What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-02-27 17:39:00 | Facebook Says \'Clear History\' Feature Ready This Year (lien direct) | Facebook's feature allowing users to erase all their data is set to be released this year, many months after it was announced by the leading social network. | Guideline | ||
|
2019-02-21 17:46:03 | Google\'s Nest Hub Has a Microphone It Forgot to Mention (lien direct) | Google said Wednesday it forgot to mention that it included a microphone in its Nest Secure home alarm system, the latest privacy flub by one of the tech industry's leading collectors of personal information. | Guideline | ★★★★★ | |
|
2019-01-31 15:38:02 | Why User Names and Passwords Are Not Enough (lien direct) | Security Leaders are Finally Recognizing How Big of a Problem Credential Compromises Are | Guideline | ||
|
2019-01-22 14:22:04 | Adobe Patches Information Disclosure Flaws in Experience Manager (lien direct) | Updates released on Tuesday by Adobe for its Experience Manager and Experience Manager Forms products address several vulnerabilities that can lead to information disclosure. | Guideline | ||
|
2018-12-17 06:34:00 | Code Execution Flaw in SQLite Affects Chrome, Other Software (lien direct) | Many applications using the popular SQLite database management system could be exposed to attacks due to a potentially serious vulnerability that can lead to remote code execution, information disclosure, and denial-of-service (DoS) attacks. | Vulnerability Guideline | ||
|
2018-12-04 04:08:04 | Israeli Firm Rejects Alleged Connection to Khashoggi Killing (lien direct) | An Israeli company known for its sophisticated phone surveillance technology on Monday rejected accusations that its snooping software helped lead to the killing of Saudi journalist Jamal Khashoggi. | Guideline | ||
|
2018-11-20 08:56:05 | TalkTalk Hackers Sentenced to Prison (lien direct) | Two individuals were sentenced to prison on Monday for their roles in the 2015 hacking of British telecoms company TalkTalk. Connor Allsopp, 21, and Matthew Hanley, 23, both from Tamworth, Staffordshire, pleaded guilty to hacking-related charges last year. Allsopp has been sentenced to 8 months in jail and Hanley to 12 months. | Guideline | ||
|
2018-10-30 10:50:00 | 92% of External Web Apps Have Exploitable Security Flaws or Weaknesses: Report (lien direct) | According to new research, 98% of leading companies across the U.S. and Europe are vulnerable to cybercriminals through their web applications. While this figure may seem high, it will surprise neither the companies themselves nor independent security experts. | Guideline | ||
|
2018-10-27 19:42:02 | Analysis of North Korea\'s Internet Traffic Shows a Nation Run Like a Criminal Syndicate (lien direct) | Recorded Future has published a series of analyses on North Korea's most senior leadership's use of the internet. As the last report of the series, it demonstrates how adaptable this leadership has become in both using and monetizing its use of the internet. | Guideline | ||
|
2018-10-19 11:13:02 | EU Leaders Vow Tough Action on Cyber Attacks (lien direct) | EU leaders on Thursday condemned the attempted hack on the global chemical weapons watchdog and vowed to step up the bloc's efforts to tackle cyber attacks. With concerns growing about the malign cyber activities of several countries around the world, notably Russia, the bloc's leaders called for work to begin to set up sanctions to punish hackers. | Hack Guideline | ||
|
2018-10-17 23:42:03 | Britain Leads Calls for EU Action Against Hackers (lien direct) | British Prime Minister Theresa May will call on fellow EU leaders Thursday to take united action to punish cyber attackers, warning hackers cause economic harm and undermine democracies. Britain is among eight European Union countries pushing for the bloc to urgently agree a new sanctions regime to address malign cyber activities. | Guideline | ||
|
2018-10-12 17:21:05 | (Déjà vu) Ex-NASA Contractor Pleads Guilty in Cyberstalking Scheme (lien direct) | A former NASA contractor who allegedly threatened to publish nude photos of seven women unless they sent him other explicit pictures has pleaded guilty to federal charges. | Guideline | ||
|
2018-10-11 19:10:02 | Facebook Purges 251 Accounts to Thwart Deception (lien direct) | Facebook on Thursday said it shut down 251 accounts for breaking rules against spam and coordinated deceit, some of it by ad farms pretending to be forums for political debate. The move came as the leading social network strives to prevent the platform from being used to sow division and spread misinformation ahead of US elections in November. | Spam Guideline | ★★★★ | |
|
2018-10-09 14:40:04 | Better Customer Experience is More Than a "Nice to Have" for Security (lien direct) | Customer Experience (CX) has gone from a buzzword to an imperative in just a few short years. A reported 80 percent of companies responding to Gartner's marketing leaders survey now say they expect to compete mainly based on CX. Forrester has created a Customer Experience Index by which they measure and rank CX leaders. And there are hundreds of customer experience conferences to choose from every year. | Guideline | ||
|
2018-10-06 16:28:04 | Man Pleads Guilty to Hacking Websites of New York City Comptroller and West Point (lien direct) | The United States Department of Justice (DoJ) this week announced that a California man has pleaded guilty to hacking the websites for the Combating Terrorism Center at the United States Military Academy in West Point, New York, and the Office of the New York City Comptroller. | Guideline | ||
|
2018-09-21 14:18:00 | Accounting Firm Moss Adams Acquires Cybersecurity Firm AsTech (lien direct) | Moss Adams (an accounting firm founded 105 years ago) has merged in AsTech Consulting (a cyber risk management firm founded 21 years ago). Moss Adams is the thirteenth largest tax company in the U.S., and the leading firm on the West Coast. AsTech is a successful West Coast tech firm that counts the nation's third largest bank among its clients. | Guideline | ||
|
2018-09-13 05:16:00 | Kelihos Botnet Author Pleads Guilty in U.S. Court (lien direct) | Peter Yuryevich Levashov, a 38-year-old Russian national accused of operating the notorious Kelihos botnet, pleaded guilty on Wednesday to computer crime, fraud, conspiracy and identity theft charges. | Guideline | ||
|
2018-09-05 02:29:00 | Facebook Chief Says Internet Firms in \'Arms Race\' for Democracy (lien direct) | Facebook chief Mark Zuckerberg said late Tuesday that the leading social network and other internet firms are in an arms race to defend democracy. Zuckerberg's Washington Post op-ed came on the eve of hearings during which lawmakers are expected to grill top executives from Facebook and Twitter. | Guideline | ||
|
2018-09-04 14:15:03 | The Continuing Problem of Aligning Cybersecurity With Business (lien direct) | Aligning security policy with business practices is generally considered to be a key imperative for a successful company. This must necessarily start with security teams understanding the business, and business leaders understanding security requirements. | Guideline | ||
|
2018-08-16 14:43:05 | Botnet of Smart Heaters, ACs Can Cause Power Disruptions: Researchers (lien direct) | 
|
Guideline | ||
|
2018-08-08 14:28:02 | NERC Names Bill Lawrence as VP, Chief Security Officer (lien direct) | North American Electric Reliability Corporation (NERC) on Tuesday announced that Bill Lawrence has been named vice president and chief security officer (CSO), and will officially step into the lead security role on August 16, 2018. | Guideline | ||
|
2018-07-20 11:20:03 | Singapore Says Hackers Stole 1.5 Million Health Records in Massive Cyberattack (lien direct) | Hackers have stolen the health records of 1.5 million Singaporeans including Prime Minister Lee Hsien Loong, authorities said Friday, with the leader specifically targeted in the city-state's biggest ever data breach. | Guideline | ||
|
2018-07-09 15:12:02 | Intel Patches Security Flaws in Processor Diagnostic Tool (lien direct) | Intel has updated its Processor Diagnostic Tool to address vulnerabilities that could lead to arbitrary code execution and escalation of privileges. | Tool Guideline | ||
|
2018-06-28 18:28:01 | Russia Expert to Lead Canada\'s Electronic Eavesdropping Agency (lien direct) | A Russia expert was appointed Wednesday to lead Canada's electronic eavesdropping agency, amid ongoing concerns of Russian hacking and meddling in Western elections. | Guideline | ||
|
2018-06-25 23:29:01 | EU States to Form \'Rapid Response\' Cyber Force: Lithuania (lien direct) | Nine European Union states are to create rapid response teams to counter cyber attacks within the framework of a new EU defence pact, project leader Lithuania announced on Thursday. "Nine states have agreed to join. The goal is to create rotational EU cyber rapid response teams," Defence Minister Raimundas Karoblis told AFP. | Guideline | ||
|
2018-06-20 14:36:00 | Massachusetts Man Pleads Guilty to ATM Hacking (lien direct) | A Massachusetts man pleaded guilty to his role in an ATM “jackpotting” operation, the United States Department of Justice announced this week. | Guideline | ||
|
2018-06-19 13:17:01 | Data Stolen in OPM Breach Used in Loan Fraud Scheme (lien direct) | Two individuals pleaded guilty recently over their role in a scheme that involved fraudulent loans obtained using personal information stolen in the massive breach at the U.S. Office of Personnel Management (OPM). | Guideline | ||
|
2018-05-30 15:36:02 | U.S. Commerce Chief Warns of Disruption From EU Privacy Rules (lien direct) | Washington - US Commerce Secretary Wilbur Ross warned Wednesday that the new EU privacy rules in effect since last week could lead to serious problems for business, medical research and law enforcement on both sides of the Atlantic. | Guideline | ||
|
2018-05-30 04:54:03 | Accused Yahoo Hacker Gets Five Years in Prison, Fine (lien direct) | A man accused of taking part in devastating cyberattacks on Yahoo for Russian intelligence agents was sentenced Tuesday to five years in prison in a plea bargain with prosecutors. | Guideline | Yahoo | |
|
2018-05-09 09:17:01 | No Evidence Russian Hackers Changed Votes in 2016 Election: Senators (lien direct) | Hackers backed by the Russian government attempted to undermine confidence in the voting process in the period leading up to the 2016 presidential election, but there is no evidence that they manipulated votes or modified voter registration data, according to a brief report published on Tuesday by the Senate Intelligence Committee. | Guideline | ||
|
2018-05-01 20:12:03 | Privilege Escalation Bug Lurked in Linux Kernel for 8 Years (lien direct) | A security vulnerability in a driver leading to local privilege escalation in the latest Linux Kernel version was introduced 8 years ago, Check Point reveals. | Guideline | ||
|
2018-04-06 12:08:04 | New Strain of ATM Jackpotting Malware Discovered (lien direct) | >A new type of ATM jackpotting malware has been discovered. Dubbed ATMJackpot, the malware appears to be still under development, and to have originated in Hong Kong. There are no current details of any deployment or use. ATMJackpot was discovered and analyzed by Netskope Threat Research Labs. It has a smaller footprint than earlier strains of jackpotting malware, but serves the same purpose: to steal money from automated teller machines (ATMs). ATM jackpotting -- also known as a logical attack -- is the use of malware to control cash dispensing from individual ATMs. The malware can be delivered locally to each ATM via a USB port, or remotely by compromising the ATM operator network. Jackpotting has become an increasing problem in recent years, originally and primarily in Europe and Asia. In 2017, Europol warned that ATM attacks were increasing. "The malware being used has evolved significantly and the scope and scale of the attacks have grown proportionately," said Steven Wilson, head of Europol's EC3 cybercrime center. The first attacks against ATMs in the U.S. were discovered in January 2018 following an alert issued by the Secret Service. In March 2018, the alleged leader of the Carbanak group was arrested in Spain. Carbanak is believed to have stolen around $1.24 million over the preceding years. Its method was to compromise the servers controlling ATM networks by spear-phishing bank employers, and then use foot soldiers (mules) to collect money dispensed from specific ATMs at specific times. It is not clear whether the ATMJackpot malware discovered by Netskope is intended to be manually installed via USB on individual ATMs, or downloaded from a compromised network. Physical installation on an ATM is not always difficult. In July 2017, IOActive described how its researchers could gain access to the Diebold Opteva ATM. It was achieved by inserting a metal rod through a speaker hole and raising a metal locking bar. From there they were able to reverse engineer software to get access to the money vault. Jackpotting malware is designed to avoid the need to physically break into the vault. It can be transferred via a USB port to the computer part of the ATM that controls the vault. Most ATMs use a version of Windows that is well understood by criminals. ATMJackpot malware first registers the windows class name 'Win' with a procedure for the malware activity. The malware then populates the options on the window and initiates a connection with the XFS manager. The XFS subsystem provides a common API to access and manipulate the ATM devices from different vendors. The malware then opens a session with the service providers and registers to monitor events. It opens a session with the cash dispenser, the card reader and the PIN pad servic | Guideline Cloud | APT 37 | |
|
2018-04-05 13:43:05 | 1.5 Billion Sensitive Documents on Open Internet: Researchers (lien direct) | >Some 1.5 billion sensitive online files, from pay stubs to medical scans to patent applications, are visible on the open internet, security researchers said Thursday.
Researchers from the cybersecurity firm Digital Shadows said a scanning tool used in the first three months of 2018 found mountains of private data online from people and companies across the world.
The unprotected data amounted to some 12 petabytes, or four thousand times larger than the "Panama Papers" document trove which exposed potential corruption in dozens of countries.
"These are files that are freely available" to anyone with minimal technical knowledge, said Rick Holland, a vice president at Digital Shadows.
Holland told AFP his team scanned the web and found unsecured files, adding "we didn't authenticate to anything."
The availability of open data makes it easier for hackers, nation-states or rival companies to steal sensitive information, Holland said.
"It makes attackers' jobs much easier. It shortens the reconnaissance phase," he added.
The researchers said in the report that even amid growing concerns about hackers attacking sensitive data, "we aren't focusing on our external digital footprints and the data that is already publicly available via misconfigured cloud storage, file exchange protocols, and file sharing services."
A significant amount of the data left open was from payroll and tax return files, which accounted for 700,000 and 60,000 files respectively, Digital Shadows said.
It noted medical files and lists were also weakly protected, with some 2.2 million body scans open to inspection.
Many corporate secrets were also out in the open including designs, patent summaries and details of yet-to-be-released products.
"While organizations may consider insiders, network intrusions and phishing campaigns as sources of corporate espionage, these findings demonstrate that there is already a large amount of sensitive data publicly available," the report said.
The researchers said about 36 percent of the files were located in the European Union. The United States had the largest amount for a single country at 16 percent, but exposed files were also seen around the world including in Asia and the Middle East.
|
Guideline | ||
|
2018-04-04 15:24:02 | Critical Vulnerability Patched in Microsoft Malware Protection Engine (lien direct) | >An update released this week by Microsoft for its Malware Protection Engine patches a vulnerability that can be exploited to take control of a system by placing a malicious file in a location where it would be scanned. The Microsoft Malware Protection Engine provides scanning, detection and cleaning capabilities for security software made by the company. The engine is affected by a flaw that can be exploited for remote code execution when a specially crafted file is scanned. The malicious file can be delivered via a website, email or instant messenger. The Malware Protection Engine will automatically scan the file (if real-time protection is enabled) and allow the attacker to execute arbitrary code in the context of the LocalSystem account, which can lead to a complete takeover of the targeted system. On systems where real-time scanning is not enabled, the exploit will still get triggered, but only when a scheduled scan is initiated. The vulnerability, tracked as CVE-2018-0986 and rated “critical,” affects several Microsoft products that use the Malware Protection Engine, including Exchange Server, Forefront Endpoint Protection 2010, Security Essentials, Windows Defender, and Windows Intune Endpoint Protection. While the flaw is dangerous and easy to exploit, Microsoft believes exploitation is “less likely.” The company pointed out that the patch for this vulnerability will be automatically delivered to customers within 48 hours of release – users and administrators do not have to take any action. Google Project Zero researcher Thomas Dullien, aka “Halvar Flake,” has been credited for finding CVE-2018-0986. The details of the vulnerability have yet to be disclosed, but considering that the patch is being delivered automatically to most systems, the information will likely become available soon. This is not the first time Google Project Zero researchers have discovered critical vulnerabilities in Microsoft's Malware Protection Engine. While Google may occasionally disclose flaws in Microsoft products before patches become available, in the case of the Malware Protection Engine, Microsoft typically releases patches within a few days or weeks. A similar flaw in the Malware Protection Engine was also found recently by employees of UK's National Cyber Security Centre (NCSC). Related: | Guideline | ||
|
2018-04-04 14:20:05 | IoT Security Firm Red Balloon Raises $22 Million (lien direct) | >Red Balloon Security, a provider of embedded device security solutions, announced on Wednesday that it has secured $21.9 million through a Series A funding round led by Bain Capital Ventures.
This latest round of funding brings the company's total funding to $23.5 million.
The company's flagship Symbiote Defense technology helps customers to detect and defend against emerging threats targeting embedded devices. The technology behind Symbiote was originally developed within Columbia University's Intrusion Detection Systems Lab, with support of the Defense Advanced Research Projects Agency (DARPA) and the Department of Homeland Security Science and Technology Directorate (DHS S&T).
Symbiote, Red Balloon explains, “defends devices without requiring changes to source code or hardware design, all without impacting the functionality or performance of the device,” adding that the solution has “demonstrated the ability to defend against both n-day and zero-day attacks on embedded devices, even if the attacker has succeeded in bypassing traditional cybersecurity measures.”
Red Balloon claims that Symbiote technology has operated for more than 15 billion continuous hours without a single failure, protecting millions of endpoints around the world.
“Symbiote Defense is a critically important technology for today's businesses because it is able to prevent malware and other cyber attacks from hijacking, disrupting or corrupting any embedded device,” said Ang Cui, PhD, founder and CEO of Red Balloon Security. “This technology has considerable commercial potential because it is highly effective within any type of embedded device environment, from consumer electronics to factories, connected cars and even power plants. Thanks to the strong support of our investors, we will now be able to make this advanced technology more widely available to commercial users across all major industries.”
Greycroft, American Family Ventures and Abstract Ventures also participated in the funding round.
Related: Mocana Receives Strategic Investment from GE Ventures
|
Guideline | ||
|
2018-04-04 13:59:02 | WAF Security Startup Threat X Raises $8.2 Million (lien direct) | Cybersecurity startup Threat X, which offers cloud-based web application firewall (WAF) solutions, today announced that it has closed an $8.2 million Series A funding round.
The Denver, Colorado-based company says the new funding will be used to fuel growth and support adoption of its WAF technology and managed security services.
The company explains that its SaaS-based solution “employs kill-chain based, progressive profiling to identify and neutralize threats."
“Our goal is to help organizations protect their applications with a SaaS based web application firewall that provides a holistic view of every attack, the techniques being utilized, and target vulnerabilities,” Bret Settle, Founder and CEO of Threat X, said. “Our behavioral profiling and correlation engine analyzes each attack and eliminates false positives by grading risk level and progress throughout the 'kill-chain'. Our customers can also leverage our deep analytics and expert security team for greater threat intelligence and visibility into preventative measures.”
The funding round was co-led by Grotech Ventures and Access Venture Partners.
No active ads were found in t47 -->
(function() {
var po = document.createElement("script"); po.type = "text/javascript"; po.async = true;
po.src = "https://apis.google.com/js/plusone.js";
var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(po, s);
})();
Tweet
|
Guideline | ||
|
2018-04-04 13:48:05 | (Déjà vu) Security for the Ages: Make it Memorable (lien direct) | >Those of us That Spend our Lives in Security Sometimes Forget How our Field Looks and Sounds to Others
Recently, on way to work, I heard the song “Mr. Jones” for the first time in years. For my younger readers, this Counting Crows song was quite popular when I was in High School. I found hearing this song again after so many years fascinating. Why? Because I still knew every word of the song.
Whether or not you are a fan of the song, you are likely asking yourself what this could possibly have to do with security. That's certainly a fair question. To understand the connection here, we need to ask ourselves why I still remember the words to this song after all these years.
In my opinion, the answer to that question lies in the fact that the song was fun for me. For whatever reason, it found favor in my eyes. I internalized it. I heard a lot of songs in the 1980s and the 1990s. But the number of songs from that period whose lyrics I still remember is relatively small.
We can learn a lesson from this in security. Those of us that spend our lives in security sometimes forget how our field looks and sounds to others. When presenting or discussing our work, it's important to focus on how that message is received and internalized by the people on the other side of the conversation. Let's take a look at ten situations in which we can leverage this powerful lesson.
 1. Conferences: I've sat through a fair number of conference talks in my life. Some have been better than others. Know your audience and stay focused on what will resonate with them and/or help them understand what you've been working hard on and the value it provides to the greater security community. The best talks are those that people still remember after a year or two has gone by.
2. Board: In previous roles, I've had a few opportunities to present at board meetings. What I took away from these encounters is the extremely high level at which the board thinks about risk. It's incredibly strategic and miles away from tactical. Something to keep in mind when formulating your board presentation. Your job is to get the board's attention and cause them to focus on what's important, not to overwhelm them with details.
3. Executives: While perhaps not as high level as the board, executives are still pretty high level. Tactical mumbo jumbo will put them into a trance. Best to tune your message to the audience and ensure it will resonate and stay with them. For example, if you need to make the case for additional budget, try doing so in the language of mitigating risk to the business and return on investment.
4 |
Guideline | ||
|
2018-04-03 18:30:03 | New KevDroid Android Backdoor Discovered (lien direct) | >Security researchers have discovered a new Android Remote Access Trojan (RAT) that can steal a great deal of information from infected devices. Dubbed KevDroid, the mobile threat can steal contacts, messages, and phone history, while also able to record phone calls, Talos reports. Two variants of the malware have been identified so far. One of the variants exploits CVE-2015-3636 to gain root access, but both implement the same call recording capabilities, taken from an open-source project on GitHub. Once it has infected a device, the first KevDroid variant can gather and siphon information such as installed applications, phone number, phone unique ID, location, stored contacts information, stored SMS, call logs, stored emails, and photos. | Guideline Cloud | APT 37 | |
|
2018-04-03 12:35:00 | (Déjà vu) Software-defined Global Network as a Service Firm Meta Networks Emerges From Stealth (lien direct) | >Meta NaaS Provides a Software-defined Virtual 'Overlay' to Existing Disjointed Physical Networks
Emerging from stealth with $10 million in seed funding led by Vertex Ventures and the BRM Group, Tel Aviv-based Meta Networks has launched Meta NaaS -- a secure software-defined virtual private network aimed at redefining the concept of distributed, cloud-employing corporate networks.
The advent of public and private cloud services and offerings, together with the growth of mobile computing and remote working, plus the tendency for most companies to combine all of these with their own on-premise resources has had one major and well-recognized effect: there is no longer a physical network perimeter that can be defined and protected. Solutions generally require point products for every device, aimed at protecting the device and its communication to other parts of the network. This rapidly becomes very complex with multiple points of possible failure.
 Meta NaaS provides a software-defined virtual 'overlay' to existing disjointed physical networks. It is user-centric, draws on the principle of zero-trust, and brings together all aspects of remote users, mobile devices, separate branch offices, on premise data centers and cloud apps within one single software-defined overlay. It creates a new perimeter in the cloud.
Like Google's BeyondCorp, the user is key. Every user device is given a unique permanent identity at the packet level, but is also given access to an always-on virtual private network (VPN). A global distribution of PoPs ensures high performance in accessing and using the VPN from any location, and all corporate traffic from corporate users is securely sent to the NaaS before being delivered to its destination. This includes both internal resources and internet traffic -- and security is handled in the NaaS rather than at the device.
"It's worldwide," Etay Bogner, CEO and founder of Meta Networks, told SecurityWeek. "You don't have to install any appliances. You connect separate offices through their existing routers. On top of the network we are deploying best network security. So instead of having the firewall deployed as an appliance in a specific physical location, we have the firewall functionality within the cloud in every one of the PoPs, and we apply security at those locations."
The effect is to provide security in even hostile environments -- mobile employees working in internet cafes or airport waiting lounges are as secure and productive as if they were still in the office.
Meta NaaS interoperates with other cloud-delivered security solutions, supporting a best-breeds security stack for the enterprise. It delivers identity-based policy routing and packet-level identity verification; and since it is cloud-based, it promises cloud advantages: agility, scalability and cloud economics.
"Meta NaaS is a new zero-trust paradi |
Guideline | Heritage | |
|
2018-04-02 19:11:01 | New Bill in Georgia Could Criminalize Security Research (lien direct) | >A new bill passed by the Georgia State Senate last week deems all forms of unauthorized computer access as illegal, thus potentially criminalizing the finding and reporting of security vulnerabilities. The new bill, which met fierce opposition from the cybersecurity community ever since it first became public, amends the Georgia code that originally considered only unauthorized computer access with malicious intent to be a crime. “Any person who intentionally accesses a computer or computer network with knowledge that such access is without authority shall be guilty of the crime of unauthorized computer access,” the bill reads (Senate Bill 315). “Any person convicted of computer password disclosure or unauthorized computer access shall be fined not more than $5,000.00 or incarcerated for a period not to exceed one year, or both punished for a misdemeanor of a high and aggravated nature,” the bill continues. The original | Guideline | ||
|
2018-04-02 15:25:00 | Saks, Lord & Taylor Stores Hit by Data Breach (lien direct) | A data breach at Saks Fifth Avenue and Lord & Taylor stores in North America exposed customer payment card data, parent company Hudson's Bay Company (HBC) announced on Sunday. The hack, which also impacted its discount store brand Saks OFF 5TH, did not appear to affect HBC's e-commerce or other digital platforms. “We identified the issue, took steps to contain it, and believe it no longer poses a risk to customers shopping at our stores,” the announcement said. “We are working rapidly with leading data security investigators to get our customers the information they need, and our investigation is ongoing. We also are coordinating with law enforcement authorities and the payment card companies,” it added. According to cybersecurity research and threat intelligence firm Gemini Advisory, a cybercrime marketplace called JokerStash announced that over five million stolen credit and debit cards were for sale, which it says were likely stolen from HBC's stores. “In cooperation with several financial organizations, we have confirmed with a high degree of confidence that the compromised records were stolen from customers of Saks Fifth Avenue and Lord & Taylor stores,” Gemini said in a blog post, adding that the window of compromise was estimated to be May 2017 to present.” As of Sunday, roughly 125,000 records had been released for sale so far, Gemini said, with the “entire cache” expected to become available in the following months. HBC did not provide details on the number of customers/records impacted in the incident. “The Company is working rapidly with leading data security investigators to get customers the information they need, and the investigation is ongoing. HBC is also coordinating with law enforcement authorities and the payment card companies,” HBC said. “The details of how these cards were stolen remains unclear at this time, but it's important that we learn what happened so that others can work to prevent similar breaches," commented Tim Erlin, VP, product management and technology at Tripwire. "This appears to be the type of breach, through point-of-sale systems, that EMV is supposed to prevent, so we need to ask what happened here. Was EMV in use, and if so, how did the attackers circumvent it? | Guideline | Equifax | |
|
2018-04-02 14:26:05 | Why Multi-cloud Security Requires Rethinking Network Defense (lien direct) | >The Need to Rethink Security For Our Cloud Applications Has Become Urgent Companies are utilizing the public cloud as their primary route to market for creating and delivering innovative applications. Striving to gain a competitive advantage, organizations of all sizes and in all vertical sectors now routinely tap into infrastructure as a service, or IaaS, and platform as a service, or PaaS, to become faster and more agile at improving services through applications. Along the way, companies are working with multiple cloud providers to create innovative new apps with much more speed and agility. This approach is opening up unprecedented paths to engage with remote workers, suppliers, partners and customers. Organizations that are good at this are first to market with useful new tools, supply chain breakthroughs and customer engagement innovations. There's no question that IaaS, PaaS and their corollary, DevOps, together have enabled businesses to leapfrog traditional IT processes. We are undergoing a digital transformation of profound scope – and things are just getting started. Companies are beginning to leverage the benefits of being able to innovate with unprecedented agility and scalability; however, to take this revolution to the next level, we must take a fresh approach to how we're securing our business networks. Limits to legacy defense Simply put, clunky security approaches, pieced together from multiple vendors, result in a fragmented security environment where IT teams must manually correlate data to implement actionable security protections. This level of human intervention increases the likelihood for human error, leaving organizations exposed to threats and data breaches. What's more, security tools that are not built for the cloud significantly limit the agility of development teams. Cloud collaboration, fueled by an array of dynamic and continually advancing platforms, is complex; and this complexity has introduced myriad new layers of attack vectors. We've seen how one small oversight, such as forgetting to change the default credentials when booting up a new cloud-based workload, can leave an organization's data exposed or allow attackers to leverage resources to mine cryptocurrency. Clearly the need to rethink security for our cloud apps has become urgent. What's really needed is an approach that minimizes data loss and downtime, while also contributing to faster application development, thus allowing the business to experience robust growth. It should be possible to keep companies | Guideline | ||
|
2018-03-30 10:36:04 | (Déjà vu) 20 Arrested in Italy and Romania for Spear Phishing Scam (lien direct) | >Authorities this week arrested 20 individuals in Italy and Romania for their role in a banking phishing scam that defrauded bank customers of €1 million ($1.23 million). The arrests were the result of a two-year long cybercrime investigation conducted by the Romanian National Police and the Italian National Police, with support from Europol, the Joint Cybercrime Action Taskforce (J-CAT), and Eurojust. The arrests were made on March 28, following a series of coordinated raids. 9 of the individuals were arrested in Romania and 11 in Italy. The Romanian Police raided 3 houses, while the Italian authorities conducted 10 home and computer searches. The hackers, Europol reveals, engaged in a banking fraud scheme that netted €1 million from hundreds of customers of 2 major banking institutions. The group, mainly comprised of Italian nationals, sent spear phishing emails impersonating tax authorities to victims, in an attempt to harvest their online banking credentials. Unlike common phishing scams, where millions of generic emails are sent to potential victims, spear phishing emails are highly personalized, featuring content that makes them appear as coming from a reputable source, such as the bank. Since 2016, the investigators have been tracking | Guideline | ||
|
2018-03-29 16:04:02 | (Déjà vu) Panda Banker Trojan Goes to Japan (lien direct) | >The banking Trojan known as Panda Banker is now targeting financial institutions in Japan for what appears to be first time. Also known as Panda Zeus, the malware was first observed in 2016, based on the leaked source code of the infamous Zeus banking Trojan. The threat has been involved in multiple infection campaigns targeting users worldwide, including an attack that leveraged poisoned Google searches for malware delivery. Designed to steal user credentials via man-in-the-browser and webinjects that specify what websites to target and how, Panda Banker has received consistent, incremental updates ever since its first appearance on the threat landscape. The Trojan is being sold as a kit on underground forums, meaning that it has a large number of users. Cybercriminals using it target variou | Guideline | ||
|
2018-03-29 12:10:04 | (Déjà vu) The CNN Factor Adds More Complexity to Security Operations (lien direct) | >Security Teams Need the Ability to Collaborate and Coordinate to Make Better Use of the Talent and Data They Already Have We all know that security teams are drowning in a sea of alerts, largely driven by a defense-in-depth strategy with layers of protection that aren't integrated and create a massive amount of logs and events. If you need further evidence, Cisco's 2018 Annual Cybersecurity Report (PDF) found that among organizations using 50+ vendors, 55 percent say orchestrating security alerts is very challenging and for those with 21-50 vendors, 43 percent are struggling. The result? On average, 44 percent of alerts are not investigated and of those investigated and deemed legitimate, nearly half (49 percent) go un-remediated! Compound that reality with the “CNN Factor” – global cyberattacks that garner widespread interest and trigger calls from management – and you've got a situation that is quickly becoming untenable. It isn't sufficient for security teams to prevent, detect and respond to attacks. Security teams also must be able to proactively investigate and understand what the latest, large-scale cyber campaign means to their organization. Yet Cisco's study finds, “One reason [alerts go un-remediated] appears to be the lack of headcount and trained personnel who can facilitate the demand to investigate all alerts.” So how can security teams handle the fallout from the headlines along with their daily list of “to-dos?” They need a force multiplier – the ability to collaborate and coordinate to make better use of the talent and data they already have. This will not only help them respond more effectively and efficiently to alerts, but also address the inevitable flurry of questions every time a large-scale attack happens and take action as needed. Collaborate. It isn't just security tools that are siloed, security teams typically operate in silos as well and that includes all the members of your threat intelligence program – threat intelligence analysts, security operations centers (SOCs) and incident handlers, to name a few. When one team member researches an event or alert and doesn't find information that is relevant to them, they tend to put that information aside and move on to the next task. But what if someone else in threat operations, conducting a separate investigation, could have benefitted from that work? Without the ability to collaborate as part of the workflow, key commonalities are missed so investigations take longer or hit a dead end. What's needed is a single, shared environment that fuses together threat data, evidence and users, so that all team members involved in the inve | Guideline | Deloitte | |
|
2018-03-28 12:26:03 | Kaspersky Open Sources Internal Distributed YARA Scanner (lien direct) | Kaspersky Lab has released the source code of an internally-developed distributed YARA scanner as a way of giving back to the infosec community. Originally developed by VirusTotal software engineer Victor Alvarez, YARA is a tool that allows researchers to analyze and detect malware by creating rules that describe threats based on textual or binary patterns. Kaspersky Lab has developed its own version of the YARA tool. Named KLara, the Python-based application relies on a distributed architecture to allow researchers to quickly scan large collections of malware samples. Looking for potential threats in the wild requires a significant amount of resources, which can be provided by cloud systems. Using a distributed architecture, KLara allows researchers to efficiently scan one or more YARA rules over large data collections – Kaspersky says it can scan 10Tb of files in roughly 30 minutes. “The project uses the dispatcher/worker model, with the usual architecture of one dispatcher and multiple workers. Worker and dispatcher agents are written in Python. Because the worker agents are written in Python, they can be deployed in any compatible ecosystem (Windows or UNIX). The same logic applies to the YARA scanner (used by KLara): it can be compiled on both platforms,” Kaspersky explained. KLara provides a web-based interface where users can submit jobs, check their status, and view results. Results can also be sent to a specified email address. The tool also provides an API that can be used to submit new jobs, get job results and details, and retrieve the matched MD5 hashes. Kaspersky Lab has relied on YARA in many of its investigations, but one of the most notable cases involved the 2015 Hacking Team breach. The security firm wrote a YARA rule based on information from the leaked Hacking Team files, and several months later it led to the discovery of a Silverlight zero-day vulnerability. The KLara source code is available on GitHub under a GNU General Public License v3.0. Kaspersky says it welcomes contributions to the project. This is not the first time Kaspersky has made available the source code of one of its internal tools. Last year, it released the source code of Bitscout, a compact and customizable tool designed for remote digital forensics operations. Related: Kaspersky Launches New Security Product for Exchange Online | Guideline | ||
|
2018-03-28 10:54:05 | The Malicious Use of Artificial Intelligence in Cybersecurity (lien direct) | 
Criminals and Nation-state Actors Will Use Machine Learning Capabilities to Increase the Speed and Accuracy of Attacks
Scientists from leading universities, including Stanford and Yale in the U.S. and Oxford and Cambridge in the UK, together with civil society organizations and a representation from the cybersecurity industry, last month published an important paper titled, The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation.
While the paper (PDF) looks at a range of potential malicious misuses of artificial intelligence (which includes and focuses on machine learning), our purpose here is to largely exclude the military and concentrate on the cybersecurity aspects. It is, however, impossible to completely exclude the potential political misuse given the interaction between political surveillance and regulatory privacy issues.
Artificial intelligence (AI) is the use of computers to perform the analytical functions normally only available to humans – but at machine speed. 'Machine speed' is described by Corvil's David Murray as, “millions of instructions and calculations across multiple software programs, in 20 microseconds or even faster.” AI simply makes the unrealistic, real.
The problem discussed in the paper is that this function has no ethical bias. It can be used as easily for malicious purposes as it can for beneficial purposes. AI is largely dual-purpose; and the basic threat is that zero-day malware will appear more frequently and be targeted more precisely, while existing defenses are neutralized – all because of AI systems in the hands of malicious actors.
Current Machine Learning and Endpoint Protection
Today, the most common use of the machine learning (ML) type of AI is found in next-gen endpoint protection systems; that is, the latest anti-malware software. It is called 'machine learning' because the AI algorithms within the system 'learn' from many millions (and increasing) samples and behavioral patterns of real malware.
|
Guideline | ||
|
2018-03-27 17:04:04 | Statistics Say Don\'t Pay the Ransom; but Cleanup and Recovery Remains Costly (lien direct) | Businesses have lost faith in the ability of traditional anti-virus products to detect and prevent ransomware. Fifty-three percent of U.S companies infected by ransomware in 2017 blamed legacy AV for failing to detect the ransomware. Ninety six percent of those are now confident that they can prevent future attacks, and 68% say this is because they have replaced legacy AV with next-gen endpoint protection. Thes details come from a February 2018 survey undertaken by Vanson Bourne for SentinelOne, a next-gen provider, allowing SentinelOne to claim, "This distrust in legacy AV further confirms the required shift to next-gen endpoint protection in defending against today's most prominent information security threats." This is a fair statement, but care should be taken to not automatically confuse 'legacy AV' with all traditional suppliers -- many can also now be called next-gen providers with their own flavors of AI-assisted malware detection. SentinelOne's Global Ransomware Report 2018 (PDF) questioned 500 security and risk professionals (200 in the U.S., and 100 in each of France, Germany and the UK) employed in a range of verticals and different company sizes. The result provides evidence that paying a ransom is not necessarily a solution to ransomware. Forty-five percent of U.S. companies infected with ransomware paid at least one ransom, but only 26% had their files unlocked. Furthermore, 73% of those firms that paid the ransom were targeted at least once again. Noticeably, while defending against ransomware is a security function, responding to it is a business function: 44% of companies that paid up did so without the involvement or sanction of the IT/security teams. The attackers appear to have concluded that U.S. firms are the more likely to pay a ransom, and more likely to pay a higher ransom. While the global average ransom is $49,060, the average paid by U.S. companies was $57,088. "If the cost of paying the ransomware is less than the lost productivity caused by downtime from the attack, they tend to pay," SentinelOne's director of product management, Migo Kedem, told SecurityWeek. "This is not good news, as it means the economics behind ransomware campaigns still make sense, so attacks will continue." This is in stark contrast to the UK, where the average payment is almost $20,000 lower at $38,500. It is tempting to wonder if this is because UK companies just don't pay ransoms. In 2016, 17% of infected UK firms paid up; now it is just 3%. This may reflect the slightly different approaches in law enforcement advice. While LEAs always say it is best not to pay, the UK's NCSC says flatly, 'do not pay', while the FBI admits that it is ultimately the decision of each company. Paying or not paying, is, however, only a small part of the cost equation; and the UK's Office for National Statistics (ONS) provides useful figures. According the SentinelOne, these figures show that in a 12-month period, the average cost of a ransomware infection to a UK business was £329,976 ($466,727). With 40% of businesses with more than 1000 employees being infected, and 2,625 such organizations in the UK, the total cost of ransomware to UK business in 12 months was £346.4 m | Guideline | Wannacry | |
|
2018-03-27 15:35:02 | First OpenSSL Updates in 2018 Patch Three Flaws (lien direct) | The first round of security updates released in 2018 for OpenSSL patch a total of three vulnerabilities, but none of them appears to be serious.
OpenSSL versions 1.1.0h and 1.0.2o patch CVE-2018-0739, a denial-of-service (DoS) vulnerability discovered using Google's OSS-Fuzz service, which has helped find several flaws in OpenSSL in the past period.
The security hole, rated “moderate,” is related to constructed ASN.1 types with a recursive definition.
“Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion,” the OpenSSL Project said in its advisory.
Another moderate severity flaw, which only affects the 1.1.0 branch, is CVE-2018-0733. This is an implementation bug in the PA-RISC CRYPTO_memcmp function, and it allows an attacker to forge authenticated messages easier than it should be.
The OpenSSL Project learned about this vulnerability in early March from IBM. Only HP-UX PA-RISC systems are impacted.
Finally, OpenSSL 1.1.0h fixes an overflow bug that could allow an attacker to access TLS-protected communications. The vulnerability, CVE-2017-3738, was first disclosed in December 2017, but since an attack is not easy to carry out the issue has been assigned a low severity rating and it has only been patched now.
Four rounds of security updates were released for OpenSSL last year, and only one of the eight fixed vulnerabilities was classified as high severity.
|
Guideline | ||
|
2018-03-27 15:29:02 | (Déjà vu) New "ThreadKit" Office Exploit Builder Emerges (lien direct) | A newly discovered Microsoft Office document exploit builder kit has been used for the distribution of a variety of malicious payloads, including banking Trojans and backdoors, Proofpoint reports. The exploit builder kit was initially discovered in October 2017, but Proofpoint's researchers have linked it to activity dating back to June 2017. The builder kit shows similarities to Microsoft Word Intruder (MWI), but is a new tool called ThreadKit. In June 2017, the kit was being advertised in a forum post as being able to create documents with embedded executables and embedded decoy documents, and several campaigns featuring such documents were observed that month. The documents would perform an initial check-in to the command and control (C&C) server, a tactic also used by MWI. The documents were targeting CVE-2017-0199 and were focused on downloading and executing a HTA file that would then download the decoy and a malicious VB script to extract and run th | Guideline |
To see everything:
Our RSS (filtrered)
