43:04 | Best Buy Hit by [24]7.ai Payment Card Breach (lien direct) | >After Delta Air Lines and Sears Holdings, Best Buy has also come forward to warn customers that their payment card information may have been compromised as a result of a breach suffered by online services provider [24]7.ai. Similar to Delta and Sears, Best Buy contracted [24]7.ai for online chat/support services. The retailer says it will contact impacted customers and provide free credit monitoring if needed. Best Buy has not specified exactly how many of its customers are impacted, but noted that “only a small fraction of our overall online customer population could have been caught up in this [24]7.ai incident, whether or not they used the chat function.” San Jose, CA-based [24]7.ai provides customer acquisition and engagement solutions to organizations in a wide range of sectors and any of them could be impacted by this incident. Its website lists several major firms, but some of them apparently no longer do business with the company. Delta has set up a dedicated page on its website and it has provided some new information regarding the incident. According to the airline, cybercriminals planted a piece of malware in [24]7.ai software, which captured some payment card data between September 26 and October 12, 2017. “[The malware] made unauthorized access possible for the following fields of information when manually completing a payment card purchase on any page of the delta.com desktop platform during the same timeframe: name, address, payment card number, CVV number, and expiration date,” Delta explained. The airline believes the incident may impact hundreds of thousands of customers, but it cannot say definitively whether any information has actually been stolen by the attackers. It appears that the malware involved in this attack is capable of harvesting payment card information entered on websites that use the [24]7.ai chat software. Consumers may be impacted even if they have not directly used the chat functionality, which has only been leveraged as a point of entry to the websites of major organizations. These types of attacks have been common in the past years. Sears Holdings, the company that owns the Sears and Kmart retail store brands, says the incident has impacted the credit card information of less than 100,000 customers. Sears and Delta said they were only notified by [24]7.ai in mid and late March, several months after the breach had been supposedly contained. | |||
|
2018-04-05 18:50:04 | Microsoft Adds New Security Features to Office 365 (lien direct) | >Microsoft today announced new protections for Office 365 Home and Office 365 Personal subscribers, aimed at helping them recover files, protect data, and defend against malware. Courtesy of the newly announced protections, Office 365 Home and Office 365 Personal users can now recover their files after a malicious attack like ransomware, Kirk Koenigsbauer, Corporate Vice President for Office at Microsoft, says. The new functionality is available through a Files Restore option that has been long available for OneDrive for Business customers. The feature is now available for personal OneDrive accounts and is enabled for both work and personal files. With the help of Files Restore, users can restore their entire OneDrive to a previous point in time within the last 30 days. The feature should prove highly useful in a variety of situations, ranging from an accidental mass delete to file corruption, ransomware encryption, or another catastrophic event. To further protect users, Microsoft is bringing ransomware detection and recovery features to Office 365. This feature ensures that ransomware attacks are detected and also helps users restore their OneDrive to a point before files were compromised. “If an attack is detected, you will be alerted through an email, mobile, or desktop notification and guided through a recovery process where you'll find the date and time of attack preselected in Files Restore, making the process simple and easy to use. As these threats evolve, we are continuously | |||
|
2018-04-05 16:59:01 | Financial Services DDoS Attacks Tied to Reaper Botnet (lien direct) | >Recorded Future's "Insikt" threat intelligence research group has linked the Mirai variant IoTroop (aka Reaper) botnet with attacks on the Netherlands financial sector in January 2018. The existence of IoTroop was first noted by Check Point in October 2017. At that point the botnet had not been used to deliver any known DDoS attacks, and its size was disputed. What was clear, however, was its potential for growth. In January 2018, the financial services sector in the Netherlands was hit by a number of DDoS attacks. Targets included ABN Amro, Rabobank and Ing; but at that time the source of the attack was unknown. Insikt researchers now report that at least one these financial services attacks -- and possibly more -- was the first known use of IoTroop to deliver a DDoS attack. "IoTroop is a powerful internet of things (IoT) botnet," reports Insikt, "primarily comprised of compromised home routers, TVs, DVRs, and IP cameras exploiting vulnerabilities in products from major vendors including MikroTik, Ubiquity and GoAhead." The attack itself was not excessively high by modern standards. "The initial attack was a DNS amplification attack with traffic volumes peaking at 30Gb/s," reports Insikt -- far short of the 1.7Tb/s attack that occurred in February. If the IoTroop assumption is correct, it is clear the botnet has evolved extensively since its discovery last year. Fortinet's SVP products and solutions reported last month, "the Reaper [IoTroop] exploit was built using a flexible Lua engine and scripts, which means that instead of being limited to the static, pre-programmed attacks of previous exploits, its code can be easily updated on the fly, allowing massive, in-place botnets to run new and more malicious attacks as soon as they become available." Insikt reports that the malware can use at least a dozen vulnerabilities and can be updated by the attackers as new vulnerabilities are exposed. "Our analysis," it says, "shows the botnet involved in the first company attack was 80% comprised of compromised MikroTik routers with the remaining 20% composed of various IoT devices ranging from vulnerable Apache and IIS web servers to routers from Ubiquity, Cisco and ZyXEL. We also discovered Webcams, TVs and DVRs among the 20% of IoT devices, which included products from major vendors such as MikroTik, GoAhead, Ubiquity, Linksys, TP-Link and Dahua." This list adds new devices now vulnerable to IoTroop in addition to those noted in the original October 2017 research -- which suggests, says Insikt, "a widespread and rapidly evolving botnet that appears to be leveraging publicly disclosed vulnerabilities in many IoT devices." | Cloud | APT 37 | |
|
2018-04-05 16:37:03 | (Déjà vu) Unprotected Switches Expose Critical Infrastructure to Attacks: Cisco (lien direct) | >Cisco has advised organizations to ensure that their switches cannot be hacked via the Smart Install protocol. The networking giant has identified hundreds of thousands of exposed devices and warned that critical infrastructure could be at risk. The Cisco Smart Install Client is a legacy utility that allows no-touch installation of new Cisco switches. Roughly one year ago, the company warned customers about misuse of the Smart Install protocol following a spike in Internet scans attempting to detect unprotected devices that had this feature enabled. It also made available an open source tool for identifying devices that use the protocol. Attackers can abuse the Smart Install protocol to modify the configuration file on switches running IOS and IOS XE software, force the device to reload, load a new IOS image, and execute high-privilege commands. These attacks rely on the fact that many organizations fail to securely configure their switches, rather than an actual vulnerability. According to Cisco, sophisticated nation-state groups have also abused Smart Install in their campaigns, including the Russia-linked threat actor tracked as Dragonfly, Crouching Yeti and Energetic Bear, which has been known to target critical infrastructure. Cisco has decided to once again warn organizations of the risks associated with Smart Install following the disclosure of a critical vulnerability discovered recently by researchers at Embedi. The flaw, tracked as CVE-2018-0171, allows a remote and unauthenticated attacker to cause a denial-of-service (DoS) condition or execute arbitrary code by sending specially crafted Smart Install messages to an affected device on TCP port 4786. Researchers said they had identified roughly 250,000 vulnerable Cisco devices with TCP port 4786 open. Cisco's own Internet scans revealed 168,000 systems potentially exposed due to their use of the Cisco Smart Install Client. The company says the number of impacted devices has decreased considerably since 2016, when security firm Tenable identified more than 250,000 exposed systems. Throughout the end of 2017 and early 2018, Cisco's Talos group noticed attackers increasingly looking for misconfigured clients. Now that CVE-2018-0171 has been found, the risk of attacks has increased even more, especially since Embedi has released technical details and proof-of-concept (PoC) code. There is no evidence that CVE-2018-0171 has been exploited in malicious attacks. Cisco also noted that much of the activity it has seen is likel | ★★★ | ||
|
2018-04-05 15:23:03 | New macOS Backdoor Linked to Cyber-espionage Group (lien direct) | >A recently discovered macOS backdoor is believed to be a new version of malware previously associated with the OceanLotus cyber-espionage group, Trend Micro says. Also known as APT 32, APT-C-00, SeaLotus, and Cobalt Kitty, OceanLotus is believed to be operating out of Vietnam and has been targeting high-profile corporate and government organizations in Southeast Asia. Well-resourced and determined, the group uses custom-built malware and already established techniques. | APT 32 | ||
|
2018-04-05 14:28:05 | Intel Discontinues Keyboard App Affected by Critical Flaws (lien direct) | >Serious vulnerabilities have been found in Intel's Remote Keyboard application, but the company will not release any patches and instead advised users to uninstall the app. Introduced in June 2015, the Intel Remote Keyboard apps for Android and iOS allow users to wirelessly control their Intel NUC and Compute Stick devices from a smartphone or tablet. The Android application has been installed more than 500,000 times. Researchers discovered recently that all versions of Intel Remote Keyboard are affected by three severe privilege escalation flaws. The most serious of them, rated “critical” and identified as CVE-2018-3641, allows a network attacker to inject keystrokes as a local user. The vulnerability was reported to Intel by a UK-based researcher who uses the online moniker trotmaster. Another vulnerability, tracked as CVE-2018-3645 and rated “high severity,” was reported to Intel by Mark Barnes. The researcher discovered that Intel Remote Keyboard is affected by a privilege escalation flaw that allows a local attacker to inject keystrokes into another keyboard session. The third security hole is CVE-2018-3638, which allows an authenticated, local attacker to execute arbitrary code with elevated privileges. Intel has credited Marius Gabriel Mihai for finding this vulnerability. Intel does not plan on releasing patches for these vulnerabilities. The company has decided to discontinue the product and advised users to uninstall the apps at their earliest convenience. Intel Remote Keyboard has been removed from both Google Play and the Apple App Store. Intel also published a security advisory this week to warn customers of an important denial-of-service (DoS) vulnerability affecting the SPI Flash component in multiple processors. The flaw was discovered by Intel itself and mitigations are available. The company also informed users of a privilege escalation flaw in 2G modems, including XMM71xx, XMM72xx, XMM73xx, XMM74xx, Sofia 3G, Sofia 3G-R, and Sofia 3G-RW. The issue impacts devices that have the Earthquake Tsunami Warning System (ETWS) feature enabled. A network attacker can exploit the vulnerability to execute arbitrary code. “Devices equipped with an affected modem, when connected to a rogue 2G base station where non-compliant 3GPP software may be operational, are potentially at risk,” Intel said. Related: Intel Will Not Patch Spectre in Some CPUs | |||
|
2018-04-05 14:03:01 | Improved Visibility a Top Priority for Security Analysts (lien direct) | >Security Analysts Require Improved Visibility as well as Improved Threat Detection Vendors listen to existing and potential customers to understand how to improve their products over time. At the smallest level, they use focus groups. At the largest level they employ market research firms to query thousands or more respondents from relevant employments and industry sectors. Some way in-between, they run their own relatively small-scale surveys primarily for their own benefit. This is what Boston, MA-based next-gen endpoint protection firm Barkly did, querying some 70 IT and security professionals to understand what mid-market users look for and are not currently getting from their endpoint security controls. Not surprisingly, 60% of the respondents say that adding to or improving protection is their top priority -- possibly because 88% of them consider that there are types of attacks (for example, the growing practice of employing fileless attacks) that current security simply does not block. More surprising, however, is that 40% of the respondents prioritize improving forensic and response capabilities as their current top priority. This may partly be driven by the new breed of regulations -- and in particular, GDPR -- that demand increasingly rapid incident disclosure, and remediation of the breach vector to prevent repeats. Alternatively, this may simply be down to a high ratio of alerts (including both true-positives and false-positives) to human-resources with their current products. While the sample size of the survey is small, forty-five percent of the respondents, Barkly says, "admit they currently don't have enough time to investigate and respond to the incidents they're already seeing now. Adding to that workload with complex endpoint detection and response (EDR) solutions without considering current limitations is obviously not a productive answer." The need for improved automation to reduce the time for manual involvement also shows in users' top frustrations with current solutions. Twenty-seven percent of the respondents are concerned with poor visibility into incidents, and 25% are concerned about limited investigative/response features. A further 18% find current solutions difficult and time-consuming to manage. The need to make incident response faster and simpler is the driving force behind Barkly's new version 3.0 launched today. Rapid response comes from two new features: endpoint isolation; and file quarantine and delete. The first enables an administrator to instantly remove an affected device from the network while the incident is investigated. | |||
|
2018-04-05 13:43:05 | 1.5 Billion Sensitive Documents on Open Internet: Researchers (lien direct) | >Some 1.5 billion sensitive online files, from pay stubs to medical scans to patent applications, are visible on the open internet, security researchers said Thursday.
Researchers from the cybersecurity firm Digital Shadows said a scanning tool used in the first three months of 2018 found mountains of private data online from people and companies across the world.
The unprotected data amounted to some 12 petabytes, or four thousand times larger than the "Panama Papers" document trove which exposed potential corruption in dozens of countries.
"These are files that are freely available" to anyone with minimal technical knowledge, said Rick Holland, a vice president at Digital Shadows.
Holland told AFP his team scanned the web and found unsecured files, adding "we didn't authenticate to anything."
The availability of open data makes it easier for hackers, nation-states or rival companies to steal sensitive information, Holland said.
"It makes attackers' jobs much easier. It shortens the reconnaissance phase," he added.
The researchers said in the report that even amid growing concerns about hackers attacking sensitive data, "we aren't focusing on our external digital footprints and the data that is already publicly available via misconfigured cloud storage, file exchange protocols, and file sharing services."
A significant amount of the data left open was from payroll and tax return files, which accounted for 700,000 and 60,000 files respectively, Digital Shadows said.
It noted medical files and lists were also weakly protected, with some 2.2 million body scans open to inspection.
Many corporate secrets were also out in the open including designs, patent summaries and details of yet-to-be-released products.
"While organizations may consider insiders, network intrusions and phishing campaigns as sources of corporate espionage, these findings demonstrate that there is already a large amount of sensitive data publicly available," the report said.
The researchers said about 36 percent of the files were located in the European Union. The United States had the largest amount for a single country at 16 percent, but exposed files were also seen around the world including in Asia and the Middle East.
|
Guideline | ||
|
2018-04-05 13:32:05 | (Déjà vu) Mitigating Digital Risk from the Android PC in Your Pocket (lien direct) | >Security Teams Must Prioritize Risk Mitigation Against Android Malware
Few of us could have imagined that a device that allows us to talk to anyone from anywhere at any time would morph, in just a few years, into many users' computing device of choice. The latest numbers from StatCounter reveal that mobile devices are outpacing desktops and are the preferred method for accessing the Internet. The most popular operating system worldwide? Android.
Threat actors watch these trends too. They're opportunistic and will focus their efforts where they believe their success rate will be the highest. So naturally, many are targeting Android devices and taking advantage of malware to launch attacks.
As an open-source tool, Android provides the benefits of collaborative applications (apps) and innovation; however, its accessibility inherently exposes it to exploitation by malicious actors. In the past year, while some users fell victim to targeted social engineering campaigns that infect their devices, most malware was embedded in malicious apps users inadvertently downloaded from official and unofficial sources. With the greatest number of users, Android's official app store Google Play has been the largest single source of infection. However, most of the sources of infection were other third-party stores.
 Users are duped by apps that pose as legitimate resources or services, or that are advertised fraudulently by displaying branding associated with credible organizations. Apps have been found that impersonate Uber, any number of financial institutions, gaming apps and perhaps most galling, security apps. Mobile malware is generally delivered and deployed via a multi-step process requiring some user interaction. This presents threat actors with many opportunities to infiltrate a device. For example, once installed, many malicious apps request users to approve unnecessary privileges, such as administration access, to execute processes. Overlays (superimposing phishing screens on a legitimate app) are also used to prompt users to provide sensitive information, such as credentials or financial data.
So, what's the ultimate endgame for cyber criminals? The most prevalent objective is espionage – gathering information through profiling device data or recording phone calls and messages. Mobile banking malware, such as Marcher and BankBot, uses sophisticated techniques to harvest user banking data, including overlays specific to target banks, and intercepts SMS messages to obtain multi-factor authentication codes. Recently, mobile devices have also been targeted for cryptocurrency mining. While less powerful than desktops and servers used for this purpose, more Android devices exist, and they are often less protected and, thus, more easily accessible. You can expect t |
Uber | ||
|
2018-04-05 12:51:00 | Delta, Sears Hit by Card Breach at Online Services Firm (lien direct) | >Delta Air Lines, Sears Holdings and likely other major companies have been hit by a payment card breach suffered last year by San Jose, CA-based online services provider [24]7.ai. In a brief statement published on Wednesday, [24]7.ai revealed that it had notified a “small number” of client companies of a security incident impacting payment card information. According to the firm, the intrusion occurred on September 26 and it was contained on October 12, 2017. “We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers' online safety. We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed,” [24]7.ai said. [24]7.ai provides customer acquisition and engagement solutions to organizations in a wide range of sectors, including agencies, education, financial services, healthcare, insurance, retail, telecom, travel and hospitality, and utilities. Its customers include Adobe, Copa Airlines, Duke Energy, Grainger, Merrill Lynch, Scotiabank, and Vodafone. Two of [24]7.ai's customers have come forward to date to inform customers that they have been hit by the security breach. One of them is Delta, which told customers that their payment card information may have been compromised. The company said no other information, such as government IDs, passports, security or Skymiles details, was impacted. “At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers' information was actually accessed or subsequently compromised,” Delta stated. The airline, which used [24]7.ai's online chat services, has promised to set up a dedicated page at delta.com/response where it will post updates regarding this incident. Sears Holdings, the company that owns the Sears and Kmart retail store brands, says [24]7.ai has provided online support services. Sears believes the incident has impacted the credit card information of less than 100,000 customers. “We believe the credit card information for certain customers who transacted online between September 27, 2017 and October 12, 2017 may have been compromised,” Sears stated. “Customers using a Sears-branded credit card were not impacted. In addition, there is no evidence that our stores were compromised or that any internal Sears systems were accessed by those responsible. [24]7.ai has assured us that their systems are now secure.” Sears and Delta said they only learned of the data breach from [24]7.ai in mid and late March, respectively. SecurityWeek has reached out to the vendor to find out why it has waited so long to notify impacted companies. | |||
|
2018-04-05 05:19:03 | (Déjà vu) AWS Launches New Tools for Firewalls, Certificates, Credentials (lien direct) | >Amazon Web Services (AWS) announced on Wednesday the launch of several tools and services designed to help customers manage their firewalls, use private certificates, and safely store credentials.
Private Certificate Authority
One of the new services is called Private Certificate Authority (CA) and it's part of the AWS Certificate Manager (ACM). The Private CA allows AWS customers to use private certificates without the need for specialized infrastructure.
Developers can now provision private certificates with just a few API calls. At the same time, administrators are provided central management and auditing capabilities, including certificate revocation lists (CRLs) and certificate creation reports. Private CA is based on a pay-as-you-go pricing model.
AWS Secrets Manager
The new AWS Secrets Manager is designed to make it easier for users to store, distribute and rotate their secrets, including credentials, passwords and API keys. The storage and retrieval of secrets can be done via the API or the AWS Command Line Interface (CLI), while built-in or custom AWS Lambda functions provide the capabilities for rotating credentials.
“Previously, customers needed to provision and maintain additional infrastructure solely for secrets management which could incur costs and introduce unneeded complexity into systems,” explained Randall Hunt, Senior Technical Evangelist at AWS.
AWS Secrets Manager is available in the US East and West, Canada, South America, and most of the EU and Asia Pacific regions. As for pricing, the cost is $0.40 per month per secret, and $0.05 per 10,000 API calls.
AWS Firewall Manager
The new AWS Firewall Manager is designed to simplify administration of AWS WAF web application firewalls across multiple accounts and resources. Administrators can create policies and set up firewall rules and they are automatically applied to all applications, regardless of the region where they are hosted.
“Developers can develop and innovators can innovate, while the security team gains the ability to respond quickly, uniformly, and globally to potential threats and actual attacks,” said Jeff Barr, Chief Evangelist for AWS. |
|||
|
2018-04-04 20:23:00 | Facebook to Offer \'Clearer\' Terms on Privacy, Data Use (lien direct) | Facebook said Wednesday it is updating its terms on privacy and data sharing to give users a clearer picture of how the social network handles personal information. The move by Facebook follows a firestorm over the hijacking of personal information on tens of millions of users by a political consulting firm which sparked a raft of investigations worldwide. "We're not asking for new rights to collect, use or share your data on Facebook," said a statement by Facebook chief privacy officer Erin Egan and deputy general counsel Ashlie Beringer. "We're also not changing any of the privacy choices you've made in the past." Facebook is under intense pressure to fix the problems which led to the harvesting of some 87 million user profiles by Cambridge Analytica, a consulting firm working on Donald Trump's 2016 campaign. The company has already unveiled several measures aimed at improving privacy and transparency, but chief executive Mark Zuckerberg has said it may take several years to address all the issues raised in the scandal. Egan and Beringer said that with the new terms of service, "we explain how we use data and why it's needed to customize the posts and ads you see, as well as the groups, friends and pages we suggest." They wrote that "we will never sell your information to anyone" and impose "strict restrictions on how our partners can use and disclose data." The statement said the new terms will offer better information on how Facebook advertising operates as well. "You have control over the ads you see, and we don't share your information with advertisers," the statement said. "Our data policy explains more about how we decide which ads to show you." Egan and Beringer said Facebook will go further in explaining how it gathers information from phones and other devices. "People have asked to see all the information we collect from the devices they use and whether we respect the settings on your mobile device (the short answer: we do)," they wrote. Users may offer feedback on the new policy for seven days before Facebook finalizes the new rules and asks its members to accept them. | |||
|
2018-04-04 20:15:00 | Facebook Says 87 Million May be Affected by Data Breach (lien direct) | >Facebook said Wednesday personal data on as many as 87 million users was improperly shared with British political consultancy Cambridge Analytica. The new figure eclipses a previous estimate of 50 million in a further embarrassment to the social network roiled by a privacy scandal. The announcement came as Facebook unveiled clearer terms of service to enable users to better understand data sharing, and as a congressional panel said chief executive Mark Zuckerberg would appear next week to address privacy issues. Facebook's chief technology officer Mike Schroepfer released the new figures on affected users as he discussed implementation of new privacy tools for users of the huge social network. "In total, we believe the Facebook information of up to 87 million people -- mostly in the US -- may have been improperly shared with Cambridge Analytica," he said. The new estimate could deepen the crisis for Facebook, which has been pressured by the disclosures on hijacking of private data by the consulting group working for Donald Trump's 2016 campaign. Related: Would Facebook and Cambridge Analytica be in Breach of GDPR? Schroepfer said new privacy tools, which had been announced last month, would be in place by next Monday. "People will also be able to remove apps that they no longer want. As part of this process we will also tell people if their information may have been improperly shared with Cambridge Analytica," he said. "Overall, we believe these changes will better protect people's information while still enabling developers to create useful experiences." Zuckerberg on the Hill Earlier Wednesday, the House of Representatives' Energy and Commerce Committee announced what appeared to be the first congressional appearance by Zuckerberg since the scandal broke on the hijacking of data on tens of millions of users. The April 11 hearing will "be an important opp | |||
|
2018-04-04 18:58:04 | (Déjà vu) Companies Have Little Control Over User Accounts and Sensitive Files: Study (lien direct) | >Lack of Control Over Sensitive Files Leaves Companies Open to GDPR Failure Security teams are urged to assume intruders are already on their networks. The quantity and frequency of data loss breaches lends credence to that assumption. The implication is that perimeter defenses are insufficient, and that sensitive data needs to be locked down as far as possible within the networks. A new study shows, however, that 41% of companies have more than 1.000 sensitive files open to everyone with access to the network. Each year, New York, NY-based data protection and governance firm Varonis analyzes the results of its risk assessments on new and potential customers. Its 2018 Global Data Risk Report (PDF) contains the findings of 130 corporate risk analyses conducted during 2017. It looks for free-form data at risk from existing intruders and potential malicious insiders; and the process examined more than 6 billion individual files from 30 different industries across more than 50 countries. The results clearly show that companies are struggling to control sensitive data contained in free-form text documents. A common problem is leaving files open to global access groups. For example, 58% of companies have more than 100,000 folders open to everyone -- and the bigger the company, the worse the problem. Eighty-eight percent of companies with more than 1 million folders have more than 100,000 open folders. The problem becomes more pressing when those files contain sensitive data -- defined here as information subject to regulations such as GDPR, PCI, and HIPAA. The Varonis platform works by looking at both the structure of the network, and the content of the files. In this study it found that 41% of companies have more than 1,000 sensitive files open to everyone. For these companies any malicious insider or low-privileged intruder can simply access and potentially steal sensitive data, bringing the company into immediate compliance failure. Most regulations either require the principle of least privilege or imply its requirement. The basis of protecting sensitive files requires two things in particular: the principle of least privilege to restrict access to sensitive documents to authorized persons only; and privileged account management to prevent attackers' access to and unauthorized use of privileged accounts to access restricted documents. However, the Varonis study shows that companies have as little cont | |||
|
2018-04-04 17:40:00 | North Korean Hackers Behind Online Casino Attack: Report (lien direct) | >The infamous North Korean hacking group known as Lazarus is responsible for attacking an online casino in Central America, along with various other targets, ESET says. The Lazarus Group has been active since at least 2009 and is said to be associated with a large number of major cyber-attacks, including the $81 million cyber heist from Bangladesh's account at the New York Federal Reserve Bank. Said to be the most serious threat against banks, the group has shown increased interest in | Medical | APT 38 | |
|
2018-04-04 15:24:02 | Critical Vulnerability Patched in Microsoft Malware Protection Engine (lien direct) | >An update released this week by Microsoft for its Malware Protection Engine patches a vulnerability that can be exploited to take control of a system by placing a malicious file in a location where it would be scanned. The Microsoft Malware Protection Engine provides scanning, detection and cleaning capabilities for security software made by the company. The engine is affected by a flaw that can be exploited for remote code execution when a specially crafted file is scanned. The malicious file can be delivered via a website, email or instant messenger. The Malware Protection Engine will automatically scan the file (if real-time protection is enabled) and allow the attacker to execute arbitrary code in the context of the LocalSystem account, which can lead to a complete takeover of the targeted system. On systems where real-time scanning is not enabled, the exploit will still get triggered, but only when a scheduled scan is initiated. The vulnerability, tracked as CVE-2018-0986 and rated “critical,” affects several Microsoft products that use the Malware Protection Engine, including Exchange Server, Forefront Endpoint Protection 2010, Security Essentials, Windows Defender, and Windows Intune Endpoint Protection. While the flaw is dangerous and easy to exploit, Microsoft believes exploitation is “less likely.” The company pointed out that the patch for this vulnerability will be automatically delivered to customers within 48 hours of release – users and administrators do not have to take any action. Google Project Zero researcher Thomas Dullien, aka “Halvar Flake,” has been credited for finding CVE-2018-0986. The details of the vulnerability have yet to be disclosed, but considering that the patch is being delivered automatically to most systems, the information will likely become available soon. This is not the first time Google Project Zero researchers have discovered critical vulnerabilities in Microsoft's Malware Protection Engine. While Google may occasionally disclose flaws in Microsoft products before patches become available, in the case of the Malware Protection Engine, Microsoft typically releases patches within a few days or weeks. A similar flaw in the Malware Protection Engine was also found recently by employees of UK's National Cyber Security Centre (NCSC). Related: | Guideline | ||
|
2018-04-04 14:20:05 | IoT Security Firm Red Balloon Raises $22 Million (lien direct) | >Red Balloon Security, a provider of embedded device security solutions, announced on Wednesday that it has secured $21.9 million through a Series A funding round led by Bain Capital Ventures.
This latest round of funding brings the company's total funding to $23.5 million.
The company's flagship Symbiote Defense technology helps customers to detect and defend against emerging threats targeting embedded devices. The technology behind Symbiote was originally developed within Columbia University's Intrusion Detection Systems Lab, with support of the Defense Advanced Research Projects Agency (DARPA) and the Department of Homeland Security Science and Technology Directorate (DHS S&T).
Symbiote, Red Balloon explains, “defends devices without requiring changes to source code or hardware design, all without impacting the functionality or performance of the device,” adding that the solution has “demonstrated the ability to defend against both n-day and zero-day attacks on embedded devices, even if the attacker has succeeded in bypassing traditional cybersecurity measures.”
Red Balloon claims that Symbiote technology has operated for more than 15 billion continuous hours without a single failure, protecting millions of endpoints around the world.
“Symbiote Defense is a critically important technology for today's businesses because it is able to prevent malware and other cyber attacks from hijacking, disrupting or corrupting any embedded device,” said Ang Cui, PhD, founder and CEO of Red Balloon Security. “This technology has considerable commercial potential because it is highly effective within any type of embedded device environment, from consumer electronics to factories, connected cars and even power plants. Thanks to the strong support of our investors, we will now be able to make this advanced technology more widely available to commercial users across all major industries.”
Greycroft, American Family Ventures and Abstract Ventures also participated in the funding round.
Related: Mocana Receives Strategic Investment from GE Ventures
|
Guideline | ||
|
2018-04-04 14:00:03 | Breaches Increasingly Discovered Internally: Mandiant (lien direct) | >Organizations are getting increasingly better at discovering data breaches on their own, with more than 60% of intrusions in 2017 detected internally, according to FireEye-owned Mandiant.
The company's M-Trends report for 2018 shows that the global median time for internal detection dropped to 57.5 days in 2017, compared to 80 days in the previous year. Of the total number of breaches investigated by Mandiant last year, 62% were discovered internally, up from 53% in 2016.
On the other hand, it still took roughly the same amount of time for organizations to learn that their systems had been compromised. The global median dwell time in 2017 – the median time from the first evidence of a hack to detection – was 101 days, compared to 99 days in 2016.
Companies in the Americas had the shortest median dwell time (75.5 days), while organizations in the APAC region had the longest dwell time (nearly 500 days).
Data collected by Mandiant in 2013 showed that more than one-third of organizations had been attacked again after the initial incident had been remediated. More recent data, specifically from the past 19 months, showed that 56% of Mandiant customers were targeted again by either the same group or one with similar motivation.
In cases where investigators discovered at least one type of significant activity (e.g. compromised accounts, data theft, lateral movement), the targeted organization was successfully attacked again within one year. Organizations that experienced more than one type of significant activity were attacked by more than one threat actor.
Again, the highest percentage of companies attacked multiple times and by multiple threat groups was in the APAC region – more than double compared to the Americas and the EMEA region.
When it comes to the most targeted industries, companies in the financial and high-tech sectors recorded the highest number of significant attacks, while the high-tech, telecommunications and education sectors were hit by the highest number of different hacker groups.
Last year, FireEye assigned names to four state-sponsored threat groups, including the Vietnam-linked APT32 (OceanLotus), and the Iran-linked APT33, APT34 (OilRig), and APT35 (NewsBeef, Newscaster and Charming Kitten).
|
Conference | APT33 APT 35 APT 33 APT 32 APT 34 | |
|
2018-04-04 13:59:02 | WAF Security Startup Threat X Raises $8.2 Million (lien direct) | Cybersecurity startup Threat X, which offers cloud-based web application firewall (WAF) solutions, today announced that it has closed an $8.2 million Series A funding round.
The Denver, Colorado-based company says the new funding will be used to fuel growth and support adoption of its WAF technology and managed security services.
The company explains that its SaaS-based solution “employs kill-chain based, progressive profiling to identify and neutralize threats."
“Our goal is to help organizations protect their applications with a SaaS based web application firewall that provides a holistic view of every attack, the techniques being utilized, and target vulnerabilities,” Bret Settle, Founder and CEO of Threat X, said. “Our behavioral profiling and correlation engine analyzes each attack and eliminates false positives by grading risk level and progress throughout the 'kill-chain'. Our customers can also leverage our deep analytics and expert security team for greater threat intelligence and visibility into preventative measures.”
The funding round was co-led by Grotech Ventures and Access Venture Partners.
No active ads were found in t47 -->
(function() {
var po = document.createElement("script"); po.type = "text/javascript"; po.async = true;
po.src = "https://apis.google.com/js/plusone.js";
var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(po, s);
})();
Tweet
|
Guideline | ||
|
2018-04-04 13:48:05 | (Déjà vu) Security for the Ages: Make it Memorable (lien direct) | >Those of us That Spend our Lives in Security Sometimes Forget How our Field Looks and Sounds to Others
Recently, on way to work, I heard the song “Mr. Jones” for the first time in years. For my younger readers, this Counting Crows song was quite popular when I was in High School. I found hearing this song again after so many years fascinating. Why? Because I still knew every word of the song.
Whether or not you are a fan of the song, you are likely asking yourself what this could possibly have to do with security. That's certainly a fair question. To understand the connection here, we need to ask ourselves why I still remember the words to this song after all these years.
In my opinion, the answer to that question lies in the fact that the song was fun for me. For whatever reason, it found favor in my eyes. I internalized it. I heard a lot of songs in the 1980s and the 1990s. But the number of songs from that period whose lyrics I still remember is relatively small.
We can learn a lesson from this in security. Those of us that spend our lives in security sometimes forget how our field looks and sounds to others. When presenting or discussing our work, it's important to focus on how that message is received and internalized by the people on the other side of the conversation. Let's take a look at ten situations in which we can leverage this powerful lesson.
 1. Conferences: I've sat through a fair number of conference talks in my life. Some have been better than others. Know your audience and stay focused on what will resonate with them and/or help them understand what you've been working hard on and the value it provides to the greater security community. The best talks are those that people still remember after a year or two has gone by.
2. Board: In previous roles, I've had a few opportunities to present at board meetings. What I took away from these encounters is the extremely high level at which the board thinks about risk. It's incredibly strategic and miles away from tactical. Something to keep in mind when formulating your board presentation. Your job is to get the board's attention and cause them to focus on what's important, not to overwhelm them with details.
3. Executives: While perhaps not as high level as the board, executives are still pretty high level. Tactical mumbo jumbo will put them into a trance. Best to tune your message to the audience and ensure it will resonate and stay with them. For example, if you need to make the case for additional budget, try doing so in the language of mitigating risk to the business and return on investment.
4 |
Guideline | ||
|
2018-04-04 13:22:01 | Google Patches 9 Critical Android Vulnerabilities in April 2018 Update (lien direct) | >Google this week has released its April 2018 set of Android security patches which address more than two dozen Critical and High severity vulnerabilities. 19 vulnerabilities were found to affect components such as Android runtime, Framework, Media framework, and System. These include 7 issues rated Critical and 12 considered High risk. All of the flaws were patched as part of the 2018-04-01 security patch level. Successful exploitation of these security bugs could result in elevation of privileges, information disclosure, remote code execution, and denial of service. “The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process,” Google notes in its advisory. | |||
|
2018-04-04 11:08:03 | Intel Will Not Patch Spectre in Some CPUs (lien direct) | >Intel has informed customers that some of the processors affected by the Meltdown and Spectre vulnerabilities will not receive microcode updates due to issues related to implementation and other factors. Two weeks after announcing that microcode updates have been made available for all recent processors vulnerable to speculative execution side-channel attacks, Intel updated its microcode revision guidance to say that some chips will not receive patches. The list includes Core, Xeon, Celeron, Pentium, and Atom processors with Bloomfield (Xeon), Clarksfield, Gulftown, Harpertown Xeon, Jasper Forest, Penryn/QC, SoFIA 3GR, Wolfdale (Xeon) and Yorkfield (Xeon) microarchitectures. These products have been assigned a “stopped” status, which indicates they will not receive updates due to one or more reasons. Intel says it has conducted a comprehensive investigation of the microarchitecture and microcode capabilities of these CPUs and determined that some of their characteristics prevent a practical implementation of mitigations for Spectre Variant 2 (CVE-2017-5715). Other possible reasons for not releasing fixes include limited commercially available system software support and low risk of attacks. “Based on customer inputs, most of these products are implemented as 'closed systems' and therefore are expected to have a lower likelihood of exposure to these vulnerabilities,” Intel explained. Intel revealed recently that its upcoming processors for data centers and PCs will include built-in protections against Meltdown (Variant 3) and Spectre (Variant 2) attacks. The chip giant expects to roll out these protections in the second half of 2018. “We have redesigned parts of the processor to introduce new levels of protection through partitioning that will protect against both Variants 2 and 3,” explained Intel CEO Brian Krzanich. “Think of this partitioning as additional 'protective walls' between applications and user privilege levels to create an obstacle for bad actors.” Dozens of lawsuits have been filed against Intel by customers and shareholders over the disclosure and handling of Meltdown and Spectre. Related: IBM Releases Spectre, Meltdown Patches for Power Systems | ★★★★ | ||
|
2018-04-04 05:47:00 | (Déjà vu) Several U.S. Gas Pipeline Firms Affected by Cyberattack (lien direct) | >Several natural gas pipeline operators in the United States have been affected by a cyberattack that hit a third-party communications system, but the incident does not appear to have impacted operational technology.
Energy Transfer Partners was the first pipeline company to report problems with its Electronic Data Interchange (EDI) system due to a cyberattack that targeted Energy Services Group, specifically the company's Latitude Technologies unit.
EDI is a platform used by businesses to exchange documents such as purchase orders and invoices. In the case of energy firms, the system is used to encrypt, decrypt, translate, and track key energy transactions. Latitude says it provides EDI and other technology services to more than 100 natural gas pipelines, storage facilities, utilities, law firms, and energy marketers across the U.S.
Bloomberg reported that the incident also affected Boardwalk Pipeline Partners, Chesapeake Utilities Corp.'s Eastern Shore Natural Gas, and ONEOK, Inc. However, ONEOK clarified that its decision to disable the third-party EDI service was a “purely precautionary step.”
“There were no operational interruptions on ONEOK's natural gas pipelines,” the company stated. “Affected customers have been advised to use one of the alternative methods of communications available to them for gas scheduling purposes.”
Few details are known about the cyberattack, but Latitude did tell Bloomberg that it did not believe any customer data had been compromised and no other systems appeared to have been impacted. A status update provided by Latitude on its website on Tuesday informed customers that the initial restoration of EDI services had been completed and the company had been working on increasing performance.
SecurityWeek has reached out to Latitude Technologies and Energy Services Group for more information about the attack and will update this article if they respond.
Learn More at SecurityWeek's ICS Cyber Security Conference
|
|||
|
2018-04-03 20:52:03 | (Déjà vu) Police Confirm \'Active Shooter\' at YouTube Offices (lien direct) | Police said Tuesday they were responding to an "active shooter" at YouTube's offices in California as social media images showed employees evacuating the campus.
San Bruno police warned on Twitter to stay away from the area housing the headquarters of the Google-owned video sharing service near San Francisco.
"We are responding to an active shooter. Please stay away from Cherry Ave & Bay Hill Drive," the police department tweeted.
Google tweeted: "Re: YouTube situation, we are coordinating with authorities and will provide official information here from Google and YouTube as it becomes available.
This is Breaking News - Please Check Back for Updates
 © AFP 2018 |
|||
|
2018-04-03 18:30:03 | New KevDroid Android Backdoor Discovered (lien direct) | >Security researchers have discovered a new Android Remote Access Trojan (RAT) that can steal a great deal of information from infected devices. Dubbed KevDroid, the mobile threat can steal contacts, messages, and phone history, while also able to record phone calls, Talos reports. Two variants of the malware have been identified so far. One of the variants exploits CVE-2015-3636 to gain root access, but both implement the same call recording capabilities, taken from an open-source project on GitHub. Once it has infected a device, the first KevDroid variant can gather and siphon information such as installed applications, phone number, phone unique ID, location, stored contacts information, stored SMS, call logs, stored emails, and photos. | Guideline Cloud | APT 37 | |
|
2018-04-03 16:57:01 | (Déjà vu) Google Bans Crypto-Mining Chrome Extensions (lien direct) | >Google on Monday announced that Chrome extensions designed to mine for crypto-currencies are no longer accepted in the Chrome Web Store. While still focused on allowing the Chrome extensions ecosystem to evolve, Google also wants to keep users as safe as possible. Thus, a rise in the number of malicious Chrome extensions that mine for virtual coins without informing the users has sparked the Internet giant to ban all such extensions. The scripts designed for mining purposes often require significant CPU power to perform their activity, and could result in severely diminished system performance or in increased power consumption. Called in-browser cryptojacking, such mining behavior is employed by many websites as well, often with heavy impact on user experience. “Over the past few months, there has been a rise in malicious extensions that appear to provide useful functionality on the surface, while embedding hidden cryptocurrency mining scripts that run in the background without the user's consent,” James Wagner, Extensions Platform Product Manager, says. | |||
|
2018-04-03 16:18:05 | New Monero-Mining Android Malware Discovered (lien direct) | >A newly discovered malware family attempts to leverage the (limited) computing power of Android devices to mine for Monero crypto-currency, Trend Micro warns. Dubbed HiddenMiner, the malware was developed with self-protection and persistence mechanisms that allow it to hide itself from the unwitting user and to abuse the Device Administrator feature to perform its nefarious activities. The main issue with this threat, however, is the fact that it has no switch, controller, or optimizer in its code, meaning that it essentially continuously mines for Monero until all of the device's resources are depleted. Because of that, the malware can cause the infected devices to overheat and potentially fail, Trend Micro's researchers point out. HiddenMiner is used in an active campaign that has resulted in its operators already making several thousands of dollars as of last week (based on the known Monero mining pools and wallets connected to the malware). HiddenMiner, Trend Micro | |||
|
2018-04-03 15:37:00 | Hacked Magento Sites Steal Card Data, Spread Malware (lien direct) | >Cybercriminals are targeting websites running the Magento platform to inject them with code that can steal credit card data and infect visitors with malware, Flashpoint reports. The open-source platform written in PHP has long stirred threat actors' interest due to its popularity among online e-commerce sites. According to Flashpoint, members of entry-level and top-tier Deep & Dark Web forums have shown continued interest in the platform since 2016, and also targeted content management systems such as Powerfront CMS and OpenCart. As part of the newly observed attacks, hackers are attempting to brute-force Magento administration panels. Once they gain access, malware capable of scraping credit card numbers is installed, along with crypto-currency miners. At least 1,000 Magento admin panels have been compromised, Flashpoint says. The attackers attempt to log in using common and known default Magento credentials, once again proving that changing the credentials upon installation of the platform can prevent compromise. A | |||
|
2018-04-03 13:34:03 | In Modern Data Centers Security Must Take Center Stage (lien direct) | >
As Your Organization Modernizes the Data Center and Shifts to Cloud-based Environments, You Must Rethink Your Approach to Security
Data centers are changing rapidly and how we protect them must as well. Auto manufacturers must allow an expansive ecosystem of partners access to proprietary designs and confidential data to ensure the latest makes and models land in dealerships as promised while protecting their competitive edge. Hospitals need to provide nurses, physicians, administrators, and patients with varying levels of access to information while keeping in mind regulatory and compliance issues. Financial institutions engaged in high-frequency trading need highly-available and highly-secure environments for compute-intensive workloads. State and local governments are now expected to provide all stakeholders – residents, law enforcement, social services, public works, etc. – with access to the information they need, and only what they need, when and where they need it.
The technology advances behind these scenarios – virtualization, cloud, and software defined networking – are changing the scope and function of the modern data center. Data and workloads are constantly moving across multi-cloud and physical data centers and security policies must adjust in lock-step. DevOps teams are rolling out new application and services quickly. And there is a huge influx of data from big data analytics.
As your organization modernizes the data center and shifts to cloud-based environments, you must rethink your approach to security, increasing visibility and control without compromising agility and performance. To do this you need to consider the three pillars of security in the modern data center: visibility, segmentation, and threat defense.
1. Visibility. The biggest concern when migrating to multi-cloud data centers is that the connectivity and security of existing workloads remain intact. Achieving consistent workload protection starts with visibility into existing workloads and application behavior, as well as who the users are, where they are connecting from, and what hosts and application resources they are accessing. When you have a clear view and can understand the interdependencies at play, you can define policies, appropriate levels of segmentation, and other defenses to create a security architecture. Considering the number of workflows typically present in any data center, you can imagine the magnitude of the challenge and may be tempted to bypass this step, but it is critical to ensure workloads go undisrupted.
On an ongoing basis, complete visibility can reveal performance bottlenecks and help you improve capacity planning. It makes it easier to detect malicious activity and accelerate incident response and investigations. This helps you determine if and to what extent critical systems were breached and what information was stolen.
|
|||
|
2018-04-03 12:35:00 | (Déjà vu) Software-defined Global Network as a Service Firm Meta Networks Emerges From Stealth (lien direct) | >Meta NaaS Provides a Software-defined Virtual 'Overlay' to Existing Disjointed Physical Networks
Emerging from stealth with $10 million in seed funding led by Vertex Ventures and the BRM Group, Tel Aviv-based Meta Networks has launched Meta NaaS -- a secure software-defined virtual private network aimed at redefining the concept of distributed, cloud-employing corporate networks.
The advent of public and private cloud services and offerings, together with the growth of mobile computing and remote working, plus the tendency for most companies to combine all of these with their own on-premise resources has had one major and well-recognized effect: there is no longer a physical network perimeter that can be defined and protected. Solutions generally require point products for every device, aimed at protecting the device and its communication to other parts of the network. This rapidly becomes very complex with multiple points of possible failure.
 Meta NaaS provides a software-defined virtual 'overlay' to existing disjointed physical networks. It is user-centric, draws on the principle of zero-trust, and brings together all aspects of remote users, mobile devices, separate branch offices, on premise data centers and cloud apps within one single software-defined overlay. It creates a new perimeter in the cloud.
Like Google's BeyondCorp, the user is key. Every user device is given a unique permanent identity at the packet level, but is also given access to an always-on virtual private network (VPN). A global distribution of PoPs ensures high performance in accessing and using the VPN from any location, and all corporate traffic from corporate users is securely sent to the NaaS before being delivered to its destination. This includes both internal resources and internet traffic -- and security is handled in the NaaS rather than at the device.
"It's worldwide," Etay Bogner, CEO and founder of Meta Networks, told SecurityWeek. "You don't have to install any appliances. You connect separate offices through their existing routers. On top of the network we are deploying best network security. So instead of having the firewall deployed as an appliance in a specific physical location, we have the firewall functionality within the cloud in every one of the PoPs, and we apply security at those locations."
The effect is to provide security in even hostile environments -- mobile employees working in internet cafes or airport waiting lounges are as secure and productive as if they were still in the office.
Meta NaaS interoperates with other cloud-delivered security solutions, supporting a best-breeds security stack for the enterprise. It delivers identity-based policy routing and packet-level identity verification; and since it is cloud-based, it promises cloud advantages: agility, scalability and cloud economics.
"Meta NaaS is a new zero-trust paradi |
Guideline | Heritage | |
|
2018-04-02 19:11:01 | New Bill in Georgia Could Criminalize Security Research (lien direct) | >A new bill passed by the Georgia State Senate last week deems all forms of unauthorized computer access as illegal, thus potentially criminalizing the finding and reporting of security vulnerabilities. The new bill, which met fierce opposition from the cybersecurity community ever since it first became public, amends the Georgia code that originally considered only unauthorized computer access with malicious intent to be a crime. “Any person who intentionally accesses a computer or computer network with knowledge that such access is without authority shall be guilty of the crime of unauthorized computer access,” the bill reads (Senate Bill 315). “Any person convicted of computer password disclosure or unauthorized computer access shall be fined not more than $5,000.00 or incarcerated for a period not to exceed one year, or both punished for a misdemeanor of a high and aggravated nature,” the bill continues. The original | Guideline | ||
|
2018-04-02 17:47:02 | njRAT Gets Ransomware, Crypto-Currency Stealing Capabilities (lien direct) | >An updated version of the njRAT remote access Trojan (RAT) is capable of encrypting files and stealing virtual currencies from crypto-wallets, Zscaler warns. Also known as Bladabindi, njRAT has been around since at least 2013 and is one of the most prevalent malware families. Built in .NET Framework, the malware provides attackers with remote control over the infected systems, utilizes dynamic DNS for command-and-control (C&C), and uses a custom TCP protocol over a configurable port for communication. Dubbed njRAT Lime Edition, the new malware variant includes support for ransomware infection, Bitcoin grabber, and distributed denial of service (DDoS), while also being able to log keystrokes, spread via USB drives, steal passwords, and lock the screen. The malware gets a list of running processes on the victim's machine and uses it to track crypto wallets. Because these store digital currency and may also be connected to the users' bank accounts, debit cards, or credit cards, it's no surprise they are of interest to cybercriminals. | |||
|
2018-04-02 15:25:00 | Saks, Lord & Taylor Stores Hit by Data Breach (lien direct) | A data breach at Saks Fifth Avenue and Lord & Taylor stores in North America exposed customer payment card data, parent company Hudson's Bay Company (HBC) announced on Sunday. The hack, which also impacted its discount store brand Saks OFF 5TH, did not appear to affect HBC's e-commerce or other digital platforms. “We identified the issue, took steps to contain it, and believe it no longer poses a risk to customers shopping at our stores,” the announcement said. “We are working rapidly with leading data security investigators to get our customers the information they need, and our investigation is ongoing. We also are coordinating with law enforcement authorities and the payment card companies,” it added. According to cybersecurity research and threat intelligence firm Gemini Advisory, a cybercrime marketplace called JokerStash announced that over five million stolen credit and debit cards were for sale, which it says were likely stolen from HBC's stores. “In cooperation with several financial organizations, we have confirmed with a high degree of confidence that the compromised records were stolen from customers of Saks Fifth Avenue and Lord & Taylor stores,” Gemini said in a blog post, adding that the window of compromise was estimated to be May 2017 to present.” As of Sunday, roughly 125,000 records had been released for sale so far, Gemini said, with the “entire cache” expected to become available in the following months. HBC did not provide details on the number of customers/records impacted in the incident. “The Company is working rapidly with leading data security investigators to get customers the information they need, and the investigation is ongoing. HBC is also coordinating with law enforcement authorities and the payment card companies,” HBC said. “The details of how these cards were stolen remains unclear at this time, but it's important that we learn what happened so that others can work to prevent similar breaches," commented Tim Erlin, VP, product management and technology at Tripwire. "This appears to be the type of breach, through point-of-sale systems, that EMV is supposed to prevent, so we need to ask what happened here. Was EMV in use, and if so, how did the attackers circumvent it? | Guideline | Equifax | |
|
2018-04-02 14:26:05 | Why Multi-cloud Security Requires Rethinking Network Defense (lien direct) | >The Need to Rethink Security For Our Cloud Applications Has Become Urgent Companies are utilizing the public cloud as their primary route to market for creating and delivering innovative applications. Striving to gain a competitive advantage, organizations of all sizes and in all vertical sectors now routinely tap into infrastructure as a service, or IaaS, and platform as a service, or PaaS, to become faster and more agile at improving services through applications. Along the way, companies are working with multiple cloud providers to create innovative new apps with much more speed and agility. This approach is opening up unprecedented paths to engage with remote workers, suppliers, partners and customers. Organizations that are good at this are first to market with useful new tools, supply chain breakthroughs and customer engagement innovations. There's no question that IaaS, PaaS and their corollary, DevOps, together have enabled businesses to leapfrog traditional IT processes. We are undergoing a digital transformation of profound scope – and things are just getting started. Companies are beginning to leverage the benefits of being able to innovate with unprecedented agility and scalability; however, to take this revolution to the next level, we must take a fresh approach to how we're securing our business networks. Limits to legacy defense Simply put, clunky security approaches, pieced together from multiple vendors, result in a fragmented security environment where IT teams must manually correlate data to implement actionable security protections. This level of human intervention increases the likelihood for human error, leaving organizations exposed to threats and data breaches. What's more, security tools that are not built for the cloud significantly limit the agility of development teams. Cloud collaboration, fueled by an array of dynamic and continually advancing platforms, is complex; and this complexity has introduced myriad new layers of attack vectors. We've seen how one small oversight, such as forgetting to change the default credentials when booting up a new cloud-based workload, can leave an organization's data exposed or allow attackers to leverage resources to mine cryptocurrency. Clearly the need to rethink security for our cloud apps has become urgent. What's really needed is an approach that minimizes data loss and downtime, while also contributing to faster application development, thus allowing the business to experience robust growth. It should be possible to keep companies | Guideline | ||
|
2018-04-02 13:35:04 | (Déjà vu) Would Facebook and Cambridge Analytica be in Breach of GDPR? (lien direct) | >The Cambridge Analytica (CA) and Facebook accusations over the U.S. 2016 presidential election campaign, and to a lesser extent between CA and the UK's Brexit VoteLeave campaign, are -- if proven true -- morally reprehensible. It is not immediately clear, however, whether they are legally reprehensible. The matter is currently under investigation on both sides of the Atlantic.
On March 26, both Apple and IBM called for more regulatory oversight on the use of personal data. "I'm personally not a big fan of regulation because sometimes regulation can have unexpected consequences to it, however I think this certain situation is so dire, and has become so large, that probably some well-crafted regulation is necessary," said Apple chief Tim Cook on March 24, 2018.
"If you're going to use these technologies, you have to tell people you're doing that, and they should never be surprised," IBM chief executive Rometty said on March 26, 2018. "(We have to let) people opt in and opt out, and be clear that ownership of the data does belong to the creator," he said.
 Such regulatory oversight already exists in Europe under national data protection laws, and this will potenyially become global when the European General Data Protection Regulation (GDPR) comes into effect on May 25, 2018. The question is whether Facebook and/or CA would have been in breach of GDPR were it already operational, and therefore whether GDPR will prevent any future repetitions of this sort.
"From Facebook's perspective," MacRoberts LLP senior partner David Flint told SecurityWeek, "the only good point is that the maximum fine under the [current UK] Data Protection Act is £500,000; after 25 May 2018 it would be 4% of Facebook worldwide turnover ($40bn in 2017) -- a potential $1.6bn fine! That's before damages claims."
Cambridge Analytica is an offshoot or SCL, formerly Strategic Communications Laboratories (a private British behavioral research and strategic communication company); and was specifically formed to target the U.S. presidential elections.
The user profile collection
At this stage we have to stress that everything is just a combination of accusation and denial, with nothing yet proven in a court of law. Nevertheless, the accusation is that a Cambridge University academic, Dr. Aleksandr Kogan, developed a Facebook personality quiz app (called 'thisisyourdigitallife') that collected data from some 270,000 app users on Facebook; and also collected their friends' data. Kogan's firm was known as Global Science Research (GSR).
Concerns about the relationship between Facebook user data, GSR, CA, and the U.S. presidential election are not ne |
★★ | ||
|
2018-04-02 13:13:00 | (Déjà vu) Cloudflare Launches Free Secure DNS Service (lien direct) | >Cloudflare Launches Globally Available Secure Free DNS Resolver Cloudflare launched a new free service, designed to improve both the speed and the security of the internet, on April Fool's Day (4/1/2018). But this is no joke. The idea is that 4/1 is geekery four ones, or 1.1.1.1 -- the name and heart of the new service. 1.1.1.1 (and 1.0.0.1) is the address of Cloudflare's new, globally available, free DNS resolver service. It is similar to -- but according to Cloudflare -- faster and more secure than, Google's 8.8.8.8 service. Both address speed and security issues in the standard internet DNS look-up process. The biggest problem is security because DNS lookups are primarily controlled by ISPs; and ISPs are commercial organizations seeking to monetize data; and are often heavily controlled or influenced by governments. In the U.S., ISPs are allowed to sell customer data -- including website visits -- to marketing firms. In the UK, ISPs are required by law to record and hand over such customer data to law enforcement, intelligence and other government agencies. In Turkey, in 2014, the Turkish government censored Twitter by getting ISPs to block DNS requests for twitter.com -- and activists took to the streets to spray paint Google's 8.8.8.8 DNS service as a workaround. Turkey has a history of using the DNS system for censorship, including a block on Wikipedia in April 2017. Google's service is good and fast, and bypasses ISP instigated blocks, but user data is still available to Google. Cloudflare wants to provide an even faster service, but one where no commercial entity can easily monetize the user data, nor government gain access without a court order. Since the firm is committed to never writing that data to disk, and to wiping all log records within 24 hours (to be independently audited by KPMG with a published public report) there will be little historical data available anyway. "Cloudflare's business has never been built around tracking users or selling advertising," blogged Matthew Prince, co-founder and CEO of Cloudflare, on Sunday. "We don't see personal data as an asset; we see it as a toxic asset." Cloudflare retains the log data for a maximum of 24 hours for abuse prevention and debugging issues. “We think it's creepy that user data is sold to advertisers and used to target consumers without their knowledge or consent,” said Prince. “Frankly, we don't want to know what people do on the Internet -- it's none of our business -- and we've designed 1.1.1.1 to ensure that we, along with ISPs around the world, can't.” | |||
|
2018-03-30 16:37:04 | Facebook Details Election Security Improvements (lien direct) | >While under heavy fire for the user privacy blunder involving U.K. firm Cambridge Analytica, Facebook took its time this week to present some of the steps it is taking to protect elections from abuse and exploitation on its platform. The United States this month announced sanctions against Russia for supposed attempts to influence the 2016 US presidential election, after it charged 13 Russians | |||
|
2018-03-30 15:06:01 | Prague Extradites Russian Hacker to US for Alleged Cyberattacks (lien direct) | >The Czech Republic on Friday said it had extradited a Russian hacker to the United States where he is wanted for alleged cyberattacks on social networks.
Yevgeni Nikulin, who is also sought by his native Russsia on fraud charges, had been in a Prague prison since he was arrested in the Czech capital in 2016 in a joint operation with the FBI.
The case comes amid accusations by Washington that Russia tried to "interfere" through hacking in the 2016 US election won by Donald Trump, charges the Kremlin has dismissed.
The Czech justice ministry "confirms the extradition of Russian citizen Y. Nikulin to the United States," ministry spokeswoman Tereza Schejbalova said on Twitter.
The extradition "took place overnight," she added.
A US government plane left Prague soon after midnight Thursday and landed nine hours later near Washington, according to the website flightaware.com.
Following Nikulin's arrest, Moscow accused Washington of harassing its citizens and vowed to fight Nikulin's extradition.
It then issued a separate arrest warrant for him over alleged theft from the WebMoney settlement system.
The US has charged Nikulin with hacking into social networks LinkedIn and Formspring and into the file hosting service Dropbox, Nikulin's lawyer Martin Sadilek told AFP at the time.
He also said Nikulin alleges that FBI investigators had tried twice to persuade him to confess to cyberattacks on the US Democratic Party.
Last year, a Prague court ruled that Nikulin could be extradited to either Russia or the United States, with the final say left to the Czech justice minister.
|
|||
|
2018-03-30 12:48:02 | (Déjà vu) VMware Acquires Threat Detection and Response Firm E8 Security (lien direct) | >VMware announced this week that it has acquired threat detection and response company E8 Security, whose technology will be used to improve the Workspace ONE digital workspace platform. This is the third acquisition made by VMware in less than two months.
California-based E8 Security emerged from stealth mode in March 2015 and it has raised a total of nearly $22 million – more than $23 million if you count seed funding.
E8 Security has developed a platform that helps organizations detect malicious activity by monitoring user and device behavior. The product also improves incident response by providing the data needed to analyze threats.
VMware plans on using E8 Security's technology to improve its Workspace ONE product, specifically a recently announced intelligence feature that provides actionable information and recommendations, and automation for remediation tasks.
“By adding E8 Security's user and entity behavior analytics capabilities to insights from VMware Workspace ONE Intelligence, our customers will be able to streamline management, remediation, and automation to improve the employee experience and the security of their digital workspace,” explained Sumit Dhawan, senior vice president and general manager of VMware's End-User Computing (EUC) business.
VMware announced in February the acquisition of CloudCoreo, a Seattle-based cloud security startup launched less than two years ago. The company has created a product that allows organizations to identify public cloud risks and continuously monitor cloud infrastructure to ensure that applications and data are safe.
The virtualization giant plans on using the CloudCoreo technology and team to help customers secure their applications in the cloud.
Also in February, VMware announced its intent to buy CloudVelox, a company that specializes in providing workload mobility between the data center and public clouds. CloudVelox's solutions also include d |
|||
|
2018-03-30 10:36:04 | (Déjà vu) 20 Arrested in Italy and Romania for Spear Phishing Scam (lien direct) | >Authorities this week arrested 20 individuals in Italy and Romania for their role in a banking phishing scam that defrauded bank customers of €1 million ($1.23 million). The arrests were the result of a two-year long cybercrime investigation conducted by the Romanian National Police and the Italian National Police, with support from Europol, the Joint Cybercrime Action Taskforce (J-CAT), and Eurojust. The arrests were made on March 28, following a series of coordinated raids. 9 of the individuals were arrested in Romania and 11 in Italy. The Romanian Police raided 3 houses, while the Italian authorities conducted 10 home and computer searches. The hackers, Europol reveals, engaged in a banking fraud scheme that netted €1 million from hundreds of customers of 2 major banking institutions. The group, mainly comprised of Italian nationals, sent spear phishing emails impersonating tax authorities to victims, in an attempt to harvest their online banking credentials. Unlike common phishing scams, where millions of generic emails are sent to potential victims, spear phishing emails are highly personalized, featuring content that makes them appear as coming from a reputable source, such as the bank. Since 2016, the investigators have been tracking | Guideline | ||
|
2018-03-30 08:15:05 | Critical Flaw Exposes Many Cisco Devices to Remote Attacks (lien direct) | >Cisco has patched more than 30 vulnerabilities in its IOS software, including a critical remote code execution flaw that exposes hundreds of thousands – possibly millions – of devices to remote attacks launched over the Internet. A total of three vulnerabilities have been rated critical. One of them is CVE-2018-0171, an issue discovered by researchers at Embedi in the Smart Install feature in IOS and IOS XE software. An unauthenticated attacker can send specially crafted Smart Install messages to an affected device on TCP port 4786 and cause it to enter a denial-of-service (DoS) condition or execute arbitrary code. Cisco pointed out that Smart Install is enabled by default on switches that have not received a recent update for automatically disabling the feature when it's not in use. Embedi has published a blog post detailing CVE-2018-0171 and how it can be exploited. Researchers initially believed the vulnerability could only be exploited by an attacker inside the targeted organization's network. However, an Internet scan revealed that there are roughly 250,000 vulnerable Cisco devices that have TCP port 4786 open. Furthermore, Embedi told SecurityWeek that it has identified approximately 8.5 million devices that use this port, but researchers have not been able to determine if the Smart Install technology is present on these systems. Another IOS vulnerability patched by Cisco and rated critical is CVE-2018-0150, a backdoor that allows an attacker to remotely access a device. This security hole is introduced by the existence of an undocumented account with a default username and password. The credentials provide access to a device with privilege level 15, the highest level of access for Cisco network devices. The last critical security hole is CVE-2018-0151, which affects the quality of service (QoS) subsystem of IOS and IOS XE software. The flaw can allow a remote an unauthenticated attacker to cause a DoS condition or execute code with elevated privileges by sending malicious packets to a device. The networking giant has patched a total of 17 high severity flaws in IOS and IOS XE software. The list includes mostly DoS issues, but some of the vulnerabilities can be exploited for remote code execution and privilege escalation. Cisco also patched over a dozen IOS vulnerabilities rated “medium severity.” A majority of the bugs were discovered by the company itself and there is no evidence that any of them have been exploited for malicious purposes. | |||
|
2018-03-30 04:29:02 | Microsoft Fixes Windows Flaw Introduced by Meltdown Patches (lien direct) | >Microsoft has released out-of-band updates for Windows 7 and Windows Server 2008 R2 to address a serious privilege escalation vulnerability introduced earlier this year by the Meltdown mitigations. Researcher Ulf Frisk reported this week that the patches released by Microsoft in January and February for the Meltdown vulnerability created an even bigger security hole that allows an attacker to read from and write to memory at significant speeds. Frisk disclosed details of the bug since Microsoft's security updates for March appeared to have addressed the issue. However, an investigation conducted by the tech giant revealed that the flaw had not been properly fixed. Microsoft informed customers on Thursday that a new patch has been released for Windows 7 x64 Service Pack 1 and Windows Server 2008 R2 x64 Service Pack 1 to fully resolve the problem. “Customers who apply the updates, or have automatic updates enabled, are protected.” a Microsoft spokesperson said. The vulnerability, tracked as CVE-2018-1038 and rated “important,” has been patched with the KB4100480 update. Users are advised to install the update as soon as possible, particularly since some Microsoft employees believe it will likely be exploited in the wild soon. “An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft said in an advisory. Frisk explained in a blog post that while the Meltdown vulnerability allows an attacker to read megabytes of data per second, the new flaw can be exploited to read gigabytes of data per second. In one of the tests he conducted, the researcher managed to access the memory at speeds of over 4 Gbps. The security hole can also be exploited to write to memory. Exploiting the flaw is easy once the attacker has gained access to the targeted system. A direct memory access (DMA) attack tool developed by Frisk can be used to reproduce the vulnerability. Related: Windows Updates Deliver Intel's Spectre Microcode Patches Related: | |||
|
2018-03-30 03:14:05 | (Déjà vu) Foreign Companies in China Brace for VPN Crackdown (lien direct) | >Chinese people and foreign firms are girding for a weekend deadline that will curb the use of unlicensed software to circumvent internet controls, as the government plugs holes in its "Great Firewall". A virtual private network (VPN) can tunnel through the country's sophisticated barrier of online filters to access the global internet. VPNs give users a way to see blocked websites such as Facebook, Twitter, Google and Western news outlets, as well as certain business network tools such as timesheets, email and directories. But new government regulations unveiled last year sent chills among users of the software, with a March 31 deadline for companies and individuals to only use government-approved VPNs. Currently, many foreign companies have their own VPN servers in locations outside of China. But in the future, dedicated lines can only be provided by China's three telecom operators. Critics have slammed the new policy as a revenue grab that will eliminate cheaper VPN options and make internet users more vulnerable to surveillance. But some companies are still planning to comply. "We will apply for a VPN line with (the government)," the chief executive of a foreign-owned technology company told AFP. "As a company that is globally-focused based in Beijing, I think that's the best option... because we don't want to break the rules or have our VPN access disrupted," she said, requesting anonymity. Some embassies in Beijing experienced disruptions to their communications due to restrictions on VPN usage late last year, prompting the European Union delegation to send a letter to the government to complain, diplomatic sources told AFP. American Chamber of Commerce Shanghai President Kenneth Jarrett warned that foreign companies and their employees could "bear the brunt of the new policies". "Foreign companies, especially entrepreneurs and smaller companies rely on overseas platforms such as Google Analytics and Google Scholar," Jarrett told AFP. "Limiting access to affordable VPNs will make it harder for these companies to operate efficiently and just adds to the frustration of doing business in China." The Ministry of Industry and Information Technology has dismissed concerns that using state-approved providers could jeopardise the security of private data, saying they "are not able to see information related to your business". 'At the mercy of regulators' | |||
|
2018-03-29 21:50:00 | Under Armour Says 150 Million Affected in Data Breach (lien direct) | 
Sports gear maker Under Armour said Thursday a data breach of its fitness application was hacked, affecting some 150 million user accounts.
The Baltimore, Maryland-based company said it had contacted law enforcement and outside consultants after learning of the breach.
Under Armour said it learned on March 25 of the breach of its MyFitnessPal application, which enables users to track activity and calorie intake using a smartphone.
It said an unauthorized party obtained usernames, email addresses, and "hashed" passwords, which make it harder for a hacker to ascertain.
The hack did not affect social security numbers, drivers licenses or credit card data, according to the company.
"The company's investigation is ongoing, but indicates that approximately 150 million user accounts were affected by this issue," a statement said.
Users were being notified by email and messaging to update settings to protect account information.
The attack is the latest affecting companies with large user bases such as Yahoo, retailer Target and credit reporting agency Equifax.
|
Equifax Yahoo |
To see everything:
