STE WILLIAMS

Demonstration Showcase Brings DevOps to Interop19

Attendees will learn how orchestration and automation can be a part of network operations and security, even at smaller companies.

Nothing can really replace seeing technology in action and putting hands on the controls to aid in understanding and boost confidence. At Interop ITX, that capability is called the Interop19 Demonstration Showcase, and this year it focuses on network orchestration and automation — technologies that only a short while ago were limited to carrier-class networks but today are within the reach of small and midsized businesses.

The Showcase will be located on the TechFair floor and will be available for attendees to see and explore; they’ll also be able to talk with engineering volunteers whenever the TechFair is open. That means Interop attendees will have opportunities to see the Demonstration Showcase on Monday, Tuesday, and Wednesday of Interop19, both during and after the major Summits scheduled at the beginning of the conference.

“This year, we’re looking at the current trend towards automating or programmatically implementing, managing, and monitoring your network,” says Glenn Evans, chief architect and manager of the Demonstration Showcase. He explains that the Showcase will be demonstrating tools such as Python and Ansible playbooks, all the way up to Kubernetes ELK (Elasticsearch, Logstash, and Kibana) stacks for automating log and monitoring processes.

Evans says security will be one of the considerations in the Demonstration Showcase. “The security of the network should always be a consideration. Some of the tools we will try and implement do provide security analysis, so the Elasticsearch’s elastic search stack is a repository for searching and looking for patterns, and looking at the security,” he says.

In addition, Evans says the change management and revision automation that will be demonstrated are critical parts of keeping a network secure and vital to the “everything is software” mindset that’s part of the DevOps approach that develops out of basic network orchestration and automation.

One of the major points that the Demonstration Showcase will make is that the tools exist for small to midsize companies to begin adding network orchestration and automation to their infrastructure. Evans says that the tools they will have on display don’t require wholesale hardware changes in the organization. And that allows companies to start asking a very basic question.

“How can a single IT administrator or a single network administrator in a small company make their life easier?” Evans asks. “By moving to this software management-type model or programmatic model. It’s like moving from spreadsheets to a database. We’re moving from cut and paste, typing out commands, to creating a program or an application that will go out and do it all for us.”

That automation requires development skill that may be scarce in smaller organizations, but Evans says that the Demonstration Showcase will help by providing playbooks, code samples, and scripts in a GitHub repository that will be available during and after Interop19. “It’s a major paradigm shift, and it’s a major mindset change,” Evans says. “We’re trying to make it a little bit easier for those people by having some basic packages that they can expand on.”

Related Content:

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio

Article source: https://www.darkreading.com/perimeter/demonstration-showcase-brings-devops-to-interop19/d/d-id/1334514?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

  • 23/04/2019
  • adm

Google File Cabinet Plays Host to Malware Payloads

Researchers detect a new drive-by download attack in which Google Sites’ file cabinet template is a delivery vehicle for malware.

Cybercriminals have been using the file cabinet template built into Google Sites to deliver the banking Trojan LoadPCBanker to victims who speak Portuguese and/or are based in Brazil, security researchers report.

Netskope Threat Research Labs noticed this attack in early April, largely because of the method of deployment. “This [attack] was one that caught our eye because the delivery system was interesting,” says Netskope architect Raymond Canzanese. Unlike Google services like Gmail, which block malicious file uploads, Google File Cabinet doesn’t seem to have any such limits.

Google Sites is a legacy platform historically used to build simple websites. A separate functionality called Google File Cabinet is used to upload files to be hosted on a website. Cybercriminals are now using File Cabinet to upload malware to websites and send the links to victims via phishing emails. Victims who click the links — which are displayed with Google URLs — are taken to attackers’ websites. There, they are presented with a malicious executable, typically a PDF disguised as a guesthouse or hotel reservation, Canzanese says.

Researchers think the adversaries are relying on Google’s brand trustworthiness. People have an “implicit trust” in vendors like Google, Netskope’s Ashwin Vamshi wrote in a blog post. “As a result, they are more likely to fall victim to an attack launched from within a Google service.”

Further, Canzanese adds, targets may be more likely to click a Google link than a malicious attachment, which many employees are now trained to avoid. The emails will also bypass filters designed to block bad attachments before they arrive in victims’ inboxes.

The attack kill chain for LoadPCBanker starts with a first-stage parent downloader, which downloads next-stage payloads from a file hosting site. Next-stage payloads collect screenshots, clipboard data, and keystrokes from victims. All of the collected data is exfiltrated to the attackers’ server using SQL, which Canzanese notes is another interesting trait of this threat.

“It’s not something we see a lot of,” he says of the SQL exfiltration. Researchers don’t think it’s a sign of attacker sophistication; rather, they see it as a sign the intruders are trying to blend in. This way, exfiltrated information blends in with standard SQL traffic and may not be detected.

LoadPCBanker: Old Threat Resurfaces
While this particular series of attacks was found in April 2019, researchers say similar malware has been around since early 2014. Minor changes have been made over the years; however, there have been no major additions or edits to LoadPCBanker’s functionality, Canzanese says.

It seems these attackers are going after Brazil-based or Portuguese-speaking targets, based on an executable discovered with a Portuguese name. While researchers can’t speak to the total number of targets, they did determine an approximate number being actively surveilled.

“In the time we’ve been watching this, we’ve only seen 20 users actively being surveilled,” says Canzanese. The attackers have taken screenshots from victims’ machines and tracked their keylogging, potentially trying to obtain user credentials. The targets’ IP addresses indicate they’re scattered all over Brazil; there is no sign a specific business is being singled out.

Interestingly, it seems the attackers are rotating their database credentials every few weeks, Canzanese says. It’s unclear whether they’re getting caught and shutting down, or being cautious and trying to evade detection. Canzanese anticipates the latter is more likely.

Analysis shows this latest wave of attacks has been going on since February 2019. It’s possible the same attacker is behind LoadPCBanker incidents in 2014 and 2019; however, Canzanese says it’s also possible the source code has been reused by multiple attackers in the same time frame.

“We haven’t been able to find anything that indicates it’s been the same actor using it,” he notes, adding that attribution is difficult without more concrete evidence. The team also doesn’t have sufficient evidence to confirm this is the work of another attacker or group.

Related Content:

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance Technology, where she covered financial … View Full Bio

Article source: https://www.darkreading.com/endpoint/google-file-cabinet-plays-host-to-malware-payloads/d/d-id/1334513?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

  • 23/04/2019
  • adm

Once again, it’s 123456: the password that says ‘I give up’

The essence of most people’s regard for cybersecurity: we’re DOOMED.

That’s one of the key takeaways from the UK’s National Cyber Security Centre (NCSC), which released the results of its first ever UK cyber survey on Sunday, along with a list of the most craptacular passwords found most often in breached databases.

The findings were released ahead of the NCSC’s CYBERUK 2019 conference in Glasgow this week.

Some of those doomy gloomy findings: 70% of the 1,350 Brits surveyed between November 2018 and January 2019 believe they’re going to be cyber-pounced on sometime in the next two years, and it will put on some hurt, aka a “big personal impact.”

Many people – 37% – think that getting mugged online for money or personal details is inevitable these days. Losing money is the biggest concern, with 42% feeling it’s likely to happen by 2021. That’s not keeping them from buying stuff online, though: 89% are using the internet to make online purchases, and 39% say they do so on a weekly basis.

Although 80% said that cybersecurity is a “high priority,” that doesn’t mean that the doomed plan to do anything about it. In fact, some of the groups most likely to say it’s a priority are the least likely to take protective action. For example, older people – those aged 55-64 – are the likeliest to say it’s a high priority, and 16-24 year-olds are least likely to prioritize it. However, the youngsters are more likely to say they’re capable when it comes to cybersecurity, and they’re more likely to flip the switch on some protection.

Protective action like, say, these things, which these numbers of people are likely to do “always”:

  • Use password/passcode/PIN to unlock smartphones or tablets: 70%
  • Use a strong and separate password for main email account: 55%
  • Install the latest software and app updates once you notice that they are available: 46%
  • Check emails, texts or social media messages, including those from known contacts, to see whether they are genuine: 35%
  • Turn on and use two-factor authentication (2FA) for your main email account: 25%
  • Report any phishing emails by hitting the ‘Spam’ or ‘Report phishing’ button: 21%
  • Save passwords using a password manager on smartphone or tablet: 14%

Those and other security behaviors cited in the survey are typically more prevalent among 16-54 year olds, with drop off among those aged 55+. Besides being young, being well-heeled also helps, with affluent people reporting better security hygiene. The survey noted that regardless of age, there are also variations due to levels of internet usage and device ownership.

We can surmise that, as we’ve heard before, much of the turnoff comes from confusion. Almost half – 46% – of the people surveyed said that instructions about staying safe online are confusing.

Is “Confusion” a dEc3ntPassw0rd?

For years, “This is too hard!” has been the reason cited for why people use easy-to-remember passwords such as anniversaries, or their pets’ names, or, of course, one of the picks from the rogues’ gallery of the most frequently spotted passwords that turn up in breached databases.

The NCSC, in collaboration with Have I Been Pwned’s Troy Hunt, released a file containing his data set’s top 100,000 most commonly reoccurring breached passwords. You can download the full file here. If you spot any of your own passwords on that list, it’s imperative that you change it – whatever account(s) it’s supposed to be protecting are sitting ducks.

In that list, “123456” once again showed up at the tippity top, being found in use 23.2m times. While there’s nothing that whispers “I give up” quite as fervently as that one, No. 2 comes close: it was “123456789,” being found 7.7m times.

Also making their many, predictable appearances were these gnarly, old, easily guessables:

  • qwerty (3.8m)
  • password (3.6m)
  • 1111111 (3.1m)

Then too, there are names used as passwords: “ashley” took the cake as the most popular, appearing 432,276 times in breached databases. Liverpool won when it came to the most frequently found Premier League football team names, while blink182 won it for musician names. “Superman” showed up as the most common fictional character name.

These are all weak passwords, but you don’t have to use ones like this. Best practice is to combine upper/lowercase letters with digits and punctuation/special characters – make them as long and complex as possible.

And, of course, one password isn’t enough. You need to have a different password for each online account you have.

Nobody expects you to remember a grocery list worth of complicated passwords, and that’s why we believe in using password managers to create them and/or to store them all and fill them in.

Are those hard to use? Well, they’re more involved than “ashley,” but not beyond the grasp of most people – particularly if they fear getting victimized by cybercrime, which is a very wise thing to worry about.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/otrzwW9j-pE/

  • 23/04/2019
  • adm

Hotspot finder app blabs 2 million Wi-Fi network passwords

This should come as no surprise, but it still sucks big-time: thousands of people who downloaded a random, very popular app called WiFi Finder found that it got handsy with users’ own home Wi-Fi, uploading their network passwords to a database full of 2 million passwords that was found exposed and unprotected online.

The leaked database was discovered by Sanyam Jain, a security researcher and a member of the GDI Foundation who reported his find to TechCrunch. Jain and TechCrunch’s Zack Whittaker spent more than two weeks fruitlessly trying to contact the developer, who they believe is based in China.

Receiving no reply, they instead turned to the host, DigitalOcean, which yanked the database within a day of their contact.

According to the app’s Google Play listing, it’s been installed more than 100,000 times.

The app does what it says it does: it searches for nearby hotspots, maps them, and enables users to upload all their stored Wi-Fi passwords. Unfortunately, in spite of what the app developer – Proofusion – claims, WiFi Finder doesn’t differentiate between public hotspots and what Whittaker says are the “countless” home Wi-Fi networks found by TechCrunch and Jain.

The exposed database didn’t give away contact information for any of the Wi-Fi network owners, but it did include geolocation data. The geolocations often corresponded to what look like wholly residential areas where there don’t appear to be any businesses, suggesting that the logins are for home networks.

WiFi Finder doesn’t require users to get network owner permission, leaving the door open for unauthorized access. An attacker could tweak router settings, could redirect network users to malicious websites by changing the DNS server, and could read any unencrypted traffic carried by the wireless network, enabling them to steal passwords and eavesdrop on communications.

Read those permissions!

WiFi Finder is a glaring example of how much security and privacy we all too often blithely hand over to an app that doesn’t deserve our trust. If you dig into the permissions it requests, you’ll find that it wants users to give it access to locations, full contact lists – including phone numbers and email accounts of all your friends, family, colleagues and whoever else is in that powerful hand warmer – plus the puzzlingly powerful ability to read, modify and delete data on your phone.

But why? That, unfortunately, is the question that we don’t get around to asking when we don’t bother to read app permissions.

Google has been trying to clean up the hot mess of bad apps in the Play store – a hot mess that, for example, saw 9m Androids infected with malware back in January, when Google removed 85 apps that were purportedly TV and video players and controllers but which would consistently show full-screen ads until they crashed, bringing in profitable ad impressions for the developers but nada for the victims.

We’re better off if we don’t solely depend on Google to strain out all the bad appery. By Google’s own calculations, only 0.09% of devices accessing the Play store were carrying malware as of January, but at 1.8 million phones, that’s nothing to sneeze at.

Make sure to check out app reviews and permissions to see what they’re up to before downloading. The majority of app developers may well have hearts of gold and the smarts to protect sensitive databases, but that still leaves plenty of random bulls in the china shop.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/a4MXqRuJXXo/

  • 23/04/2019
  • adm

Phone fingerprint scanner fooled by chewing gum packet

Nokia’s funky new phone, known as the Nokia 9 PureView, has some very cool features.

Five of them, in fact – five cameras, arranged on the back of the phone like a spider’s eye, capturing 12 megapixels each to make the device a snapper’s delight.

The Nokia 9 also includes a fingerprint scanner – a feature that Apple recently ditched from its smartphone range so that the screen could reach right to the edges of the device, as modern style dictates, but that several modern Android devices have retained by building the fingerprint detector into the screen itself.

That sounds like the best of both worlds: a good-looking screen plus convenient biometric security that is based on more than just a picture of your face.

Fingerprint scanners, however, aren’t perfect, with the result that we’ve written several stories over the years about the tricks that hackers have found to bypass them.

Positives and negatives

A fingerprint sensor bypass is what’s known in the jargon as a false positive, where an invalid fingerprint is incorrectly recognised as genuine, and the device is wrongly unlocked.

The opposite misbehaviour is a false negative, where even the genuine owner of the device can’t get in because their own fingerprint is wrongly rejected.

Good cybersecurity practice says that, in theory at least, false negatives are much better than false positives when it comes to fingerprint detection.

After all, the legitimate owner can always enter the PIN code instead and get in anyway, albeit less conveniently, so the cost of a false negative is a small amount of time.

In contrast, a false positive pretty much means that an imposter just got into your device, so the cost is that you’re compromised.

In practice, however, fingerprint scanners don’t aim to eliminate every possible false positive at the cost of a huge false negative rate – some sort of compromise is called for.

After all, fingerprint scanners (and other biometric identifiers, such as those based on eyes or faces) are often safer to use than having to type in an unlock code all the time.

Firstly, if you have to type in a PIN every time you want to use your phone, it’s tempting to choose a shorter, simpler PIN that’s more likely to be guessed or hacked.

Secondly, you often need to unlock your phone when you’re in view of a security camera, so your PIN may end up left behind in visual form on CCTV recordings you can’t control.

In other words, a nearly perfect fingerprint scanner is still a worthwhile cybersecurity tool.

A bit of trouble…

Back to Nokia 9s, then: as far as we can tell, Nokia has had a bit of trouble with the fingerprint scanner on the 9, with false negatives being an annoying issue for some legitimate users.

That’s necessitated some reworking of the recognition system.

Generally speaking, re-tuning the system to bring false negatives down to a tolerable level involves a corresponding increase in false positives.

Indeed, this is what intuition suggests – the more easy-going you are about letting people in, the less strict you end up being about keeping others out.

And an imbalance in fingerprint recognition accuracy is what seems to have happened in the brief history of the Nokia 9.

An early reviewer who loved the cameras nevertheless complained that the device “has an in-display fingerprint reader that’s finicky”.

Another Android enthusiast had the opposite experience and tweeted a video of his phone accepting someone else’s fingerprint:

And following Nokia’s latest software update, someone else claims to be able to unlock their own device with the edge of a packet of gum:

(Exactly what was printed on the part of the gum packet that got scanned, or how it was folded back on itself, and how it came to be misrecognised as a fingerprint at all, is not clear from the video.)

What to do?

The bottom line seems to be that Nokia hasn’t quite got its Nokia 9 PureView fingerprint firmware tuned up properly yet.

So our recommendation is simple: stick to a PIN code on your Nokia 9 until the company finds a reliable balance between false positives and false negatives on the device.

Even when you have fingerprint recognition turned on, some phone actions still require you to put in your PIN, so PIN security is important anyway.

Therefore, whether you’re a fan of PIN-only, PIN+fingerprint or, for that matter, PIN+face:

  • Pick a proper PIN. Go for as many digits as you can handle – 4 is too few; 6 will just about do; more is better – and don’t choose an obvious pattern just because it’s easy to type, or remember, or both.
  • Be aware of your surroundings. Be careful when you’re entering your PIN – those few characters are more valuable for crooks to snoop on that most of the rest of what you type, so watch out for cameras and shield your keypad while entering security codes.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/PvbW-6V3Gr4/

  • 23/04/2019
  • adm

7 Ways to Get the Most from Your IDS/IPS

Intrusion detection and prevention is at the foundation of successful security in-depth. Securing the perimeter requires a solid understanding of these two critical components.PreviousNext

“Security in-depth” is one of the few cybersecurity phrases that has kept its relevance since its introduction. The idea is simple — a threat that evades one defender will be caught by another — but the implementation can be complicated. Two of the related pieces of that implementation are the intrusion detection system (IDS) and the intrusion prevention system (IPS). Getting the most from them will help keep a network as secure as possible.

What makes an IDS/IPS different from a firewall? And what separates an IDS from an IPS? These are common questions that have straightforward answers — in theory. The practice is a bit messier.

A firewall’s actions tend to be defined by the wrappers around packets. Firewalls tend to look at source and destination addresses, protocols, and how those “carrier” components fit together and into the rules established by the administrator. The IDS and IPS focus their attention on the contents of the packet, looking for known attacks and misbehaviors, and stopping or repairing the packets based on those signature matches.

As for the difference between an IDS and an IPS, the functional difference is in the name: An IDS is a monitoring device or service, while an IPS actively permits or denies packet passage. A side effect of this difference is that an IDS monitors network traffic via span ports or taps, while an IPS is in-line with the network and, therefore, another potential point of failure for network traffic.

The “bit messier” part of all this comes courtesy of next-generation firewalls (NGFs), unified threat managers (UTMs), and other network protection devices that combine functions and blur lines between different security functions. Regardless of how they are delivered, though, the functions of an IDS/IPS should be part of any network security architecture.

So how do you get the most from your IDS or IPS? The practices listed here are the result of conversations with cybersecurity professionals, conference sessions at industry gatherings, personal experience, and Internet searches. While some practices apply to only one or the other, many apply to both.  

(Image: nali VIA Adobe Stock)

 

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full BioPreviousNext

Article source: https://www.darkreading.com/vulnerabilities---threats/7-ways-to-get-the-most-from-your-ids-ips/d/d-id/1334487?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

  • 23/04/2019
  • adm

Will the US Adopt a National Privacy Law?

Probably not before the 2020 election. But keep an eye on this Congress as legislators debate how to define personal data and what limits to place on how companies use it.

As we approach the one-year anniversary of Europe’s General Data Protection Regulation (GDPR), Congress is again considering whether the United States should join Europe (and most major economies) by adopting some form of national data privacy and security regulation. In February, the House and Senate each held hearings on data privacy, and for the first time in years there appears to be at least some interest among the different stakeholders for national legislation.

Why Are We Talking About National Privacy Regulation Now?
Until recently, one major factor preventing a serious discussion about a national privacy law was the almost uniform opposition of Silicon Valley and the large tech companies. These companies were concerned that data privacy regulation would inhibit their ability to monetize the data they collect and prevent further innovation in the information sector.

Recently, however, the industry has started to rethink that view. As abuses of data by major tech companies have come to light, Silicon Valley leaders have come to fear that data privacy legislation may be inevitable and have moved from a posture of opposing all legislation to seeking to shape the new regime. At the same time, the nation’s first state-level generally applicable data privacy law, the California Consumer Privacy Act (CCPA), is scheduled to take effect in 2020. Several other states have proposed similar data privacy laws, causing businesses to grapple with the fact that they may shortly need to comply with a patchwork of complicated and conflicting state-level regulations.

Consumer groups, meanwhile, have long wanted more stringent data privacy rules in the United States. Ironically, they recently have become less interested in a national standard because they worry that the large tech companies will shape national legislation to reduce the levels of protections now being granted or contemplated at the state level. Thus, one of the core issues that Congress will need to consider is whether any new national privacy legislation preempts state law — essentially wiping out any state-level protections (as the business lobbies desire), or if instead it sets a floor for the minimum amount of data protection allowed while still allowing states to create their own, more stringent protections (as advocated by consumer groups).

What Might Be in a US Privacy Law?
Though it is highly unlikely that Congress would model any US law after GDPR or even the CCPA, it is likely that the debate about such a law would force Congress to address some of the same issues. For example, GDPR defines a series of “rights” that individuals maintain in data about them, such as the right to know what data companies hold about them, to correct that data, and to erase it in certain circumstances. Though the United States is unlikely to elevate these kinds of protections to the level of a “fundamental human rights” (as GDPR describes them), Congress will need to consider whether to grant individuals any power to determine how or when their data is used by companies. Similarly, the United States has so far avoided mandating general security standards and does not have a national data breach notification statute; instead, each state has its own such statute. A new privacy law might well include such a national standard.

Probably the two biggest challenges facing legislators considering a national privacy law is how to define personal data and what limits ought to be placed on how companies can use such data. The US has generally adopted a fairly narrow definition of personal data — including certain health information as well as Social Security numbers and key financial information, but excluding more general information about a person, such as their political, ethnic, or sexual identity. The tech industry would prefer a narrow definition so that it can continue to monetize the vast amounts of data it collects about activities and consumer preferences — such as reading habits, hobbies, friend groups, political affiliations, and even location data — without further regulation.

Consumer groups seek to broaden the definition of personal data to prevent the kinds of practices that led to the recent Facebook scandals. Similarly, consumer groups aim to set clear limits on when and how companies can use personal data. GDPR, for example, only allows the processing of personal data if the company has one of six enumerated legal bases for doing so. US law is unlikely to be quite so restrictive but will need to find some method of describing what companies are allowed to do (or at least what they are not allowed to do).

How Would a National Privacy Law Be Enforced?
Once the contours of the restrictions are determined, Congress will then need to determine how the new privacy law will be enforced. To date, regulation of data privacy and security issues have either fallen to special agencies enforcing industry-specific privacy regulations (such as Health and Human Services, which enforces HIPAA violations, or the bank regulators, which enforce Gramm-Leach-Bliley violations) or to other federal agencies using their preexisting regulatory authority. Thus, the Federal Trad Commission has brought privacy and security actions pursuant to its authority to promote consumer protection, and the Securities and Exchange Commission has brought enforcement actions against public companies pursuant to its regulatory authority over public companies.

A new federal privacy law would create a much clearer regulatory regime and potentially a new regulator to enforce it. More controversially, consumer groups would like to guarantee that any privacy regulation allows for an individual right of action to ensure that individuals can force companies to abide by privacy regulations even in the absence of government action. It is probably unlikely that a new national privacy law will be passed before the next election, but it is worth keeping an eye on this Congress, as it may begin to shape the future of privacy and security law in the United States.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Seth P. Berman leads Nutter’s privacy and data security practice group. Corporations and their boards engage Seth to address the legal, technical, and strategic aspects of data privacy and cybersecurity risk, and to prepare for and respond to data breaches, hacking and other … View Full Bio

Article source: https://www.darkreading.com/endpoint/will-the-us-adopt-a-national-privacy-law/a/d-id/1334419?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

  • 23/04/2019
  • adm

Like that other bloke who rose from the grave, the El Reg security desk is back this week…

Roundup Welcome back, Brits, from your Easter break – assuming you weren’t working or on-call over the four-day weekend.

Since you’ve been away from your desks, RSS feeds, and browsers, it’s been a busy time in cyber-security, what with not one but two Facebook privacy cockups, one cunningly timed to coincide with the release of the Meuller report, plus the guilty plea of British malware researcher Marcus Hutchins. Here’s some of the lesser news landing in and around the Easter break.

Wipro wipeout

Last week started badly for Indian outsourcing giant Wipro after investigative journo Brian Krebs revealed that its corporate network had been successfully penetrated by hackers, who were leveraging the intrusion to, at least attempt to, compromise a dozen or more of its customers.

It appeared that the attack had been carrying on for more than a month, according to Krebs, and it appeared to be state sponsored. The biz initially tried to duck the issue, then confirmed it had been hacked, and then tried to play down news reports as inaccurate while on a conference call with financial analysts – which prompted Krebs to crash the call to clear his name:

On Friday, Wipro claimed that while several staff had been fallen for phishing emails, “the incident did not impact the company’s ongoing critical business operations,” which kinda vaguely suggests customers weren’t directly affected. This kerfuffle could pretty much serve as a textbook case of how not to handle a computer security breach.

Malware floods TV station off-air

Viewers of the Weather Channel in the US were left without regular service on Thursday when miscreants caused a hurricane of trouble for the broadcaster’s servers: a malware infection knocked its live feed off air.

The expected programming at 0600 ET (1000 UTC) was unable to be broadcast, and the channel just stuck repeats up instead. It took nearly two hours before the ransomware was scrubbed away, and normal services resumed. The FBI is investigating.

Iranian cyber-espionage tools leaked… ish

Portions of what appears to be Iranian government surveillance malware have been uploaded to the public internet via a Telegram chat group for anyone to grab.

The bundle includes PowerShell and web-shell scripts used in recent cyber-attacks by the Iranian state-backed APT34, aka OilRig, hacking gang. It also included some names, addresses, photographs, and phone numbers of people linked to the cyber-crew and Iran’s Ministry of Intelligence, along with data on some of APT34’s victims and the IP addresses of servers used to hack them.

An early analysis revealed the leakers have been public minded enough to leave out crucial snippets of code, preventing the tools from being deployed in any practical sense, and avoid another Shadow Brokers fiasco. There are no zero-day exploits or anything interesting like that; instead it appears to be a shot across Tehran’s bow by dox’ing its intelligence agents.

“We are exposing here the cyber tools the ruthless Iranian Ministry of Intelligence has been using against Iran’s neighboring countries, including names of the cruel managers, and information about the activities and the goals of these cyber-attacks,” the leakers wrote on Telegram. “We hope that other Iranian citizens will act for exposing this regime’s real ugly face.”

Prison for Codeshop dark souk admin

A Macedonian man is facing seven and a half years in the US prison system, plus some major fines, after being convicted of running a stolen credit card market online.

Djevair Ametovski was sentenced to 90 months behind bars after pleading guilty to running Codeshop between 2010 and 2014 on the dark web, and told to cough up $250,000 and other damages. The forum had a large database of stolen credit cards for sale, stored in a form that allowed for searches by bank identification number, financial institution, country, state and card brand for different geographical locations.

“The sentencing of this transnational cybercriminal emphasizes the commitment of the Secret Service to disrupt and dismantle global criminal networks,” said US Secret Service Special Agent-in-Charge David Beach.

“The Secret Service will continue to work closely with our network of law enforcement partners to dismantle criminal enterprises seeking to victimize innocent people, regardless of geographic distance or borders.”

Isn’t it ironic

Israeli computer security outfit Verint has confirmed that its servers were hit with ransomware.

“The company has experienced a critical flaw that has affected local servers,” the biz said in a statement. “The company is working to contain and handle the situation, with the help of outside parties.”

According to local media, the company got a dose of Ryuk, a potent piece of ransomware thought to emanate from North Korea and used to help fund the dictatorship there. Thankfully, it looks as though Verint had backups ready, though it’s a useful warning to all that even security professionals sometimes get hit – so be prepared. Make regular offline backups, full as well as diffs. ®

Sponsored:
Becoming a Pragmatic Security Leader

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/04/23/security_roundup_220419/

  • 23/04/2019
  • adm

1 in 4 Workers Are Aware Of Security Guidelines

Even more are knowingly connecting to unsecure networks and sharing confidential information through collaboration platforms, according to Symphony Communication Services.

An alarming percentage of workers are consciously avoiding IT guidelines for security, according to a new report from Symphony Communication Services.

The report, released this morning, is based on a survey of 1,569 respondents from the US and UK who use collaboration tools at work. It found that 24% of those surveyed are aware of IT security guidelines yet are not following them. Another 27% knowingly connect to an unsecure network. And 25% share confidential information through collaboration platforms, including Skype, Slack, and Microsoft Teams.  

While the numbers may at first appear alarming, there’s another way to look at them, says Frank Dickson, a research vice president at IDC who covers security.

“What I see is a large percentage of workers who view security as an impediment,” Dickson says. “When security gets in the way of workers getting their jobs done, people will go around security. Companies need to provide better tools so people can be more effective.”

Jonathan Christensen, Symphony’s chief experience officer, says that’s what Symphony was hoping to find out in doing the survey.

“The classic trade-off is that the more the security, the more clunky and cumbersome the product becomes,” Christensen says. “We believe that companies don’t have to make that trade-off.”

When security pros look for collaboration tools, they should ask vendors whether they offer end-to-end encryption and can administer the keys locally, he says.

“Remember that in a collaboration tool, all the information transmitted is business-critical,” Christensen says. “It can be everything from financial data, HR information, and customer account information, so you want to protect it end-to-end.”

Survey respondents were also overly optimistic about the security capabilities of collaboration products, Christensen says. For example, 93% say they have confidence their communications and data shared over messaging and collaboration tools are adequately secured by their companies and are safe from hackers. In addition, 84% say they are at least somewhat confident their collaboration providers do not have access to their messages.  

Symphony also found a generational shift in security attitudes between Baby Boomers and Millennials.

For example, the survey found that Millennials are:

  • 2x more likely to share confidential information over messaging/collaboration apps.
  • 3x more likely to download sensitive info or intellectual property from their companies.
  • 2x more likely to talk badly about the boss over chat.
  • 3x more likely to share company credit card or password information.
  • 2x more likely to gossip about co-workers.
  • 2x more likely to download a communications app not approved by IT.

Meanwhile, Baby Boomers are:

  • 2x as likely to have never engaged in any of 10 risky security behaviors.
  • 2x as likely to never discuss non-work matters over collaboration tools.
  • 2x more skeptical than Millennials that vendors couldn’t view their chats.

“Millennials grew up with social media and apps like Snapchat and are used to widely sharing information,” Christensen says. “They take those attitudes into the workplace.”

IDC’s Dickson agrees that the contrast between generations offers some of the more interesting data from the report.

“The generations have had different experiences with computers,”Dickson says. “Most Baby Boomers have had the experience of a computer crashing and losing data, as well as being phished or hit with a virus. The Millennials are used to sharing. Computers and networks also work better and are more stable today, so not as many of them know what it’s liked to experience a computer crash.”

Related Content:

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Article source: https://www.darkreading.com/threat-intelligence/1-in-4-workers-are-aware-of-security-guidelines---but-ignore-them/d/d-id/1334492?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

  • 23/04/2019
  • adm

Who Gets Targeted Most in Cyberattack Campaigns

Attackers are changing both their tactics and targets in an attempt to remain criminally successful, Proofpoint’s study found.

A low-level, non-executive title is no defense against spear-phishing campaigns, a new report has found.

Attackers are finding success with old tactics used against new targets: RD and engineering staff tend to be more frequently targeted than employees in other departments, and individual engineers and developers are targeted at a higher rate than executives, according to Proofpoint’s quarterly analysis of highly targeted cyberattacks.

The fastest growing category of attacked addresses, though, were generic functional accounts like “[email protected]” or “[email protected]”. Those generic addresses accounted for roughly 30% of all email attacks tracked in the fourth quarter of 2018.

Criminals aren’t limiting themselves to email attacks, either: Web-based social engineering groups grew 150% over the previous quarter and fraudulent social media support account phishing was up 442% over the previous year.

For more, read here.

 

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry’s most knowledgeable IT security experts. Check out the Interop agenda here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/who-gets-targeted-most-in-cyberattack-campaigns/d/d-id/1334494?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

  • 22/04/2019
  • adm