What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-11-22 08:07:00 | (Déjà vu) Russia\'s Sandworm hacking group heralds new era of cyber warfare (lien direct) | Speakers at this year's CyberwarCon conference dissected a new era of cyber warfare, as nation-state actors turn to a host of new advanced persistent threat (APT) strategies, tools and tactics to attack adversaries and spy on domestic dissidents and rivals. The highest profile example of this new era of nation-state digital warfare is a Russian military intelligence group called Sandworm, a mysterious hacking initiative about which little has been known until recently. The group has nevertheless launched some of the most destructive cyberattacks in history. | Threat | ||
|
2019-11-22 08:07:00 | A new era of cyber warfare: Russia\'s Sandworm shows “we are all Ukraine” on the internet (lien direct) | Speakers at this year's CyberwarCon conference dissected a new era of cyber warfare, as nation-state actors turn to a host of new advanced persistent threat (APT) strategies, tools and tactics to attack adversaries and spy on domestic dissidents and rivals. The highest profile example of this new era of nation-state digital warfare is a Russian military intelligence group called Sandworm, a mysterious hacking initiative about which little has been known until recently. The group has nevertheless launched some of the most destructive cyberattacks in history. | Threat | ||
|
2019-11-21 07:06:00 | BrandPost: Your Holiday Guide to Safe Cybershopping (lien direct) | Individuals and retailers aren't the only ones getting ready for the biggest shopping season of the year. The holiday shopping season is also a big event for cybercriminals. Every holiday season, security researchers document spikes in online criminal activity, ranging from phishing scams, fake shopping sites, and credit card skimming software, to malicious and compromised applications being posted in online app stores. At the same time, because people will be getting out their credit cards to make sometimes large numbers of purchases, attackers assume that a few fraudulent transactions may be easily missed. | |||
|
2019-11-21 03:11:00 | Emergent Android banking Trojan shows app overlay attacks are still effective (lien direct) | Researchers are tracking an Android Trojan that's been rapidly improving over the past several months. It uses overlay attacks to steal login credentials and payment card details from users of banking and other applications. [ How well do you know these 9 types of malware and how to recognize them. | Sign up for CSO newsletters! ] Dubbed Ginp, the Trojan was first spotted in October 2019, but has been in the wild since at least June, according to researchers from Dutch cybersecurity company ThreatFabric. During the past five months, the malware has received numerous improvements, including some features borrowed from an older commercial banking Trojan called Anubis. | Malware | ||
|
2019-11-20 10:07:00 | Best new Windows 10 security features: Longer support, easier deployment (lien direct) | With the new era of Windows as a service, Microsoft is rolling out changes to the operating system twice a year. Many of those changes will allow you to improve your security posture and offer more security choices. You no longer have to wait for a new operating system to deploy new security features. [ Learn how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by signing up for our newsletters. ] Windows 10 1909 Microsoft's 1909 version of Windows 10 will have the fewest changes from prior versions. Several feature releases haven't been as uneventful as they could have been, so 1909 is making a drastic change in how it rolls out. | Malware | ||
|
2019-11-19 07:21:00 | IDG Contributor Network: 3 keys to preserving customer relationships in the wake of a data breach (lien direct) | For any organization, the primary objective of a “crisis” is to get through the event with as little long-term impact as possible. This means all the elements of your company that were thriving beforehand should still be thriving afterwards. From this perspective, it's not enough to get a system back up and running after a data breach, if you've damaged other parts of the business in the process – for example, your customers lose trust in you and take their business elsewhere.Recent data from Centrify and the Ponemon Institute suggest that customers are becoming increasingly sensitive to the impact of a data breach and how a company manages the response, with 65% saying a data breach had caused them to lose trust in the organization, and 27% discontinuing their relationship with that company. The 2019 Cost of Data Breach Report from IBM Security and the Ponemon Institute found that 36% of the cost of an average data breach was due to business disruption, a category that includes lost customers. The report also found that the average cost of a data breach was nearly $1 million lower when a company lost less than 1 percent of their customers. For those losing over 4 percent of their customers, the cost was roughly $1.8 million more. The report concluded that “the loss of customer trust had serious financial consequences,” on businesses experiencing a data breach. | Data Breach | ||
|
2019-11-19 07:09:00 | BrandPost: Five Reasons You Need a Global View of Your Attack Surface (lien direct) | In the past, the vast majority of an organization's attack surface was based on static ranges registered to that organization. This made it relatively simple to monitor for signs of compromise and prevent intrusion by malicious actors.But things have changed. Today, most organizations have assets on so much more than the static ranges registered to them. The following are the five places where organizations tend to have Internet assets, and where it's critical to identify those assets and reduce your attack surface. They also represent five reasons you need a global, outside-in view of your attack surface. Core IP space: Core ranges are table stakes. Organizations need to rapidly monitor known ranges for inadvertent misconfigurations or device exposures. Any exposures on these ranges are highly attributable and likely to be targeted quickly. Cloud environments: Organizations are moving to the cloud, and it has never been easier for an employee to spin up a device outside of normal IT processes. Organizations should have focused discovery of assets pointed at all cloud environments, including AWS, Azure, Google, Oracle, Rackspace, and other cloud-hosting providers. Commercial ISP space: A mobile workforce has created new classes of risk that haven't previously existed. Traveling employees may have misconfigured workstations that expose their laptops to the world. These exposures are highly ephemeral because they move as the employee travels from home to a coffee shop to a hotel. Subsidiary and acquisition networks: Attackers look for entry points anywhere they can, including nested subsidiaries and historical acquisitions. Often, Expanse identifies both on-premise and cloud assets that were orphaned during an M&A event and are unmonitored. Organizations should take care to search for abandoned assets that may have been overlooked previously. Strategic suppliers: Suppliers are more connected than ever. It's often impossible to do business without sharing sensitive data or permitting network access to critical business partners. Exposures on these fringe segments of your network can lead to data loss or network intrusions on your corporate enclave. Organizations have networks that are so widely distributed that they need to monitor the entire Internet in order to accurately track their Internet-facing presence. It's critical to have the right security and IT Operations solutions in place to discover and monitor your global Internet attack surface across these five areas where Internet Assets live. | Guideline | ||
|
2019-11-19 03:00:00 | Why you should consider your managed service provider an insider threat (lien direct) | A growing number of managed services providers (MSPs) from around the world are being targeted and compromised by hackers. Such breaches can have a serious impact on their customers' business, as compromised MSPs can serve as launchpads into their clients' corporate networks. MSP compromises highlight why it's important for organizations to consider the risk they pose and be ready to block threats coming through trusted business partners. | Threat | ||
|
2019-11-18 03:00:00 | 10 ways to kill your security career (lien direct) | Most CISOs don't expect a breach to get them fired. | |||
|
2019-11-15 07:48:00 | BrandPost: 5 Recommendations for Preparing for and Responding to a Network Breach (lien direct) | A data breach can have a devastating effect on an organization. According to the Ponemon Institute's annual Cost of a Data Breach Report, the average total cost of a data breach is now $3.92 million, with an average of 25,575 records being stolen or compromised. But recovering lost data is only part of the equation. Extended downtime can quickly compound costs on an hour-by-hour basis. And more difficult to quantify is regaining lost consumer confidence and damage to an organization's brand, which can take months or years to repair. | Data Breach | ||
|
2019-11-13 07:58:00 | BrandPost: Addressing New Challenges Starts with Resilience (lien direct) | The third quarter of 2019 saw a number of new cyberthreat trends emerge or expand, and organizations need to be aware of these trends if they wish to stay ahead of cybercriminal strategies. One of the most effective attacks strategies does not require cybercriminals to build new malware, but simply change their tactics.Cybercriminals are Focusing on Vulnerable Edge Services Phishing attacks are top of mind across all industries. That's because over 90% of all malware is still delivered using compromised email attachments. As a result, organizations are aggressively training users on how to identify malicious email, report them to the Help Desk team, and never click on unexpected email attachments. They are also reviewing and updating their secure email gateway solutions to more effectively filter out unwanted and malicious email. But over-rotating on a single attack vector can leave an organization exposed to threats that target other, potentially neglected systems. | Malware | ||
|
2019-11-12 08:11:00 | BrandPost: Worried About Your Internet Presence? Focus on Your Attack Surface (lien direct) | The Internet has created myriad ways for people and organizations to connect with one another. Unfortunately, attackers will attempt to find and exploit the Internet presence of an organization. All of the connections, profiles, pages, and posts can be discovered and potentially weaponized in both targeted and opportunistic attacks.The classes of data that make up your Internet presence fall into a few different buckets, some of which may not actually belong to the organization itself:Attack surface: These are directly attackable parts of your network like websites, networking equipment, and exposed user workstations. It can also include your larger cyber ecosystem, such as supplier or subsidiary networks that might be targeted for an attack. | |||
|
2019-11-12 07:14:00 | How much does it cost to launch a cyberattack? (lien direct) | Companies spend big to defend their networks and assets from cyber threats. Kaspersky Labs has found security budgets within enterprises average around $9 million per year. On top of that, data breaches cost companies millions of dollars. Yet, cheap, relatively easy-to-use off-the-shelf hacking tools make the barrier to entry for cybercriminals incredibly low. [ How much does a cyber attack really cost? Take a look at the numbers.. | Get the latest from CSO by signing up for our newsletters. ] | |||
|
2019-11-12 03:24:00 | Twitter spy scandal a wake-up call for companies to clean up their data access acts (lien direct) | A tremor rippled across the information security community last week when the Justice Department announced criminal charges against two Twitter employees, Ahmad Abouammo and Ali Alzabarah, for acting as foreign agents under the direction and control of the Kingdom of Saudi Arabia. The complaint alleges that the two men used their ability to access user data to provide the Saudi rulers with private information on more than 6,000 Twitter users. [ What is access control? 5 things security professionals need to know | Sign up for CSO newsletters! ] | |||
|
2019-11-12 03:00:00 | How to lock down enterprise web browsers (lien direct) | Browsers. You can't use the Internet without them, but they introduce insecurity and instability to the computing environment. Browsers are the operating system of cloud computing and protecting them will become more and more important. [ Learn how to identify, block and remove malware from Windows PCs. | Get the latest from CSO by signing up for our newsletters. ] Just last week, Google came out with patches to fix zero-day vulnerabilities with Chrome. As Kaspersky noted in its blog, “The attack leverages a waterhole-style injection on a Korean-language news portal. A malicious JavaScript code was inserted in the main page, which in turn loads a profiling script from a remote site.” The attack determined what browser version and operating system the victim is running. Like many attacks, the goal was to gain persistence on the computer. In this case the malware installs tasks in Windows Task Scheduler. | Malware | ||
|
2019-11-07 03:07:00 | Best Android antivirus? The top 9 tools (lien direct) | The following are the nine best business-class antivirus tools for Android, according to AV-TEST's September 2019 evaluations of 19 Android security apps. (The AV-TEST Institute is a Germany-based independent service provider of IT security and antivirus research.)AV-TEST rates each tool for three areas: protection (six points max), performance (six points max), and usability (six points max). The products listed here all had perfect scores of 18.[ Learn how SandBlast Mobile simplifies mobile security. | Get the latest from CSO by signing up for our newsletters. ] | Tool | ||
|
2019-11-06 06:00:00 | Defenders can discover phishing sites through web analytics IDs (lien direct) | An increasing number of phishing websites use web analytics services and have unique tracking IDs in their code, security researchers have found. Whether intentional or accidental, the use of such IDs can help defenders discover phishing pages that are used across large attack campaigns. [ Check out these 11 phishing prevention tips for best technology practices, employee education and social media smarts. | Get the latest from CSO by signing up for our newsletters. ] | |||
|
2019-11-04 12:31:00 | BrandPost: How to Implement Policies to Secure Your Network (lien direct) | Certain security basics used to be good enough to protect your network. You could roll out an endpoint security tool, implement a firewall, and use sandboxing, and at least sleep a little easier at night. But today's attackers are more sophisticated, and that means security professionals have to be more sophisticated, too.A key part of that is configuring policies that are specific to your network and match the behavior you expect to see. This makes it easier to surface anomalous communications that could indicate a breach. Since attackers often won't know about how your network is structured, these policies could block or surface an attack in progress, or make it harder for an attacker to pivot laterally within your organization. | |||
|
2019-11-04 07:05:00 | This 12-course bundle will teach you how to be an ethical hacker for $39 (lien direct) | It seems like there's a new data breach every month, and as hackers ramp up their efforts to steal our private info, it's only natural to feel afraid. What can you do to fight back? Oddly enough, the best way to prevent cybersecurity attacks is by fighting fire with fire. As an ethical hacker, you can make a living by exploiting cybersecurity vulnerabilities, and this $39 bundle will show you how. | Data Breach | ||
|
2019-10-31 03:00:00 | Dial 211 for cyberattacks (lien direct) | "Never doubt that a small group of thoughtful, committed citizens can change the world; indeed, it's the only thing that ever has.” This quote from Margaret Mead is one of my favorite. Who doesn't love a story about one person or a small group standing up to much larger monied interests or the status quo and changing the world?Never doubt that a small group of thoughtful, committed citizens can change the world; indeed, it's the only thing that ever has. [ How much does a cyber attack really cost? Take a look at the numbers.. | Get the latest from CSO by signing up for our newsletters. ] | |||
|
2019-10-30 11:06:00 | BrandPost: Your Attack Surface Problem Is Really an Asset Management Problem (lien direct) | The foundation of effective security is knowing what you need to protect. Without a full inventory of your Internet-connected assets, you don't have a clear picture of your attack surface. And that means you can't identify and remediate exposures. While many organizations today may think they understand their attack surface, the truth is that they don't because of a fundamental breakdown in asset management and governance.Asset management is a well-understood and mature practice among IT and security teams. In the past, you could periodically review internal hardware and software assets to understand what belonged to your company and the attack surface you needed to protect. But digital transformation and the increased velocity and consequence of Internet-originated attacks requires that organizations rethink asset management processes. | |||
|
2019-10-29 10:19:00 | BrandPost: Five critical elements for any cyber security awareness program (lien direct) | While nearly 9 in 10 companies not only allow, but actually rely on their employees to access critical business apps using their personal devices, according to a recent Fortinet Threat Landscape Report, Android-based malware now represents 14% of all cyberthreats. And in addition to direct attacks, the number of compromised web sites, email phishing campaigns, and malicious access points continue to grow exponentially, infecting unsuspecting users – regardless of their devices –with spyware, malware, compromised applications, and even ransomware. | Malware Threat | ||
|
2019-10-21 03:00:00 | Top cloud security controls you should be using (lien direct) | Another day, another data breach - thanks to misconfigured cloud-based systems. This summer's infamous Capital One breach is the most prominent recent example. The breach resulted from a misconfigured open-source web application firewall (WAF), which the financial services company used in its operations that are hosted on Amazon Web Services (AWS). [ Follow these 5 tips for better cloud security. | Get the latest from CSO by signing up for our newsletters. ] | Data Breach | ||
|
2019-10-17 05:36:00 | IDG Contributor Network: Privacy legislation: The road ahead (lien direct) | Midway along my drive to work each morning, I gain the freedom to unbuckle. New Hampshire, known for its “Live Free or Die” motto, is the only state in the union that views my seatbelt use as optional. As I cross state lines from Maine to New Hampshire, the rules of the road change.Increasingly, the same can be said for the laws governing privacy. While those patrolling the beat might understand the jurisdictional boundaries; technologically, they're often irrelevant, forcing many organizations to pay attention to all such laws at once.It's a winding road ahead.As privacy professionals driving new technologies forward peer beyond their dashboards, a rapidly changing US landscape is unfolding. The US privacy regime is already complex. It features a host of sectoral laws at the federal level, FTC enforcement of unfair and deceptive practices to plug the holes, 50 plus data breach notification laws, mini state-level FTC acts, a smattering of state privacy laws, and an aggressive plaintiff's bar. While that's a lot to grapple with, the pace of change in privacy laws, and the technologies they seek to regulate, is only accelerating. | Data Breach | ||
|
2019-10-16 03:00:00 | How to secure Microsoft-based election, campaign systems (lien direct) | Attackers aren't waiting until next year to attack the technology used in the election process. For example, attackers from Iran reportedly attempted to break into user accounts associated with the Republican party. While Microsoft didn't say which campaign was attacked, later news reports indicated that it was President Trump's re-election campaign. | |||
|
2019-10-16 03:00:00 | Top Linux antivirus software (lien direct) | The last several years have seen a startling increase in malware that targets Linux. Some estimates suggest that Linux malware account for more than a third of the known attacks. In 2019, for example, new Linux-specific attacks included the Silex worm, GoLang malware, the Zombieload side-channel attack, the Hiddenwasp Trojan, the EvilGnome spyware and Lilocked ransomware. The volume and severity of attacks against Linux are clearly on the rise. | Malware | ||
|
2019-10-14 03:00:00 | Equifax data breach FAQ: What happened, who was affected, what was the impact? (lien direct) | In March 2017, personally identifying data of hundreds of millions of people was stolen from Equifax, one of the credit reporting agencies that assess the financial health of nearly everyone in the United States.As we'll see, the breach spawned a number of scandals and controversies: Equifax was criticized for everything ranging from their lax security posture to their bumbling response to the breach, and top executives were accused of corruption in the aftermath. And the question of who was behind the breach has serious implications for the global political landscape.How did the Equifax breach happen? Like plane crashes, major infosec disasters are typically the result of multiple failures. The Equifax breach investigation highlighted a number of security lapses that allowed attackers to enter supposedly secure systems and exfiltrate terabytes of data. | Data Breach | Equifax | |
|
2019-10-09 03:00:00 | Rebuilding after NotPetya: How Maersk moved forward (lien direct) | Few cyber incidents are as well-known as the NotPetya attack in 2017. The attack crippled a number of companies, none more publicly than shipping giant Maersk, which temporarily lost its entire global operations. | NotPetya | ||
|
2019-10-04 11:04:00 | Zero-day vulnerability gives attackers full control of Android phones (lien direct) | Attackers are reportedly exploiting an unpatched vulnerability to take control of Android devices and potentially deliver spyware. The flaw affects phones models from multiple manufacturers including Google, Samsung, Huawei, LG and Xiaomi.The vulnerability is a use-after-free memory condition in the Android Binder component that can result in privilege escalation. The flaw was patched without a CVE identifier in Dec. 2017 in the Linux 4.14 LTS kernel, the Android Open Source Project's (AOSP) 3.18 kernel, the AOSP 4.4 kernel and AOSP 4.9 kernel. | Vulnerability | ||
|
2019-10-03 06:00:00 | Chinese cyberespionage group PKPLUG uses custom and off-the-shelf tools (lien direct) | Security researchers have linked various attack campaigns against organizations and ethnic groups in Asia to a single threat actor they believe is likely serving China's geopolitical interests in the region and is connected to the country's state-sponsored cyberespionage apparatus. Researchers from security firm Palo Alto Networks have been tracking attack campaigns launched by a group, or several closely connected groups, they've dubbed PKPLUG for the past three years. They've found links to older attack campaigns reported independently by other companies over the past six years. According to them, this is the first time all these attacks have been tied together under a single threat actor. | Threat | ||
|
2019-10-03 03:00:00 | 8 ways your patch management policy is broken (lien direct) | Not appropriately patching your software and devices has been a top reason why organizations are compromised for three decades. In some years, a single unpatched application like Sun Java was responsible for 90% of all cybersecurity incidents. Unpatched software clearly needs to be mitigated effectively. [ Patching and security training programs will thwart attacks more effectively than anything else. Here's how to do them better.. | Sign up for CSO newsletters. ] | Patching | ★★ | |
|
2019-09-30 09:05:00 | BrandPost: The Critical Need for Threat Intelligence (lien direct) | Passive security devices deployed at a network edge waiting for some previously identified threat to trigger a response was the primary mode of security for over a decade. And though that approach has undergone some updating in the interim, it is still the primary mode of protection relied upon by far too many organizations.Today's threats are far more sophisticated. They are designed to evade detection, hijack approved software, disguise themselves as legitimate traffic, and even disable network and security devices. Prevention, as well as detection and response, require active security solutions that can identify attack patterns, detect unusual behaviors, and uncover threats before they can cause harm. And to do that, they need effective and reliable threat intelligence. | Threat | ||
|
2019-09-30 03:00:00 | Marriott data breach FAQ: How did it happen and what was the impact? (lien direct) | In late 2018, the Marriott hotel chain announced that one of its reservation systems had been compromised, with hundreds of millions of customer records, including credit card and passport numbers, being exfiltrated by the attackers. While Marriott has not disclosed the full timeline or technical details of the assault, what we do know tells us quite a bit about the current threat landscape - and offers lessons for other enterprises on how to protect themselves.We answer 10 frequently asked questions.When was the Marriott breach? On September 8, 2018, an internal security tool flagged as suspicious an attempt to access the internal guest reservation database for Marriott's Starwood brands, which include the Westin, Sheraton, St. Regis, and W hotels. This prompted an internal investigation that determined, through a forensics process that Marriott has not discussed in detail, that the Starwood network had been compromised sometime in 2014 - back when Starwood had been a separate company. Marriott purchased Starwood in 2016, but nearly two years later, the former Starwood hotels hadn't been migrated to Marriott's own reservation system and were still using IT infrastructure inherited from Starwood, an important factor that we'll revisit in more detail later. | Data Breach Tool Threat | ||
|
2019-09-27 03:00:00 | Cyber-risk management is about to get easier (lien direct) | Cyber-risk management is more difficult at organizations today than it was two years ago. So say 73% of security professionals in a recent ESG research survey. (Note: I am an ESG employee.) Why? Survey respondents point to things like the growing attack surface, the rising number of software vulnerabilities, and the increasing technical prowess of cyber adversaries. How can organizations mitigate growing cyber risks? One common way is to get a better handle on the strength of existing cyber defenses through exercises such as red teaming and penetration testing. | |||
|
2019-09-25 04:10:00 | Magecart web skimming group targets public hotspots and mobile users (lien direct) | One of the web skimming groups that operate under the Magecart umbrella has been testing the injection of payment card stealing code into websites through commercial routers like those used in hotels and airports. The group has also targeted an open-source JavaScript library called Swiper that is used by mobile websites and apps. [ Get inside the mind of a hacker, learn their motives and their malware. | Sign up for CSO newsletters! ] Security researchers from IBM's X-Force Incident Response and Intelligence Services team have found what appear to be test skimming scripts developed earlier this year by one of the most prolific of the dozen or so groups tracked by the security industry as Magecart. These groups have compromised thousands of websites to date and have injected malicious code designed to steal payment details into their checkout pages. | |||
|
2019-09-24 07:39:00 | BrandPost: How Telnet Works and Why It\'s a Problem (lien direct) | Your attack surface is made up of every single asset your organization owns that's connected to the Internet. That doesn't just mean hardware and software - it also means IP addresses, domains, and certificates. All of these assets need to be managed just like any other, and exposing them can put your organization at risk.At Expanse, we index the entire global Internet to identify organizations' Internet-connected assets and services and to identify exposures. In the course of this, we frequently find organizations running protocols that are outdated and that never should have been open to the Internet in the first place.One example of this is Telnet, an unencrypted remote access protocol. It's sort of like a screen share (or a remote desktop protocol), but without the desktop interface, using terminal commands instead. It allows you to send text to and from a report server. | |||
|
2019-09-23 04:03:00 | CISA\'s Krebs seeks more measured approach to election security heading into 2020 (lien direct) | Given the too-late realization that Russia interfered in the 2016 presidential election through massive disinformation campaigns and -- as the Mueller report most recently documented with a few new twists -- actual efforts to hack into state elections systems, it's no surprise that election security under the rubric of “Protect 2020” was a key theme running throughout the Cybersecurity and Infrastructure Security Agency's (CISA) second annual Cybersecurity Summit.[ Learn what you need to know about defending critical infrastructure . | Get the latest from CSO by signing up for our newsletters. ] Even so, CISA Director Christopher Krebs kicked off the summit by cautioning against the kind of fearful language and overwrought concerns currently surrounding the topic of election security. “We've got to be more straightforward, more measured, more reasonable in how we talk about things. Election security is a great example. Are there true, absolute, fundamental risks in the infrastructure? Yes, but we have to take the hysteria out of the conversation because ultimately what we do is we drive broader voter confidence down,” he said. | Hack | ||
|
2019-09-19 03:00:00 | 10 signs you\'re being socially engineered (lien direct) | Together, phishing and social engineering are by far the number one root-cause attack vector, and they have been around nearly since computers themselves were invented. | |||
|
2019-09-18 06:00:00 | Secrets of latest Smominru botnet variant revealed in new attack (lien direct) | The latest iteration of Smominru, a cryptomining botnet with worming capabilities, has compromised over 4,900 enterprise networks worldwide in August. The majority of the affected machines were small servers and were running Windows Server 2008 or Windows 7. [ Get inside the mind of a hacker, learn their motives and their malware. | Sign up for CSO newsletters! ] Smominru is a botnet that dates back to 2017 and its variants have also been known under other names, including Hexmen and Mykings. It is known for the large number of payloads that it delivers, including credential theft scripts, backdoors, Trojans and a cryptocurrency miner. | |||
|
2019-09-12 09:07:00 | BrandPost: Challenges Abound in Securing Complex Networks (lien direct) | Securing your Internet attack surface today is more complex and challenging than ever. Machine-speed attacks mean that bad actors can find compromised assets in minutes. Security teams often find themselves responsible for securing assets that are ultimately managed by other departments. Ensuring protection without having control over the Internet-connected assets and services that need that protection can be a challenge.Adding to these escalating risks is the frequency with which the extended enterprise is targeted by malicious actors. Subsidiaries, companies that have been acquired, vendors, and partners can all be targets and add to your risk. Securing your organization isn't about putting endpoint security tools on every company-owned device and setting up a firewall anymore; it's about having complete visibility into and control over your global Internet attack surface, including relevant third parties. | |||
|
2019-09-10 14:15:00 | New NetCAT CPU side-channel vulnerability exploitable over the network (lien direct) | Researchers have found yet another CPU feature that can be abused to leak potentially sensitive data, but this time with a twist: The attacker doesn't need to have local access on the targeted machine because the attack works over the network. [ Find out how 4 deception tools deliver truer network security. | Get the latest from CSO by signing up for our newsletters. ] The culprit is Intel's Data Direct I/O (DDIO) technology, which gives peripheral devices such as network cards direct access to the processor's internal cache to achieve better performance, less power consumption, and higher data throughput. Before DDIO, these devices exchanged data with the CPU through RAM, whose latency can be a bottleneck. | Vulnerability | ||
|
2019-09-10 05:53:00 | IDG Contributor Network: How a small business should respond to a hack (lien direct) | Hacks and data breaches are, unfortunately, part of doing business today. Ten years ago, it was the largest corporations that were most targeted by hackers, but that has changed. As large organizations have improved their cybersecurity, and more and more small businesses go online, hackers have shifted their attention to smaller targets.The threat Putting numbers on the scale of cybercrime is difficult, not least because many companies are resistant to acknowledging that they've been hacked. A huge study from 2010, though, conducted by Verizon working in conjunction with the US Secret Service, found that even then smaller businesses were under huge threat from cybercriminals: over 60% of the data breaches covered in that report were from businesses with less than 100 employees. | Hack Threat | ||
|
2019-09-06 03:00:00 | Are you taking third-party risk seriously enough? (lien direct) | What do the exposure of 106 million records from Capital One, 11.9 million records from Quest Diagnostics, and 7.7 million records from LabCorp have in common apart from the fact they all happened this year? In each case the breach was caused by a third party. With the Capital One breach a hacker was able to exploit a configuration vulnerability in the servers of one of its cloud partners. The other two breaches were traced to the same third party – the American Medical Collection Agency's (AMCA) system. | |||
|
2019-09-04 12:49:00 | SMS-based provisioning messages enable advanced phishing on Android phones (lien direct) | Attackers can abuse a special type of SMS messages used by mobile operators to deliver internet settings to Android phones to launch credible phishing attacks that result in users' internet traffic being hijacked. According to researchers from Check Point Software Technologies, some phone makers' implementations of the Open Mobile Alliance Client Provisioning (OMA CP) standard allows anyone to send special provisioning messages to other mobile users with a $10 GSM modem and off-the-shelf software. [ Learn how SandBlast Mobile simplifies mobile security. | Get the latest from CSO by signing up for our newsletters. ] | |||
|
2019-09-03 14:12:00 | Insecure virtual USB feature in Supermicro BMCs exposes servers to attack (lien direct) | A baseband management controller (BMC) is an independent microcontroller present on server motherboards that allows out-of-band management of those servers. BMCs are like small computers with their own specialized firmware that run inside, but independently of the main computer -- the server itself. The BMC software is typically unique for every server manufacturer, and it presents a management interface that gives administrators full control over the server and its operating system.The level of access that BMC interfaces provide make them highly powerful, which is why the security of BMC implementations has been scrutinized for years, and researchers have found various types of vulnerabilities affecting servers from different manufacturers. | |||
|
2019-09-03 03:00:00 | ICS as a cloud service is coming: Will the benefits outweigh the risks? (lien direct) | Industrial control system (ICS) equipment benefits from security by obscurity and complexity. The protocols are so unique and require so much effort to master that nobody but a motivated nation-state is going to spend the time and money figuring out how to attack them. | |||
|
2019-08-28 03:00:00 | 7 steps to ensure your Azure backup works when you need it (lien direct) | Recently, a disturbing ransomware attack impacted 22 Texas local governments and left them unable to process tax payments or perform normal business processes. It's another reminder that both public and private organizations need to review their ability to recover from such attacks. That starts with having a proper backup strategy. | |||
|
2019-08-27 05:47:00 | IDG Contributor Network: Why I\'m not sold on machine learning in autonomous security (lien direct) | Tell me if you've heard this: there is a new, advanced network intrusion device that uses modern super-smart Machine Learning (ML) to root out known and unknown intrusions. The IDS device is so smart it learns what's normal on your network and not, immediately informing you when it sees an anomaly. Or, maybe it's an intrusion prevention system (IPS) that will then block all malicious traffic. This AI-enabled solution boasts 99% accuracy detecting attacks. Even more, it can detect previously unknown attacks. Exciting, right?That's an amazing sales pitch, but can we do it? I'm not sold yet. Here are two big reasons why: The above pitch confused detecting an attack with detecting an intrusion. An attack may not be successful; an intrusion is. Suppose you detected 5 new attacks, but only 1 was a real intrusion. Wouldn't you want to focus on the 1 successful intrusion, not the 4 failed attacks? ML-enabled security may not be robust, meaning that it works well on one data set (more often than not, the vendor's), but not another (your real network). In a nutshell, an attacker's job is to evade detection, and ML research has shown it's often not hard to evade detection. Put simply, ML algorithms are not generally intended to defeat an active adversary. Indeed, academic research areas in adversarial machine learning is still in its infancy, let alone real products with ML technology. Make no mistake - there is amazing research and researchers, but I don't think it's ready for full autonomy. | |||
|
2019-08-26 10:38:00 | Capital One hack shows difficulty of defending against irrational cybercriminals (lien direct) | Software engineer Paige Thompson was arrested in late July for an unprecedented hack into a cloud server containing the personal data of over 100 million people who had filed credit card applications with leading financial institution Capital One. Thompson, who at the time of her arrest ran a hosting company called Netcrave Communications, had held a series of engineering jobs, including a stint at Amazon Web Services (AWS) in 2015 and 2016, where she presumably gained the skills to exploit a vulnerability in an application firewall on Capital One's AWS server. | Hack Vulnerability Guideline | ||
|
2019-08-21 11:29:00 | IDG Contributor Network: How to become a cybersecurity RSO (lien direct) | What is an RSO? A “reliability seeking organization,” as described in Vanderbilt Professor Rangaraj Ramanujam's book Organizing for Reliability. We tend to think of cybersecurity as black and white; breach or no breach. We often focus on architecture, threats and defenses. In fact, we should also be concerned with the reliability of the security program. Here we define reliability as including performance consistency and resiliency. “Fault tolerant” is another descriptive term.Many types of organizations have already developed highly reliable business processes. Achieving such goals includes both strategy and execution. I contend that much can be learned from these organizations...and venturing outside the security bubble. |
To see everything:
Our RSS (filtrered)
