This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-05-06T13:59:44+00:00 www.secnews.physaphae.fr AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Rational Actor Model (RAM) as well as the seven primary intrinsic and extrinsic motivations for cyber attackers. Deterrence and security theory fundamentally rely upon the premise that people are rational actors. The RAM is based on the rational choice theory, which posits that humans are rational and will take actions that are in their own best interests.  Each decision a person makes is based upon an internal value calculus that weighs the cost versus the benefits of an action.  By altering the cost-to-benefit ratios of the decisions, decisions, and therefore behavior can be changed accordingly.  It should be noted at this point that ‘rationality’ relies upon a personal calculus of costs and benefits.  When speaking about the rational actor model or deterrence, it is critical to understand that ‘rational’ behavior is that which advances the individual’s interests and, as such, behavior may vary among people, groups and situations.  For this reason, it is impossible to prevent all crime through deterrence.  Some people will simply weigh the pros and cons of committing a crime and determine it is ‘worth the risk’ based upon their personal internal value calculus. While some criminologists dispute RAM in favor of other models, anecdotally it is difficult to argue with the value of the model. It is arguable that even terrorists employ a RAM model, and often select targets where there is fairly good certainty of “success”. This, again, echoes the model of risk management and a rational model of decision-making.  The concept repeats in all areas of behavior, including cybercrime. Understanding RAM it is important to explore human motivation.  In short there are two types of motivations that drive human behavior.  Intrinsic and extrinsic motivation.  Intrinsic motivations are those that are driven by internal rewards.  It includes motivations that are satisfying to the individual.  Eating, climbing a mountain, and watching a great movie are all examples of intrinsically motivated actions.  Extrinsic motivations, by contrast, are those behaviors that result in external rewards.  Working for a wage, playing the lottery and crime can all be examples of extrinsically motivated behavior.  No doubt at this point readers have identified that actions can be both intrinsically and extrinsically motivated.  With an understanding of the Rational Actor and Motivation theory it is now possible to discuss the motivations of cyber-attacks.  It should be noted that the term ‘crime’ is not used as it is a legal term and an attack may or may not be considered a crime.  As such a more generic term of ‘attack’ is used. In general, six different motivations exist for those who attempt a cyber-attack.  This has been coined as the Mark Heptad (yes after this author and creator).  The six seven motivations are: Financial (extrinsic) – Theft of personally identifiable information (PII),  that is then monetized is a classic example of financial motivation of cyberattacks.  Primarily perpetrated by organized criminal groups, this motivation represents a large percentage of cyberattacks against retailers and health care providers. ]]> 2020-02-19T13:00:00+00:00 https://feeds.feedblitz.com/~/618747806/0/alienvault-blogs~Understanding-cyber-attacker-motivations-to-best-apply-controls www.secnews.physaphae.fr/article.php?IdArticle=1551689 False Malware,Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC 2020-02-18T13:00:00+00:00 https://feeds.feedblitz.com/~/618690498/0/alienvault-blogs~Why-vendor-management-is-a-cornerstone-of-security www.secnews.physaphae.fr/article.php?IdArticle=1549139 False Vulnerability,Threat None 4.0000000000000000 AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC better engage with our clients, as well as how we lack inherited credibility.  Yes, soft skills indeed, but look at what we have created by behaving in our current state; “you guys steal everything”.  What is our remedy for this problem?  I propose that we InfoSec folks start to think more like the first responders.  There is nothing wrong with reserving the ability to act when necessary, but perhaps we need not point out everything we see when we are not being asked to do so.  How would you feel if you were cautioned by a nurse every time you ordered something “unhealthy” in a restaurant?  Not the most pleasant dining experience.  That nurse may be there to rescue you if you start choking, but will not make unsolicited comments about your food preferences prior to that.  My wife is a psychotherapist, and when we attend social events, people often say to her “Oh, I suppose that you are analyzing me”.  She has come up with a very funny, but true response; “You ain’t paying me, I ain’t analyzing you”.  Perhaps it is time for InfoSec professionals to take the same approach.   ]]> 2020-02-13T13:00:00+00:00 https://feeds.feedblitz.com/~/618272270/0/alienvault-blogs~InfoSec-needs-a-reputation-overhaul www.secnews.physaphae.fr/article.php?IdArticle=1539219 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Photo by Kon Karampelas on Unsplash An independent guest blogger wrote this blog. Up until now, some of PayPal users’ greatest fears in terms of cybersecurity were phishing scams aimed at obtaining their login credentials. In January of this year, PayPal confirmed a high-severity bug affecting the login form, with PayPal security investigator, Alex Birsan, finding a javascript file with what looked like a CSRF token and a session ID – which makes login information vulnerable to attackers. However, another scam is set to take this vulnerability further, by aiming not only to elicit login details, but also personal information and payment card/bank account details.  Going a step further The new scam, discovered by researchers at ESET, sends PayPal users an email stating that their account has experienced ‘unusual activity.’ The email then requests that the users take specific steps to protect their security. Once users click onto the page, they are directed to a phishing page on which they are asked to provide various details and verify their account by providing data such as their home address and banking details. Once they have provided the requested data, they are informed that their account is now secure/restored.   Signs of scamming The scam highlights the importance of knowing basic cybersecurity protocol. This includes being immediately suspicious of any email that leads users to a different URL, and wary of any changes – including misspelled words and odd-looking padlocks. One trend that was prevalent this year involved the use of a fake security certificate and a green padlock. Users should be aware of this and other new tricks by staying up-to-date on new cybersecurity risks, and by being vigilant of suspicious requests for information, addresses, links, and changes in page appearance.  A new PayPal threat from 16Shop phishing gang If you are aware of current phishing threats, then the name 16Shop Phishing Gang will not be new to you. This gang, whose operators are believed to be located in Southeast Asia, is specifically targeting PayPal, according to researchers at the Zero FOX Alpha Team. The group distributes a phishing kit which aims to obtain as much information as possible from PayPal users. The kit works by sending a POST request to a C2 server, with a password, domain and path. The information illicitly taken is then sent via SMTP to the inbox of the controller. The information can then be used to build phishing pages in a number of different languages – including English and Spanish.  Astounding discoveries The researchers managed to view traffic between the phishing kit and the command and control server. They found that the system was so easy to negotiate that even amateurs could use it without a hitch. They added that the kit was slick and sophisticated, with features]]> 2020-02-11T14:00:00+00:00 https://feeds.feedblitz.com/~/618085254/0/alienvault-blogs~New-PayPal-phishing-scam-seeks-to-go-beyond-login-credential-information www.secnews.physaphae.fr/article.php?IdArticle=1535596 False Vulnerability,Threat,Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Image Source: Photo by freestocks.org on Unsplash When you think of cybersecurity, what’s the first thing to come to mind? Most of the time, it might be your business’s IT team, who run around worrying about updates, threats, and computing capacity. The reality is that cybersecurity isn’t just the IT department’s concern — it’s everyone’s. Research suggests that cybercriminals will steal 33 billion records in the year 2023, and half of all global data breaches will occur in the U.S. If you want a hope of a stopping them from stealing from your business, then you need all hands on deck — from both your administrative team to the sales team to the C-suite. Why is building a comprehensive cybersecurity policy with features that cover everyone and their devices so important? Because everyone (and their devices) can be a threat. Here’s what you need to know about strengthening your cybersecurity as we head into the new decade. Why ‘comprehensive’ includes everyone at work Comprehensive cybersecurity practices usually include items like: Threat risk analysis System vulnerability analysis Impact assessments Security environment analysis But, to be totally effective, these need to consider not only the high-value and high-risk processes and procedures but everything in between. Why? Because while it’s true that your security is only as good as your software, you also need to limit the extent to which you expose those systems to threats. In today’s hyper-connected world, there are millions of opportunities to bare your security infrastructure to the world. Two of the biggest threats actually come down to your employees. First, they now complete the vast majority of their work online, which means both internet security and access are critical to your core processes. As more and more of your work happens in the cloud, you simultaneously create more vulnerabilities. Second, your employees also carry more internet-connected devices than ever — and they probably access company data on them. The cybersecurity threats created by the Internet of Things (IoT) are stunning: one survey found that 54% of consumers own at least four IoT devices, but only 14% say they know how to secure them. This is a huge problem because only 31% of employees receive annual cybersecurity training. Consider the Threat of Internal Sources To be clear: hackers are a problem. The prevalence of malware, phishing, ransomware, and DDoS attacks has grown year-on-year, and your business could be the next target. What you might not realize, however, is that the biggest threat to your business could already be in]]> 2020-02-06T14:00:00+00:00 https://feeds.feedblitz.com/~/617710144/0/alienvault-blogs~Building-comprehensive-cybersecurity-policies www.secnews.physaphae.fr/article.php?IdArticle=1527987 False Vulnerability,Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC webinar on the topic February 6). 1. Security-as-a-service fills the talent and recruitment gap. We are already falling into a talent abyss where there isn’t enough cybersecurity or compliance expertise and it’s not changing anytime soon. Getting help from security-as-a-service organizations will become the de-facto standard as the only way to fill the talent and recruitment gap. 2. Navigating vendor noise becomes harder. With so many cybersecurity vendors in the market, it’s tough to make decisions on what will truly help protect a business. This year there needs to be a focused priority in identifying services that provide resources and a full suite of solutions to help turn down the volume, ward off attacks and meet compliance mandates. 3. AI identifies security gaps faster. As we fight to keep up with new hacks, security professionals need to embrace machine learning (ML) and AI technology that works at a much faster cadence to find gaps that could lead to a breach. Using these technologies can help security professionals keep up with hackers. Combined with human expertise, AI and ML can help prevent attacks. 4. Widespread adoption of security visualization in the cloud. We want to see how our apps and data are connecting and where, and if, there are any security gaps. A “must-have” for all security professionals is the ability to see their entire security posture presented in a single, holistic visual dashboard. We will see the widespread adoption of security visualization across all environments. 5. The perimeter is dead; endpoints need protecting. More laptops, desktops, mobile phones, tablets, servers, and virtual environments are connecting to systems. Each one of these endpoints requires security. In 2020, endpoint security will become a “must-have” for all organizations. Perimeter detection is no longer adequate - as your perimeter doesn’t exist. It is anywhere and everywhere. One misconfigured laptop, server or firewall may be the cause of a data breach. 6. More regulations translates to more work. Every year we see an increase in updated guidance or compliance requirements. This trend will continue in 2020 as more regulation is put in place to protect privacy and data. With the floodgates opening, it’s important to have processes and logs in place that prove how security and privacy is handled at your business. 7. More ransomware attacks in 2020. As more people accept that spending on ransomware is the cost of doing business, we’ll see more attacks. Dedicated resources should be spent on prevention by monitoring for suspicious activity, including phishing attempts and ransomware. If you don’t have the internal resources, look to security-as-a-service with security monitoring solutions. 8. Small business aren’t immune. Cybersecurity isn’t just for the enterprises. One breach could be the death of a s]]> 2020-02-05T14:00:00+00:00 https://feeds.feedblitz.com/~/617621938/0/alienvault-blogs~things-to-know-about-cybersecurity-in www.secnews.physaphae.fr/article.php?IdArticle=1526392 False Ransomware,Tool,Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC if Target couldn’t fight the hackers then I can’t either. The lesson is that the culmination of their decisions resulted in an environment that made it possible. You make choices every day that impact your personal and professional destiny. I promise you security is not an expensive goal attainable only by the super-rich. It is far more about the knowledge, dedication, ingenuity, and heart you put into it. As a blog post, I have to keep this short so please forgive me for not addressing every area of focus you need to cover to commit to security. There are four phases to the model I recommend for IT security: identify your environment, categorize your risks, know your enemy, and test your solutions. This model is a cycle designed to repeat itself again and again without end. Each cycle informs upon the information gathered in the last and grows more mature with each revision. Identify your environment Phase one sounds simple. It’s the same advice given by sages, oracles, and war philosophers for thousands of years, know thyself. It is the foundation upon which all else is built. What systems are on the network? What systems are in your inventory? Where is your sensitive data? What is your sensitive data? What is the normal traffic of your network? What is the normal operating usage of your systems? This is a collection of facts, without judgment, about the environment. A single missing piece here may cause your entire security structure to crumble. For example, I did a penetration test for a bank several years ago. They had a secure system for their account data. However, one of their account representatives wanted to do something nice for their clients by recognizing their birthdays. They took the information from the secure database, including the account numbers and safety deposit box information and put it in a spreadsheet. I found that spreadsheet with an unprivileged account sitting on their internal SharePoint platform. They did not know where their data was, and had I not found it they would not have known to address it. Categorize your risks Phase two is about putting those pieces together to figure out what it all means. What do you get when you assess the systems on your network with the systems in your inventory? Rogue device detection and loss prevention. What does it mean that I found account data in SharePoint which itsel]]> 2020-02-03T14:00:00+00:00 https://feeds.feedblitz.com/~/617488180/0/alienvault-blogs~NO-FATE www.secnews.physaphae.fr/article.php?IdArticle=1522765 False Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC written a book about the results of his test. The idea behind the test is simple.  You order a “kit” online, and when the kit arrives, all you have to do is dribble into a test tube, seal it up with your information, and send it on its way and await the results. While I was at breakfast with my friends, they were discussing how they were going to send away for their kit to trace their origins.  To their knowledge, they were 100% certain of their purely Greek heritage, with no deviations from the bloodlines.  It would be fascinating to see if they are distant relatives of some of the great thinkers in human history. This is remarkable, as I cannot boast of such “purity” due to my mutt-like family history.  All was not well with their plan, however.  Their son objected to the idea of them participating in what he considered pure folly.  He was not so concerned about his past; he was more concerned with his future.  He has serious apprehension about the privacy surrounding these tests, as well as the future implications for his life. I thought about his concern, and he has a valid point. A review of the privacy policy of one of the most popular genealogy sites does nothing to relieve this fear.  While they clearly state that they will never share information with an insurance company or medical office, they are, however, legally required to share information if requested by a legitimate law enforcement organization.  There is also a warning that “in the event of a breach”, the information may become public knowledge. Perhaps my young friend has a point?  We have seen in the past how data can escape even the most secure organizations.  It is one thing to lose control of our financial information, such as our social security numbers.  However, what is the remedy if our genetic information becomes public?  In this age where we are creating new identification and authentication methods, have we contemplated the future risks of such an event? The interesting twist here is that we always caution our children to seek parental consent for something as simple as a school trip, or a movie with questionable content.  We have childproof caps on all medications, and we worry about our children’s use of social media.  What should we call this new world, where we should seek the consent of our offspring before we responsible adults do something that may affect them in an unknown future?  There isn’t even a word in the lexicon for this new phenomenon.  Since they are the fruit of our loins, perhaps we can call it “Loinal consent”?  Some things may be best if they remain non-public.    ]]> 2020-01-31T14:00:00+00:00 https://feeds.feedblitz.com/~/617391492/0/alienvault-blogs~A-new-twist-on-%e2%80%9cParental-consent%e2%80%9d www.secnews.physaphae.fr/article.php?IdArticle=1520395 False None Heritage None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC discussions about certifications, like CISSP, CEH, OSCP  and so on, in InfoSec. No doubt certifications have value – in many situations hiring managers are quickly going through resumes and certifications are symbolic of at least book-learning, and some degree of dedication to InfoSec. Certifications can be expensive and time consuming so having them clears the bar of at least slightly dedicated. While certifications are arguably a “good thing” inferring a recognized value understood in the InfoSec community, do people really need them to land jobs? After all, job seekers are existentially in need of employment and not likely to want to spend time and money on certifications if they are not necessary. We have published previous blogs on certifications in InfoSec. But I was still curious as to whether certifications are required to get a job in InfoSec. So I decided to do a Twitter poll on my personal Twitter account to gather more data to help write this blog. Is it fair to ask new folks in InfoSec to have to have expensive certifications to be worthy of consideration, given you're a hiring manager? Tagging in @MalwareJake for insights. — Kate Brew (@securitybrew) October 14, 2019 It appears from my Twitter poll, that certifications aren’t an absolute requirement to gain employment in InfoSec, but having them might help candidates get through HR pre-screening. Certificates were viewed as a sort of filter by a few folks. Certs are not a requirement at all. However, without them you're less likely to make it through HR screening at larger shops. You're less impacted at smaller shops because there are fewer steps between resume submission and the hiring authority. 1/2 — Jake Williams (@MalwareJake) October 14, 2019 Given two equally qualified candidates, the one with certifications might have the edge:  That said, if I have two equally qualified candidates and one has a cert, I'll take them because some clients ask/care. But there are things more important to me than certs: Conference talks GitHub (more than just college assignments) A blog Thoughtful social media feed 2/2 — Jake Williams (@MalwareJake) October 14, 2019 Several folks were sensitive to the cost of attaining some certifications reaching greater than $1000. They suggested more affordable options. Some certifications are affordable on e]]> 2020-01-28T14:00:00+00:00 https://feeds.feedblitz.com/~/617268746/0/alienvault-blogs~Do-you-need-certifications-to-get-an-InfoSec-job www.secnews.physaphae.fr/article.php?IdArticle=1514376 False Malware None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC allow the user to perform any transaction. The IC chip on the Smart card can be a microprocessor with memory capacity or a simple memory circuit that processes, manipulates exchange, and stores data. Smart cards usually have up to 346 kilobytes of ROM, 8 kilobytes of RAM, a 16-bit microprocessor, and 256 kilobytes of programmable ROM. They are mainly plastic, and the microprocessor cards consist of volatile memory and microprocessor components. How does the smart card work? A smart card reader connected to a host computer, cloud computer, or any controlling terminal collects the information stored on the microprocessor chip of the smart card. Then, it sends such information received from the smart card back to the controlling terminal for immediate processing. The smart card connects to the smart card reader using a unique Radio Frequency ID (RFID) or through a Carrier Sensing Collision Detection (CSCD) system protocol. RFID tags find use in a wide range of applications such as - tracking goods through the supply chain, tracking assets, controlling access into buildings, among other similar applications. The CSCD protocols sense the carrier frequency of the smart card to match its speed. Two-way communication is used when collisions are detected, and the retransmission is based on a priority of detection. Smart cards cannot provide locations using GPS services. This is because the smart card does not have a power source to support continuous operations. Tracking happens by conducting audit trails to pinpoint where an individual used their card. The smart card chip comes in contact with the card reader either directly or indirectly and establishes an electronic interface. This then enables transactions such as payments via Point of Sale to take place. However, some smart cards do not need to come in contact with the reader. They connect using a wireless medium. These types of smart cards are called contactless cards, while those that need contact are known as contact smart cards. Contactless smart cards are increasing in demand due to their ease of use and flexibility. What are the uses of smart cards? Secured storage -  Smart card technology provides a secured means of storing data. Users' data is stored securely on the card and not on a central database, and is only accessible with the user giving full consent. E-Commerce - Instead of filling out long forms, smart cards are useful for storing user shopping data and credit card details which are all accessible with a mouse click. Personal finance - Users can use a smart card to conduct business transactions throughout the globe without hassle. Encryption - Smart card technology provides a broad set of encryption capabilities which includes secure key storage, hashing and digital signing. Types of smart cards We can classify the smart cards based on: Their Connection to the Smart card reader Their configuration Types of smart cards base]]> 2020-01-27T14:00:00+00:00 https://feeds.feedblitz.com/~/617234944/0/alienvault-blogs~How-Smart-Cards-Work www.secnews.physaphae.fr/article.php?IdArticle=1512177 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC This is part 2 of a blog on healthcare security. For more info, check out part 1. An independent guest blogger wrote this blog. When it comes to data security, there is no more important place than the healthcare industry. When people go to the doctor, they provide all of their most sensitive information, from their health issues to their phone number, to a doctor they trust. When a medical office or database is hacked or damaged, and that information is released, it can be catastrophic to everyone involved. Patient security is not only good practice, but it is also the law. Guidelines are in place to protect patient data, and it is up to health professionals and administrators to ensure that proper protections are made. Here are some best practices for now and advanced security platforms to look forward to in the future. The rise of blockchain technology While the possibility of losing business and patient data through a system breakdown or employee error is a serious concern, the potential for cybercrime is perhaps the bigger threat. As technology advances, so do the methods that hackers use to infiltrate our systems. The result is a combination of threats from computer viruses to phishing attacks, which trick employees into clicking a link or attachment that opens a door into their computer’s infrastructure. From there, a hacker can sell the personal info that they obtain on the black market or use it to extort money from the unsuspecting patient. Since criminals have the ability to hack into health systems, an extra layer of security is needed: enter the blockchain. Instead of having patient information listed on an excel spreadsheet or an unsecured platform, this type of technology has information that is encrypted and entered into a chain that cannot be changed, deleted, or tampered with. All new information is verified against a ledger of previous events and cannot be modified unless it is deemed accurate. In addition to creating better security, blockchain also creates additional transparency for those receiving care. Since a patient would be one of the owners of the blockchain, they are able to monitor when new data is added or changed within their records and have a say in the decision. Blockchain also prevents the leakage of data when emailing or shipping patient records to a new provider, as the new office would need only an access key to view and add their own content. While this is a relatively new technology, it could prove to be a necessary one in the future. Safeguarding medical data Regardless of how data can be lost, it is essential that your medical office is proactive instead of reactive when it comes to a potential breakdown. The first step should always be to create an extensive risk analysis that not only assumes potential risks but also lists a plan of action if the unthinkable were to occur]]> 2020-01-23T14:00:00+00:00 https://feeds.feedblitz.com/~/617074756/0/alienvault-blogs~Healthcare-security-How-can-blockchain-help www.secnews.physaphae.fr/article.php?IdArticle=1506210 False Hack None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC new driver’s license being issued in the USA that is required if you want to fly on a domestic flight, and you do not have a valid passport.  (In defense of the nation’s motor vehicle offices, it should be mentioned that the license procedure has been streamlined, and the process now takes less than 20 minutes.) This is an improvement in the identification verification process, as many people do not have a passport, but they do have a driver’s license.  The problem I encountered is my ability to prove that I am who I say I am.  This was due to the documentation requirements.  One of those requirements is possession of a valid passport.  However, as stated in the previous paragraph, this new license is supposed to be valid in absence of a passport.  I found out that the new license will also be required to enter any Federal Buildings.  This made much more sense, as one is often carrying a driver’s license, but it is rare to carry a passport unless you are going to an airport.  The other required proofs of identity include: An original Social Security card, or a tax document that contains your full social security number, and a proof of residence, such as a bank statement. From a physical security perspective, the idea of carrying all of these documents to the motor vehicle office at the same time is horrifying.  These documents represent every form of proof that you are who you say you are.  I can think of no other time that I have ever traveled with so many original documents. There is another security concern that came to mind as I was in the document gathering phase.  That is, it is getting more difficult to prove where I live.  Most of my utility payments, and financial transactions, are conducted online.  In many cases, I have been forced to “Go Paperless”.   This means that I do not have a printed document to satisfy the “proof of residency” requirement. As we proceed more towards a fully online, paperless society, I wonder how we will be able to prove various aspects of our identities?  I am not opposed to this new approach, as we need to act to stop the destruction of our environment. In a previous post, I posited the idea of using a blockchain method for identification.  While it seemed a bit crazy, it was certainly less intrusive than an implanted biochip.  With the movement of all of our lives to a fully online model, perhaps that identification method is not so crazy after all.    ]]> 2020-01-22T14:00:00+00:00 https://feeds.feedblitz.com/~/617026766/0/alienvault-blogs~It-is-getting-harder-for-us-to-prove-who-we-are www.secnews.physaphae.fr/article.php?IdArticle=1504614 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Medium or Twitter, you may already be aware. Still, if you don’t (I assure you that you’re missing out), I have been researching several technologies in preparation for an OPSEC/Anti-OSINT tool that I am crafting. I am using this tool as a means to push myself harder to learn something new that I can apply professionally. I am also doing this to be able to make a positive difference in the world. Notably, I am explicitly trying to learn Machine Learning and Natural Language Processing (NLP) in Python and R. When we hear terms like Advanced Persistent, Next-Generation, Machine Learning, Artificial Intelligence (AI), Machine Learning (ML), Single Pane of Glass, etc. from a vendor, we typically think it’s hype or FUD. Talking about the vendor FUD phrases is ironic because my blog and podcast were called Advanced Persistent Security. Often, we are correct. I set off on the journey to learn about learning to build a tool, but also to understand the technologies. I like to stump salespeople from time to time. Also, if these are the wave of the future, there is no time like the present to get acquainted. So, NLP. What is it? In social engineering circles, it is Neuro-Linguistic Programming. Some (many, if not most) in the scientific community consider it pseudoscience. Regardless, it claims to be able to influence or manipulate people through non-verbal cues from the eyes or touching someone (cringe) or other means. That is not the NLP that I am working on learning. Natural Language Processing, the more scientific NLP, is a marriage of various disciplines: computer science, data science (including AI and ML), and linguistics. NLP allows libraries and code to read the language as it is written or spoken by humans (naturally, hence the name). When applying slang, pidgins, and dialects, it will “learn” to recognize and respond to them. Also adjacent to NLP is OCR or Optical Character Recognition. OCR is the means to read data from a document in a non-text format (i.e., pictures, PDF, or Word documents). Having the ability to read the data allows you to open a PDF with a script (perhaps written in Python) and read it, make sense of it, and act as scripted. Why is this important to InfoSec, and what do we do with it? We could use this in log analysis, network monitoring, analyzing phishing emails, and my personal favorite, OSINT, to name a few. Within log analysis, NLP could be applied to gain further intelligence from logs without writing ridiculously long regular expressions (REGEX) via “learning” the context of the data and what is being sought. This would likely be in parallel with some Machine Learning, but it is a start. From the ML perspective, it would probably need to utilize supervised or semi-supervised learning with online entry vice unsupervised or reinforcement learning. The online means that it would read the data more closely to real-time than by ingesting a defined dataset. The supervision of learning refers to telling the “machine” whether it was correct or not. In some instances of learning logs, unsupervised learning could be useful in determining indicators of compromise or adversarial TTPs based on log data in two sets: breached (event data) and non-breached data. Reinforcement training would be more applicable for tuning and improvement. Back to NLP, the same concepts apply in network monitoring as log analysis, except it would be network traffic and PCAPs being analyzed. PCAP analysis with NLP and ML may be better suited for analyzing a user’s beha]]> 2020-01-21T14:00:00+00:00 https://feeds.feedblitz.com/~/616966986/0/alienvault-blogs~FUDfree-analysis-Natural-language-processing-NLP www.secnews.physaphae.fr/article.php?IdArticle=1502911 False Tool,Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Image source: Pixabay Note:This blog was written by an independent guest blogger. In today’s world, we enjoy incredible mobility that our ancestors could only dream of. In a matter of hours or, at most, days, we can go from one continent to another. At the same time, our lives depend on the security of all sorts of our private data: from our credit card information to our browsing habits. But if at our homes we can be sure that we have taken sufficient security measures and protected our systems, things get muddier when we travel. There is no way to tell if cybersecurity employed by an airport or hotel you use is enough to protect your sensitive data. However, there are ways to increase your safety by following several simple tips. 1.       Don’t trust public USB charging stations While their convenience is hard to overestimate when your battery charge is running low, public USB charging stations should not be treated as safe. The threat when the data on your device is stolen or infected through a USB cord when you connect the device to a charging station is called juice jacking. It may not be the most widespread type of malware injection but it is better to avoid any possibility of it nevertheless. This threat can be mitigated by getting a USB data blocker that allows charging your device while blocking any data transfer to or from it. Alternatively, just charge your device at a socket. 2.       Mind your physical security It’s not every time when personal information gets stolen that some complex hacking techniques are involved. Quite often, stealing access to sensitive data only requires a more traditional set of criminal skills. If you travel to a highly-populated city and especially if you use public transportation there, your chances of running into pickpocketers are going to be very high. Therefore, it’s a good idea to take some preemptive measures to battle this possibility. If your device is small (like a smartphone), try to keep it in an inside pocket, if possible. This way, you will make it almost unreachable to any thief. On the other hand, if your device is bigger (like a laptop) and you carry it around in a bag, be sure not to put the bag down in any circumstances. Hold it tightly so that no criminal can snatch it from your hands. 3.       Be prepared in case your device is stolen Sadly, no matter what precautions you take, there’s still a possibility that your device may be stolen. It only takes a criminal one lucky attempt to do so while you have to succeed in protecting yourself constantly. This is why you need to have a plan B. Set up a screen locker for your smartphone. Ideally, it should be done with a password because those are the hardest to crack but it comes at a price of having to enter it every time you need to access your smartphone. However, in the unfortunate event if your device does get stolen, the perpetrators won’t be able to access it and your personal information. Another option is setting up a biometric authentication procedure to unlock your phone. In most cases, using your fingerprint is the most convenient route to take. Similarly, your other devices should also be]]> 2020-01-17T14:00:00+00:00 https://feeds.feedblitz.com/~/616050154/0/alienvault-blogs~Journey-to-security-Data-safety-for-travelers www.secnews.physaphae.fr/article.php?IdArticle=1501807 False Malware,Threat,Patching,Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC A recent spear-phishing document from Molerats APT-C-37 Overview APT-C-37, also known as Pat-Bear or the Syrian Electronic Army (SEA), was first seen in October 2015 targeting members of a terrorist organization. Since 2015, however, APT-C-37 has broadened their objectives to include government agencies, armed forces leadership, media organizations, political activists, and diplomats. The group mostly targets victims in Western countries, with the intent of defacing their websites and social accounts while leaving a public footprint after hacking one of their victims. In previous attacks, APT-C-37 targeted Windows and Android systems, utilizing popular commercial remote access trojans (RATs) such as DroidJack, SpyNote, njRAT, SSLove, and H-Worm. Technical Analysis: APT-C-37 2019 June 2019: APT-C-37 released an Android app named after the instant messaging software “WhatsApp” as an espionage tool to reportedly spy on the Syrian opposition forces. The app was capable of installing the SSLove RAT to pull private information from the phone and exfiltrating it to a remote location. Molerats Overview Molerats has been present in the cybercriminal landscape since 2012. In an analysis released by the Kaspersky’s GReAT (Global Research & Analysis Team) earlier this year on the Gaza Hacker Team and their various subgroups, Kaspersky concluded that Molerats is Gaza Cybergang “Group1.” The report also concluded that Molerats (i.e. Cybergang Group 1) operates with a lower level of sophistication than other groups within the Gaza Hacker Team. In addition, a 2016 article in Security Week reported that one of Molerats campaigns (October 2016) heavily used popular RATs like NjRat and H-Worm (aka Houdini). Technical Analysis: Molerats 2019 October 2019: In Molerats’ October operation, the attack was distributed as a phishing campaign in the Middle East. Emails included a Microsoft Word file attachment with the title “Daily report on the most important Palestinian developments for the day 9-9-2019.doc” — content that spoke to the political situation in Palestine. When a victim opened the attachment, the malware performed the following: Displayed the Microsoft Word doc]]> 2020-01-15T14:00:00+00:00 https://feeds.feedblitz.com/~/616000598/0/alienvault-blogs~Alien-Labs-Analysis-of-Threat-Groups-Molerats-and-APTC www.secnews.physaphae.fr/article.php?IdArticle=1501589 False Malware,Tool,Threat,Guideline APT-C-23 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC (banner image green leaf key Adobe Stock ) As someone in the technology field I follow the steady stream of new and exciting products and gadgets that come out at least twice a year. I am constantly upgrading my tech and my IT work tools in keeping with what is new. I need to have personal experience with the devices and equipment that clients hire me to manage, upgrade and repair for them in my IT Consulting practice. I often think about the effect that my constant upgrading has on the environment.  In 2018, researchers from McMaster University came out with a study in the Journal of Cleaner Production that show that the carbon impact of Information and Communications Industry has tripled since 2007. In 2007 the Information and Communications sector represented 1% of the carbon footprint, by 2018 it was 3% and they project it that the number might climb to 14% by 2040. The impact of the entire transportation industry has a carbon footprint of 7% worldwide.  With numbers like that it is easy to become overwhelmed but, as IT professionals, there is still much we can do to mitigate the effects of e-waste and use our resources more wisely as we encourage our clients to do the same and empower them with solutions. In my practice I think about the services we offer and break down what we can do to adopt more sustainable practices. We are a team of remote workers who go on-site to clients and our office is a virtual office based in the cloud. No commuting to work for our team of 2-5. That helps a lot. We collaborate over the web, phone and email. Step 1 in making your business more “eco-friendly” might be to re-think the office.  Changing how you run things in an office setting might mean installing a Smart Thermostat and lighting to conserve energy and committing to recycled paper for your printed materials. Not only will you save money, you could earn a Green Business Certification. Organizations like Green Business Bureau and the American Consumer Council’s Green C Certification recognize and certify companies that are doing their part to conserve energy and reduce waste. Your company will stand out for promoting environmentally responsible practices and create a culture of “green” for others in the industry. As far as making client services more energy efficient goes, I break it down into the following areas; Device Buyback and Recycling Programs, Municipal Recycling programs, Hosting, Search, Recycled Materials and Office Equipment.  Go to the stores you might buy from to recycle e-waste. You can recycle 3 household items per day at Best Buy Stores - that includes printers, monitors (for a $25 fee), UPS battery backups and surge protectors and many other items used in a typical office. For smaller projects it might be convenient to drop off at a local Best Buy store. Also, there is the Apple Trade-in Program. Started in 2013, Apple will give you a gift card for trading in qualified devices, computers and Apple accessories. If your devices don’t qualify for a monetary credit, you can still take advantage of Apple’s recycling program, regardless of age. There is an online portal to process your trade in, just answer a few basic questions about your devices and you will get a gift]]> 2020-01-14T14:00:00+00:00 https://feeds.feedblitz.com/~/615848600/0/alienvault-blogs~Running-an-Ecofriendly-IT-business www.secnews.physaphae.fr/article.php?IdArticle=1501590 False Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Note:This blog was written by an independent guest blogger. Phishing scams remain one of the most widespread cybercrimes. A phishing scam can be as simple as getting someone to click on a link, attachment, or a picture of cute kittens. I recently received a spam email with the message: “Old friends post embarrassing pictures of Jason Nelson online; click here to see.” Seeing my name in the body or subject line of an email is alarming. That is why scammers word these emails this way. They want to alarm you, and in your rush to defend yourself, click the link to see the pictures. Similar to extortion emails that claim to have videos of “compromising” situations or screen recordings of users on adult websites. These emails work on our fear of embarrassment, rejection, or ruin to get us to let down our guard. Do not click on anything in these emails. Delete, Delete, DELETE. But, it does beg the question, where do these emails come from, who is sending them? In this article, we will be looking at the phishing phenomenon and what options we have to defend ourselves. According to a 2018 report from statistics website Statista, at 11.69%, the majority of spam emails originated in China. But before we in the U.S. pat ourselves on the back, the second-largest amount of spam emails came from the United States at 9.04%. Since 2018, many of these scams demand some form of a cryptocurrency payment. In an October 8, 2019 report, the cybersecurity company Cofense said that phishing scams are changing their tactics and moving from Bitcoin to one of the so-called altcoins like Litecoin or Monero. So how do these scammers get our emails? One way and most likely is lax security protocols or a data breach at a service or email provider. HaveIbeenPwned is a website that can help you see if your email is on a compromised site. But there are other ways as well, including email addresses sold to the highest bidder. A way to minimize our risk of phishing scams is to be mindful of and limit the websites we provide our emails. Also, use a password manager to create more complex passwords. BitWarden, 1Password, and Dashlane are good options. When deciding on an email address, avoid using your name and or some specific data. For example, janedoe1980@email.com - try to avoid using your actual name and actual year of birth or the last four of your social (for U.S. Citizens). There is no way to be 100% safe online, but at least we can make it that much harder for cybercriminals. So let’s look at some steps we can take to protect ourselves from phishing and scam emails: Check the sender address, even if the message seems legitimate, look at the sending address, if it looks odd, it’s probably spam. Does the email ask you to click on a link or attachment? Again check the sender address and the rest of the email for anything out of the ordinary. Did you receive the email out of the blue? A long lost relative is trying to send you money? Delete. Does the email contain several misspelled words? It could be a phishing email. Does the email contain some threat (embarrassment, prosecution for example) it’s more than likely a phishing scam. Lastly, if the email appears to be from someone you know or an organization you do business with, call that person (not from a number on the email) and verify they sent the email. Law Enforcement and the IRS are not known for sending threatening ]]> 2020-01-13T14:00:00+00:00 https://feeds.feedblitz.com/~/615754606/0/alienvault-blogs~How-to-identify-phishing-emails-and-what-to-do www.secnews.physaphae.fr/article.php?IdArticle=1501591 False Data Breach,Spam,Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Happy New Year! What a year 2019 was in cybersecurity. It was a great year for informative and interesting blogs. Here were the top performing AT&T Cybersecurity blogs written in 2019:  1. The Great Cannon has been deployed again by Chris Doman took the top spot! 2. AT&T Cybersecurity is Born by our CEO, Barmak Meftah was hugely popular. 3. Incident response steps comparison guide for SANS and NIST by Elisha Girkin. 4. There's no such thing as an entry-level job in cybersecurity by the AT&T Chief Security Office. 5. A HIPAA compliance checklist for 2019 by Tawnya Lancaster. 6. Sharepoint vulnerability exploited in the wild by Chris Doman. 7. The ultimate guide to VPN encryption, protocols and ciphers by guest blogger, Callum Tennent. 8. Fileless malware detection: a crash course by Kate Brew. 9. Explaining the cyber kill chain model by Tony DeGonia. 10. Email server security best practices to look out for by guest blogger Kim Crawley. We look forward to sharing much more helpful information and security research in the rest of 2020!       ]]> 2020-01-10T14:00:00+00:00 https://feeds.feedblitz.com/~/615511880/0/alienvault-blogs~Top-ATampT-Cybersecurity-blogs-of www.secnews.physaphae.fr/article.php?IdArticle=1500164 False Malware,Vulnerability None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Digital payments are the future of commerce, but security concerns have created a major barrier to their popularity. A study of businesses conducted by the influential PCI Security Standards Council found that 67% of respondents cited a lack of visible security options as a reason for not adopting a digital payments service. A paucity of viable security options, both in terms of product quality and the level of protection that can be offered, has been a stumbling block in the digital payments sector; however, industry indicators suggest that this is beginning to change and good quality products will soon be widespread. Big businesses tackling fraud Financial fraud directed at small businesses will have effects felt most acutely the business itself. However, the mechanisms through which businesses reclaim fraud-related losses have impacts on the institutions that provide banking and credit to these businesses. Insurance payouts, charge backs and voided credit transactions all have a significant overall impact on big financial institutions. According to the annual American Express Digital Payments Survey, 82% of businesses feel threatened by fraud via digital payments; as a result, big business has moved forward to provide bespoke security solutions, and have put their name forward for many digital payment platforms to enhance that security. Growing businesses looking towards digital payments can now cater for a huge range of digital payments platforms and the financial security that they offer. An improving data climate Front-end security services are the most crucial step in ensuring the viability of integrating digital payments. Promoting an overall culture that values customer private and financial data will promote the long term change that the payments needs to hold customer confidence. This is a factor well recognized, both by regulatory bodies and international governments, and has been exemplified by the roll-out and response to GDPR. Most recently, Forbes have noted the business trend towards data assurance being king, and have advocated for businesses having dedicated specialists to monitor breaches. The move of businesses to becoming more tech savvy is driving innovation in data security products, and crucially creating capacity to deal with the influx of data-related breaches and security complaints. Future payments All of this good work is culminating in collaborative efforts, the most recent of which has seen payments giant TAS USA develop security solutions with startup Super Processor. This venture is to pair with the potentially transformative Mastercard CARD 3.0 IE system. According to Bobs Guide, this is a clear signal of how technologists are combining their new and innovative products to the benefit of the customer and the wider industry. With collaborative efforts will come better technology and better growth for all types of business. Digital payments are clearly the way forward in the super-mobile digital era. Making them safe is the key challenge of this.  ]]> 2020-01-08T14:00:00+00:00 https://feeds.feedblitz.com/~/615323652/0/alienvault-blogs~Security-and-digital-payments-%e2%80%93-growth-finally-meeting-demand www.secnews.physaphae.fr/article.php?IdArticle=1499241 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC These days, effective cybersecurity in healthcare is as critical as ever. Last year, more than 32 million patients had their personal and medical information stolen in data breaches across the United States. While moves are being made, the fact remains that healthcare providers still have many holes to plug when it comes to the illegal or accidental outpouring of patient data. The issue is that current problems need to be solved now before hackers move on to new, more advanced attack strategies. The good news is that there are many methods currently available to mitigate the chances of data leakage if medical professionals are proactive enough to enforce them. HIPAA on the front lines When patients visit the doctor, they expect to go to a safe place where their best interests are always the top priority. To foster that confidence, the Health Insurance Portability and Accountability Act was created to protect patient data while also giving the patients control over who can see their information. Along with HIPAA, the Health Information Technology for Economic and Clinical Health (HITECH) Act, encourages medical practices also to ensure that all technology they use is protected to eliminate wrongful data leakage. Medical records contain an abundance of private information that can be used for any number of malicious means. Full medical records can often go for $1000 on the black market where the addresses, social security numbers, and financial information within can be used to create fake identification or take out large loans that can leave the patient in debt. If a hacker catches wind of a patient’s surgery date, they can even attempt to shut down hospital functions until a ransom is paid, like the $14K one paid by Columbia Surgical Specialists. For these security reasons and to retain the trust of the patients, proper data security is essential, and it starts on the front lines. Nurse leaders should train their staff on how to retain patient confidentiality properly. When discussing the patients near the front desk, only use first names, and conversations should be had behind a closed door or as quietly as possible. Hard copies of patent data should never be left lying around, and your printer should be set to print pages facing down. The last thing you need is to have security precautions in place but still allow a criminal to simply walk up and take private information out of the office. Proper record keeping Because hackers have so much to gain from stealing patient data, proper record-keeping is essential. Per HIPAA, medical records are required to be kept between five to 10 years, based on the state and the patient’s last treatment or discharge. If paperwork is to be discarded, it must be properly shredded. If you keep paper records, they must be stored in locked cabinet]]> 2020-01-07T14:00:00+00:00 https://feeds.feedblitz.com/~/615057256/0/alienvault-blogs~Healthcare-cybersecurity-for-and-beyond www.secnews.physaphae.fr/article.php?IdArticle=1497829 False Threat,Guideline APT 10 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC previous posts, I have been misunderstood and thought to be promoting a position, but that isn't my intended purpose - cybersecurity awareness is. In the interview, the Congressional member told an entertaining story about how a site was requesting the creation of a “Security Question”.  We have all been subject to these inane questions that require horribly predictable, and sometimes, very publicly known answers.  These questions are usually used for password recovery, or password reset functions. In this particular case, the question that was chosen is “What is the name of your dog?”  What happened next is where I was mortified at the lack of awareness.  The conversation went something like this: Congress member:  “So I put in the name of my dog, and the site said that the name was too short.” Did you just perform a face-palm, as I did when I heard that?  Let’s review some of the more common short-names for dogs: Rex, Spot, Hero, Bud. I am sure that you can come up with a few others.  The problem here is that this Congressional representative just narrowed the search criteria for anyone who wants to guess one of the security questions for a forgotten password.  There is no need to use long names in a brute-force attack when it has already been revealed that the dog has a short name. We know for certain that the dog’s name is definitely NOT Alistair, or even Bunsen Honeydew. This also indicates that this Congress person is not using a password manager.  One need not search too long to find many resources about how to generate and store random answers for those security questions.  As was reported during the “Celebgate” and “TheFappening” nude photo scandals, some celebrities were victims of social engineering that caused them to reveal their security answers. One impressive lesson from this experience is that the web site that was requesting the security answer has made a bit of an effort to prevent easily-guessed, short names.  However, to the average person, what are they to do if their dog’s name is simply “Rex”?  Should they change their dog’s name to appease a web site?  Or, should they create a name to satisfy the question? How are they to remember that fake name?  These problems are what cause people to develop a strong disdain for security. Moreover, why are sites still using these horrible pre-defined verification questions?  I am no fan of those questions, and even on sites that allow a person to enter a unique question, most folks will use very common questions, and answers.  With all the other mechanisms out there, such as mobile authenticators, and multi-factor options, there must be a better way to authenticate a person.  In the meantime, please be careful with those security answers.  ]]> 2020-01-06T14:00:00+00:00 https://feeds.feedblitz.com/~/614987756/0/alienvault-blogs~Don%e2%80%99t-give-away-your-secret-answers www.secnews.physaphae.fr/article.php?IdArticle=1496525 False None LastPass None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC  ]]> 2019-12-17T14:00:00+00:00 https://feeds.feedblitz.com/~/613261814/0/alienvault-blogs~Top-Cybersecurity-trends-amp-predictions-for www.secnews.physaphae.fr/article.php?IdArticle=1493777 False Ransomware,Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC city of New Orleans and New Jersey's largest hospital network are in the midst of dealing with serious ransomware attacks. When you hear about data breaches and cyberattacks in the news, it's usually in connection with a large company and has affected users across the globe. But that gives the impression that hackers only target huge enterprises when planning their next attack. The truth is just the opposite. Because small organizations, like city and town governments, are forced to work with tight IT budgets but still need to comply with all rules and regulations, they often can't afford to hire cybersecurity experts or invest in expensive software solutions. Hackers know this and focus their efforts on trying to compromise their systems to profit from the damage. In this article, we'll look specifically at the trend of ransomware and how organizations should respond when they are attacked. How ransomware works When a data breach occurs, hackers often seize stolen information from a back-end system and look to sell it on the dark web. But more recently, cybercriminals have realized that they can make money without having to execute a transaction at all. They simply need to hold the stolen data as ransom. Ransomware attacks can begin through a number of different means. Hackers may infiltrate a government's network through social engineering, a phishing scam, or by finding a flaw in access controls. Once inside, they will deploy a form of malware that encrypts all of the files on a local hard drive so that users cannot open, access, or transfer them. These pieces of malware are evolving all the time, which makes it tough for antivirus tools to keep up. For the individuals working in the office, they'll typically see a suspicious screen appear telling them that they have fallen victim to ransomware. The hackers will set a specific financial amount, usually in Bitcoin, to be paid in exchange for releasing the lock on the files. Ransomware isn’t just limited to private companies, public medical infrastructure are common targets of these kinds of attacks. Some companies allow employees to work from home, one access from an unprotected home device that has spy malware installed unknowingly puts the company at risk. Outdated technology is another huge issue. Public hospital systems operate on outdated technology with antiquated data protection software. Even third-party appointment setting software can be targeted to gain access to private health care record and patient databases. The risks of paying Municipal governments rely on their IT systems to sustain operations on a daily basis. Losing access to a server or database can bring everything to a standstill and hurt the citizens who rely on government services. So in the event of a ransomware attack, it's understandable that the organization would seek to resolve the issue quickly, by whatever means necessary, to]]> 2019-12-16T01:07:00+00:00 https://feeds.feedblitz.com/~/613175078/0/alienvault-blogs~Should-cities-pay-a-ransomware-demand www.secnews.physaphae.fr/article.php?IdArticle=1493778 False Ransomware,Data Breach,Malware,Vulnerability None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC CISSP, and some of the roles at some of the most respected companies do not ask for any certifications. There are some certifications that in having them demands instant respect: OSCP, OSCE, GXPN, and GREM, to name a few. Dave Kennedy has stated that anyone with an OSCE that applies to TrustedSec will at least get an interview. So, as a n00b, where do you start? Honestly, there is no right or wrong answer. I am sorry to disappoint you. Before you exit this article, I have some insight for you. Let’s start with the discussion of to get certifications or not to get certifications. Off the bat, if you plan to work for the US Department of Defense or Federal Government (as a contractor or civilian), you need certifications. Starting with CompTIA Security+, then EC-Council’s C|EH, then  (ISC)2 CISSP, then a variety of other certifications from CompTIA, SANS, etc. DOD Directive 8140.01 mandates this. What about outside the government? There is no specific right or wrong answer, as I stated above. I know this is anti-climactic, but not all jobs require certifications. Some employers/hiring managers will hold some certifications to a high esteem and may hold grudges against others, thus hurting you for having it. In the absence of the job posting saying not to apply if you have insert certification here, there is no way to know.  Having a certification should differentiate (not define) you as a candidate. If you are equally experienced and qualified as another person, the certification may put you over the top in getting that offer letter, but there are other factors in play.  Regarding certification vendors, not all are created equal. Some focus on non-technical material primarily, others have excruciatingly challenging exams while others are best for entry-level certifications. Some certifications, like the AlienVault Certified Security Engineer (ACSE) or Cisco Certified Networking Associate (CCNA), are focused on a specific vendor.  Full Disclosure: I hold the ACSE certification and have previously taught ]]> 2019-12-12T14:00:00+00:00 https://feeds.feedblitz.com/~/612885232/0/alienvault-blogs~Which-security-certification-is-for-you-if-any www.secnews.physaphae.fr/article.php?IdArticle=1493779 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC 2019 Cyber Security Report published by the International Information System Security Certification Consortium, 93 percent of organizations say they are concerned about cloud security and 28 percent admit to having experienced cloud security incidents during the past year. The reality is, most companies lack the specialized knowledge and skills needed to provide that customer data stored in the cloud is protected Cloud service providers (CSPs) do provide extra security layers, such as automating threat detection, with the intent of making their customers feel more confident in the security of the cloud. However, the number of cloud breaches that are being reported shows that CSPs and organizations alike continue to struggle with cloud security. Much of this is due to a lack of unified visibility not just in the cloud, but across an organization’s entire network, siloed teams and technologies, lack of threat intelligence, and partnerships with third-parties whose security controls are not up to snuff. To address these challenges, many in the industry are advocating for organizations to simplify and unify their security approach, i.e. bring as many controls as possible into a single solution in order to break down the silos between security teams and technologies and to give greater visibility across the organization. We at AT&T Cybersecurity help organizations to accomplish this with our Unified Security Management™ (USM) Anywhere platform.  Of course, the effectiveness of any security solution is largely determined by the threat intelligence underpinning it. In any environment, we need to identify the common tactics, techniques, and procedures (TTPs) adversaries are using in their attacks. Below, we provide an overview of the latest threat intelligence from Alien Labs™ for Google Cloud Platform (GCP), which helps security practitioners to discover issues in their cloud workloads and detect adversaries exploiting attack vectors commonly seen in cloud environments. Google Cloud Platform integration in USM This summer, AT&T Cybersecurity launched the USM Anywhere™ integration with GCP. Through the USM Anywhere Alien App for GCP, USM can now consume all logging information managed by the Stackdriver utility in a configurable and intuitive way. Google Cloud Platform logs are provided through three major channels: Audit Logs. Record all events impacting objects within the environment. These logs are used to monitor any cloud assets, presenting a solid baseline for security detection. VPC Flow Logs. Half way between resource monitoring and cloud infrastructure security, these logs are the delights of NIDS enthusiasts. Firewall Logs. These help with auditing firewall rules events, and they are useful in detecting risky open ports and other configuration issues. In USM, these channels are processed by different plugins, which extract pieces of intelligence and map them to variables that are easy to steer into orchestration rules. The correlation engine allows for the combination of detections from different channels into a single orchestration rule, scaling GCP security to a new level. To prevent an intrusion from being recorded or triggering a notification, adversaries may try to disable audit logging once they get the necessary permissions. To protect against that, the product has out of the box correlation rules to generate an alert if any of the logging features is disabled. ]]> 2019-12-11T14:00:00+00:00 https://feeds.feedblitz.com/~/612840892/0/alienvault-blogs~Google-Cloud-Platform-security-monitoring-with-USM-Anywhere%e2%84%a2 www.secnews.physaphae.fr/article.php?IdArticle=1493780 False Tool,Threat,Guideline Uber None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC NIST guidelines and CIS v7, for example, address the development of your controls and the ]]> 2019-12-10T14:00:00+00:00 https://feeds.feedblitz.com/~/612702104/0/alienvault-blogs~Rising-to-the-challenge-of-delivering-more-secure-elections www.secnews.physaphae.fr/article.php?IdArticle=1493781 False Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Great Cannon is a distributed denial of service tool (“DDoS”) that operates by injecting malicious Javascript into pages served from behind the Great Firewall. These scripts, potentially served to millions of users across the internet, hijack the users’ connections to make multiple requests against the targeted site. These requests consume all the resources of the targeted site, making it unavailable: Figure 1: Simplified diagram of how the Great Cannon operates The Great Cannon was the subject of intense research after it was used to disrupt access to the website Github.com in 2015. Little has been seen of the Great Cannon since 2015. However, we’ve recently observed new attacks, which are detailed below. Most recent attacks against LIHKG The Great Cannon is currently attempting to take the website LIHKG offline. LIHKG has been used to organize protests in Hong Kong. Using a simple script that uses data from UrlScan.io, we identified new attacks likely starting Monday November 25th, 2019. Websites are indirectly serving a malicious javascript file from either: http://push.zhanzhang.baidu.com/push.js; or http://js.passport.qihucdn.com/11.0.1.js Normally these URLs serve standard analytics tracking scripts. However, for a certain percentage of requests, the Great Cannon swaps these on the fly with malicious code:  Figure 2: Malicious code served from the Great Cannon The code attempts to repeatedly request the following resources, in order to overwhelm websites and prevent them from being accessible: http://lihkg.com/ https://i.loli.net/2019/09/29/hXHglbYpykUGIJu.gif?t= https://na.cx/i/XibbJAS.gif?t= https://na.cx/i/UHr3Dtk.gif?t= https://na.cx/i/9hjf7rg.gif?t= https://na.cx/i/qKE4P2C.gif?t= https://na.cx/i/0Dp4P29.gif?t= https://na.cx/i/mUkDptW.gif?t= https://na.cx/i/ekL74Sn.gif?t= https://i.ibb.co/ZBDcP9K/LcSzXUb.gif?t= https://66.media.tumblr.com/e06eda7617fb1b98cbaca0edf9a427a8/tumblr_oqrv3wHXoz1sehac7o1_540.gif?t= https://na.cx/i/6hxp6x9.gif?t= https://live.staticflickr.com/65535/48978420208_76b67bec15_o.gif?t= https://i.lihkg.com/540/https://img.eservice-hk.net/upload/2018/08/09/181951_60e1e9bedea42535801bc785b6f48e7a.gif?t= https://na.cx/i/E3sYryo.gif?t= https://na.cx/i/ZbShS2F.gif?t= https://na.cx/i/LBppBac.gif?t= http://i.imgur.com/5qrZMPn.gif?t= https://na.cx/i/J3q35jw.gif?t= https://na.cx/i/QR7JjSJ.gif?t= https://na.cx/i/haUzqxN.gif?t= https://na.cx/i/3hS5xcW.gif?t= https://na.cx/i/z340DGp.gif?t= https://luna.komica]]> 2019-12-04T15:28:00+00:00 https://feeds.feedblitz.com/~/611152950/0/alienvault-blogs~The-%e2%80%9cGreat-Cannon%e2%80%9d-has-been-deployed-again www.secnews.physaphae.fr/article.php?IdArticle=1493481 False Tool,Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC AT&T Cybersecurity Insights™ Report: Security at the Speed of 5G. But wouldn’t a webinar be more fun? Great news - one is coming up soon: Wednesday December 4th at 12:00 PM CST. In the webinar, we’ll cover:  • How 5G will transform the network with such things as Multi-edge Computing (MEC) and IoT  • Where 5G may present new security challenges and where it offers security benefits with a shared security model  • Which security controls will become most critical in the 5G future  • What security practitioners should focus on to get a head start on 5G  I’ll be the host – hope you can join us! REGISTER HERE.       ]]> 2019-11-22T14:00:00+00:00 https://feeds.feedblitz.com/~/609916364/0/alienvault-blogs~G-is-coming-are-you-prepared www.secnews.physaphae.fr/article.php?IdArticle=1481593 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC CJIS Compliance Mobile Checklist for more insight into best practices and recommendations.       ]]> 2019-11-21T14:00:00+00:00 https://feeds.feedblitz.com/~/609838098/0/alienvault-blogs~Why-CJIS-mobile-compliance-might-be-easier-than-you-think www.secnews.physaphae.fr/article.php?IdArticle=1479833 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC 2019-11-19T14:00:00+00:00 https://feeds.feedblitz.com/~/609578724/0/alienvault-blogs~The-surprising-truth-about-cybersecurity-and-autism www.secnews.physaphae.fr/article.php?IdArticle=1475842 False Hack,Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC back-door SEO. For instance, a hacker wants to put a link on your site, or add a web page. Sometimes they even target your domain and redirect it to another site altogether. Sucuri has an excellent example of a common hack they see on WordPress sites. These hacks make your website look like an untrustworthy page, or may even draw penalties from Google that cause your site to be blacklisted. Sometimes, no matter how much effort you put into SEO, failures in cybersecurity can drastically impact how Google sees your site, therefore also impacting your place in the SERPs. The First Step in Security to Boost SEO One of the first things you need to do to protect your website and boost your Google ranking is to install HTTPS. Google named this security protocol a ranking signal several years ago, so it’s obvious that your SEO results will be tied to it. You’ll need to make sure you have a proper certificate and allow indexing so that Google can still read your website. However, this is only the beginning. An HTTPS setup does not secure a website, it only secures the connection and encrypts data that is sent. That means that communication between your server and the web browser a visitor is using is secure and data — like a credit card number used for purchase — cannot be stolen. Other Important Security Steps Information security, or keeping your stored data secure, is another important part of keeping your website secure and helping it rank well, and the good news is that this security requires the same vigilance that SEO does. As a result, you can monitor both simultaneously. Platform Security Be sure you’ve chosen a good web host that has strong security on their end. Use security software or plugins as appropriate. For smaller websites using WordPress, you can use Wordfence, iThemes Security, or Bulletproof Security, for example. Overall, you want plugins that address the known security issues in the platform you use. All websites can also benefit from using SiteLock, which not only closes security loopholes but also monitors your website daily for malware, viruses, and more. Secure Passwords Believe it or not, the ]]> 2019-11-18T14:00:00+00:00 https://feeds.feedblitz.com/~/609461063/0/alienvault-blogs~How-website-security-and-SEO-are-intimately-connected www.secnews.physaphae.fr/article.php?IdArticle=1474066 False Malware,Hack APT 19 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC AT&T Cybersecurity video series with Shira Rubinoff interviewing me recently. Episode #6 - @attcyber Video Series With @twaskelis AVP @attcyber Discuscussing:Issues we are facing in #CyberSecurity today Full video��https://t.co/1GxIQVAeJ0#ai #attinfluencer #Security@sstoesser @BinduSundaresan @BJWebb4 @saritasayso @MoKatibeh @eisaiah_e @ChuckDBrooks pic.twitter.com/VuJfAsoSYH — Shira Rubinoff (@Shirastweet) October 24, 2019 Q1:  How will CISO’s investments change in 2019? What areas of cybersecurity do they see receiving more funding? Many large and mid-size businesses are recognizing security requires more than just a technology investment. Service organizations bring technology, expertise, and resources to the table in a way that may be a more cost-effective alternative to trying to manage all this internally Lack of resources as a major challenge along with keeping up with advancements in cybersecurity technology by utilizing outside service providers rather than hire, retain, and manage staff For the CISO, this translates to set a big picture of priorities such as maintaining customer trust and keeping the organizations name out of the headlines. In order to accomplish these priorities, there are essential areas where security executives will spend their time, and money in 2019 Develop a culture of security: The culture must go together with policies and best practices. Every single person within the organization has some responsibility for security Security and Risk Management: Governance and resource requirements, security frameworks, data protection, training and awareness, insider threats, third-party security practices as outsourcing increases Cloud Services: Cloud strategy, proper selection of services and deployment models. Scalable and ]]> 2019-11-14T14:00:00+00:00 https://feeds.feedblitz.com/~/609296204/0/alienvault-blogs~Cybersecurity-top-of-mind-Q-and-A www.secnews.physaphae.fr/article.php?IdArticle=1467074 False Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Bureau of Labor Statistics claims, for instance, that the rate of growth for jobs in information security is projected at 37% from 2012–2022, and that there are currently 2.2 million unfilled cybersecurity roles. These numbers are not actually that helpful, however. Cybersecurity is a huge, diverse, and relatively new industry, and statistical agencies typically don't understand it very well. As a result, it's very difficult to find out how many of these unfilled positions relate to IoT solutions, for instance, or how many require training in forensics. Unfortunately, this lack of understanding is also a feature of the educational programs that are designed to churn out IT professionals. Despite the importance of security for all aspects of systems development and maintenance, cybersecurity is still not taught to students studying relevant and parallel subjects. This has started to change, but very slowly. It's been almost 20 years now since the NSA launched the National Centers of Academic Excellence in Information program, but only now are we seeing a rise in the number of college-level cybersecurity majors. Diversity and segmentation When it comes to the immediate future of the jobs market for cybersecurity professionals, there are two key principles to keep in mind. One is that the market is likely to become even more diverse over the coming years. The second is that, as systems grow ever more complex, there will be an increased segregation of roles even between employees who sit (nominally) within a 'security' team. These trends will likely have two effects on the job market. The first is that employees seeking cybersecurity roles are going to need to be trained in more depth (and for longer) than has been customary in the industry. This extra training is likely to be delivered through on-the-job training programs, however, rather that postgraduate programs, simply due to the specificity of the systems that cybersecurity pros now have to work with. The second outcome of these trends is that cybersecurity pros who are already in the industry will need to continuously develop their skills in order to stay up to date with the latest systems and threats. This requirement can be difficult for established professionals to achieve, particularly given existing workloads in the industry, but will be critical. As Diana Burley, a professor at George Washington University, ]]> 2019-11-13T14:00:00+00:00 https://feeds.feedblitz.com/~/609244410/0/alienvault-blogs~The-future-job-market-for-cybersecurity-professionals www.secnews.physaphae.fr/article.php?IdArticle=1464861 False Threat,Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC news sites, as well as the Google AI Blog, it was announced that Google has achieved “Quantum Supremacy” with its 54-Qubit processor, named “Sycamore”.  This is a monumental leap forward in computing capabilities.  (Yes, I had to resist calling it a quantum leap forward, because that does not nearly sum up this accomplishment).  This is huge!  The question exactly is, how huge? What exactly do you know about quantum computing? After watching this video, produced by IBM and WIRED, I realized that I know about as much as a 15-year old child.  Sad, but true.  My knowledge of quantum supremacy is equally lacking. Google is asserting that this quantum chip can solve a computational task in 200 seconds, whereas, it would take a classical computer 10,000 years.  There are two amazing thoughts being proposed here, and a third not-so-amazing ponderance. First, trying to understand the reality of 10,000 years is almost beyond human comprehension.  The humans of Stonehenge existed 5,000 years ago.  The humans of 10,000 years ago were just exiting the Stone Age.  Imagine those humans who roamed the Earth 10,000 years ago trying to solve a riddle, and that riddle only gets solved today.  10,000 years is an amazing temporal, as well as intellectual distance. Second, did you realize that the computer on which you are reading this article is now a “classical” computer?  If this was an aptitude test, the answer to the analogy section would be: Your computer is to Mozart as the Google computer is to the latest Rap artist.  Third, what does this all mean to the average person?  Let’s consider password strength.  Does this new super-computing power mean that there is a computer that can crack your extremely complex password in under 4 minutes?  As I have stated in previous posts, if you are still using a password governed by rules that were devised in 1985, (minimum of 8-characters, upper-case, lower-case, numbers, special characters) you might as well be living in the stone age.  Even a classical computer is capable of cracking an 8-character password in less than a few minutes.  Now, however, even a password such as Gr8tpassword is trivial for most home machines to crack. Fortunately, as Doctors Gershon and Girvin mention in the video, the ability of the quantum computer to crack passwords is still many years away, as is its ability to break the classical encryption algorithms.  Regardless of that, you can take action right now by doing these simple steps to make sure that your password is secure enough to withstand the quantum apocalypse: Get a password manager Use multi-factor authentication wherever possible. Wishing you the best in password supremacy. ]]> 2019-11-12T14:00:00+00:00 https://feeds.feedblitz.com/~/609193892/0/alienvault-blogs~Can-Google-now-guess-your-password-in-under-minutes www.secnews.physaphae.fr/article.php?IdArticle=1462786 False Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC 5G: Timeframe to implement security changes 5G is more than an increase in speed – it’s not a “faster 4G". It provides new features such as network slicing, which allows for isolated domains for traffic. 5G service providers can assign slices to users with customizable quality of service and bandwidth. Sporting innovative built-in security measures, 5G can allow for stronger over-the-air encryption, subscriber identity protection and reduced risk of eavesdropping. At AT&T, we believe that 5G will encourage a shared security model akin to the public cloud. The beauty of this is it shifts some security functions to the 5G service provider, freeing up enterprises from some concerns. The anticipated shared security model of 5G does require security pros to think differently, which will take time. However, in the end the shifting of some security functions to the 5G service provider may provide great benefits for enterprises. With the large number of devices associated with 5G, authentication and identity need to be considered in the scope of security, similar to the public cloud. The 5G service provider can help confirm device identity as well, because the network will know a device’s physical location. In a way, the 5G service provider uses the network itself as a security tool. Introducing 5G networking impacts many technical areas, but also provides an opportunity and motivation to modernize security approaches. Software Defined Network (SDN) and virtualization technologies should be considered by enterprises preparing for 5G due to its sheer scale. In parallel, security should be virtualized and automated. From the survey we learned the top security concerns cited were due to the increased attack surface. Have a look at what companies had to say: Top 3 security concerns Conclusion 5G has the potential to bring significantly more devices onto the network, expanding the attack surfaces and increasing the possibility of new threats. Security organizations relying on manual security approaches likely will have a hard time keeping up. Security that is dynamic and automated will be able to quickly and effectively address the new security threats of 5G networks, and virtualization can help provide flexibility to respond to unknown future threats.  The research in this report reveals that organizations should do more to prepare their cybersecurity practices for 5G. Preparations that should be made include security virtualization, automation, and SDN, enhanced measures for identity and authentication, and planning for a shared security model. Be proactive and improve your security posture now, while 5G is still in its early stages of deployment and adoption. Read the whole report. ]]> 2019-11-11T14:00:00+00:00 https://feeds.feedblitz.com/~/609139398/0/alienvault-blogs~ATampT-Cybersecurity-Insights%e2%84%a2-Report-Security-at-the-Speed-of-G www.secnews.physaphae.fr/article.php?IdArticle=1460708 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC recruitment agencies, especially when they outsource work to employees overseas. 3.      Card fraud There have been cases of data thieves gaining access to ATM machines and gas pumps and attaching spying malware that copies credit card data from anyone who swipes his/her card in the machine. And because many people recycle pins and passwords, the malware uses the stolen credit card information to guess usernames and passwords and later use them to access company and private employee emails. How to prevent data breach 1.      Invest in strong cybersecurity Recent cases of a data breach show that businesses can no longer rely on firewalls, antivirus software, and intrusion detection software to protect their data from a possible data breaches. It is important to install multi-layered cybersecurity systems that do not only thwart possible infiltration attempts but also identify possible vulnerabilities before hackers do. 2.      Remote data backup If your company has remote employees, it is important that you invest in a strong remote data backup system. It is time to get rid of backup tapes as they can easily be lost, stolen, or mishandled before they reach the main office. A good backup system should enable you to backup data a]]> 2019-10-31T13:00:00+00:00 https://feeds.feedblitz.com/~/608511326/0/alienvault-blogs~Data-breach-how-to-prevent-it www.secnews.physaphae.fr/article.php?IdArticle=1436541 False Data Breach,Malware,Vulnerability None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Photo by Nahel Abdul Hadi on Unsplash Over 90% of data breach is attributed to human error costing a company anywhere from $1.25 million to $8.19 million. Tackling cybersecurity does not only entail non-physical risks, but also includes an assessment of physical threats such as human, internal, and external hazards. Only then can an appropriate and effective security plan to dissuade hackers and thieves be devised. Internal and External Risks Internal dangers may include fire or unstable power supply. Another risk is humidity which can cause the appearance of mold that will damage data and equipment. Mold remediation and regular maintenance of the heating, ventilation, and air-conditioning (HVAC) system are necessary to ensure that equipment is stored properly. While lightning, flood, and earthquakes are difficult to predict, preparing a comprehensive risk assessment is the first step. A detailed plan on what to do if disaster strikes should be done including personnel training. For example, you can install back up power and lightning protection systems to secure computer rooms. Theft, vandalism, and accidental or intentional errors can be averted by putting a security system. Surveillance cameras and continuous monitoring ensure that there are no intruders on the premises who can physically harm data and infrastructure. Video and event recordings offer valuable data to monitor sensitive locations. Secure the Premises Of essence is the protection of your physical security system to keep hackers and intruders away. An assessment of the risks and threats that might arise if the security system is compromised will prove useful. To illustrate, intruders might take control of the door lock and CCTV systems or turn off video recordings.  Should the situation arise, make sure that your company has a backup plan to keep data systems safe or add another layer of security by hosting servers in different parts of the building. Train Staff and Increase Retention Staff training is very important to deter possible internal and external threats. Informing them what to do if there are incidents or any physical threat reduces work disruptions. Training also indicates that they are appreciated and will improve retention. According to the 2018 Workforce Learning Report, 94% of employees would stay at a company if it invested in their careers. Each worker must follow a strict protocol when it comes to data handling and educating employees on cyber literacy helps in preventing data breach. Phishing scams and other attacks may be caused by human error such as downloading a malicious file unintentionally.  ​A comprehensive cybersecurity plan takes into account internal, external, and human risks. Without a profound understanding of every possible threat, any preventive action to avoid hacks and leaks is useless. ]]> 2019-10-30T13:00:00+00:00 https://feeds.feedblitz.com/~/608443708/0/alienvault-blogs~Physical-threats-to-Cybersecurity-that-you-must-address www.secnews.physaphae.fr/article.php?IdArticle=1435041 False Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC fascinating interview with the former Chief Information Officer of Equifax, Graeme Payne.  If you are unfamiliar with Graeme, he was the scapegoat for the Equifax breach; described in Congressional testimony as “the human error” that caused the breach.  Graeme, however, is a true gentleman who is very gracious about his situation.  He explained that the servers that were breached were “under his watch”, so it makes sense that he was the person who was ultimately held responsible for the breach. In Graeme’s recently published a book, The New Era of Cybersecurity Breaches, Graeme describes the events of the Equifax breach and offers practical steps to secure a company from the same fate that was suffered by Equifax.  The only reason I have not yet read the book is because I did not know it existed.  Now, it is on my wish list, and, if the description lives up to the book contents, I anticipate an excellent read! One item that struck me as peculiar during Graeme’s interview was that he stated, contrary to all the reports about the breach, that the breached server was patched against the Apache Struts.  To be clear, all of the news reports indicated that Equifax received notice of the vulnerability, the available patch, yet did nothing to prevent it. I asked the following question: Didn’t you scan the servers after the patches were applied?  (It is excellent that BrightTalk offers interactive webcasts like this.) Graeme responded that they scanned the servers for vulnerabilities, and the patch was reported as successfully applied to the server.  How is that possible? A further discussion ensued, in which the importance of authenticated versus unauthenticated scans was mentioned.  It even drifted into the idea that a company should use two different scanners!  We are not all the size of an Equifax corporation.  Running two scanners is simply unmanageable for many medium sized enterprises. I posted a follow-up question: How did the vendor of the vulnerability scanner respond once the breach occurred.  Unfortunately, Graeme was not at liberty to discuss that.  (If you are unfamiliar with the legal system, it probably means that the terms of his dismissal are confidential, and he cannot discuss various topics, such as any impending action against a vendor.) Whatever the vendor’s response, it doesn’t matter.  What matters is that the largest breach in history (to date), may not have been the result of human error or negligence.  It may have been just another case of a misconfiguration problem, this time, with a vulnerability scanner. Given the recent breaches that have involved cloud misconfigurations, it is important to remember that these problems can still exist within the cozy confines of an organization.  Graeme seems to be doing fine in his new existence, not as a scapegoat, but as a Phoenix.  I empathize with how he was treated, and I am confident that I speak for all the security community by saying, we wish him well.    ]]> 2019-10-29T13:00:00+00:00 https://feeds.feedblitz.com/~/608389106/0/alienvault-blogs~Was-the-largest-breach-in-history-a-misconfiguration-problem www.secnews.physaphae.fr/article.php?IdArticle=1432924 False Vulnerability Equifax None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Policies and procedures are the foundation  Strong cybersecurity policies and procedures are the foundation of a robust security program. A risk assessor can glean a significant amount of insight into the maturity of an organization’s cybersecurity program simply by looking at a few key areas of cybersecurity policies and procedures, such as those areas identified in the graphic below.  They allow the assessor to gain valuable insight on the culture of cybersecurity within the organization, the reporting structure within the organization, the types of technologies present within the organization, and ultimately allows the assessor to drive discovery of information efficiently. This quick and efficient information discovery is especially important for external assessors or those that don’t already have an intimate understanding of the organization. Documentation is not implementation Having a strong cybersecurity posture on paper does not mean much if it is not implemented. It’s why conducting interviews of personnel is so important in a risk assessment and why the phrase “Trust but verify” is often half-facetiously repeated by cybersecurity professionals. When seeking to verify through conducting interviews, it’s tempting to simply go down a list of specific and tailored questions, likely from a framework or compliance standard. Questions like “Does your organization implement a cybersecurity training and awareness training program?”, are to the point, brief, and answer the question asked by the assessment framework, but are not the best way to conduct interviews. Risk assessments are not audits and getting a yes/no answer to a question is not nearly as valuable as taking the time to develop a comprehensive understanding. By having a guided cybersecurity conversation and not simply going through a list of questions, an assessor is able to glean more information on an organization’s risk and develop more valuable findings and recommendations. Start broad and go narrow When conducting interviews, start at a ten-thousand-foot level of the topic being discussed, then use the framework as a general guide to steer the conversation and narrow down on specifics. As seen in the below example, the risk assessor should first ask open-ended questions that allow the interviewee a chance to explain the topic in-depth. This allows for a less restrictive and narrow-minded conversation and gives a potential view into how the topic at hand fits into the entire business. ]]> 2019-10-28T13:00:00+00:00 https://feeds.feedblitz.com/~/608335130/0/alienvault-blogs~Lessons-learned-conducting-an-information-security-risk-assessment www.secnews.physaphae.fr/article.php?IdArticle=1430943 False Tool None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Data Governance Institute for details.) Identifying safeguards to protect data Providing integrity controls to provide for the quality and accuracy of data How does data governance help with privacy management? You have to know what data you have, where it is, how it is used, and who it is shared with to comply with applicable privacy regulations, and have the processes to obtain appropriate consents, access and delete it.  Privacy regulations are basically a business case for data governance.  Imagine if organizations had already done extensive data mapping exercises prior to GDPR?  Imagine if they knew where, why, what, and how about the data prior to GDPR being passed? The transition to GDPR would have been far less painful. How does data governance help cybersecurity? In order to protect against threats, organizations need to know what data to protect and how to help keep it protected..  Information protection is at the core of security, but how can you protect it if you do not know what data you have, where your data is, how it is used, who it is shared with (and how it is shared)?  Businesses can no longer have perimeter protections in place and call it a day….the perimeter has expanded to suppliers, cloud vendors, partners, and so on.  So managing your data in a structured, responsible, and law-abiding way will make it more efficient for security professionals to protect it.  How does data governance help an organization manage information risk?   You need to know the most sensitive and critical data to your organization – your most valuable information - so that you can allocate more resources to protecting that data.  No organization will be 100% secure and very few organizations have unlimited resources – people and financial – to implement, operate, and improve cybersecurity measures.  Therefore, businesses must take a risk-based approach and focus on the most  sensitive data assets.  Times are changing.  Is it easy to design and implement a data governance program?  No, or organizations would have them in place today.  However, given the privacy regulations, the evolving threat landscape, the age of digitization, and the expanding organizational boundaries, data governance is no longer a choice for organizations that need quality data, protected from cybercriminals, and in compliance with data protection laws.  ]]> 2019-10-23T13:00:00+00:00 https://feeds.feedblitz.com/~/608104072/0/alienvault-blogs~Data-Governance%e2%80%a6at-the-heart-of-security-privacy-and-risk www.secnews.physaphae.fr/article.php?IdArticle=1422057 False Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC It used to be that businesses needing their own large computer networks had to do everything themselves. They had to buy all of their servers, all of their networking appliances. They needed the physical space on premises for all of their datacenters, the HVAC people to keep everything cool, and the massive electricity bills to keep all of that going. But in the past several years, the growth of cloud services has been exponential. It’s great for the enterprise because depending on a business’s specific needs, they can either have everything but their local area network on the cloud, or they can have some hybrid of their own on premises network and a cloud provider or two, fully integrated. Either way, they can put at least some of their networking needs in the hands of a cloud provider such as AWS, Microsoft Azure, or Google Cloud. That can save a company a lot of time, labor, space, and money. Plus, the agility and flexibility that cloud providers offer is great! Do you need to double the data capacity of your network as soon as possible? It’s much quicker and easier to change your cloud provider plan and do some adjustments on your end than it is to double the size of your on prem network. The cloud can be a lifesaver, but your IT people still need to know how to manage their computing assets there, especially when it comes to cybersecurity. Cloud asset management is a special matter, and it’s absolutely vital to understand. What is cloud asset management? Your IT assets are the hardware, software, and networking entities that your company has as tools and resources for their objectives. An excellent example of an IT asset is a database. Databases are very important, particularly in the backend of your applications. With the implementation of cloud networks, these IT assets become cloud assets too. So instead of having your MySQL databases entirely on your on premises servers and data storage, you can have them run from the server and data storage capacity that your cloud provider offers your business. But making sure your cloud-hosted assets function well and maintain security is its own area of knowledge: cloud asset management. There are challenges involved in cloud asset management which differ from managing assets on your own infrastructure. For instance, developers and administrators often don’t use the security tools that their cloud providers offer them. Also, visibility into your assets can be more difficult in the cloud. You can’t secure what you can’t see! Cloud asset management best practices There’s a lot to learn when it comes to cloud asset management. It can seem overwhelming to start. Thankfully, there are some best practices to keep in mind which will provide you with a strong foundation for properly handling the cloud. Monitor your cloud as thoroughly as possible As I mentioned, visibility in cloud networks can be a special challenge. There’s also the everyday performance of your network to consider. You won’t be physically inside of your cloud provider’s datacenter, so you’ll need to be able to see as much as possible with monitoring tools. This isn’t all directly security related. You need to make sure that your provider honors your Service Level Agreement. Watch your bandwidth and make sure that it suits your organization’s needs at all times. Make sure all of your cloud assets have excellent availability, as much uptime as possible. You could have thousands of users depending on your cloud at any given second. Monitor thoroughly and constantly to make sure that your cloud is always capable and reliable. Redundancy and automation are your friends Redundancy goes a long way when it comes to keeping good uptime and everything working properly. There should be as few single points of failure as possible, preferably no]]> 2019-10-21T13:00:00+00:00 https://feeds.feedblitz.com/~/608017810/0/alienvault-blogs~Reviewing-best-practices-for-IT-asset-management-in-the-cloud www.secnews.physaphae.fr/article.php?IdArticle=1417761 False Tool,Guideline None 5.0000000000000000 AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Image Source: Pexels There are a number of smart devices becoming commonplace in homes around the world, leading us closer and closer to the reality of smart homes, or houses that depend primarily on interconnected smart tech. Heating, lighting, and common appliances like doorbells, alarms, and entertainment devices are now increasingly being designed to operate on the internet of things (IoT). However, some experts have expressed valid security concerns regarding smart technology,  believing that these systems are specifically vulnerable to cybercriminals. Some may argue that implementing smart systems isn’t worth the time it takes unless the security bugs are worked out. This points to the fact that smart home cybersecurity is often overlooked. If you’re thinking about using a variety of smart home devices in your home and have never thought about this, now may be the time. Below are some things to consider that will help you make a more informed choice regarding smart tech in your home. The risks of IoT The truth is that IoT-based devices are growing in popularity at a faster rate than their security measures can keep up with. This could have some extremely serious consequences for those who have filled everyday lives with multiple interconnected smart devices. While these things may be convenient for a home, IoT technology itself comes with a cost. As Javvad Malik suggested in his article “IoT: Usability Dream or Privacy Nightmare?”, imagine what might happen if a hacker got control of your smart thermostat. They could hold your temperature for ransom unless you paid them in bitcoin, Malik argued. This is a real concern with the growing popularity of IoT smart homes because, frankly, they’re not designed to defend themselves against cyberattacks. The risks of IoT systems have been well documented, specifically by the Open Web Application Security (OWASP) Project. Each year they cover concerns about the IoT in their “IoT project.” In their most recent update, they included the following things with the most major concerns in the implementation of IoT: Insecure network services. Lack of secure update mechanisms. Insecure data transfer and storage. Insufficient privacy protection. Lack of device management. Lack of secure default settings. The importance and trustworthiness of testing Smart devices can be tested for cybersecurity, but these tests aren’t foolproof. A common type of test is penetration (or “pen”) testing, and is used to check how easy it is to hack into a network. In general, they’re very helpful. But for IoT, they are harder to perform successfully. This was best summed up in a rhetorical example put forth by Ryan Francis, a contributor to Network World, Penetration testing was much like taking a battering ram to the door of the fortress. Keep pounding away and maybe find a secret backdoor to enter through]]> 2019-10-16T13:00:00+00:00 https://feeds.feedblitz.com/~/607850476/0/alienvault-blogs~Are-smart-homes-really-safe-from-hackers www.secnews.physaphae.fr/article.php?IdArticle=1407098 False Hack,Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Photo by Volkan Olmez on Unsplash “In the moment when I truly understand my enemy, understand him well enough to defeat him, then in that very moment I also love him. I think it’s impossible to really understand somebody, what they want, what they believe, and not love them the way they love themselves. And then, in that very moment when I love them.... I destroy them.” Orson Scott Card, Enders Game The cutting edge of cybersecurity is moving away from a reactive defense. Instead of analysts waiting for a threat to happen, they are proactively searching out attackers in their environment. Attackers are dynamic. They are always changing and improving their capabilities, which means that defenders needs to lean in and adapt even faster to keep up. Proactive defense is about predicting, understanding, and preventing as many moves as possible that an attacker could make against you. You have to stay a step ahead of the enemy and lure them into a trap of your own. In the cybersecurity space, this is why we red team. A group of red teamers takes on the characteristics of an adversary to challenge an organization to improve its defenses. They eat, sleep, and breathe adversary behavior ...legally. Red teaming is a well-regarded and crucial part of defense in cybersecurity. It has its place and it makes an impact, but it is solely targeted at improving defenses. What if we took this idea of understanding the enemy one step further, outside of defense? Anonymous, WIkiLeaks, and nation-state threat actors use open-source intelligence (OSINT) and espionage campaigns to drill down into the lives of targeted individuals. They use hacker techniques, tactics, and procedures to aggressively target individuals as a means of control. Once they have access to this information, they can do any number of bad things with it, from sabotage to assassination. But what if we took these adversary methods of OSINT and used them for the greater good? Must these techniques be used solely for evil? As a society, we have gone from outright shunning of hacker culture, stereotyping hackers as hoodie-wearing teenagers in the basement, to the beginnings of acceptance and appreciation of hackers. We have started to recognize that many hackers are curious individuals that want to try something new. They are the puzzle solvers of the Internet age. Moreover, they are necessary for the cyber-resilience of the technology industry. Much like being a germaphobe puts you at more risk of becoming ill, not appreciating and adopting a hacker mindset results in weakly secured systems. As part of the revolution of acceptance ar]]> 2019-10-10T13:00:00+00:00 https://feeds.feedblitz.com/~/607629232/0/alienvault-blogs~Love-your-enemies-before-you-destroy-them www.secnews.physaphae.fr/article.php?IdArticle=1394828 False Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Alien Labs systems. (Alien Labs is the threat intelligence unit of AT&T Cybersecurity.) You can now upload files and URLs for analysis, with access to results within minutes. Submissions can be made through the OTX portal (as shown below) or programmatically through the API. From the Submit Sample page, you’ll be able to see all of your submissions with a link to the results. And, if you’re concerned about a sample containing sensitive information, OTX gives you the ability to make your submitted files and URLs private by using the Traffic Light Protocol (TLP). Pulse creation enhancements But it doesn’t stop there!  You can easily add the resulting indicator to a new pulse with the click of a button. In fact, you can utilize the new “Add to Pulse” button from any indicator details page. And, speaking of pulses, we’ve added to the list of file types that OTX can automatically extract IOCs from, which now includes PCAPs and emails. You can also edit multiple indicators at once, making pulse creation even easier. We’ve also made it simpler to add more details to pulses with auto-suggestions for malware family and threat actor. Simply start typing in the associated fields, and OTX will provide a list of suggestions. Additionally, OTX will now identify MITRE ATT&CK IDs from a resource, such as a blog or threat report, and automatically add this information to the pulse. CVSS v3 Severity Scores We’ve also added support for CVSS v3, so you can now easily reference both CVSS v2 and v3 severity information. And more! We’ve also made improvements to Passive DNS data, as well as added Linux sandbox support for ARM, x86, and x64. What’s coming next... We’re currently working on: Redesign and enhancements to file indicator detail pages Improved search capabilities for IoCs Ability to kick-off an endpoint scan from pulse emails Stay tuned because we have a lot more great stuff coming! We'd love to hear any feedback or thoughts you might have around how to improve OTX. There's a survey you can fill out, or just drop us an email. Join OTX today and start taking advantage of all these new capabilities and more -- for FREE! ]]> 2019-10-09T13:00:00+00:00 https://feeds.feedblitz.com/~/607594062/0/alienvault-blogs~What%e2%80%99s-new-in-OTX www.secnews.physaphae.fr/article.php?IdArticle=1392535 False Malware,Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Photo by ROOM on Unsplash 31 percent of companies in the USA have been subjected to cyber attacks and 43 percent of those attacks were aimed at small businesses. When workplaces are designed with cybersecurity in mind, the odds of breaches will decrease. This is good news, because some breaches have the capacity to put companies out of business. These workplace design tips will make it simpler to keep hackers out of workplace networks. With a little smart planning and implementation, a workplace that is designed to provide top-notch data security can be an attractive and functional place.   Invest in ultra-modern hardware A lot of modern hardware, such as brand-new mainframes, have cybersecurity software baked right in. If hardware at your business is out-of-date, it may be time to make a capital investment in new hardware that is inherently more secure. This doesn’t mean that you’ll be able to let your guard down. You’ll still need centralized security monitoring of cloud devices and networks, onsite and in remote places, which assist you with finding threats. As a bonus, new hardware, from PCs to printers and beyond, improve the look of a workplace and send a message of success.   Avoid open plan office design To ensure the highest level of cybersecurity, avoid an open plan office, in favor of private offices or offices with cubicle walls. Open plan offices create data security risks, because a lot of people have access to unlocked computers and papers which might contain sensitive information about computer systems. To make a VIP's private office feel warm and cozy, consider adding a fireplace, which will make guests relax while adding a touch of luxury. For a cubicle-based workplace, put a few bean bag chairs in an empty corner. The corner will become a comfortable lounge area for rest breaks or collaboration, which is a safe distance away from computers and papers. Mixing modern and old-fashioned design elements is a good way to add eclecticism, without sacrificing cybersecurity. Non-smart design elements, such as fireplaces and retro bean bag chairs, don’t need to be monitored for data security purposes and they help to create a positive company culture.    Create a safe room for sensitive conversations When designing a workplace with data security in mind, there should be a room that is set aside for private business conversations. ]]> 2019-10-08T13:00:00+00:00 https://feeds.feedblitz.com/~/607556006/0/alienvault-blogs~Workplace-design-tips-to-help-deter-hackers www.secnews.physaphae.fr/article.php?IdArticle=1390596 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Description: Do you want to avoid cybercrime? Online identity theft and fraud, webcam hackers, ransomware cyber-attacks, phishing, and other scams are a threat to all of us. Keep reading to protect your data and privacy and save your files and finances from fraudsters. How to avoid cybercrime   The cyber definition relates to the field of digital technology, and today is often associated with cybercrime. You might say that it doesn’t matter to you as you’re not a big cheese in the business world. Big mistake - since all individuals save data on their computers that is potentially profitable for scammers. Unfortunately, plenty of people are reckless when dealing with cybercrime. For example, up to 73% of users reuse passwords in their online accounts. The following tips can protect you from cybercrime. Cybercrime – types of threats A definition of cybersecurity is the integrated protection of internet-connected systems – hardware, software, and data from attacks. What are the types of cyber-attacks that lie in our virtual path?  Webcam cybercrime means that scammers can hack web cameras to spy on you when using Trojan horse attacks.  Screenshot managers do cybercrime when they make a snapshot of your PC when you click a doubtful link or download a file from a suspicious source. Cybercrime occurs when the ad clickers display ads and motivate you to click them, for example, when you are reading gadgets and electronic reviews and let end up with malware instead  DDoS attacks were developed to disrupt business/e-commerce websites to by directing tons of traffic from numerous sources, and disrupt business operations. There are plenty of other attacks in the modern web world. For example, online identity cybercrime means that a hacker gets unauthorized access to your personal data. It can happen if you provide somebody with private information when communicating with a scammer via email or by the phone. Fraudsters can even deliver you (or themselves) a credit card that you’ve never applied for. 5 tips to stay safe online Cybercrime is an everyday danger, and sometimes cyber police are unable to help. So, it’s arguably easier to prevent cybercrime than to deal with the consequences. How to achieve that? Install a current antivirus system and accept updates when getting official notifications/ Never use the same passwords on several websites. Try to complicate them with symbols and numbers. Don’t choose your name or date of birth for a password. Cyber-attacks today are not a joke, so you should strengthen your security system with a firewall to protect yourself from unwanted traffic. Pay attention to the web camera LED indicators (they’re red on external devices and blue on laptops). Be cautious with strangers. Don’t talk to them online and don’t accept offline tech help if you’re not sure it’s credible. A stranger from an unknown company can offer you computer support and then do cybercrime and spy on you remotely.  ]]> 2019-10-02T13:00:00+00:00 https://feeds.feedblitz.com/~/607373786/0/alienvault-blogs~How-to-avoid-becoming-a-victim-of-cybercrime-tips www.secnews.physaphae.fr/article.php?IdArticle=1375678 False Ransomware,Malware,Hack,Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC As a society we have always relied on personal identifiers, commonly known as personally identifiable information (PII). Defining and protecting PII has recently become much more important as a component of personal privacy now that advances in computing and communications technology, including the internet, has made it easier to collect and process vast amounts of information. The protection of PII and overall privacy of information are concerns both for individuals whose personal information is at stake and for organizations that may be liable or have their reputations damaged should such PII be inappropriately accessed, used, or disclosed. Without question, 2019 has been an eventful year for organizations across the different industries, with massive data breaches that have had major impacts to organizations as well as consumers. A number of these breaches have exposed PII and heightened the awareness around privacy regulations such as GDPR. PII data security best practices Here are some foundational steps to get started with an information protection framework that helps think of the key dimensions associated with protecting PII. Understand the data: identify and classify it by source, type, sensitivity and criticality to the business. Understand the threats they are exposed to: due to the constantly changing nature of the threat landscape, a review of the threat exposure should be performed on a regular basis. Provide that the data’s protection is commensurate with the threat: this means that the controls that composed the Security Framework need to be adapted to each case so the risks are adequately mitigated. Identify Your PII Due to the wide range of definitions of what exactly comprises PII, each organization is responsible for determining what defines PII in its jurisdiction and which statutes, industry standards, etc., are in scope for compliance.  One of the most important steps in protecting PII involves the identification of PII. The types of information that should be considered PII are well known. Once the types of information considered PII are understood, there remains the challenge of determining where this information is located and stored. The information generally resides in either structured data sources such as databases, or in unstructured information such as electronic documents, emails and other file types. Unstructured information poses the greater challenge as it can travel anywhere – from desktop computer to tablet to server to mobile phone. Organizations must determine how to identify which unstructured information contains PII, and how to make their employees, contractors, and partners aware that certain files contain PII. PII is typically stored in a myriad of locations, both in electronic and hard copy form. Perform a review to identify PII and focus on: Policies and procedures to protect PII and other private data in any of its forms and storage locations, including the deployment and effectiveness of an organization-wide data classification scheme Policies and procedures relating to action needed after a breach of PII confidentiality Training and awareness of employees in the handling and processing of PII and data privacy Educate and Build Awareness of PII Organizations should develop comprehensive policies and procedures for handling PII at the organization level, the program or component level, and where appropriate, at the system level. Well-crafted PII handling policies and procedures are unlikely to succeed if the organization does not involve its information creators in the protection of PII as part of their standard way of doing business. Awareness and training for end user]]> 2019-10-01T13:00:00+00:00 https://feeds.feedblitz.com/~/607342848/0/alienvault-blogs~What-you-need-to-know-about-PII-security-in www.secnews.physaphae.fr/article.php?IdArticle=1373551 False Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Photo by Christopher Beddies on Unsplash Every week the AT&T Chief Security Office produces a series called ThreatTraq with helpful information and news commentary for InfoSec practitioners and researchers.  I really enjoy them; you can subscribe to the Youtube channel to stay updated. This is a transcript of a recent feature on ThreatTraq.  The video features Andy Benavides, Professional - Technology Security, AT&T, Stan Nurilov, Lead Member of Technical Staff, AT&T and Mike Klepper, Principal Architect, AT&T Cybersecurity Services. Mike has written blogs here in the past. Andy: You can't defend what you can't scan. GootKit malware bypasses user access control (UAC). Mike: So, Andy, I guess we're going to continue with the malware theme today with your story, right? Andy: Yes, we're going to be talking about GootKit a little bit. G-O-O-T, Kit - it's kind of hard to say. But for those who don't know, GootKit is a banking Trojan whose goal is to steal your banking credentials, and it does that by recording your screen or by redirecting you to fake banking login pages. That's how it works. A security researcher by the name of Vitali Kremez found that GootKit actually attacks Windows Defender by adding itself, by adding the directory that the malware lives in. It avoids detection by adding it to the scan exclusion list. So, it basically tells Windows Defender, "Don't scan this directory that my malware's in." And the key to doing that is through the use of the good old fodhelper.exe. For those who don't know, fodhelper.exe is a Windows 10 management tool. It was found to allow UAC bypass in 2017 by a researcher by the name of Christian B. That's all that's known about him. Essentially, what happens is when an application wants to perform a task, because that requires administrative purposes, it brings up a prompt on your screen and it asks you for that permission. It says, "Hey, I want to do something as Admin." And you say yes or you say no. Bypassing that means that you can run things in the background as Admin without the user knowing. So that's kind of a big problem. What Christian B. found was that fodhelper.exe actually runs with the auto-elevate attributes set to true, which means it can run itself with a higher privilege on its own when it deems it's necessary. Which means it can do things without bringing up that control prompt, letting the user know that something is happening in the background. What Christian B. was able to figure out was that the fodhelper.exe works by first checking for a few registry keys that strangely enough don't exist by default in Windows 10. Stan: That's actually kind of normal. Andy: Is it really? Stan: Yes. That's how they do a lot of GPO policies later. They like to produce certain registry keys. And if you have them, then whatever, you can apply that setting. Andy: Okay. So it checks for some registry keys that don't exist by default in Windows 10. When it finds those, then it does other things. What Christian B. was able to figure out is if you create the keys that it's looking for, one of the keys actually lets you dictate it and enter in furth]]> 2019-09-30T13:00:00+00:00 https://feeds.feedblitz.com/~/607308078/0/alienvault-blogs~GootKit-malware-bypasses-Windows-Defender-ATampT-ThreatTraq www.secnews.physaphae.fr/article.php?IdArticle=1371006 False Malware,Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Photo by Emmanuel on Unsplash There are parts of every business considered to be critical to its ability to function. Email, accounting, and customer service are a few. Indeed, if email went down, accounts receivable stopped, or customers couldn’t talk to anyone, the business would suffer. There is another critical function of business that isn’t widely viewed as such: security monitoring. If you’re not “hands on” with security day-to-day, you might have just read that and thought, “…whaaaatever.” Yet, what would happen if your company was hacked and you suffered a critical, prolonged outage? Or if your company was featured in the next credit card breach headline? Would you reconsider the importance of security monitoring in the aftermath of these events? Yes, security monitoring is a critical business function because it is a vital element of any meaningful cyber security strategy. Without a doubt, a sound monitoring capability can prevent and minimize loss of revenue, data, value, and trust associated with a breach. Why then, is it one of the most under-funded and under-resourced functions in many businesses? More often than not, it is because organizations fail to approach it with the rigor and discipline applied to other core business functions. And when you fail to take that approach, there will be inevitable shortcomings in the implementation and operation of the security monitoring program. This is part of the reason so many businesses continue to fall victim to cyberthreats, costing immense losses every year. Frequently, we’re called into a company because a breach has already occurred. In those moments, budgets are out the window, as all hands are on deck to assess and contain the threat, and to recover critical business operations. In the aftermath of damage control, the focus shifts to an introspective post-mortem. We seek to understand the vulnerabilities, gaps, and even attitudes that gave way to such havoc, and to implement the necessary practices to help prevent such a breach from happening again. Almost always, we find that the prior security monitoring effort could much better be defined as a “concept” rather than a “program” or “capability”. We routinely see clients with a few generalists from their IT or security departments overseeing the effort, but not full time, and with little (if any) training in the practice. Security monitoring is a specialty, and it requires well-trained analysts to perform the job correctly. There are countless manifestations of threat activity that a seasoned analyst knows how to spot and investigate. This ability comes with training, experience, and often the support of a broader team that can provide their own insights and guidance. Even then, these folks need standardized processes to ensure the consistency and effectiveness of the operation. No matter how capable they may be, even the most skilled generalist is at a constant disadvantage in knowing what to look for, how to investigate it, and getting it right time-after-time. Moreover, budget constraints and competing priorities dictate that these individuals are seldom provided ample time to perform their work thoughtfully and thoroughly. Given these realities, most organizations will find that building a strong monitoring program in-house is an uphill battle. Unless you are among the fortunate few who can afford to acquire, train, and retain the talent to staff a SOC, you may want to consider a partner who can bring the SOC function to you. Want to learn more? Join Alagen’s webinar on September 30 to hear me talk about the benefits — performance and financial — of hiring a managed securit]]> 2019-09-27T13:00:00+00:00 https://feeds.feedblitz.com/~/607223632/0/alienvault-blogs~Why-security-monitoring-falls-short-and-what-can-be-done-about-it www.secnews.physaphae.fr/article.php?IdArticle=1365162 False Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC  Photo by BENCE BOROS on Unsplash The challenges of IoT security Welcome to the world of Internet of Things (IoT) and a glimpse into the future. The IoT is where the physical world merges with the digital world. Soon, we expect the world IoT population to outnumber the human population tenfold—perhaps as many as 80 billion connected devices by 2025. As you witness the accelerating global and economic growth of IoT you are probably wondering how you and your business will connect and take part in the multi-trillion dollar opportunities that will be created by it. It means different things to everyone—from a connected car to a smart lamppost, a wearable health monitor, or a robot on the assembly line of a factory floor. It might even be ‘connected dirt’—with swarms of small, solar-powered sensors on the fields of a farm. No matter which way you do it, there’s a daunting task ahead: the acceleration of IoT, combined with the diversity of these devices, their different capabilities, and the many places and ways they can be deployed—make security a unique challenge. What you need is a consistent way to establish and maintain security for all aspects of the IoT deployments you envision for the future of your business. This is within your reach, by adopting a holistic, multi-layered approach to protect your IoT ecosystem, your other valuable assets they connect to, as well as the physical world they reside in.   Solutions for your Internet of Things security needs Protect your IoT with a layered approach. Every IoT ecosystem has its own distinct security needs. Even for a single client, seemingly similar IoT deployments may have different underlying designs. For example, a factory built today may have a radically different design from the one built just a few years ago. This means a combination of different solutions may be needed to help provide  security for each of them. A thorough security assessment of IoT is a multi-layered process. Every layer needs care and attention. Some endpoint devices are complex, with multiple ways to access the internal functions of the device. Others are simple, years behind smart phones with regard to security. Do you know your devices’ security capabilities? Endpoints may connect with each other, to and through gateways, to other networks, on the Internet, and to the cloud. They may use connections that include wired, wireless, short-range, cellular, and satellite. What could potentially disrupt them from communicating? To make your IoT deployment successful, data from your devices must be acquired, transported, processed, and consumed. How are you providing for trust and appropriate access to your vital data and applications? Realize that some IoT ecosystems can vary wildly from a traditional IT environment. Industrial IoT deployments use operational technology which flips the script on the classic model for information security. Availability and integrity are the priority, while confidentiality isn’t typically a consideration. This requires specialized passive scanning tools to perform assessments. Slight disruption to manufacturing or utility processes turn into massive financial loss. An example of this is a factory that produces a pickup truck every minute—it cannot afford downtime. Life-sensitive devices will affect remediation and response plans. So for example, a connected healthcare device like an insulin pump—even if you think someone is accessing the data, you wouldn’t want to disable the device. What’s your formal plan for handling threats to your devices? Have you tested it ]]> 2019-09-26T13:00:00+00:00 https://feeds.feedblitz.com/~/607187270/0/alienvault-blogs~How-to-manage-Internet-of-Things-IoT-security-in www.secnews.physaphae.fr/article.php?IdArticle=1362991 False Hack None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC A Project Management Approach to Designing, Implementing, and Operationalizing Network Isolation and Micro-Segmentation. Over the last two years, since that article was published, flat networks still seem to be a problem endemic to every industry. Even entities operating in regulated environments, such as the payment card industry (PCI) or in healthcare where we’ve seen connected biomedical devices accessible from a hospital’s guest wireless network. Similarly, as of PCI-DSS version 3.2, network segmentation is still not compulsory to comply with PCI for merchants. However, if network segmentation is not implemented, it brings the entire network into scope of the PCI assessment, which can add significant time and costs to the entity for passing its annual QSA audit to earn its report on compliance (ROC). While it’s widely understood what network segmentation is, the concept of micro-segmentation seems to keep becoming conflated with network segmentation when in fact they describe two completely separate concepts that can be mutually exclusive; meaning, you can have both network segmentation and micro-segmentation - so they are not one and the same. I present examples of separate implementations of why conflating the two concepts can be costly or introduce pivoting potentials in a breach, especially in conflict areas when connecting forward operating bases (FOBs) to classified networks, What is network segmentation? Figure 1. Segmentation versus Micro-Segmentation. Source: Alissa Knight Network segmentation can be easily described as taking one large flat network and using firewall rules or VLAN access control lists (VACLs), define rules that permit or deny the directionality of traffic between hosts. What is micro-segmentation? Micro-segmentation is the concept of network segmentation but at a much more diminutive scale where nodes within the same VLAN are isolated into a sort-of enclave. Micro-segmentation is akin to a client VPN where two hosts communicate with one another and the rest of the hosts within the same network are unable to talk to or see those hosts. When network segmentation is implemented, the default route of the VLAN is set to a firewall or VACLs are used to control what hosts they can communicate with outside the VLAN. With micro-segmentation, isolation of hosts can happen between hosts in different VLANs or in an enclave within the same VLAN. The business case for micro-segmentation Your first question might be when micro-segmentation should be applied and what the business case is for such a scenario. Here, I provide t]]> 2019-09-25T13:00:00+00:00 https://feeds.feedblitz.com/~/607148566/0/alienvault-blogs~Undivided-we-fall-decoupling-network-segmentation-from-microsegmentation-in-the-software-defined-perimeter www.secnews.physaphae.fr/article.php?IdArticle=1360595 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Image Source: Unsplash Finding a new health-related app that tracks symptoms, increases self-care behaviors, or offers disease-specific education can be exciting for consumers. However, many apps share information with a host of other companies for marketing purposes. Often, these companies have nothing to do with healthcare and are not even a business the individual uses. This knowledge can be scary when you consider the number of cybercriminals who are looking to gain access to critical patient data. Knowing the risks apps create may leave you looking for a checklist to protect health-related data for those using apps to increase overall health and wellness. The good news is that it is possible to keep the data safe. The not-so-good news is that consumers need to do their homework to understand better what information is vulnerable to hackers and how to keep their health details safe, which can be a challenging skill to teach. Emergence of app-based health It’s no secret that the healthcare industry has been slower than others to adopt technological advancements. For years, healthcare administrators and providers weighed the pros and cons of electronic health records. Today, the mobile health app market has pushed healthcare to embrace technology more rapidly. In 2018, there were over 300,000 health apps available to consumers. Health apps assist consumers with everything from medications, to diet and exercise, to pregnancy tips for expectant mothers. Healthcare apps often teach consumers self-care behaviors that can keep them out of the hospital. Most apps are easy to use and provide the content the user needs instantly. Apps can also provide information to users that keeps them safe, such as notifying consumers of flu outbreaks in their city so that they can take the necessary precautions. Consumers can store information in apps that can be shared with doctors, nurses, and other providers who can help with health concerns. Health apps can even increase access to preventive and acute health services through appointments with qualified medical and mental health providers. Teaching HIPAA privacy and security One of the first things we must teach consumers is the difference between the HIPAA privacy and security rules. When HIPAA was first established, electronic health data was just emerging. Today, health-related data is stored on computers, tablets, phones, and in cloud-based electronic storage. Health information privacy is related to the disclosure of patient data. Health security is focused on things like encryption and passwords that safeguard a person’s electronic health data. Both of these practices are critical to keeping information entered into apps safe. A few of the vulnerabilities lie with what companies consider covered entities and what truly constitutes an unlawful disclosure of information. Protecting consumers The trickiest aspect of health-related apps is that it can be challenging to know what is shared with other companies. Education on the dangers of downloading email attachments from strangers is everywhere. However, training on the risks of apps and other online searches isn’t as common. Even search engine giant ]]> 2019-09-24T13:00:00+00:00 https://feeds.feedblitz.com/~/607108766/0/alienvault-blogs~Medical-apps-amp-privacy-where-are-we www.secnews.physaphae.fr/article.php?IdArticle=1358353 False Malware None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC repair the damage when they happen. Companies and institutions across industries lose money from cyber attacks all the time.  There are the more obvious ways like piracy, data breaches, and litigation. There are also ways that accountants can’t quite put a dollar figure on, such as reputational damage that makes customers and clientele less likely to want to buy a company’s products and services in the future. Everything is digital these days, both on premises and in the cloud. So cybersecurity staff and security measures are things you have to spend money on. But how should your company determine how much money to budget for security? And how should your company determine how to spend it? Photo by Fabian Blank on Unsplash What is a typical cybersecurity budget? While there is no one-size-fits-all answer when trying to decide what a “typical budget” looks like for cybersecurity operations, there are a few studies that have been done that can provide some insight. A recent study by Deloitte and the Financial Services Information Sharing and Analysis Center found that financial services on average spend 10% of their IT budgets on cybersecurity. That’s approximately 0.2% to 0.9% of company revenue or $1,300 to $3,000 spent per full time employee. For a bigger picture benchmark, consider that Microsoft CEO Satya Nadella recently revealed in a statement that the tech behemoth “will invest more than $1 billion each year in cybersecurity for the foreseeable future”. Finally, it’s worth noting that the 2019 U.S. President’s budget allocated $15 billion in spending on cybersecurity, about 0.3% of the entire fiscal budget ($4.746 trillion). And while none of these figures can clarify what a “typical” budget should look like for the average business or organization, they can at least provide a benchmark for how larger tech firms, financial service companies and governments are allocating cybersecurity spend as a percentage of overall budget. Considerations for your cybersecurity budget There are so many different variables and factors involved when it comes to determining your cybersecurity budget. I’ll offer you some tips which can be used as a starting point to help your company decide. I asked Kate Brew, from AT&T Cybersecurity, to send a tweet to get views from various industry decision makers. The question was “Cybersecurity budgets come in many sizes. How does your company determine yours?” Here are some responses, which should illustrate what typical cybersecurity budgets are. Some of the responses were a bit tongue-in-cheek: “They keep me far away from budget/financial decisions at my company but I’d like to think a d20 is involved somehow...” (I love Dungeons and Dragons references!) “Yeah. They most often range in size from ‘miniscule,’ to ‘barely visible to the unaided eye.’” “Pick a number and subtract that number from itself. That&]]> 2019-09-23T13:00:00+00:00 https://feeds.feedblitz.com/~/607072210/0/alienvault-blogs~How-to-justify-your-cybersecurity-budget-in www.secnews.physaphae.fr/article.php?IdArticle=1356143 False Threat,Studies Deloitte None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Photo by Katie Moum on Unsplash Cybercrime is global, but the response isn’t. Governments in the west are slowly waking up to the importance of cybersecurity, and are (equally slowly) helping businesses to safeguard data and home users to protect their homes from cyberattack. Look outside Europe and the US, though, and the picture is radically different. African countries, in particular, are underprepared for the impact of cyberattacks, and lack the governmental expertise to deal with them. This is an issue for citizens of these countries, but also for us in the west. Poorly prepared countries act as safe havens for cybercriminals, and hackers (some of them state-sponsored) can use these countries to stage cyberattacks that directly impact users in the west. Cybercrime: a global view Though you wouldn’t know it from the press coverage, large cyberattacks don’t just affect the west. Africa, for instance, actually has a huge problem with cybercrime. Recent reports from Botswana, Zimbabwe and Mozambique show that companies are increasingly falling victim to cybercrime. The global WannaCry malware attack of May 2017 hit South Africa hard, and companies in that country typically lose R36 million when they fall victim to an attack. This situation is mirrored across the global south. It is made worse by the fact that developing nations do not have governmental policies for dealing with cyberattacks. This makes companies and home users in these countries particularly vulnerable. It also means that hackers can route their activities through these countries, which have neither the technical nor the legal expertise to catch them, let alone punish them. Though government policies on cybercrime vary widely across the globe, many of the largest attacks of recent years rely for their success on their global reach. The Mirai Botnet, for instance, managed to infect IoT devices across a huge range of territories and countries, and this global base made it incredibly difficult to stop. Attacks like this have made the IoT one of the largest concerns among security professionals today. Given this context, it is time for governments – in all countries and at all levels – to do more when it comes to managing cyber risk. Managing risk The approach that governments take to dealing with cyber risk is a critical factor in the success of these programs. Too often, governments take a ‘hands off’ approach, issuing advice to citizens and businesses about how to avoid falling victim to an attack, and then expecting them to protect themselves. This approach i]]> 2019-09-18T13:00:00+00:00 https://feeds.feedblitz.com/~/606910188/0/alienvault-blogs~Does-your-government-take-cybersecurity-seriously-enough www.secnews.physaphae.fr/article.php?IdArticle=1343551 False Malware,Vulnerability,Threat,Guideline Wannacry None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC subscribe to the Youtube channel to stay updated. This is a transcript of a recent feature on ThreatTraq.  The video features Jonathan Gonzalez, Principal Technology Security, AT&T, John Hogoboom, Lead Technology Security and Tony Tortorici, Principal Technology Security, AT&T. Jonathan: There's no such thing as an entry-level job in cybersecurity. Tony: Jonathan, you had a story about entry-level jobs and what skills you need for day one. Do you want to go into it? Jonathan: Yes, definitely. You know, we usually do vulnerability stories and things that are being hacked and I thought for those watching that might be interested in the field, that might not be in it yet, this may be an interesting topic. I found this blog post by Daniel Miessler about what the expectations of a potential-hiring manager will be on day one. Right. But first of all how do I get to day one and be hired and what are the things that they might be looking for? This ties to the “skill gap” notion in cybersecurity. Miessler has other articles about the skill gap. In this article particularly, it seems he's indicating there is really no entry-level position in cybersecurity, because cybersecurity is not a single field. John: Right. Jonathan: There is this cybersecurity domain mapping that I found very interesting that breaks down every possible job that you could end up in cybersecurity and it's overwhelming. Right? So someone in this entry-level world says, "I want to do cybersecurity." The first thing they need to figure out is what area of cybersecurity? John: This is interesting. I'm not even on this list. I don't see any incident response. Jonathan: There is, on the bottom left, security operations and incident response, investigations... John: Oh there it is, okay. Security operations. Jonathan: ...forensics is my team, there's awareness, there's user education. Also, internally we have governance and risk assessment. We have career development, we have security architecture. As a person in this entry-level world, what you need to understand is you're not doing cybersecurity. You're doing something within the field of cybersecurity. And, this article particularly,   some scenarios can be built and some tasks that are expected? I'm gonna pick on auditing. I learned on the job was preparing for an audit. John: Everyone's favorite task. Jonathan: Right. But usually, a junior entry-level person might end up on that team. And they need to understand what it means to do that and as a person hiring, that might be the thing that you want them to understand. And if they don't even know what that is then you're immediately going to eliminate them without considering their skills. They've just never done an audit. And I think what we get to in here that is not about the skill to do the audit, it's about the skills underneath you might be able to bring them up to an audit level speed. John: Right. Jonathan: And this is very interesting because it's things like understanding which kind of audit it is. Right? Is it an app]]> 2019-09-17T13:00:00+00:00 https://feeds.feedblitz.com/~/606871500/0/alienvault-blogs~Theres-no-such-thing-as-an-entrylevel-job-in-cybersecurity www.secnews.physaphae.fr/article.php?IdArticle=1339981 False Vulnerability,Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC These days it seems that every time you open your favorite news source there is another data breach related headline.  Victimized companies of all sizes, cities, counties, and even government agencies have all been the subject of the “headline of shame” over the past several months or years.  With all this publicity and the increasing awareness of the general public about how data breaches can impact their personal privacy and financial wellbeing, it is no surprise that there is a lot of interest in preventing hacking.  The trouble is that there is no way to prevent others from attempting to hack into any target they chose.  Since there is a practically limitless number of targets to choose from, the attacker need only be lucky or skilled enough to succeed once. In addition, the risk of successful prosecution of perpetrators remains low.  However, while you can’t prevent hacking, you can help to  reduce your attack surface to make your organization less likely to be the subject of attacks.     At this point, lets differentiate between opportunistic attacks and targeted attacks.  Opportunistic attacks are largely automated, low-complexity exploits against known vulnerable conditions and configurations.  Ever wonder why a small business with a small geographic footprint and almost no online presence gets compromised?  Chances are good they just had the right combination of issues that an automated attack bot was looking to exploit.  These kinds of events can potentially end a small to medium business as a going concern while costing the attacker practically nothing.  Targeted attacks are a different story all together.  These attacks are generally low, slow and persistent; targeting your organizations technical footprint as well as your employees, partners and supply chain.  While targeted attacks may utilize  some of the same exploitable conditions that opportunistic attacks use, they tend to be less automated in nature so as to avoid possible detection for as long as possible.  In addition, they may involve a more frequent use of previously unknown exploit vectors (“zero day’s”) to reach their goals or abuse trusted connections with third parties to gain access to your organization.  Ultimately it doesn’t matter which of these kinds of attacks results in a breach event, but it is important to think of both when aligning your people, processes and technology for maximum effect to mitigate that risk.  There have been many articles written regarding best practices for minimizing the risk of a cyber-security incident.  Rather than recount a list of commonly cited controls, I would like to approach the topic from a slightly different perspective and focus on the top six technical controls that I feel are likely to help  mitigate the most risk, provided that all the “table stakes” items are in place (i.e. you have a firewall, etc.). Patch and Update Constantly:  Ultimately the most hacker-resistant environment is the one that is best administered.  Organizations are short cutting system and network administration activities through budget / staff reductions and lack of training.  This practice often forces prioritization and choice about what tasks get done sooner, later or at all.  Over time this creates a large, persistent baseline of low to medium risk issues in the environment that can contribute to a wildfire event under the right conditions.  Lack]]> 2019-09-16T13:00:00+00:00 https://feeds.feedblitz.com/~/606835110/0/alienvault-blogs~Hacker-prevention-tips-to-reduce-your-attack-surface www.secnews.physaphae.fr/article.php?IdArticle=1336807 False Data Breach,Malware,Hack None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC launch of our Managed Threat Detection and Response service, it became obvious to us that the market has many different understandings of what “response” could (and should) mean when evaluating an MDR solution. Customers typically want to know: What incident response capabilities does the underlying technology platform enable? How does the provider’s Security Operations Center team (SOC) use these capabilities to perform incident response, and, more importantly, how and when does the SOC team involve the customer's in-house security resources appropriately? Finally, how do these activities affect the return on investment expected from purchasing the service? However, in our review of the marketing literature of other MDR services, we saw a gap. All too often, providers do not provide sufficient detail and depth within their materials to help customers understand and contextualize this crucial component of their offering. Now that we’ve introduced our own MDR solution, we wanted to take a step back and provide our definition of “response” for AT&T Managed Threat Detection and Response. Luckily, Gartner provides an excellent framework to help us organize our walk-through. When evaluating an MDR service, a potential customer should be able to quickly understand how SOC analysts, in well-defined collaboration with a customer’s security teams, will: Validate potential incidents Assemble the appropriate context Investigate as much as is feasible about the scope and severity given the information and tools available Provide actionable advice and context about the threat Initiate actions to remotely disrupt and contain threats *Source: Gartner Market Guide for Managed Detection and Response Services, Gartner. June 2018. Validation, context building, and Investigation (Steps 1-3)  It’s worth noting that “response” starts as soon as an analyst detects a potential threat in a customer’s environment. It stands to reason then that the quality of threat intelligence used by a security team directly impacts the effectiveness of incident response operations. The less time analysts spend  verifying defenses are up to date, chasing false positives, researching a specific threat, looking for additional details within a customer's environment(s), etc., the quicker they can move onto the next stage of the incident response lifecycle. AT&T Managed Threat Detection and Response is fueled with continuously updated threat intelligence from AT&T Alien Labs, the threat intelligence unit of AT&T Cybersecurity. AT&T Alien Labs includes a global team of threat researchers and data scientists who, combined with proprietary technology in analytics and machine learning, analyze one of the largest and most diverse collections of threat data in the world. This team has unrivaled visibility into the AT&T IP backbone, global USM sensor network, Open Threat Exchange (OTX), and other sources, allowing them to have a deep understanding of the latest tactics, techniques and procedures of our adversaries. Every day, they produce timely threat intelligence that is integrated directly into the USM platform in the form of correlation rules and behavioral detections to automate threat detection. These updates enable  our customers’ to detect emergent and evolving threats by raising alarms for analyzed activity within public cloud environments, on-premises networks, and endpoints. Every alarm is aut]]> 2019-09-13T20:18:00+00:00 https://feeds.feedblitz.com/~/606768584/0/alienvault-blogs~Defining-the-%e2%80%9cR%e2%80%9d-in-Managed-Detection-and-Response-MDR www.secnews.physaphae.fr/article.php?IdArticle=1326216 False Tool,Vulnerability,Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC 2019 Bitcoin Conference in San Francisco, CA. With the various discussions on Bitcoin, Cryptocurrency, and with the chance to hang out with my favorite Crypto personalities, it was easy to lose myself in all the festivities. While taking a break, I found a seat and decided to charge my iPhone.  The station by where I was seated was a wooden cube with two standard wall sockets and two USB ports. Other users took the wall sockets, but I knew that I could charge my phone via USB. But before I did, I remembered on the trip up to San Francisco, one of my travel companions who was with a startup known as CoinCards passed out what they called a "USB data blocker” usb adaptor." So, what is a USB data blocker?     Chargers for modern cellphones, in my case an iPhone Lightning Charger, serve dual purposes. 1. The charge your phone and 2. They allow for the transfer of data. Why is this important to understand? So, take the charging cube from the conference. Consider that a hacker placed the cube with a device, say a Raspberry Pi and the USB ports that were visible from the outside where the USB ports for the PI or USB hub connected to the Pi. Once my phone was plugged in, it could potentially expose me to whatever malware was on the Raspberry Pi. A USB data blocker  stops the data flow aspect of the charging cable and allows only the charging element. Cybersecurity is no longer a corporate issue; we have all become our own cybersecurity firm and responsible for protecting our data. Anti-virus and firewalls can only protect us so much; we have to do our due diligence when it comes to our safety online. Consider the computer housed behind a firewall. There can be some expectation of safety inside of the firewall, especially one that is monitored and updated. But that firewall will not make a difference if someone brings in an infected USB device and then plugs that device into one of the company's computers. I know this from experience. A client was confident that their firewall would protect them from cyber threats to the point where they refused to purchase anti-virus for their computers. One day, an employee brought in a USB flash drive that they had used at home and plugged it into their work computer. Turns out a file on their home computer was infected with malware and they brought it into the office. It put data on the server so that others could access it and the malware was able to spread, including to the server. But how does this fit into our discussion on USB data blockers?  If you take the phone aspect out of it, smart devices are computers. Smart devices access the internet, upload, and download and generally utilize USB to charge or sync data. While iPhones are less likely to be the victim of malware than Android or Windows phones. We would be foolish to assume that a potential hacker could not use the lightning charger to send malicious software to the iPhone. Apple has recently offered a bounty to anyone who can hack the iPhone OS; which means this topic has made the rounds at Apple as well. Cyber awareness, training, and education are more critical now than ever. We can no longer assume because we have a particular type of device that we are automatically safe from harm. Safe is not the world we live in anymore.  ]]> 2019-09-11T13:00:00+00:00 https://feeds.feedblitz.com/~/606676308/0/alienvault-blogs~Practicing-safe-charging www.secnews.physaphae.fr/article.php?IdArticle=1319607 False Malware,Hack None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC has had two espionage attempts in one year, foiled just as the convicts were departing the country. In fact, a 2014 report estimated the global cost of industrial espionage to be $445 billion. Considering how the economy has shaped up since then, the figure may well be over the $1 trillion mark. Should small businesses be concerned? It’s not only the Silicon Valley giants who have to face espionage. Rather, smaller businesses have more to lose. With 31% of all cyber-espionage attacks aimed at small businesses, the loss of important information can leave them facing bankruptcy. Source: https://www.freepik.com/free-photo/hacker-with-laptop_3361105.htm Indeed, according to the U.S National Cyber Security Alliance, 60% of Small Medium Enterprises (SMEs) shut down within six months after a cyber-attack. What’s more, it costs approximately $690,000 and $1million for such businesses to clean up after an attack. As Jody Westby, CEO of Global Cyber Risk says, “it is the data that makes a business attractive, not the size – especially if it is delicious data, such as lots of customer contact info, credit card data, health data, or valuable intellectual property.” Why Are Small Businesses Targeted? Smaller businesses are easy targets of corporate espionage, as they tend to have weaker security compared to large corporations. The Internet Security Threat Report shows, for instance, that while 58% of small businesses show awareness and concern about a possible attack, 51% of them still have no budget allocated to prevent it. It seems, also, that the problem is getting worse, as outlined by cyber-security experts in PwC’s Global State of Information Security Survey: small organizations, with annual revenue of under $100 million, have reduced their security budget by 20%, even as large organizations are spending 5% more on security. Indeed, as large organizations are getting better at defending themselves against different types of espionage, criminals are “moving down the business food chain.” For example, cyber-attacks to steal information from small businesses have increased by 64% in a span of four years, as large businesses have adopted more robust security protocols. As a result, all kinds of small]]> 2019-09-10T13:00:00+00:00 https://feeds.feedblitz.com/~/606638870/0/alienvault-blogs~Should-small-business-owners-concern-themselves-with-business-espionage www.secnews.physaphae.fr/article.php?IdArticle=1317541 False Guideline LastPass None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Julia Solonina Britain should be prepared for a Category 1 cyber security emergency, according to the National Cyber Security Centre (NCSC). This means that national security, the economy, and even the nation’s lives will be at risk. However, despite this harsh warning, UK businesses still aren’t taking proactive and potentially preventative action to stop these attacks from happening. So just where are UK businesses going wrong and can they turn things around before it’s too late? How businesses have responded Since Brexit was announced in June 2016, 53% of UK businesses have increased their cyber security, according to latest statistics. This is as a direct result of industry data being published which revealed that malware, phishing, and ransomware attacks will become the biggest threats once Britain leaves the EU. However, despite these efforts being made, figures reveal that British businesses have the smallest cyber security budget compared to any other country. They typically spend less than £900,000, whereas the average across the world is $1.46 million. At risk of a Category 1 cyber attack A Category 1 cyber attack is described by the NCSC as “A cyber attack which causes sustained disruption of UK essential services or affects UK national security, leading to severe economic or social consequences or to loss of life.” To date, the UK has never witnessed such an attack. Although, one of the most severe attacks in recent times was the 2017 NHS cyber attack which was classed as a Category 2 due to there being no imminent threat to life.  The NCSC says that they typically prevent 10 cyber attacks from occurring on a daily basis. However, as the organization believes that hostility from neighbouring nations is what drives these attacks every single day, they say that it’s only a matter of time before a Category 1 attack launches the country into chaos. NCSC's CEO Ciaran Martin states that "I remain in little doubt we will be tested to the full, as a centre, and as a nation, by a major incident at some point in the years ahead, what we would call a Category 1 attack." UK businesses under attack The UK government’s ‘Cyber Securi]]> 2019-09-09T13:00:00+00:00 https://feeds.feedblitz.com/~/606599482/0/alienvault-blogs~Category-cyber-threat-for-UK-businesses www.secnews.physaphae.fr/article.php?IdArticle=1315374 False Ransomware,Threat,Guideline Wannacry None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC This led to another question.  Should it be illegal to pay the ransom?  After all, if we allow ransomware criminals to achieve their goal, how will we ever stop them, and how will we incentivize companies to properly prepare themselves to thwart them?  People were split on this question, with about 40% saying it should be illegal, and 60% saying that it should not be.  Given this result, we probably won't see the IT community lobbying for new legislation in this area. The most surprising result came when we asked if IT security professionals were ready for a ransomware attack.  In case you're new to security, the only chance you have to mitigate ransomware is to have a solid security program that closes down all the vectors you can with protection tools, and it is almost impossible for these controls to be 100% effective.  The only way to recover from ransomware is to have complete backups of your systems, wipe them clean, and start over.  Expert tip: make sure the backups aren't stored on your network where they can be encrypted with the rest of your data. Surprisingly, a full 69% of our survey respondents claim that they are prepared for a ransomware attack. This is wonderful news.  It's also pretty surprising, given everything we see in the press these days: More than 40 municipalities have been the victims of cyberattacks this year (NY Times 8/22/19) A total of 850.97 million ransomware infections were detected by the institute in 2018 (Ponemon Institute) Ransomware attacks on businesses have increased in the first quarter of 2019, up 195% percent since the fourth quarter of 2018 (Malwarebytes) Only time will tell if our respondents are as prepared as they feel.  We hope everyone is double checking their backups in the meantime. Switching gears, we also wanted to understand how security buyers are feeling about their security programs and their ever-increasing complexity. We're all aware of the constant innovation in security technology - every new IT innovation and new attack vector seems to bring another set of mandatory prevention controls.  But the old controls (endpoint, for example) never seem to go away. This proliferation of products came across clearly in our responses, with over 30% reporting they use at least 20 products.  Industry]]> 2019-09-05T13:00:00+00:00 https://feeds.feedblitz.com/~/606471402/0/alienvault-blogs~Ransomware-experiences-and-why-IT-security-professionals-have-a-lot-on-their-minds www.secnews.physaphae.fr/article.php?IdArticle=1307669 False Ransomware,Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Sir Tim Berners-Lee invented the World Wide Web in 1989, and then it became available to the general public by 1991. The web is an internet service that was designed to help scientists and academics exchange information more effectively. But by the late 1990s, the web helped to make the internet popular and accessible to ordinary people all over the world. Over thirty years after Berners-Lee’s first proposal for the web-- that technology has revolutionized everyone’s lives. Google emerged as the most popular way to search the web by the 21st century, with Bing and DuckDuckGo as frequently used alternatives. But there’s loads of web content that’s delivered through the HTTP and HTTPS protocols that cannot be found through conventional means. When cyber criminals want to exchange information on the web, the smart ones avoid the parts of the web that are easy to track. Innovations in networking technology led to the creation of a part of the web that can only be reached by fully encrypted anonymizing proxy networks. Are those cyber criminals doing anything your business should be worried about? Deep Web and Dark Web are popular buzzwords these days, so what does it all mean? The Deep Web and the Dark Web sound elusive and esoteric, but I can make it all easy to understand. Deep Web versus Dark Web: What's the difference? People very frequently confuse the Deep Web with the Dark Web and vice versa. The Deep Web consists of all of the parts of the web which aren’t indexed by popular search engines like Google or DuckDuckGo. It’s not all a criminal red light district zone, in fact the majority of it is pretty innocuous. I made Angelfire and GeoCities websites as a 90s’ teen, years before Facebook, Google, or YouTube ever existed. I’d be a bit embarrassed for you to find the Spice Girls fan site I made back then, but it’s all perfectly legal and Safe For Work. Most of the Deep Web is just stuff that’s too old or obscure to be found by one of Google’s web crawler bots that they use to help maintain their search engine. You can use your regular web browser to access much of the Deep Web, but you may need to use web archives in order to find what you want. The Wayback Machine is great for this purpose. The Dark Web is also a part of the Deep Web. The Dark Web is the part of the Deep Web that can only be accessed through encrypted anonymizing proxy networks such as Tor or I2P. You will need to install special software on your PC or phone in order to use them. Those proxy networks are great for purposes like helping journalists in hostile territories report on war and politics. But because those proxies use cryptography and lots of relays in order to make servers and endpoints difficult to track, they also help to facilitate cyber crime. Think of it this way. All Dark Web is Deep Web, but not all Deep Web is Dark Web, as all apples are fruit, but not all fruit are apples. All of the internet that’s outside of proxy networks like I2P or Tor is often referred to as the “clearnet,” in contrast with the “darknet.” Types of cyber crime in 2019 Cyber criminals will often choose to use the Dark Web in order to engage in their malicious activities. The Dark Web is full of illegal marketplaces and forums where criminal activity is advertised and communicated about. If you install I2P software or the ]]> 2019-08-22T13:00:00+00:00 https://feeds.feedblitz.com/~/605919950/0/alienvault-blogs~How-to-prevent-crime-on-the-Deep-Web-and-Dark-Web www.secnews.physaphae.fr/article.php?IdArticle=1278539 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Image Source: Pixabay Cyberbullying and cybersecurity incidents and breaches are two common problems in the modern, internet-driven world. The fact that they are both related to the internet is not the only connection they have, however. The two are actually intimately connected issues on multiple levels. It may seem like an odd notion. After all, cyberbullying typically involves using technology to harass a person (often overtly), while cybersecurity involves preventing hackers and identity thieves from accessing information and then simply getting away without being caught. While the two have similarities in that they both involve malicious actors online, the motives are quite different. However, the points of connection between these two topics are worth exploring. Defining cyberbullying and cybersecurity When comparing terms like these, it can be helpful to lay out a definition for each in order to make sure everyone is on the same page. Cyberbullying is, simply put, bullying a person through technological outlets, such as social media or texting. Cybersecurity is the protection of sensitive data (and therefore people) using specific measures. Cyberbullying The modern world now knows that bullying can go beyond simple physical abuse; it can take place digitally as well. Cyberbullying can involve intimidating, deceiving, harassing, humiliating, and even directly impersonating a person. Since it takes place online, it also isn’t restricted to places like school or social gatherings. Due to the ubiquitous nature of the internet, cyberbullying can follow victims throughout every aspect of their lives. It also typically involves the common issue of cyberstalking. While it may be cute or entertaining to learn about a new friend or potential partner by following their goings-ons on Facebook, the issue of cyberstalking in a cyberbullying context is serious and is one of the key things that connect it to cybersecurity. From various levels of emotional abuse to stalking and even physical violence in extreme cases — such as that of Shana Grice in 2016, cyberbullying has a well-documented track record as a malicious and dangerous practice. Cybersecurity While cybersecurity is a broad topic, it’s worth taking the time to highlight some of the more specific areas of the practice that directly relate to the issue of cyberbullying. Identity theft is the poster child of cybercrime, and it’s a threat that’s used in cyberbullying often. In addition to defrauding an individual by accessing or opening new lines of credit in their name, cybercriminals may impersonate an individual for other motives. For instance, if a cyberbully is stalking someone else, they may hack into their user account on a game, an email address, or social media account in order to impersonate them. This allows them to get information from their victim’s friends and family or harass them. Another way a cyberbully can be a cybersecurity threat is by using malware to hack ]]> 2019-08-21T13:00:00+00:00 https://feeds.feedblitz.com/~/605873952/0/alienvault-blogs~Cyberbullying-and-cybersecurity-how-are-they-connected www.secnews.physaphae.fr/article.php?IdArticle=1276265 False Data Breach,Malware,Hack,Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC With cybercrime on the rise, companies are always looking for new ways to ensure they are protected. What better way to beat the hackers than to have those same hackers work FOR you. Over the past few years, corporations have turned to Bug Bounty programs as an alternative way to discover software and configuration errors that would’ve otherwise slipped through the cracks. These programs add another layer of defense, allowing corporations to resolve the bugs before the general public is made aware or harmed by the bugs. Bug Bounty programs allow white-hat hackers and security researchers to find vulnerabilities within a corporation’s (approved) ecosystem and are provided recognition and/or monetary reward for disclosing them. For the corporation, this is a cost-effective way to have continuous testing, and when a vulnerability is found, the monetary reward can still be significantly less than a traditional pen test. Hunter & Ready started the first known bug bounty program in 1983, adopting the motto “Get a bug if you find a bug”; Anyone who found a vulnerability would receive a Volkswagen Beetle. In 1995, Netscape Communications Corporation coined the phrase ‘Bug Bounty’ when they launched a program, which offered rewards to anyone who could find flaws in their Netscape Navigator 2.0 Beta. The idea of a bug bounty program didn’t immediately take off. It took Google launching their program in 2010 to really kickstart the trend, but according to HackerOne, by the end of 2018, over 100,000 total vulnerabilities have been submitted and $42 million has been paid out. In 2018 alone, an estimated $19 million was rewarded, which is more than all of the previous years combined. The vulnerability that was reported the most was cross-site scripting, followed by improper authentication, with a high number of big payouts recorded in the financial services and insurance sectors and information disclosure vulnerabilities rounds out the top three, with most of these bugs being reported in the electronics and semiconductor industry. Today, about 6% of the Forbes 2000 global companies have Bug Bounty programs, including companies like Facebook, United Airlines, and AT&T. AT&T was the first telecommunication company to announce the launch of their program in 2012. AT&T’s Bug Bounty program has a fairly wide scope, allowing almost any vulnerability found within their environment to be eligible for a reward. As other telecommunication companies started their program, AT&T was used as a resource to provide insight on what works well and what doesn’t.  While there are hundreds of bug bounty programs, no two programs are exactly alike. There has been a big shift away from internally managing these programs to outsourcing to third parties. Although these programs are most talked about in the technology industry, organizations of all sizes and industries have started having Bug Bounty programs, including political entities. Both the European Union and the US Department of Defense have launched programs in recent years. The EU launched their program in January 2019, inviting ethical hackers to find vulnerabilities in 15 open source projects that the EU institutions rely on, providing a 20% bonus if the hacker]]> 2019-08-20T13:00:00+00:00 https://feeds.feedblitz.com/~/605831206/0/alienvault-blogs~How-Bug-Bounty-programs-work www.secnews.physaphae.fr/article.php?IdArticle=1273810 False Vulnerability None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Diana Initiative.) First some cute kid pics! R00tz started back in 2011; originally called Defcon Kids.  It is an event designed specifically for kids to introduce them to “White Hat” security.  It includes hands on events, talks, and contests that are specifically geared for a younger crowd, including lock picking, soldering stations, capture the flag contests, technical talks and more.  One of the keys to the success of the event is that all these activities are specifically designed for and targeted for a young audience and include an Honor Code.  Some of the key aspects of the Honor Code include the following values: Only do good Always do your best Constantly improve Innovate Think long-term Be positive Visualize it Inspire others Go big & have fun! In general, the kids are encouraged to explore, to innovate and to learn.  The “rules” that govern R00TZ participation include: Only hack things you own Don’t hack anything you rely on Respect the rights of others Know the law, the possible risk, and the consequences for breaking it Find a safe playground AT&T participation: past and present AT&T has participated in the r00tz event for the last few years.  We’ve grown from being only a financial sponsor into actively participating. Patrick McCanna & Marc Kolaks were the key individuals to get ATT involved.  Patrick provided the contacts, and Marc arranged for the sponsorship. They saw a fantastic opportunity for AT&T to make a positive impact in the otherwise nefarious realm of hacking. One of the major contributions that AT&T provides to the r00tz event is the “Junk Yard”  This event provides piles of old electronic equipment ranging from cell phones to routers to typewriters. The kids are provided with hand tools, and eye protection (this year some AT&T Cybersecurity sunglasses were provided), and are allowed / encouraged to dis-assemble all this equipment simply to “see what’s inside”. In addition to the Junk Yard we’ve created various hands on activities ranging from penetration testing demonstrations to a customized version of the Hacker Games and Link buster in order to teach security “best practices” in a fun environment. Along with the “games” we also hosted MIT’s SCRATCH programming environment to allow the kids to experience computer programming on a fun an easy to understand platform. Another addition to this year’s event included providing information to parents on AT&T’s ASPIRE program and information on STEM (Science, Technology, Engineering & Math) opportunities for th]]> 2019-08-19T13:00:00+00:00 https://feeds.feedblitz.com/~/605787800/0/alienvault-blogs~What-is-rtz-Asylum www.secnews.physaphae.fr/article.php?IdArticle=1271289 False Hack None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC AlienVault Open Threat Exchange (OTX) platform: Figure 1: The website otx.alienvault.com   The Open Threat Exchange is a crowd-sourced platform where, where users upload “pulses” which contain information about a recent cybersecurity threat. A pulse consists of indicators of compromise and links to blog posts, whitepapers, reports, etc. with details of the attack. The pulse normally contains a link to the full content (a blog post), together with key meta-data manually extracted from the full content (the malware family, target of the attack etc.). Figure 2 is a screenshot of an example of a blog post that could be contained in a pulse: Figure 2: Snippet of a blog post from “Internet of Termites” by AT&T Alien Labs Figure 3 is a theoretical visualization of our end-goal - the automated extraction of meta-data from the blog post which can be added to a pulse: Figure 3: The same paragraph with entities extracted This kind of threat intelligence collection is still manual with a human having to read and tag the text. However, unsupervised machine learning techniques can be used to extract the information of interest. We created custom named entities trained on domain-specific data to tag pulses. This helps speed up the overall process of threat intelligence collection. Approach and Modeling We collected the data by scraping text from all the pulse reference links on the OTX platform. We focused on HTML and PDF sources and used appropriate document parsers. But, since the sources are not consistent, we put in place many rule-based checks to clean the text. For example, tags like ‘IP_ADDRESS’ and ‘SHA_256’ replace IP addresses and hashes. We did not omit them to preserve the word sequence and any dependencies. Next, we had the large task of annotating the documents. But SpaCy’s annotation tool, Prodigy, makes the process much less painful than it has been before. Figure 4 below is an example annotation where “Windows” is labeled as a country rather than “China” in the sentence. The confidence score is very low for this annotation, and we can reject this annotation. Figure 4: Example annotation from Prodigy SpaCy's built-in Named Entity Recognition (NER) model was our first approach. The current model architecture is not published, but this video explains it in more detail. We have also built a custom bidirectional LSTM which has gained popularity in recen]]> 2019-08-14T13:00:00+00:00 https://feeds.feedblitz.com/~/605598404/0/alienvault-blogs~Entity-extraction-for-threat-intelligence-collection www.secnews.physaphae.fr/article.php?IdArticle=1262325 False Malware,Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC By 2025, it is estimated that there will be over 64 billion IoT devices around the world, with an increasing number being used around the home by mainstream consumers. Although these devices offer convenience and ease, homeowners need to be responsible for ensuring their security and safe upkeep. In the same way that homeowners add security systems to protect the physical aspects of a property, taking steps to improve the security of IoT devices will keep connected smart systems safe from attack.  Guarding against invasion Combining smart technology with security creates a simple, integrated ecosystem to protect and monitor the home. A comprehensive home surveillance system will offer defense against physical intruders, but it is equally important to ensure that all smart systems and devices are also protected. In the past, intruders could only break into a home by physically smashing a window or breaking a lock, now they can gain access through a light bulb. This is possible because systems are connected, and, if a Wi-Fi password is insecurely stored on just one device, hackers could potentially view a credit card transaction taking place on another. Adding layers of protection Nearly 90% of people suspect that this sort of cybercrime is on the increase and yet, less than half of them believe they are able to protect themselves from such an attack. It’s estimated that over 80% of network intrusions are because of compromised passwords. As well as using strong passwords, websites and apps are increasingly offering ways to add an extra level of authentication such as a security pin or a one-off code delivered by text. Companies already use multifactor authentication to allow their employees to access computers and data at work and, in the future, this could be seen more in the home. Minimizing attack surfaces Reducing unnecessary complexity is one of the best ways to keep smart technology secure. The attack surface of any operating system is the sum of all potential entry points where exposure to security risks is at its highest. The attack surface is increased as more devices, services and applications are added to a system. By ensuring entry points are only available to trusted users and disabling any unused or unnecessary services, there is less chance of infiltration. With physical security systems and surveillance cameras, homeowners can clearly see that their physical property is secure from intrusion. However, a compromise in cybersecurity is harder to spot. By being more aware of vulnerable areas, and adding extra protection to weak spots, security is improved throughout the home. ]]> 2019-08-13T13:00:00+00:00 https://feeds.feedblitz.com/~/605559432/0/alienvault-blogs~Protecting-your-home-from-physical-and-cyber-attacks www.secnews.physaphae.fr/article.php?IdArticle=1259885 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Browsing privately ensures that no one spies on what you do online. Thanks to the tech growth that the world has experienced over the years, you either choose to browse the entire web anonymously or if you only need to hide from specific spies, you can opt to make all of your visits to a single website anonymous. Without this anonymity, anyone who chooses to stalk you will easily do so by closely watching your browsing habits on a daily basis. The spy can be any person or entity, from your partner, parent, a business rival, or even the government. If you doubt that, use a VPN today and you will be amazed by how many private servers you can access without consent. What are the benefits of browsing anonymously? If you are like many people, you definitely don’t appreciate it when others invade your privacy unannounced. So, the primary benefit of browsing anonymously is to protect your privacy. From this benefit stems many other related benefits. They include: When searching for a new job, sometimes you browse through job advertisements using your office computer. The surest way of blocking your current employer from spying on your web searches from the company servers is to browse anonymously. If you have been searching for prescription drug information of late, the last thing you want is a drugs eCommerce store to track down your IP, collect your email without your consent, and start sending you spam about a new medicine. Anonymous browsing will keep them off no matter how they try to access your browser. Many countries have strong and restrictive web policies that you can only duck or bypass using anonymous browsing. It is cool to browse knowing that no one is spying on you. It gives you peace of mind. Maybe there are sites you visit often but would not want a family member to find out. Problem solved. It is common knowledge that we are all under constant surveillance by government snoops, like the FBI or NSA. How better to hide from them than to browse anonymously? If you are a travel enthusiast who loves searching the web for flight prices and travel destinations, travel companies might know how desperate you are to travel and decide to hike prices. Blocking them from seeing your search history is vital for your travel budget. How can you browse the internet anonymously? Use VPN Buy a VPN (a virtual private network) and protect your data from hackers, government agencies, and rogue internet service providers. VPN masks your IP address so that no surveillance can identify you through your web traffic. Browse in a private window Maybe you aren’t interested in keeping hackers or government surveillance at bay, all you want is to hide critical information from your family members or colleagues who happen to have access to your browsing device. Browsing on a private window means that your search queries aren’t saved in the browser. Even if someone goes looking for them in your history, they won’t find them. Try DuckDuckGo The difference between this search engine and Google or Bing is that it doesn’t sell your data to 3rd parties. In that case, you will not receive any targeted ads or be tracked through your browsing history. In addition, even when you see ads as you browse, they most probably do not carry any tracking cookies and, for what it’s worth, they are based on the immediate search queries that you have typed in recently. They aren’t based on a user profile, like what engines such as Google create for]]> 2019-08-06T13:00:00+00:00 https://feeds.feedblitz.com/~/605309742/0/alienvault-blogs~How-to-browse-the-internet-anonymously www.secnews.physaphae.fr/article.php?IdArticle=1246336 False Spam None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Deepfakes are the latest moral panic, but the issues about consent, fake news, and political manipulation they raise are not new. They are also not issues that can be solved at a tech level. A deepfake is essentially a video of something that didn’t happen, but made to look extremely realistic. That might sound like a basic case of ‘photoshopping’, but deepfakes go way beyond this. By training AI algorithms on vast libraries of photographs taken of famous people, the videos produced in this way are eerily real, and worryingly convincing. As a result, plenty of analysts are worried that deepfakes might be used for political manipulation, or even to start World War 3.   Solving these problems is going to be hard, in part because they are an extension of problems that are already evident in the rise of fake news, faked videos, and misinformation campaigns.  What are deepfakes? If you’ve never seen a deepfake, do a quick Google search for one, and watch the video. If this is your first time, you’re going to be pretty impressed, and possibly quite disturbed.  These videos are made by AIs. Deepfake authors collect a database – as large as possible – of photographs taken of a person, and then an AI is used to paste these on to a video using a technique known as generative adversarial networks. Because AIs are developing at a rapid rate, so is the sophistication of deepfakes. It will come as no surprise to learn that deepfakes were developed first for porn, to produce videos with Hollywood stars’ faces over other (women’s) bodies. But since then, the technology has increasingly been used to produce political videos, and by Hollywood itself. The threat of the technology is certainly real, but let’s get one thing out of the way first: if you are reading this and are worried that you might be the subject of a deepfake, you don’t need to worry (at least yet). The technology relied on millions of photographs of a person being publically available, and unless you are a celebrity that’s probably not the case. Regardless of your celebrity status, however, the best VPN services are a cost effective ($5-10 monthly) defensive measure to consider for all your internet-connected devices]]> 2019-08-05T13:00:00+00:00 https://feeds.feedblitz.com/~/605269050/0/alienvault-blogs~Deepfakes-are-a-problem-what%e2%80%99s-the-solution www.secnews.physaphae.fr/article.php?IdArticle=1244357 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Deloitte survey, large enterprises spend thousands per employee and up to hundreds of millions of dollars per annum on cybersecurity, often deploying dozens or even hundreds of expensive and sophisticated security solutions along the way. For our bike manufacturer, it’s impossible to wade through all of the solutions on offer from the thousands of cybersecurity vendors out there. Their business is at risk through no fault of their own and the “solution” to mitigating that risk is beyond reasonable allocation of resources. Mind you, it’s not just the bicycle company in this race. There’s the contract manufacturer that actually assembles the bikes, the advertising agency that promotes them, the distributors that get them into stores and perhaps 20 other major partners and subcontractors who support the core business. And this is just one major bicycle brand! There are millions of other mid-sized enterprises around the globe with the exact same problem. Every business, including the Fortune 500, would relish the opportunity to be more efficient in cybersecurity and to put more money back into the business. But for mid-sized companies, who don’t have the same resources to protect themselves, it’s a matter of survival. Our bicycle brand should be focused on engineering the perfect machine to break a 36mph Tour de France stage speed, not on cybersecurity. This shouldn’t be something that soaks up resources and diverts attention from the core business. That’s precisely why AlienVault automated threat detection and streamlined response, and why we continue to focus on making security more accessible as AT&T Cybersecurity.  What gets me excited for customers like the bicycle manufacturer is the ability to do all that and more, on a much grander scale, because of what AT&T brings to the table. With a core mission of connecting people where they live and work for more than 140 years, security is in AT&T’s DNA. Ever since there was something of value carried over a network, AT&T has been a leader—including what is now called cybersecurity. Serving more than 3 million companies globally from the smallest business to nearly all the Fortune 1000 has given AT&T unrivaled visibility into the threats and needs of business customers. And as a trusted advisor that provides countless integrated business solutions around the globe, AT&T has assembled a broad portfolio of nearly all of the leading security vendors to help in the mission. We now have the opportunity to integrate AT&T’s unparalleled threat intelligence, AlienVault’s proven strengths in automation, and the world’s best cybersecurity solutions into one unified platform that eliminates cost and complexity for millions of companies both large and small. The bicycle manufacturer can choose to use the platform to manage security themselves, outsource the work completely, or utilize a collaborative model that utilizes collective expertise and capabilities. This is enabled through the AT&T consulting and managed services teams or through]]> 2019-08-01T12:30:00+00:00 https://feeds.feedblitz.com/~/605127584/0/alienvault-blogs~For-midsized-enterprises-to-win-the-cybersecurity-race-the-game-needs-to-change www.secnews.physaphae.fr/article.php?IdArticle=1236739 False Threat,Guideline Deloitte None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Introduced to the market nearly two decades ago, Virtual Private Networks (VPNs) are a uniquely enduring cornerstone of modern security. Most large organizations still employ a VPN solution to facilitate secure remote access, while millions of consumers rely on similar products to bolster their online privacy, secure public Wi-Fi connections, and circumvent site blocks. By now, most of us know that a VPN assigns us a new IP address and transmits our online traffic through an encrypted tunnel. But not all VPNs are created equally. Depending on the protocol in use, a VPN might have different speeds, capabilities, or even vulnerabilities. Encryption protocols and ciphers are at the heart of VPN technology, determining how your ‘secure tunnel’ is actually formed. Each one represents a different solution to the problem of secure, private, and somewhat anonymous browsing. Though many of us are aware of how a VPN generally works, it’s common to get lost on the fine details of the technology due to the sheer complexity of the subject. This confusion is reinforced by the fact that many VPN providers can be slapdash to the point of misleading when describing the type of encryption that they use.  This article will provide a simple point of reference for those who want to explore the technologies driving their VPN service. We’ll review different types of encryption, the main VPN protocols available, and the common ciphers behind them. In explaining the confusing array of terms commonly used by VPNs and other security products, you will be in a stronger position to choose the most secure protocol and assess the claims made by VPN providers with a much more critical eye. Types of encryption At a very basic level, encryption involves substituting letters and numbers to encode data so that only authorized groups can access and understand it. We now use powerful algorithms called ciphers to perform encryption and decryption. These ciphers simply denote a series of well-defined steps that can be followed repeatedly. The operation of a cipher usually depends on a piece of auxiliary information called a key; without knowledge of the key, it is extremely difficult – if not impossible – to decrypt the resulting data. When talking about encryption today, we generally refer to a mixture of cipher and key-length, which denotes the number of ‘bits’ in a given key. For example, Blowfish-128 is the Blowfish cipher with a key length of 128 bits. Generally speaking, a short key length means poor security as it is more susceptible to violation by brute-force attacks. A key length of 256 bits is the current ‘gold standard’. This cannot be brute-forced as it would take billions of years to run through all the possible bit combinations. There are a few key concepts in the world of encryption: Symmetric-key This is where the key for encryption and decryption is the same, and both communicating parties must possess the same key in order to communicate. This is the type of encryption used in VPN services. Public-key Here, software is used to create sets of public and private keys. The public key is used to encrypt data, which is then sent to the owner of the private key. They then use this private key to decrypt the messages. Handshake encryption (RSA) Securely connecting to a VPN server requires the use of public-key encryption through a TLS handshake. While a cipher secures your actual data, this handshake secures your connection.  This is typically done through the ]]> 2019-07-31T13:00:00+00:00 https://feeds.feedblitz.com/~/605084684/0/alienvault-blogs~The-ultimate-guide-to-VPN-encryption-protocols-and-ciphers www.secnews.physaphae.fr/article.php?IdArticle=1235063 False Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC With access to more resources than ever before, cybercriminals are rapidly scaling their operations, making every organization a potential target for a cyberattack. And, they are constantly shifting their tactics to exploit new vulnerabilities and slip past perimeter-based controls undetected. Meanwhile, the longer a threat goes undetected in a network environment, the greater the potential for damage through a security breach, data loss, or business downtime and disruption. In fact, the Ponemon Institute reported that the average cost of a security breach increases by over $1 million for threats that dwell for 100 days or longer. That’s why, in addition to advanced security protection and prevention controls, organizations need a way to continuously monitor what’s happening on their networks, cloud environments, and critical endpoints and to quickly identify and respond to potential threats. But, for many businesses, building an effective threat detection and incident response program is costly and challenging, especially given the industry’s shortage of skilled security professionals. AT&T Managed Threat Detection and Response With these challenges in mind, AT&T Cybersecurity is excited to introduce AT&T Managed Threat Detection and Response, a sophisticated managed detection and response service (MDR). The new service brings together people, process, and technology in a virtually seamless way to accelerate and simplify threat detection and response, helping organizations to detect and respond to advanced threats before they impact the business. AT&T Managed Threat Detection and Response builds on our 30 years of expertise in security operations, our award-winning unified security management (USM) platform for threat detection and response, and the unrivaled visibility and threat intelligence of AT&T Alien Labs. With advanced features like 24 x 7 proactive security monitoring, threat hunting, security orchestration, and automation in one turnkey solution, businesses can quickly establish or enhance their security program without the cost and complexity of building it themselves.  “We couldn’t do the things that AT&T brings to us for four times the cost of what we’re paying now,” said Stephen Locke, CIO, NHS Management, LLC. “Even if we did, we wouldn’t have the same level of expertise and intelligence of what’s happening in the cybersecurity world.” With AT&T Managed Threat Detection and Response, critical IT assets are monitored by one of the world’s most advanced security operations centers (SOC). The AT&T Threat Managed Detection and Response SOC has a dedicated team of trained security analysts who are solely focused on helping organizations to protect their business by hunting for and disrupting advanced threats around the clock. Our SOC analyst team not only handles daily security operations of monitoring and reviewing alarms to reduce false positives, but they conduct in-depth incident investigations.  These provide incident responders with rich threat context and recommendations for containment and remediation, helping security teams to respond quickly and efficiently. AT&T Cybersecurity SOC analysts can even initiate incident response actions, taking advantage of the built-in security orchestration and automation capabilities of the USM platform or even sending incident response specialists onsite if the situation requires.  Stephen Locke added, “Adding AT&T Managed Detection and Threat Response reduced my ]]> 2019-07-30T13:00:00+00:00 https://feeds.feedblitz.com/~/605044788/0/alienvault-blogs~New-ATampT-Cybersecurity-Managed-Threat-Detection-and-Response-service www.secnews.physaphae.fr/article.php?IdArticle=1233385 False Vulnerability,Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Across the board, security teams of every industry, organization size, and maturity level share at least one goal: they need to manage risk. Managing risk is not the same as solving the problem of cybersecurity once and for all, because there is simply no way to solve the problem once and for all. Attackers are constantly adapting, developing new and advanced attacks, and discovering new vulnerabilities. Security teams that have accepted the post-breach mindset understand that cybersecurity is an ongoing chess match with no end. They focus on reducing risk as much as possible through visibility and automation, instead of searching for a one-size-fits-all solution. Incident response plays a key role in effectively reducing risk. In a breach, the average cost per lost or stolen record is $148, and having an incident response team reduces this cost by almost 10%. Because of the human component of critical thinking that goes hand-in-hand with response and resolution, incident response is not something you can totally automate. But that doesn’t change the fact that it is something organizations absolutely need in the event of a breach. Despite this, 77% of IT professionals say their organization does not have a formal cybersecurity incident response plan. Instead, organizations respond in an ad-hoc fashion to threats without digging for the root cause of the incident and resolving it. Incident response is an under-utilized asset that has organizational and defensive, immediate and long-term benefits. An incident response team is accountable for having a plan to handle an incident and implementing it. They’re prepared to mitigate damage, identify the root cause of an incident, and communicate with the proper channels. But they are also responsible for another crucial part of incident response: the post-incident review. Post-incident review is about identifying every aspect of an incident down to its true root cause. It answers critical questions like what happened before, during, and after the attack. By answering these questions, organizations can ensure the same attack doesn’t happen twice. They review the attack, and identify and close all gaps in their defense that the attacker leveraged. However, this leaves post-incident review with a major problem. It takes organizations an average of 191 days to identify a data breach. For a post-incident review that does its due diligence, this means potentially going all the way back in time through at least 191 days’ worth of data to find the root cause of the attack. Consider all of the data in your environment that has come and gone over the course of 191 days. How many investigations have your analysts performed in that time? To put this into perspective, 27]]> 2019-07-29T13:00:00+00:00 https://feeds.feedblitz.com/~/605003530/0/alienvault-blogs~Postincident-review-and-the-big-data-problem www.secnews.physaphae.fr/article.php?IdArticle=1231305 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC subscribe to the Youtube channel to stay updated. This is a transcript of a recent feature on ThreatTraq.  The video features Jaime Blasco, VP and Chief Scientist, AlienVault, Stan Nurilov, Lead Member of Technical Staff, AT&T,  and Joe Harten, Director Technical Security. Stan: Jaime. I think you have a very interesting topic today about threat intelligence.  Jaime: Yes, we want to talk about how threat intelligence is critical for threat detection and incident response, but then when this threat intelligence and the threat actors try to match those indicators and that information that is being shared, it can actually be bad for companies. So we are going to share some of the experiences we have had with managing the Open Threat Exchange (OTX) - one of the biggest threat sharing communities out there. Stan: Jaime mentioned that they have so many threat indicators and so much threat intelligence as part of OTX, the platform.  Jaime: We know attackers monitor these platforms and are adjusting tactics and techniques and probably the infrastructure based on public reaction to cyber security companies sharing their activities in blog posts and other reporting. An example is in September 2017, we saw APT28, and it became harder to track because we were using some of the infrastructure and some of the techniques that were publicly known. And another cyber security company published content about that and then APT28 became much more difficult to track. The other example is APT1. If you remember the APT1 report in 2013 that Mandiant published, that made the group basically disappear from the face of earth, right? We didn't see them for a while and then they changed the infrastructure and they changed a lot of the tools that they were using, and then they came back in 2014. So we can see that that threat actor disappeared for a while, changed and rebuilt, and then they came back. We also know that attackers can try to publish false information in this platform, so that's why it's important that not only those platforms are automated, but also there are human analysts that can verify that information.  Joe: It seems like you have to have a process of validating the intelligence, right? I think part of it is you don't want to take this intelligence at face value without having some expertise of your own that asks, is this valid? Is this a false positive? Is this planted by the adversary in order to throw off the scent? I think it's one of those things where you can't automatically trust - threat intelligence. You have to do some of your own diligence to validate the intelligence, make sure it makes sense, make sure it's still fresh, it's still good. This is something we're working on internally - creating those other layers to validate and create better value of our threat intelligence. Jaime: The other issue I wanted to bring to the table is what we call false flag operations - that's when an adversary or a threat actor studies another threat actor and tries to emulate their behavior. So when companies try to do at]]> 2019-07-25T13:00:00+00:00 https://feeds.feedblitz.com/~/604869576/0/alienvault-blogs~Can-you-trust-threat-intelligence-from-threat-sharing-communities-ATampT-ThreatTraq www.secnews.physaphae.fr/article.php?IdArticle=1222817 False Malware,Threat,Studies,Guideline APT 38,APT 28,APT 1 None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Here is a short communication tip that may help you in your daily interactions.  How often have you “resent” an E-Mail?  How often have you told a person that you will “send an invite”? You may be wondering why I am bringing this up in a post usually reserved for cybersecurity.  Am I just being overly pedantic? Am I just a rigid grammarian?  One could easily assert that (and my friends do so all the time, so feel free to jump on that bandwagon).  However, there is more to it than that. While we tend to use the word “resent” to indicate sending a message again, as yet, there is no recognized usage in the English language. The same is true for the word “invite”.  It is not yet recognized in the way we are using it. I have written previous posts about our ability to interact more effectively with those who seek our knowledge, as well as building better credibility for what we do as InfoSec professionals, so this flows along the same lines. Resent means to express ill-will or annoyance, so when you tell a person that you “resent an Email”, they may wonder what they did wrong to generate such ire.  Similarly, when you tell a person that you will “send an invite”, you are actually issuing two commands.  Quite confusing! I often wonder what we all do with the time we save by not saying taking the time to type that we will send the message again, or by saving the extra two syllables in the word “invitation”. Of course I am bringing all of this up in a humorous way, since language is an always-evolving body of knowledge with broad influences.  However, there is a social aspect to this.  As you may already be aware, when communicating in person, subtle mirroring of various behaviors is very important to a successful interaction.  The same can be true of the language we use.  If the person with whom you are communicating uses the colloquialisms (such as resent and invite rather than send again and invitation), then perhaps we should flow along with that, regardless of our personal preferences.  Of course, always be genuine and authentic when doing so, or you could be incorrectly perceived as condescending. One of the keys to effective communication is to meet the other person “where they are”.  Since we work with folks at all levels of the corporate and social spectrum, it is important for us to take the time to recognize and correctly echo the sentiment, as well as the tone of the communication to achieve a better dialogue with those we serve. Now, if you will excuse me, I need to go send an invite.   ]]> 2019-07-24T13:00:00+00:00 https://feeds.feedblitz.com/~/604828102/0/alienvault-blogs~I-resent-my-Email-and-my-invite www.secnews.physaphae.fr/article.php?IdArticle=1221358 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC The elderly population in the U.S has been on a steady incline for the past few decades. With more seniors living longer new challenges arise. Unfortunately, many seniors become vulnerable to different types of abuse, neglect, and exploitation as they age. The National Council on Aging estimates that financial fraud and abuse against seniors costs older Americans up to $36.5 billion each year. The perpetrators of financial abuse can be anyone, such as family members, paid caregivers, or strangers who hack into systems and steal vital financial data. You must be well informed about financial fraud to know what to do about it and keep the seniors in your life safe. Vulnerability and financial fraud Financial exploitation can leave any target, such as businesses and individuals, with significant losses. However, when you combine this general risk with some of the cognitive deficits common to the elderly population, the result can be financial devastation. Risk factors that place seniors at a higher-than-average risk of becoming a victim include: Needing assistance with activities of daily living. Poor health. Fixed income. Living with no spouse or partner. Not using regulated social services. Just a few short years ago, financial fraud had to be committed face-to-face with the senior, another family member, or banking institution. Today, attackers can sit in the comfort of their home and electronically attack funds in banking institutions, social security information, and other vital data that can unlock several accounts. These types of security incidents might not even be reported by the victims because they are often not required by law to report. Importance of prevention Recovery after financial abuse or exploitation can be nearly impossible. Taking steps to prevent it from ever happening is the best strategy to keep seniors safe. Here are a few strategies you can use: Know the types of abuse The underlying message around financial fraud is that you and any seniors you care for should never feel safe when it comes to their money. Types of financial fraud range from someone selling them services they don’t need to complex online identity theft. Here are a few of the types of fraud you should know about. DDoS attacks happen when hackers take control of a company’s servers, networks, or devices. During a DDoS attack, the attacker can access vital information about hundreds or thousands of people. To protect seniors, be sure to assist them with choosing reputable companies when they do business. Phishing happens when hackers send emails to a bank’s or other business’ customers that look legit. The email will usually ask the user to provide an account login, personal data, or a passwo]]> 2019-07-23T13:00:00+00:00 https://feeds.feedblitz.com/~/604787800/0/alienvault-blogs~How-to-prevent-elder-abuse-and-financial-fraud www.secnews.physaphae.fr/article.php?IdArticle=1219905 False Hack None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Find Part 1 if you missed it. Let me start with a PSA message. It is illegal to hack, log in to, penetrate, take over or even hack, a system or network of systems without the explicit permission of the owner. Criminal hacking is illegal and punishable under Federal Law. I am describing methods to learn more about WordPress so you can protect your sites better. The Computer Fraud and Abuse Act of 1986, enacted into law today as United States Code Title 18 Section 1030, is the primary federal law governing cybercrime in the United States today. It has been used in such famous cases as the Morris Worm and in the prosecution of notorious TJX hacker Albert Gonzalez. Stress testing your own Wordpress site with penetration testing Now, in this edition we are going to use Kali Linux and WPScan to run a few commands against a WordPress site built in the lab for testing purposes. In the last episode I told you about Bitnami. They provide a fully virtualized version of WordPress in an .ovf format, which is ready to spin up with VMWare ESXi server. You can find the download here: https://bitnami.com/stacks In this episode we are going to pen test a WordPress site for a couple of things. These will not give us access to the site but would be more around reconnaissance of the site. Recon will tell you a lot about a site and its security. Once you find out basic information, it’s easier to move on to deeper penetration efforts and possibly even breaching the site through a brute force attack. How to find your Wordpress vulnerabilities First you must prepare your instance of WPScan on Kali Linux to ensure you have the latest scan patterns, definition and updates to plug-ins and templates, as these updates will contain information about weaknesses and exploits within the assorted accessories that work with WordPress. When you run the command below the output below that is what you should get in your Kali Linux terminal screen. root@kali:~# wpscan --update     WordPress Security Scanner by the WPScan Team Version 3.3.1 Sponsored by Sucuri - [url=https://sucuri.net ]https://sucuri.net [/url]; @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_ _______________________________________________________________ [i] Updating the Database ... [i] Update completed. This command runs a basic scan of the website, in this case the IP address. You can run this command with the FQDN if you prefer. I am running this with IP because it’s in the lab. root@kali:~# wpscan --url 10.25.100.22         WordPress Security Scanner by the WPScan Team Version 3.3.1 Sponsored by Sucuri - [url=https://sucuri.net ]https://sucuri.net [/url]; @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_ _______________________________________________________________ [+] URL: [url=http://10.25.100.22/ ]http://10.25.100.22/ [/url];[+] Started: Tue Jun 25 23:59:58 2019 Interesting Finding(s): The interesting finding here are that the we]]> 2019-07-22T13:00:00+00:00 https://feeds.feedblitz.com/~/604750608/0/alienvault-blogs~Prevent-Wordpress-hacking-using-this-Pen-Testing-guide www.secnews.physaphae.fr/article.php?IdArticle=1219663 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Image Source: Pexels Currently, we’re in a period of growth for supply chain management. With the digital revolution bringing industry players around the globe closer together, business operations have expanded for companies big and small. As both business owners and consumers, we’re experiencing the changes every step of the way as well. Each change brings with it a new set of challenges and benefits. This beckons in a new set of industry rules, and companies are left to learn them while keeping their operations running. If adopted and implemented poorly, this can stagger a business’s growth. That said, it’s necessary to understand these changes beforehand in order to weather them when they hit you. The melding of physical mechanisms and digital systems The average business owner is no stranger to physical threats to supply chain efficiency, especially if they’ve been around for a while. For instance, though it is one of the most conventional ways of moving goods, truck transportation can be very dangerous. Incidents on the road have long been problematic in the process of manufacturing and distributing products. However, the progression of digital tools and the involvement of data has added another layer to the complex journey that brings products to consumers. For the most part, digital and databased technologies have made the supply chain system more efficient. While challenges exist, the pros outweigh the cons. Big data insights can help entrepreneurs identify weaknesses in their supply chain, whether that be a lack of sufficient technology, staff, or organization. With this information, they can take real action to streamline the chain, enabling them to respond more flexibly to changes in the market. Automation technology is an excellent example of advancements that can help business owners achieve greater efficiency. Companies like Amazon have already started incorporating automation into their practices. It would be wise to learn from their efficiency and apply it to your own operations. Data security Speaking of data, it’s important to be constantly evaluating your data security practices. A good data security plan takes specifics into mind — and with supply chains, there are a lot of seemingly minor specifics involved that could disrupt the entire flow of a business if mishandled. After all, when we talk about new technology in supply chain management, a lot of it has progressed due to the inclusion of data. Data advancements are certainly what has brought in this new age of supply chain management, but failing to protect data can have disastrous consequences. As businesses exchange information with a variety of suppliers and vendors, new potential data security risks arise. When you factor in subcontractors and other players, it’s likely that companies aren’t even aware of all those involved in their own supply chains. Maybe that last sentence sounds odd to you. How could companies not be aware of everyone involved in their business? With large-scale operations, however, there may not be apt time or labor to closely watch everything. Different parties who can take care of specific ]]> 2019-07-18T13:00:00+00:00 https://feeds.feedblitz.com/~/604609434/0/alienvault-blogs~The-future-of-supply-chain-management www.secnews.physaphae.fr/article.php?IdArticle=1212536 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Youtube channel to stay updated. This is a transcript of a recent feature on ThreatTraq.  The video features Jonathan Gonzalez, Principal Technical Security, John Hogoboom, Lead Technology Security, AT&T and Jim Clausing, Principal Member of Technical Staff, AT&T. Jonathan: Twenty percent of the top 1,000 Docker images have at least one high vulnerability. Jim: Jonathan, I understand you have a story on vulnerable Docker containers. Jonathan: Yes, Jim. Thank you. Actually, I'm going back in time a little bit. Two months ago when I was last here, I brought up a story about Alpine Linux and the root account having an empty password. Well, it seems Jerry Gamblin from Kenna Security was inspired to try to figure out how many more there were. He started trying to figure out things like, "How do I scan a Docker image from Docker Hub?" Around the same time, in May, a group from Japan made an open source application called Trivy which allows you to pull a Docker image from the hub or a private registry and actually scan, run, extract the contents of it and find out what vulnerabilities are running at the OS level or even in some applications. I think they are covering Node and NPM applications and Yarn, and others. The researcher was saying, "Perfect, the tool that I need to be able to run, to find out what's going on in these images." He ran this tool through, the ~ top 10,000 most pulled images in Docker and put the results out on the web. The website is vulnerablecontainers.org. John: That might be a good thing if you're big in the Docker space and you're making your own containers and images that you use as part of your production process to identify if you have any vulnerabilities in a container that you're building or using. Jonathan: One of them he mentioned on Twitter that is a little scary is Ruby on Rails, which is very popular. There was an image called Rails that was deprecated about two years ago. Two years' worth of vulnerabilities in the OS and everything else  - and people are kinda still pulling from it. Docker officially moved it to a new image called Ruby. But if you aren’t aware that the name changed... John: That’s confusing. Jonathan: Correct. And kind of misleading, because you can get the latest tag and keep pulling the latest image, but if they haven't updated in two years... John: And they moved it to a different name… Jonathan: The researcher points out that there's no clear way for someone pulling the image to know that it's been deprecated unless you go to Docker Hub and see the description that says deprecated, right? John: Right, right. Jonathan: So hopefully, they're talking about putting something in the command line to tell you, "Hey, stop using this,"  "Rails is deprecated, grab the latest from Ruby." John: Right, right. Interesting. Jonathan: You know, millions ]]> 2019-07-16T13:00:00+00:00 https://feeds.feedblitz.com/~/604531272/0/alienvault-blogs~High-Risk-Vulnerabilities-in-Docker-Containers-ATampT-ThreatTraq www.secnews.physaphae.fr/article.php?IdArticle=1208375 False Tool,Vulnerability,Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Privacy and Risk With GDPR and the “sister” policies in the U.S. as seen with Arizona, Colorado, California and others, organizations are faced with increased requirements when it comes to protecting data in the cloud.  And it is not as simple as deploying Data loss prevention (DLP) in a data center since the data center has now become fragmented.  You now have a bunch of services, systems and infrastructures that are no longer owned by you, but still require visibility and control.  Cloud services and infrastructures that share or exchange information also become difficult to manage: who owns the SLAs? Is there a single pane of glass that monitors everything?  DevOps has forced corporations to go as far as implementing micro-segmentation and adjusting processes around firewall rule change management.  Furthermore, serverless computing has provided organizations with a means to cut costs and speed productivity by allowing developers to run code without having to worry about infrastructures and platforms.  Without having a handle on virtual private clouds and workload deployments, however, things can quickly spin out of control and you start to see data leaking from one environment just as you’ve achieved a comfortable level of security in another.  Mitigation Several steps can be taken to help mitigate risk to an organization’s data in the cloud. Design to align. First and foremost, align your cloud environment with cybersecurity frameworks. Often organizations move to the cloud so rapidly that the security controls historically applied to their on-premise data centers, which have evolved and hardened over time, do not migrate effectively, or map directly to the cloud.  Furthermore, an organization may relax the security microscope on widely used SaaS applications.  But even with these legitimate business applications, without the right visibility and control, data may end up being leaked.  Aligning cloud provider technology with cybersecurity frameworks and business operating procedures provides for a  highly secure, optimized and more productive implementation of a cloud platform, giving better results and a successful deployment.  Moreover, being able to do this while implementing the cloud technology can help demonstrate measurable security improvement to the business by giving a “before” and “after” implementation picture. Make yourself at home. Cloud systems and networks should be treated the way you treat your LAN and Data Center.  Amazon’s Shared Responsibility Model, for example, outlines where Amazon’s security responsibility ends, and your security responsibility begins.  While threats at the compute layer exist, as we’ve seen]]> 2019-07-15T13:00:00+00:00 https://feeds.feedblitz.com/~/604484190/0/alienvault-blogs~Cloud-Security-and-Risk-Mitigation www.secnews.physaphae.fr/article.php?IdArticle=1206062 False Vulnerability,Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Being proactive is the key to staying safe online, especially for businesses and organizations that operate websites and mobile applications. If you wait for threats to appear, then in most cases it is too late to defend against them. Many data breaches come about this way, with hackers uncovering security gaps that had gone previously undetected. The average web developer wants to assume that their code and projects will always function in the intended manner. Reality is a lot messier than that and organizations need to expect the unexpected. For years, cybersecurity experts recommended a practice known as penetration testing (and still do), where internal users pose as hackers and look for exposed areas of servers, applications, and websites. The next evolution of penetration testing is something that is known as Chaos Engineering. The theory is that the only way to keep online systems secure is by introducing random experiments to test overall stability. In this article, we'll dive more into Chaos Engineering and the ways it can be implemented effectively. Origin of Chaos Engineering The cloud computing movement has revolutionized the technology industry but also brought with it a larger degree of complexity. Gone are the days when companies would run a handful of Windows servers from their local office. Now organizations of all sizes are leveraging the power of the cloud by hosting their data, applications, and services in shared data centers. Back in 2010, Netflix was one of the first businesses to build their entire product offering around a cloud-based infrastructure. They deployed their video streaming technology in data centers around the world in order to deliver content at a high speed and quality level. But what Netflix engineers realized was that they had little control over the back-end hardware they were using in the cloud. Thus, Chaos Engineering was born. The first experiment that Netflix ran was called Chaos Monkey, and it had a simple purpose. The tool would randomly select a server node within the company's cloud platform and completely shut it down. The idea was to simulate the kind of random server failures that happen in real life. Netflix believed that the only way they could be prepared for hardware issues was to initiate some themselves. Tools to use IMAGE - [url=https://www.nagarro.com/hs-fs/hubfs/chaos-engineering.png?t=1533816015896&width=600&name=chaos-engineering.png]https://www.nagarro.com/hs-fs/hubfs/chaos-engineering.png?t=1533816015896&width=600&name=chaos-engineering.png[/url] It's important not to rush into the practice of Chaos Engineering. If your experiments are not properly designed and planned, then the results can be disastrous and little helpful knowledge will be gained. Best practice is to nominate a small group of IT staff to lead the activities. Every chaos experiment should begin with a hypothesis, where the team questions what might happen if their cloud-based platform experienced an issue or outage. Then a test should be designed with as small of a scope as possible in order to still provide helpful analysis. One area where companies often need to focus their chaos experiments is in relation to ]]> 2019-07-10T13:00:00+00:00 https://feeds.feedblitz.com/~/604288860/0/alienvault-blogs~What-is-Chaos-Engineering-in-penetration-testing www.secnews.physaphae.fr/article.php?IdArticle=1197942 False Tool,Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC So, what is malware analysis and why should I care? With the commercialization of cybercrime, malware variations continue to increase at an alarming rate, and this is putting many a defender on their back foot. Malware analysis — the basis for understanding the inner workings and intentions of malicious programs — has grown into a complex mix of technologies in data science and human interpretation. This has made the cost of maintaining a malware analysis program generally out of reach for the average organization. And, the era of “big data” that we’re currently in isn’t making things any easier. At AT&T Cybersecurity, for example, our AT&T Alien Labs threat intelligence unit analyzes a ton of threat data coming in from the AT&T IP network, our threat-sharing community of 100,000 security professionals (Open Threat Exchange, or OTX), and our global sensor network.  To give you an idea of the scale, in a single day: More than 200+ petabytes of traffic cross the AT&T network, including 100 billion probes for potential vulnerabilities Open Threat Exchange (OTX) users publish around 47,000 contributions of threat data to the platform Alien Labs collects twenty million threat observations and analyzes more than 370,000 malware samples and 400,000 suspicious URLS collected via our global sensor network To get through all of this big data, Alien Labs uses multiple layers of analytics and machine learning, including a variety of malware analysis tools. With these tools, we can quickly perform threat artifact assessment (i.e. is this a false alarm or true threat), threat indicator extraction and expansion, behavioral analysis, malware clustering and more. Essentially, we’re filtering through the noise of big data so our threat researchers can more quickly validate, evaluate and interpret that information and turn it into the enriched, tactical threat intelligence that drives our approach to threat detection and response. Malware analysis tools and techniques As a broad overview (and I do mean broad), the various tools used for malware detection and analysis can be categorized into three categories: static analysis, dynamic analysis, and hybrid analysis. Static analysis is the process of analyzing a malware sample without actually running the code. Static analysis is done through a variety of techniques, including signature based or heuristic based techniques. For example, using a signature-based detection technique, the malware detector is looking for known pattern matching in the signatures (the bit of sequence injected in the application program by the malware writers that uniquely identifies a particular piece of malware). Heuristic detection takes this one step further. In this technique, instead of looking for a particular, known signature, the malware detector is searching for commands and instructions that are not present in the application program. Because heuristic detection is not based on a specific signature being known at a single point in time, it becomes easier to detect new variants of malware that have not yet been identified. Two heuristic techniques include file-based analysis (looking for commands to delete or harm other files) and generic signature analysis (variants of known, malicious signatures). Other examples include looking for malicious, obfuscated JavaScript contained within a PDF file or malicious VBA code. Dynamic analysis involves running the malware sample and observing its behavior on a system in order to understand the infection and how to stop it from spreading into other systems. The system is setup in a closed, isolated virtual environment — a virtual machine or “sandbox.” ]]> 2019-07-09T13:00:00+00:00 https://feeds.feedblitz.com/~/604245844/0/alienvault-blogs~A-peek-into-malware-analysis-tools www.secnews.physaphae.fr/article.php?IdArticle=1195389 False Malware,Tool,Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Ransomware attacks increased by 105% in the first quarter of 2019, according to Beazley’s tally of insurance claims and data analytics. Other alarming reports show that new variants of Ransomware keep appearing almost every month. In addition, two years after the WannaCry Ransomware attacks, 1.7 million computers still remain at risk in 2019 according to TechCrunch. Fortunately, there are cybersecurity solutions that can protect your data during file transfer and file storage. File transfer and storage risks Cloud adoption continues to grow as more businesses discover the cost saving potential and convenience that comes with it. However, misconfigured servers are still a major risk for companies using infrastructure and platform as a service. Misconfigured servers are characterized by default accounts and passwords, unrestricted outbound access, enabled debugging functions, and more. The number of files exposed on misconfigured servers, storage and cloud services in 2019 is 2.3 billion according to an article on ZDNet. However, not all businesses primarily use the cloud for file transfer and data storage. Some people still prefer using bulk USB drives because they do not require an internet connection, and can be physically protected. Apart from this, their use cannot be restricted for the owner, and they have been reducing in size yet their storage capacity has been increasing. However, USB’s could come from a vendor preloaded with malware that can infect everything they are plugged into.   You can protect your computer system The greatest risk of USBs is that they are very small yet someone can use them to steal massive amounts of data and easily take that data anywhere. Some companies and organizations like the US military have responded to this risk by banning their use completely. To ensure employees or workers stick to this ba]]> 2019-07-08T13:00:00+00:00 https://feeds.feedblitz.com/~/604213038/0/alienvault-blogs~File-transfer-security-risks-and-how-to-avoid-them www.secnews.physaphae.fr/article.php?IdArticle=1193788 False Ransomware,Malware Wannacry None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC The results are in, and once again AT&T’s Cybersecurity is recognized as an industry leader by securing its third consecutive ranking of “very strong” in Global Data’s annual product report. AT&T is the only company to achieve this hat-trick rating in all of Global Data’s seven categories of assessment. AT&T’s bold acquisition of AlienVault has reaffirmed its position as the cybersecurity leader with both competitive and qualitative edges. AT&T provides a robust end-to-end portfolio that includes a 360 degree solution for its customers’ pain points, such as: advanced threat intelligence, highly secure endpoints, mobile threat defense, compliance and risk management, and highly secure infrastructure. AT&T’s Cybersecurity consulting and managed solutions continue to impress and achieve results for both small business and enterprise alike. Following the synergetic merger between AT&T’s Cybersecurity Consulting and Managed Security Services with AlienVault late this winter, today, the new and formidable  AT&T Cybersecurity integrates the best-of-breed technologies through AlienVault’s Unified Security Management platform with its own unparalleled consulting services, network visibility, reliability, and curated threat intelligence. Global Data’s assessment is one we can bank on. Through its independent review process involving in-depth analysis, media reviews, independent consultations, and input by external thought leaders, its annual product assessment report is one that business and technology leaders have come to rely on  as impartial and accurate.  Its annual product assessment report was recently published for Global Managed Security Services (MSS). Read the full report.       ]]> 2019-07-03T13:00:00+00:00 https://feeds.feedblitz.com/~/604038372/0/alienvault-blogs~ATampT-Cybersecurity-Maintains-Very-Strong-Ranking-After-Acquisition-of-AlienVault www.secnews.physaphae.fr/article.php?IdArticle=1185113 False Threat,Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Remember when you were younger, and you wanted to do something that all your friends were doing, yet you knew your parents would never approve?  Perhaps it was skating in that home-made “Half-Pipe”, or that time you wanted to try some equally dangerous stunt? Of course, your parents disapproved, to which you probably responded with the time-honored refrain: “But everyone is doing it!”  That was never a convincing argument.  This probably added to the thrill, so you did it anyway (and you have the scars to prove it). Do you ever wonder what would have happened if you were the first person to build that half-pipe?  Would the parental support have been different?  Would being the first be a special accomplishment?  Would others follow? As with many “firsts”, sometimes it is better to be second, third, or even fourth, as the development of a new idea may sometimes be too new, or too daring.  Sometimes, it just needs the time to mature (remember MySpace, and its predecessor, Friendster?) Here’s a “near-first” that you can try that poses no risks, and can increase your account security.  Be the first to extend your password beyond the required minimum.  It has been over two full years since The National Institute of Standards and Technology (NIST) announced the replacement of the old password standards.  If you don’t recall, some of the sweeping changes included: Allow at least 64 characters in length to support the use of passphrases. Encourage users to make memorized secrets as lengthy as they want, using any characters they like (including spaces), thus aiding memorization. Do not impose other composition rules (e.g. mixtures of different character types) on memorized secrets. Do not require that memorized secrets be changed arbitrarily (e.g., periodically) unless there is a user request or evidence of authenticator compromise. Yes, NIST doesn’t even call them passwords anymore – they are “memorized secrets”. Two years later, and sadly, many folks I know are still conforming to the same old password rules.  Why are we not bold enough to take the lead on this?  Your organization may require a minimum of 8 characters, but they probably do not restrict you to 8 characters.  Are you still using the minimum character length? Now is the time to break free of the old password model and increase the length of your memorized secret.  It’s a password-volution!  The benefit that this serves is that when your organization finally adopts the NIST passphrase recommendation, you will be ahead of the curve.  Raise your Latte in triumph, you non-conformist hipster! In all seriousness though, this new approach of long passphrases is going to happen quicker than you may imagine.  It is always better to become accustomed to a change before it is mandatory. Until the full NIST recommendation is adopted, we would still need to add uppercase and special characters to satisfy the old rule set, but that is always easy when a passphrase is being used. #EasyWhenUsingAPassphrase!  See what I mean?  That is a strong memorized secret! Try it out, and be one of the first in your organization to adopt the new approach.  Get into this habit before everyone is doing it. Here’s wishing you the best for your password future.  ]]> 2019-07-02T13:00:00+00:00 https://feeds.feedblitz.com/~/603998296/0/alienvault-blogs~Be-the-leader-in-the-new-passwordvolution-memorized-secrets www.secnews.physaphae.fr/article.php?IdArticle=1182982 False Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Youtube channel to stay updated. This is a transcript of a recent feature on ThreatTraq.  The video features Michael Stair, Lead Member of Technical Staff, AT&T, Matt Keyser, Principal Member of Technical Staff, and Manny Ortiz, Director Technology Security, AT&T. Michael: A flaw in Exim is leaving millions of Linux servers vulnerable. Matt: Hey, Mike. I heard there was a pretty serious flaw affecting Exim email servers. What can you tell us about it? Michael: Yes, attackers are exploiting a pretty critical flaw in the popular Linux Exim mail transport agents, MTA, allowing for remote command execution. Exim is an SMTP mail relay. It's pretty popular, and runs a large percentage of internet mail servers. It's the default MTA on some Linux systems. From a recent Shodan scan, it could affect up to three-and-a-half million vulnerable servers. The bug itself was tracked it down to improper validation in some of the recipient addresses. One of the functions was given a 9.8 out of 10 on the CVSS v3 scale. It affects versions 4.87 to 4.98, but I think the latest version 4.92 is unaffected. Matt: So it's a big bug. And it is a remote code execution (RCE) bug, which is one of the most critical types you could possibly have. Michael: They do have patches out. They're porting patches to all versions, back to 4.87, if you're using an older version. So just make sure you're patching and making sure you're up to date with the most recent version because it's a pretty serious issue. Matt: It sounds like it's something you could just address the email to somebody and you just drop an exploit in there and it's remote code execution? Michael: Yeah, it seems like it's pretty simple to exploit. And there’s actually worm that's exploiting this and finding new systems. Matt: Wow. Manny: From what I understand, you can actually put a command that eventually the server will run, but from what I understand, the server may take seven days before it actually activates the exploit. It appears there's some sort of timeout that happens after seven days when the email is determined to have an invalid mail address, and then the server runs the actual command. Michael: Right. Matt: But that means I could hand-type the exploit code. Is that roughly correct or is it something you'd have to craft or a little more difficult to do? Manny: Right. The example I saw was just a simple command where it went and did a get to an actual external IP address. Matt: So you're getting a shell. Manny: Yes. Or you can have the box basically go run some code offline or off net, so it basically gives you an open command line to run whatever you want on the box. Matt: So it's totally possible that your box has been exploited and you won't know for seven days? Manny: Exactly.  Michael: Exactly. Matt: That's a scary thought, right? Manny: The sky is the limit when it comes to a bad actor that wants to take advantage of this vulnerability. They can come up with anything they want to. If they want to mine cryptocurrency, they can. If they want to set the server up to do DDoS attacks, they can. I think, Mike, you said that there is a patch f]]> 2019-07-01T13:00:00+00:00 https://feeds.feedblitz.com/~/603915504/0/alienvault-blogs~Linux-Servers-Under-Worm-Attack-Via-Exim-Flaw-ATampT-ThreatTraq www.secnews.physaphae.fr/article.php?IdArticle=1181421 False Patching,Guideline None 3.0000000000000000 AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC As I talk to organizations in the AT&T Executive Briefing Center and learn more about the different types of business and enterprise security goals, one of the resonating themes across different industry verticals today is Digital Trust. The goal is to build trust in the system between the consumers of your services and the enterprise. To achieve this goal, it is about going to the foundational aspects of information protection. It is about building the measures that help enterprises build confidence (of consumers, employees, customers etc.) while increasing the adoption of new digital channels. What is digital trust? Digital Trust is a concept that refers to the level of confidence that customers, business partners and employees have in a company or organization's ability to maintain secure networks, systems and infrastructures, especially with regard to their sensitive data. As more and more data breaches have been reported in the news, the concept of Digital Trust has become a mainstream concept for virtually all stakeholders on the world wide web. Digital Trust is a  "make-or-break" issue, not a "nice to have".  Organizations are now viewing digital transformation initiatives with a lens of digital trust while managing an ever-widening list of priorities to address risk exposure, regulatory and compliance requirements - all with a leaner IT/Security team. As organizations work to build customer-focused, digital business models, it’s critical to consider the role of trust and privacy in the customer journey. Delivering digital trust isn’t a matter of propping up a highly secure website or app, or avoiding a costly, embarrassing data breach. It is about creating a digital experience that exceeds customer expectations, allows frictionless access to goods and services, and helps protect customers’ right to privacy while using the data they share to create a customized and valuable experience. Today’s security strategies are, in large part, still responding to yesterday’s challenges. From reports of exposed personal information to data misuse, trust incidents are becoming increasingly visible to the public. What are the key attributes to a trust-focused organization?  Cyber risk is recognized as business risk. Business leaders should actively support the need for persistent visibility into digital customer behavior online, even as the cybersecurity team works to strengthen safeguards against threat actors and data privacy risks. Visibility is valued. User experience should be as pleasant and streamlined as possible for customers. Trust should feel virtually seamless for customers. Barriers should only appear to suspected threat actors. Data analytics solutions can provide visibility into a customer’s movements across digital platforms and identify risks by comparing near real-time data to a baseline of known threats. When an abnormal pattern of customer logins, transactions or behavior is identified, the system should automate an immediate response to further authenticate users or isolate risks. Design thinking. The process of delivering digital trust is about more than security and technology, it’s a shift in mindset that places the customer experience at the center of digital transformation. Secure code and processes with security as an active consideration, rather than an after-thought are critically important to success. Baked-in security offers greater assurance against risks and creates an easier digital experience across channels. Empathy is at the core of trust delivery. Digital trust is a moving target, like any other strategic business goal. Your organization can’t rely on stagnant strategies to grow profitability or address risks. To bui]]> 2019-06-27T13:00:00+00:00 https://feeds.feedblitz.com/~/603703028/0/alienvault-blogs~What-is-digital-trust-and-why-does-your-CSO-care-about-it www.secnews.physaphae.fr/article.php?IdArticle=1176402 False Threat,Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC In the official documentation, you will find this: “Suricata is a high-performance Network IDS, IPS, and Network Security Monitoring engine. It is open source and owned by a community-run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF” [1]. Besides the official definition, I think Suricata is a very powerful open source NIDS. It is a signature-based IDS and once it is properly configured, Suricata is capable of doing real-time traffic inspection in order to trigger alarms when suspicious activity is detected in your environment. Suricata also offers a very extensive list of features. The complete list can be found here: https://suricata-ids.org/features/all-features/ From that list, I would like to highlight an important one: Threading [2]. Suricata threading Suricata is capable of running multiple threads. If you have hardware with multiple CPUs/cores, the tool can be configured to distribute the workload on several processes at the same time. You can start running with a single thread and process packets one at a time. Nevertheless, from my experience, multi-threading is a much better configuration and the way to improve Suricata’s performance. Suricata has four thread modules: Packet acquisition: responsible for reading packets from the network. Decode and stream application layer: decodes the packets and inspects the application. Detection: compares signatures and can be run in multiple threads. Outputs: in this module, all the alarms are processed. Figure 1 ]]> 2019-06-25T13:00:00+00:00 https://feeds.feedblitz.com/~/603517034/0/alienvault-blogs~Suricata-IDS-an-overview-of-threading-capabilities www.secnews.physaphae.fr/article.php?IdArticle=1172876 False Tool None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Organizations usually focus on cyber threats which are external in origin. These include anti-malware, external firewalls, DDoS attack mitigation, external data loss prevention, and the list goes on. That's great, external cyber attacks are very common so it's vital to protect your networks from unauthorized access and malicious penetration. The internet and unauthorized physical access to your facilities will always be risks and they must be monitored and managed. But it’s easy to lose sight of an often overlooked cyber attack surface, and that’s the one on the inside. Internal cyber attacks are more common than many people assume, and ignoring that reality would be at your peril. Here’s why you should be prepared for internal cyber threats, and what you can do about it. The impact and importance of insider attacks Insider threats to your network typically involve people who work as employees or contractors of your company. They belong in your facilities and they often have user accounts in your networks. They know things about your organization that outsiders usually don't–the name of your network administrator, which specific applications you use, what sort of network configuration you have, which vendors you work with. External cyber attackers usually need to fingerprint your network, research information about your organization, socially engineer sensitive data from your employees, acquire malicious access to any user account, even those with the least amount of privileges. So internal attackers already have advantages that external attackers lack. Also, some insider threats aren’t from malicious actors. Some insider threats are purely accidental. Maybe an employee will accidentally leave a USB thumb drive full of sensitive documents in a restaurant’s washroom, or click on a malicious hyperlink that introduces web malware to your network. According to Ponemon Institute’s April 2018 Cost of Insider Threats study, insider threat incidents cost the 159 organizations they surveyed an average of $8.76 million in a year. Malicious insider threats are more expensive than accidental insider threats. Incidents caused by negligent employees or contractors cost an average of $283,281 each, whereas malicious insider credential theft costs an average of $648,845 per incident. But the bottom line is that all of these incidents are very expensive and they must be prevented. Comparing insider versus outsider threats and attacks So insider threats can be a lot more dangerous than outsider threats. As far as malicious attackers are concerned, insiders already have authorized access to your buildings and user accounts. An outside attacker needs to work to find an external attack vector into your networks and physical facilities. Those are steps inside attackers can usually skip. It's a lot easier to privilege escalate from a user account you already have than to break into any user account in the first place. A security guard will scrutinize an unfamiliar individual, whereas they will wave hello at a known employee. The same applies to accidental incidents. I don’t know any sensitive information about companies that I’ve never worked for. A current or former employee often will, and it may be socially engineered out of them. Because of the privileged access that insiders already have, they can be a lot more difficult to detect and stop than outsider threats. When an employee is working with sensitive data, it’s very difficult to know whether they are doing something malicious or not. If an insider behaves maliciously within your network, they can claim it was an honest mistake and therefore it can be challenging to prove guilt. Insider threats can be a lot more ]]> 2019-06-24T13:00:00+00:00 https://feeds.feedblitz.com/~/603458364/0/alienvault-blogs~An-overview-on-insider-threat-awareness www.secnews.physaphae.fr/article.php?IdArticle=1170909 False Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC DLL injection techniques are commonly used, and there are plenty of resources on how to detect these activities. When it comes to Linux, this is less commonly seen in the wild. I recently came across a great blog from TrustedSec that describes a few techniques and tools that can be used to do library injection in Linux. In this blog post, we are going to review some of those techniques and focus on how we can hunt for them using Osquery. LD_PRELOAD LD_PRELOAD is the easiest and most popular way to load a shared library in a process at startup. This environmental variable can be configured with a path to the shared library to be loaded before any other shared object. For most of the blog, we will be using the examples available in GitHub, listed here. Let’s use sample-target as the target process and sample-library as the shared library we will be injecting. We can utilize the ldd tool to inspect the shared libraries that are loaded into a process. If we execute the sample-target binary with ldd we can see that information. Linux-vdso.so.1, is a virtual dynamic shared object that the kernel automatically maps into the address space in every process. Depending on the architecture, it can have other names. Libc.so.6 is one of the dynamic libraries that the sample-target requires to run, and ld-linux.so.2 is in charge of finding and loading the shared libraries. We can see how this is defined in the sample-target ELF file by using readelf. Now, let’s set the LD_PRELOAD environment variable to load our library by executing. export LD_PRELOAD=/home/ubuntu/linux-inject/sample-library.so; ldd /home/ubuntu/linux-inject/sample-target We can see our sample-library being loaded now. We can also get more verbose information by setting the LD_DEBUG environment variable. export LD_DEBUG=files A simple way to hunt for malicious LD_PRELOAD usage with Osquery is by querying the process_envs table and looking for processes with the LD_PRELOAD environment variable set. SELECT process_envs.pid as source_process_id, process_envs.key as environment_variable_key, process_envs.value as environment_variable_value, processes.name as source_process, processes.path as file_path, processes.cmdline as source_process_commandline, processes.cwd as current_working_directory, 'T1055' as event_attack_id, 'Process Injection' as event_attack_technique, 'Defense Evasion, Privilege Escalation' as event_attack_tactic FROM process_envs join processes USING (pid) WHERE key = 'LD_PRELOAD&]]> 2019-06-20T13:00:00+00:00 https://feeds.feedblitz.com/~/603320150/0/alienvault-blogs~Hunting-for-Linux-library-injection-with-Osquery www.secnews.physaphae.fr/article.php?IdArticle=1165834 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Every week, the AT&T Chief Security Office produces a set of videos with helpful information and news commentary for InfoSec practitioners and researchers.  I really enjoy them, and you can subscribe to the Youtube channel to stay updated. This is a transcript of a recent feature on ThreatTraq.  The video features Joe Harten, Director Technology Security, AT&T, Jim Clausing, Principal Member of Technical Staff, AT&T and Stan Nurilov, Lead Member of Technical Staff, AT&T. Here’s the transcript of the ThreatTraq episode. Joe: It looks like even ransomware authors can go into early retirement.  Jim: So, Joe, I understand you have a story about it - some more and more authors that are retiring.  Joe: Yes, exactly. I picked this up from Threatpost. Kind of an interesting angle we don’t talk about much. But on the dark web, some researchers picked up on the authors of the GandCrab ransomware issuing a statement that they're retiring, that they're shutting down their infrastructure and they're not going to do any more decryptions and that the GandCrab ransomware is no longer operating. As of June 1st, they shut it down after a little over a year. It had started in January of 2018. So GandCrab is a pretty prominent ransomware. It does standard ransomware - with encrypted files getting a .GDCB file extension. So that's where GandCrab comes from. Available in a host of vectors, including spam, fake software downloads, exploit kits and social engineering targeted ransomware.  The dark web post basically said the authors claim to have made $2 billion, which they equate to approximately $2.5 million per week. So between the ransomware as a service and the fees paid directly to the ransomware operators, 2 billion in about 18 months. From this point forward, they issued a warning. No further decryptions. If you purchase the ransomware now, meaning you operate it, you're not going to get files back for any future victims.  This is kind of the other end of the spectrum. This is the malicious actors' view of their posts to the dark web saying, "You know, we're done. We've washed all our money, we've made a huge bounty and we're getting out of the business."  I just thought it was interesting. You know, we are always looking at from how to protect yourself from ransomware. But it’s interesting to have a glimpse into what it's like to be somebody who is cashing the checks for these things. So I don't know, what do you think Stan or Jim?  Jim: I'm hopeful that law enforcement will catch these guys and bring them to justice. Joe: Yeah, I agree. I mean with this level of, kind of, braggadocios mentality, posting on the dark web - you hope there's some investigator who's in there somewhere, you know, purporting to be one of their buddies could actually be in law enforcement and maybe they'll come to justice. But that's not the way the story is told right now.  Stan: It almost reminded me of another malware author who rolled Mirai, who did something similar. The creator of the Mirai source code I believe just put it out there and made this big statement of some sort and said, "You'll never catch me," or something like that. And then a few months later, he was caught by, I believe the FBI, or for certain, law enforcemen]]> 2019-06-19T13:00:00+00:00 https://feeds.feedblitz.com/~/603263402/0/alienvault-blogs~GandCrab-Ransomware-Shuts-Its-Doors-ATampT-ThreatTraq www.secnews.physaphae.fr/article.php?IdArticle=1163761 False Ransomware,Malware,Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Watch the full video on our site. If you prefer reading, here’s the full transcript 😊 Terry Sweeney - Contributing Editor, Dark Reading Sanjay Ramnath - Associate Vice President, Product Marketing, AT&T Cybersecurity Terry Sweeney: Welcome back to the Dark Reading News Desk. We’re here at the RSA Conference in San Francisco. I’m Terry Sweeney, contributing editor at Dark Reading and I’m delighted today to be joined by Sanjay Ramnath, vice president of product marketing at AT&T Cybersecurity. Sanjay, thanks so much for joining us today. Sanjay Ramnath: Thanks so much for having me. Terry Sweeney: This trend of SOAR, security orchestration automation and response is generating lots of buzz both here at RSA and among InfoSec professionals as well. Kick us off by explaining what SOAR is and how the companies that use it benefit from it. Sanjay Ramnath: SOAR is a term that was coined by Gartner. SOAR is really a collection of technologies and processes that aim to solve three problems. I think the first problem that the SOAR framework aims to solve is: How do you stay ahead of this constantly evolving threat landscape? How do you stay ahead of a rapidly changing network while the modern attack surface continues to expand and network parameters vanish? You have hybrid environments with on-premises and cloud assets. So one of the core tenants of SOAR is aggregating data, aggregating both threat data and intelligence and network visibility on a single platform so all the downstream operational decisions around security can be fed with this stream of intelligence and data. The second problem that SOAR addresses is complexity in the security ecosystem and infrastructure itself. When you have a really large number of point solutions and products that protect specific threat vectors you have two issues. One is you have a management problem: how do you constantly switch contexts across these different solutions? You also have a problem of too much data and what is called alert fatigue. The SOAR approach attempts to solve this by automating some of the more mundane resource intensive, human intensive, tasks like data analysis and correlation so the security operations teams can be a lot more effective and they don’t get distracted by the noise. They actually focus on what’s important. The third thing that SOAR addresses is incident response. What do you do when an incident happens? What do you do when your network is intruded upon? Do you have the right processes? Do you have the right workflows in place? Do you have the right data for investigations? SOAR brings all of these together. So SOAR is not a single technology or a single product, it’s really a concept or a framework that brings detection, automation, response, orchestration, intelligence and all of that all together under a common set of terminologies.   Terry Sweeney: That’s really helpful and I’m glad you mention automation. It seems like given the volumes of information that have to be analyzed; this is an essential piece of SOAR. Talk a bit more about why it’s critical to have in combating today’s security issues. Sanjay Ramnath: You’re never going to have enough resources, bandwidth, and skills in security to stay ahead of the cyber criminals and threat landscape. So I think applying automation where it makes sense really helps streamline security operation. As I mentioned earlier, applying automation in terms of taking this really vast amount of data, threat data and converting that into actionable, tactical threat intell]]> 2019-06-18T13:00:00+00:00 https://feeds.feedblitz.com/~/603218922/0/alienvault-blogs~SOAR-with-ATampT-Cybersecurity-and-Dark-Reading www.secnews.physaphae.fr/article.php?IdArticle=1162182 False Malware,Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Cybercrime is costing UK businesses billions each and every year. Small businesses in particular are under threat, as they often take a more relaxed approach and a ‘not much to steal’ mindset. However, this lack of diligence has caused many companies to close permanently. Let’s ensure yours isn’t one of them. Time to start making the issue a priority! Here are some practical security recommendations for you and your business. Monitor and identify possible threats First things first, you need to analyse how secure your systems are. Take a proactive rather than reactive approach to cybercrime. Do a thorough risk assessment, analysing all areas of your business, paying close attention to any weak spots. Instead of waiting for an attack to happen and taking the necessary actions; reduce the chance of risks completely. This involves: Being aware of all the latest cyber threats (from phishing to hacking, there are many out there, constantly evolving and taking on new forms) Keeping your operating systems up to date Backing up data Protecting all software Using an effective password policy Remember: this isn’t a one-off concern, but an ongoing issue. So, ensure cyber crime is a priority and keep monitoring all potential threats. Educate your employees Whether you’re a team of two or one hundred, every employee needs to be educated on the steps you’re taking to mitigate against cybercrime. Bear in mind, this includes anyone who works from home. Ensure all laptops or tablets have the necessary endpoint security software. This also includes any third parties or contractors who have access to any files on your system. Dedicate at least one employee to being responsible for the issue: keeping everyone informed and taking the required actions to improve security posture. Consider All Lines of Defence A firewall is often the first line of defence in protecting you against attacks. These can be both internal and external. Employees should consider installing one on their home computers, for example. However, this isn’t the only line of defence to consider. Ask yourself questions such as: Is your password policy robust? Do you have the necessary cybersecurity insurance in place? Do you have a record of everyone with administrative privileges? Is your customer data safe? How would your business cope in a temporary downtime period? Could you consider multi-factor identification? Find a partner Finding a business partner is essential for many reasons, such as growth or development of new products. It can also help you develop your security policy. A partner could have access to new software that could benefit your business. Alternatively, they could identify weak areas within your company you may not have considered. There are many cyber security businesses looking to collaborate, so use this to your advantage!   Consider Mobile Devices It’s not just computers, laptops and tablets you need to worry about. Ensure that you include mobile phones in your cyber security policy. This could be requiring that the company’s password policy applies to all devices using the network, for example. Install anti-m]]> 2019-06-17T13:00:00+00:00 https://feeds.feedblitz.com/~/603180030/0/alienvault-blogs~Practical-security-recommendations-%e2%80%93-for-you-and-your-business www.secnews.physaphae.fr/article.php?IdArticle=1160211 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Every week, the AT&T Chief Security Office produces a set of videos with helpful information and news commentary for InfoSec practitioners and researchers.  I really enjoy them, and you can subscribe to the Youtube channel to stay updated. This is a transcript of a recent feature on ThreatTraq. Watch the video here.  The video features Jaime Blasco, VP and Chief Scientist, AT&T Cybersecurity, Alien Labs, Brian Rexroad, VP, Security Platforms, AT&T, and Matt Keyser, Principal Technology Security, AT&T. Jaime: Today we are going to talk about how machine learning is being applied in cybersecurity. We will also be discussing how data science can be used to improve threat analysis and threat detection. Brian: All right, Jaime. Based on this discussion that we already had, maybe you can take us into a little deeper on how you are working with, you know, data science and machine learning in the area of threat detection and threat analysis. Jaime: Absolutely. So one of the things that I want to start with is clarifying some misconceptions. In the cybersecurity industry, you're seeing many players talking about using AI and machine learning. Those two words you're going to see people using them in the same context but I wanted to clarify a little bit about what that means. For me, artificial intelligence is more the broad field and within artificial intelligence, we can talk about general artificial intelligence and narrow artificial intelligence. General artificial intelligence is something that doesn't exist yet. Right. We haven't been able to create an artificial intelligence that is able to generalize and reason as well as or better than humans. So, when we talk about narrow AI,..that's what machine learning is. It uses model that are able to solve a particular, really well defined problem. Matt: Right now, we have a very narrow definition of functional artificial intelligence. And machine learning is one version of that, one technique that might be used to teach a machine how to solve a problem. Brian: You know what, I think what the next stage that we need to get to is using artificial intelligence to figure out how to apply artificial intelligence. I mean, quite frankly...that's where it has to be and it's going to continue to be iterative to get deeper and deeper,. Jaime: I totally agree. If you see some of the latest research from Google and others, the field of AutoML, is really popular with a lot of investments happening. For those of you that don't know what AutoML is, as Brian said, it's basically training a neural network to come up with new neural networks or novel architectures. Brian: That will be the path to singularity in my opinion. Jaime: So we can divide machine-learning techniques mainly in two categories: supervised machine learning and unsupervised machine learning. There’s a third one, reinforcement learning that we are not going to talk about today because I still haven't seen many use cases within cybersecurity.  We talk about unsupervised machine learning in the area of anomaly detection or data exploration. And a point that I want to make there is we have many cyber security products out there that are applying unsupervised learning, including clustering, anomaly detection, etc. I'm not a huge fan of those algorithms in the cybersecurity context because they are prone to many false positives. Matt: Things that are just clustering and finding things that are similar won't necessarily find you something malicious. That's when you need to apply a]]> 2019-06-13T13:00:00+00:00 https://feeds.feedblitz.com/~/603039086/0/alienvault-blogs~Using-data-science-to-improve-threat-analysis-ATampT-ThreatTraq www.secnews.physaphae.fr/article.php?IdArticle=1152635 False Vulnerability,Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Infosecurity Europe 2019 in London, June 4-6. Our theme was unifying security management with people, process and technologies. While the industry is generally moving in the right direction, IT teams still struggle with being overwhelmed on the technology side, not knowing where to begin on the process side, and finding (or being able to afford) people with the right security skill sets. In addition, network infrastructure managers tend to be disconnected from the CISOs even though they both might sit under the CIO. This leads to security often being an afterthought with new technology initiatives, rather than a core requirement. As Marcus Bragg, VP Sales & Marketing at AT&T Cybersecurity said in the booth, "it's like buying a new car without an airbag and asking the manufacturer to put one in months later." It's the difference between catching issues at the planning stage versus having to remediate them later, possibly after an attack has occurred. Our team at the InfoSec conference enjoyed engaging with our visitors and exploring ways that AT&T Cybersecurity can help them solve their security challenges. Here’s a picture of the AT&T Cybersecurity booth: And, Chris Doman from our Alien Labs security research team gave a talk about threat-sharing and resilience to a packed house. Other notable observations in terms of industry trends from Infosecurity 2019: Way less Blockchain-oriented exhibitors than last year. Perhaps those companies went bankrupt when the coins crashed? Machine Learning (ML) continues to be a hot topic - but more from vendors who use ML as one of many approaches to data analysis and fewer "pure ML" startups. Lots of vendors I hadn't heard of that seem to target niche industries Many companies offering Security Orchestration, Automation and Response (SOAR) types of solutions.   Lots of security training companies were at the conference, which makes sense given the cybersecurity skills shortage. Less booth babes 😊       ]]> 2019-06-12T13:00:00+00:00 https://feeds.feedblitz.com/~/602998002/0/alienvault-blogs~Infosecurity-Europe www.secnews.physaphae.fr/article.php?IdArticle=1150877 False Guideline None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC You can’t fix the flaws you don’t know about – and the clearer your sense of your organization’s overall security posture, the better equipped you are to improve it. Vulnerability assessments are a core requirement for IT security, and conducting them on a regular basis can help you stay one step ahead of the bad guys. Ultimately, a vulnerability assessment helps you shift from a reactive cybersecurity approach to a proactive one, with an increased awareness of the cyber risks your organization faces and an ability to prioritize the flaws that need the most attention. With a diagnosis of your digital health, vulnerability scanning can provide a digital footprint and a precise picture of the threat landscape by applying a grade to each vulnerability to help your IT team prioritize and create risk treatment plans by focusing on the biggest opportunities first. Any company can be exposed to the exploitation of their vulnerabilities; no one can claim to be 100% protected. But, without insight into those vulnerabilities and their effect on your organization’s business operations, remediation plans can’t be put into motion. While conducting your own vulnerability scanning in-house may be attractive for companies, it’s hard to beat the expertise of a third party security provider. For some organizations, it may be more effective to keep all testing in house due to the understanding of the detailed environment and systems being accessed. On the other hand, for most small- and medium-sized businesses, it is difficult to maintain the level of expertise in-house that a third party provider can offer. Requirements to properly assess vulnerability scanning results will depend on the company and its mission, and the requisite technical skills and work experience may be hard to come by. An in-house security assessment team may lack specialization, and it’s almost impossible to find well-rounded professionals who know networks, applications, mobility and cloud inside and out and are able to provide recommendations in all areas. Additionally, some compliance regulations require testing to be performed by accredited security professionals and certifying an internal team will come at an additional cost. Regardless of company size or size and expertise of the security team, there are inherent benefits to getting a fresh perspective on your systems and vulnerabilities. A purely internal team that is used to the “status quo” might miss something important. Getting the maximum benefit from your vulnerability assessment involves adding context: tying the results to business impact through a comprehensive analysis of your company’s goals and vision and then applying that understanding to the outcome. The visibility into your security posture that vulnerability scanning services can provide isinvaluable. Whether there is a change to your organization’s environment, the need to prove security compliance, an initiative to transition to the cloud, or the need to handle proprietary customer information, ongoing scans can paint a picture of your security maturity and provide actionable insights for allocating resources and valuable time. AT&T Cybersecurity offers vulnerability scanning services to meet a variety of needs. Here’s a short video where you can learn more.  ]]> 2019-06-10T13:00:00+00:00 https://feeds.feedblitz.com/~/602916626/0/alienvault-blogs~Vulnerability-scanning-%e2%80%93-in-house-or-third-party www.secnews.physaphae.fr/article.php?IdArticle=1147557 False Vulnerability,Threat None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Cybersecurity professionals know what they’re up against. The type, number and severity of cyberattacks grows with time. Hackers display no shortage of cunning and ingenuity in exploiting security vulnerabilities, compromising important data and inflicting damage to both individuals and organizations. Cybersecurity professionals also know that their defenses must evolve along with the attacks, requiring them to display even more ingenuity than hackers when creating security tools. They also need to pile those tools on top of one another in order (depth in defense) to make life as difficult as possible for hackers. TLS Certificates One such security precaution is the issuance of transport layer security (TLS) certificates by trusted Certificate Authorities (CAs).  While the main purpose of TLS pinning is identity assurance, TLS also provides confidentiality and integrity of data using PKI, which can improve assurance of the identity of the endpoint.  After verifying the website server’s identity, the certificates create encrypted channels of communication between that server and visitors. Unsurprisingly, hackers have devised workarounds to these certificates, even going as far as buying and selling forged TLS certificates on the dark web. The mere existence of a TLS certificate is no longer enough to guarantee secure internet communication between web servers and clients. To stay ahead of hackers, the arms race continues. One such additional measure is known as TLS pinning, which offers an additional layer of security that meshes nicely with what the certificate issuance system already does. Given the growing severity of cyberattacks on mobile devices and platforms, here’s what TLS pinning means for mobile users and how it affects the downloading of new mobile apps. What TLS Certificates do and How They Work TLS certificates work through the “magic” of public key encryption. The central principle behind public key encryption is that two parties, A and B, who wish to send messages to one another without any third party, C, reading their messages can best do so if each has both a public and a private key that they can use to encrypt and decrypt messages. The public key encryption process allows A to craft a message for B and use their public key — which is available to the public — to turn that message into encrypted gibberish. The only thing that will be able to turn the gibberish back into the original message is B’s private key, which only B has access to. As long as B doesn't lose their private key and keeps others from stealing it, it won’t matter if C is able to intercept and read A’s message to B. It will be unreadable to anyone but B. The same is true for any message that B sends to A. B encrypts their message with their public key and only A’s private key will be able to decrypt it. HTTPS is the TLS Highway TLS certificates allow web servers to securely communicate with clients protected by public key encryption. Hypertext Transfer Protocol (HTTP) is the standard communication protocol on the internet and Hypertext Transfer Protocol Secure (HTTPS) is the version that uses public key encryption. In HTTPS, communication is secured through a ]]> 2019-06-07T13:00:00+00:00 https://feeds.feedblitz.com/~/602820058/0/alienvault-blogs~A-Guide-to-Mobile-TLS-Certificate-Pinning www.secnews.physaphae.fr/article.php?IdArticle=1144721 False None None None AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Have you noticed that people are just too busy to read important information you send to them?  One of the problems with disseminating information, especially when it is about cybersecurity, is that there needs to be a balance between timing, priority, and cadence. Timing is simply when the message is sent.  You may send a message of the utmost urgency, such as a warning about a ransomware outbreak.  However, if you sent that message at 3AM, it will probably be ignored amidst all the other E-mails that arrived overnight in the recipient’s in box. Priority is the importance of the message. Yes, you can flag a message as high importance, or some similar setting in your mail client, however, your priorities are not necessarily the same as the recipients’, so your important message may not generate any heightened interest. Cadence is the frequency of your messages. Do you send too many messages?  If you do, you run the risk of the “boy who cried wolf” problem, where people will just ignore most, if not all, of your messages. What can you do to get someone to read the message, or at least retain the most important part of the message?  Sure, you could write a single line message, but that would offer no context.  I recently ran into a problem when I needed to send a message warning of a voicemail phishing scam.  I needed high engagement, yet I had previously sent another message about another security event, so my cadence was too tight, and my frequency too close.  How could I engage the recipients to notice this message above the other? One interesting technique of social engineers is to use misinformation, or concession.  This technique, as well as many others, is explained beautifully in Chris Hadnagy’s book “Social Engineering – the Science of Human Hacking”.  Here is how I used it to grab the readers’ attention.  First, I sent the message that many people may not have entirely focused on: If you are a total grammar, (or typo) geek, you may notice the error I made in the sentence: We do not use any system that requests a network password to retrieve a voice message from and external site. Once this message settled in, (or became buried beneath the recipients’ other priorities), I followed it with this message: Using this deliberate error, and conceding to the error, the reader is not only drawn to the most important idea in the message, but the reader may actually go back to look more closely at the original message, which offers a better chance of the recipient internalizing the message. Of course, the nature of this technique could be perceived as manipulative, however, no one was harmed through its use.  Also, it certainly cannot be used too often.  Like all good tools, its effectiveness becomes dulled with overuse.  Again, this is also part of the balance of social engineering skills, and if you have not already read Chris Hadnagy’s book, it is highly recommended.  He can teach you how to use, yet not abuse, some of the best techniques in the social engineering profession to excellent effect. If used judiciously, concession is a powerful tool to engage a population suffering from information-overload. Tread lightly! ]]> 2019-05-30T13:00:00+00:00 https://feeds.feedblitz.com/~/602730036/0/alienvault-blogs~Using-misinformation-for-security-awareness-engagement www.secnews.physaphae.fr/article.php?IdArticle=1140177 False Ransomware,Tool None 5.0000000000000000 AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Hello all and welcome to the first episode of a new blog series focused on how to prevent WordPress site hacks. In this first post of the series, I will provide videos and articles that will comprise a set of tutorials to show you the ins and outs of building a home lab that will give you the flexibility to test, hack, or learn just about anything in IT. Personal or home labs can be very subjective because, I know people in the industry who have spent thousands of dollars building out personal labs with the latest hardware and software in the industry. I tend to take a bit more of a minimalist approach to building out my personal lab. Of course, if you work for a manufacturer of a certain technology and they provide you with that technology then there is really no excuse for not having a great lab around said tech. How to build your home lab on a budget What I am going to show you in this article will range in price from free to a few hundred dollars, which for most people is acceptable to spend on a personal lab. To perform the upcoming tutorials, you can use a couple of different configurations. The first is the all-in-one approach which entails simply virtualizing everything on a regular laptop or desktop PC based on MS Windows or Mac. I will include products for both that will work great. The first lab I built to do this tutorial was for a Windows Machine and then I got my hands on a Mac to build out the lab. I will say that the Windows 10 OS has a lot more free utilities than OS X does however, OS X is built on Linux and therefore affords you some features that Windows does not, such as terminal sessions that work simply with other Linux servers. Windows has the capability to do some of this through MS PowerShell but I found it to be a bit more cumbersome to use and the other tools I used don’t really work easily with Windows or OS X. WordPress on a virtual machine I chose to use Kali Linux virtualized on both the Windows and Mac machines as it is honestly the most comprehensive penetration tool I have found on the internet, that is widely accepted without the fear of bringing tons of malware into my test environment that I don’t want. But more on that in another episode. Below are a list of apps and utilities I used to perform the testing tutorials I will be releasing in future episodes. Tools for WordPress Kali Linux downloads Offensive Security was born out of the belief that the only real way to achieve sound defensive security is through an offensive mindset and approach. Kali Linux is one of several Offensive Security projects – funded, developed and maintained as a free and open-source penetration testing platform.                WPScan WPScan was created for non-commercial use and is a free black box WordPress vulnerability scanner written for security professionals and blog maintainers to test the security of their sites. Bitnami wordpress stack Bitnami offers a suite of products and projects that accelerate the delivery of applications and containers to multiple clouds. Built modularly, Bitnami e]]> 2019-05-28T13:00:00+00:00 https://feeds.feedblitz.com/~/602730038/0/alienvault-blogs~How-to-build-a-home-IT-security-lab-Episode www.secnews.physaphae.fr/article.php?IdArticle=1140178 False None None 5.0000000000000000 AlienVault Blog - AlienVault est un acteur de defense majeur dans les IOC Marie Forleo.  It was part of her “Copy Cure” course, and if you are unfamiliar with Marie and her work, take the time to explore some of her wisdom.  Her webcasts are gems, particularly if you work in the consulting space. During the webcast she mentioned a phrase that should be at the top of mind for every InfoSec professional: If you confuse them, you lose them. Think about the last meeting you had, or the last message you wrote.  Was it truly as clear as it could be for its intended audience? Think of the following example: An executive received the following E-Mail – Take a moment and think about how you would respond to the executive who sends this message to you and asks “Is this real, or a scam?” Most of us InfoSec professionals would probably chuckle that the executive doesn’t immediately recognize this as a scam, but that is the first failing of our approach.  When I see this, I assume that the exec recognizes that something is not quite right, and is sending it to the subject matter experts for advice.  This is definitely more preferable than if the person just clicked the link and then proceeded with the frantic “Oops, I messed up” phone call, or worse, does not report the error to anyone hoping that no one notices. Here is where we InfoSec professionals often make the mistake that creates the confuse-and-lose problem. Would you simply reply: “It’s a scam, delete it”? That certainly gets the message across, and it allows you move on with your day, but does it help the exec?  Does it teach anything, or does it add to the confusion, making the person no richer than when they contacted you? Think of when you go to the dentist because of a pain, and the dentist responds with “It’s nothing”.  Do you feel any better knowing that the pain will not progress into the full agony stage, or would you like to know more?  Just as I would ask my dentist “How do you know it’s nothing?” the executive to whom you just said “It’s a scam, delete it”, will probably have the same question.  How do you know it’s a scam? Imagine, however, if you sent the following response: Mr. Exec: This is what is known as a credential-theft scam. If you followed that link and filled in the information, your username and password would have been stolen. The phone number is a non-working number, and the link attempts to connect to a .do domain (which is located in the Dominican Republic, not a Microsoft site). Please delete it. Thanks for checking with us. Here is a sample of the fake site: In this hyper-sensitive cybersecurity environment, even the busiest executive will appreciate the explanation and enjoy a better understanding of what we do to protect the company.  This eliminates the confusion, and it also provides a real-world example of the lessons we teach in the security awareness campaigns that are required by many companies. Wouldn’t it be great to know that you are providing the valuable service of not only protecting your organization, but also communicating in a way that reduces confusion and eases the perceived pain of cybersecurity?  Instead of the phrase “If you confuse them, you lose them”, perhaps we can turn it around to “If you teach them, you reach them”. ]]> 2019-05-22T13:00:00+00:00 https://feeds.feedblitz.com/~/602730042/0/alienvault-blogs~If-you-confuse-them-you-lose-them www.secnews.physaphae.fr/article.php?IdArticle=1140180 False None None 3.0000000000000000