Archive for the ‘Computer security’ category

Data Breach at Forever 21

November 17th, 2017

Retailer Forever 21 recently suffered data breach. Affected information includes credit and debit card information at some Forever 21 locations. Third party notified the company about the breach.

“We immediately began an investigation of our payment card systems and engaged a leading security and forensics firm to assist us,” the company mentioned.

Forever 21 has encryption and tokenization solutions. It mentioned that only some point of sale (PoS) devices where affected. The company do not  know the affected location.

Obsidian Security CTO Ben Johnson mentioned that the breach is a reminder that every retailer is a target. “Holiday shoppers should be diligent in monitoring their account activity, and should consider Apple Pay or cash if they are feeling less confident about the security of the retailers’ systems,” he said.

“Retailers should understand that any areas of weakness, such as those few systems without multi-factor authentication or encryption, will eventually find themselves victim of compromise,” Johnson added. “In some ways things are improving on the defensive side, but we cannot forget that the attackers often innovate faster.”

Recent survey by SiteLock shows that there is growing concern for online shopping. The findings are as below –

Twenty seven percent worry about the information being compromised

Sixty-five percent mentioned that they will not return to the website after it got hacked

Fifty two percent say a store  which provides a secure payment network makes them confident

Another survey conducted by Paysafe has below findings –

Fifty nine percent of U.S. consumers believe fraud is an inevitable part of shopping online

Fifty eight percent said that they are willing to accept any security measures needed to eradicate fraud

Thirty nine percent of US businesses believe their customers would prefer increased security

“For years, consumers have had to overcome the apprehension that businesses know too much about them — from shoe sizes to food preferences,” Paysafe CEO Todd Linden said in a statement. “But as the payment world evolves, it is this knowledge that will make individuals more secure.”

“The evolution of big data will make payments smarter and easier and help to redress the balance between security and convenience,” Linden added. “Big data will be the ultimate key to tightening up security at PoS, online and in brick and mortar environments.”

___________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

Government of Canada Plans to Set CyberSecurity Policy

November 14th, 2017

The growing trend of attacks is worrying every corner of the world. Like other parts, Canadians are also at risk from cyber attack. The Government of Canada plans to fight this battle. They are implementing various measures to stop the attacks. At the SecTor conference here, Colleen Merchant, Director General for National Cyber Security at Public Safety Canada, explained the steps taken.

Merchant mentioned that government agencies will have different responsibilities for cyber security. The Royal Canadian Mounted Police (RCMP) is tasked to handle law enforcement and related investigations. Public Safety Canada handles the Canadian Cyber Incident Response Center (CCIRC).

“CCIRC also has a responsibility for coordinating the overall national response to significant cyber events affecting critical systems in Canada,” she said.

Public Safety Canada also provides helping hands to set policy for cyber security. Merchant mentioned that the role of policy is to help assess challenges and help to formulate overall approaches that work at a national level.

The Government of Canada has released its Cyber Security Strategy manifesto in 2010 which consists of  three core pillars including: securing government systems, partnering to secure vital system outside of the federal government, and helping Canadians to be more secure online.

“From 2010 and going up to 2020 we have committed $431.5 million for investment and improvement into cyber security,” Merchant said.

Government of Canada has taken views from various entities while drafting policy for cybersecurity. Merchant said that there was the need for more privacy, collaboration and skilled cyber security personnel.

“We are recognizing that cyber-security has become a source for economic prosperity,” Merchant said.

“The Government can’t solve all problems but we can find ways to force-multiply, by providing all partners with direction and to set out national-level objectives that we can all work toward,” she said.

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.

Managing Privileged Passwords

November 11th, 2017

Recent survey conducted by One Identity of 913 IT security pros shows that 86 percent of IT security professionals face challenges managing privileged passwords.

As per the One Identity website – “We believe that security is much more than the practice of denial and restriction. That’s why One Identity’s design and integration philosophy is that our solutions must add agility and efficiency to an organization – regardless of size or market – as well as secure its digital assets.”

Other findings of the survey include –

Eighteen percent use a paper logbook for privileged password management

Thirty six percent manage passwords in Excel or another spreadsheet

Twenty two percent are not able to monitor or record activity performed with admin credentials

Forty percent do not change the default admin password

“Over and over again, breaches from hacked privileged accounts have resulted in astronomical mitigation costs, as well as data theft and tarnished brands,” One Identity president and general manager John Milburn said in a statement. “These survey results indicate that there are an alarmingly high percentage of companies that don’t have proper procedures in place.”

LastPass research survey shows that the average security employee is managing 191 passwords.

Twenty six and half percent of businesses has multi-factor authentication to protect their password vaults.

“While we’re seeing that a significant portion of businesses are investing in multi-factor authentication, it is not yet adopted widely enough to compensate for the shortcomings of passwords,” the report states.

Duo Labs conducted survey of 443 individuals has below findings –

Twenty eight percent of respondents use two-factor authentication (2FA)

Fifty six percent of respondents had never heard of it

Forty-five percent of those who use 2FA said they do so on all services that offer it

“This survey underscores the reality that we as a security community still have a long way to go when it comes to educating the everyday person about proper security behaviors in general and 2FA in particular,” the researchers wrote.

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

GDPR

November 8th, 2017

HyTrust conducted survey of 323 attendees at the VMworld 2017 conference in Las Vegas, Nevada. It found that only 21 percent are concerned about GDPR compliance regulations and plan to implement it. Twenty seven percent are concerned but have no plan to implement.

“If you think GDPR desn’t apply to your organization, think again,” HyTrust president and founder Eric Chiu mentioned in a statement.

“Most organizations today are very aware of their security risks, but are not as far along with technology and processes to meet the GDPR compliance requirements, despite a May 2018 deadline that has significant fines for failure to comply,” Chiu added.

Another survey conducted by Carbon Black survey of 120 business decision makers has below findings –

Eighty six percent of respondents mentioned that they are confident in their ability to comply with GDPR requirements

Fifty eight percent are not using effective risk management tools

Survey conducted by Computing Magazine stated that only ten percent have their toolsets for classifying critical data and prioritizing risk to data.

“In order to effectively identify and neutralize data breaches, it’s essential to know what constitutes normal network behaviors versus what is suspicious,” Carbon Black senior director for compliance and governance programs Chris Strand said in a statement.

“Failing to align the right data protection toolsets with people and processes, many organizations are at risk of non-compliance with the GDPR and, more importantly, putting their customers’ information in jeopardy,” Strand added.

Survey conducted by IAPP-EY survey of 548 privacy professionals worldwide shows that fully 95 percent ( 75 percent of whom are located outside the EU) say the GDPR applies to their organization.

“Even though the EU’s GDPR has yet to take effect, organizations the world over are spending money on hiring and promoting privacy staff, training employees on privacy, purchasing technology to help with GDPR compliance, and pushing privacy awareness into every corner of the firm,” the report states.

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.

Ghostwriter AWS Issue

November 2nd, 2017

Skyhigh Networks researchers is warning about “GhostWriter,”. This entity misconfigures Amazon S3 buckets to allow public write access for a malicious third party to launch man-in-the-middle (MiTM) attacks.

“GhostWriter underlines the fact that security is just not the responsibility of the cloud service providers, but also the customer, and often it is a customer misconfiguration that exposes their data to threat,” Skyhigh chief scientist Sekhar Sarukkai wrote in blog.

According to Skyhigh, more than 1,600 S3 buckets get accessed from the enterprise network. Four percent are exposed to GhostWriter. “Skyhigh has identified thousands of such buckets being accessed from enterprise networks and has shared these affected buckets with AWS for remediation,” Sarukkai wrote.

Affected entities are major news sites, leading retailers, popular cloud services and ad networks.

“Bucket owners who store JavaScript or other code should pay particular attention to this issue to ensure that third parties don’t silently overwrite their code for drive-by attacks, Bitcoin mining or other exploits,” Sarukkai added.

This kind of misconfiguration is creating high profile data breaches which includes expose of 4 million Verizon customers’ data and 3 million WWE fans’ contact details.

Another survey conducted by AlgoSec of 450 senior security and network professionals showed that thirty percent of the participants plan to increase public cloud usage.  Forty four percent said that they faced challenges after migrating to public cloud.

AlgoSec director of communications Joanne Godfrey mentioned that it’s essential for organizations to maintain complete visibility”This enables them to better protect the business and fulfill compliance demands, while taking full advantage of the cost savings and agility offered by the hybrid cloud model,” she said.

“Companies of all sizes are adopting increasingly more complex technical solutions as the market democratizes what was previously reserved for software giants,” Threat Stack CSO Sam Bisbee said in a statement. “This has created an opening for internal and external threats as security teams catch up on cloud, containers, and more.”

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.

DHS and FBI warns of APTs Targeting

October 27th, 2017

The U.S. Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) have recently mentioned in a statement that an advanced persistent threat (APT) campaign is specifically targeting government entities and organizations. The affected entities are energy, nuclear, water, aviation and critical manufacturing sectors.

Attackers are targeting low security networks and third party suppliers.

“Based on malware analysis and observed [indicators of compromise], DHS has confidence that this campaign is still ongoing, and threat actors are actively pursuing their ultimate objectives over a long-term campaign,” the alert mentioned

Attackers use public website tor phishing attack.

“As an example, the threat actors downloaded a small photo from a publicly accessible human resources page,” the report states. “The image, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background.”

Hackers try to steal login information through security loopholes.

“Although these watering holes may host legitimate content by reputable organizations, the threat actors have altered them to contain and reference malicious content,” the alert mentioned.

“Approximately half of the known watering holes are trade publications and information websites related to process control, ICS, or critical infrastructure.”

Attackers conduct reconnaissance operations after getting into system.

“Specifically, the threat actors focused on identifying and browsing file servers within the intended victim’s network,” the alert states. “The threat actors viewed files pertaining to ICS or Supervisory Control and Data Acquisition (SCADA) systems.”

In one case hackers got inside energy installation systems.

Virsec Systems CEO Atiq Raza told eSecurity Planet that attack has common pattern “Rather than directly attacking high security networks, hackers are doing careful reconnaissance of connected third parties, staging servers or watering holes for insiders,” he said. “Once hackers steal credentials, or find a less secure backdoor, they can quickly pivot to more secure servers, bypassing traditional network perimeter security.”

“IT security needs to assume the perimeter is porous and focus more directly on guarding sensitive applications and data,” Raza added.

____________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

Funding for Averon

October 25th, 2017

San Francisco-based company Averon recently secured $8.3 million in an Avalon Ventures-led Series A round of funding. The firm is a mobile authentication startup.

Direct Autonomous Authentication (DAA) mobile identity verification standard is the brainchild of Averon. It allows smartphone users seamlessly and securely interact with services and devices. The technology allows users to interact with devices like smart locks which involves no download of dedicated app.

“Averon leverages real-time mobile network signaling and the SIM/eSIM (eUICC) chips already found in the world’s seven billion smartphones, requiring no installation, no apps, and no user involvement whatsoever,” the company explained in an Oct. 24 media advisory. “Working seamlessly in the background, it is the easiest, fastest and most secure way to provide instant, frictionless authentication.”

Wendell Brown, Averion’s CEO mentioned that his company is the solution to large scale breaches in current time.

“As we see in the news every day, cybersecurity breaches continue to grow in size and frequency, and the world is in desperate need of the next generation of online identity authentication,” said Brown, in a statement. “Averon offers a uniquely superior solution that authenticates users while relying on zero personally identifiable data and requiring zero effort on the part of consumers – Averon is the new gold standard in cybersecurity, and we’re rapidly taking it to scale.”

Many cyber security startups are getting funded. The partial list can be mentioned as below who got funding in recent times –

KnowBe4 secured a $30 million Series B round of financing the company

Contrast Security mentioned that it had completed a Series C round worth $30 million

ShiftLeft’s secured $9.3 million

Attivo Networks secured  $21 million Series C round of funding

Duo Security raised $70 million

 ___________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running iOS and Android are encrypted before access is granted.

Breaches in US Financial Service Organizations

October 23rd, 2017

As per the 2017 Thales Data Threat Report, forty two percent of U.S. financial services organizations got affected by data breach. Survey saw participation of 1,100 senior security executives worldwide. The findings are as below:

Twenty four percent of the organizations suffered data breach in last year alone

Nineteen percent suffered data breach in 2016

Eighty-six percent of participants believe they are vulnerable to data threats.

Ninety six percent will use sensitive data in an advanced technology environment

“Data breaches continue to hit the headlines and, as recently illustrated by the Equifax breach, the financial services industry is a prime target for hackers,” Thales e-Security vice president of strategy Peter Galvin said in a statement.

“As digitization continues to transform the industry’s online infrastructures it is critical organizations implement data security solutions that follow the data — wherever it is created, shared or stored,” Galvin added.

A recent survey conducted by ISMG survey of over 250 banking and security leaders found that 38 percent have confidence in threat detection deployed by companies.

“This survey certainly shows that while consumers may shoulder many direct costs and burdens associated with fraud, institutions are also suffering substantially,” NuData Security marketing director Lisa Baergen told eSecurity Planet by email.

“The global uptick in fraud, coupled with ever-increasing amounts of PII available on the black market, makes financial institutions more vulnerable and as a result, their security investments are growing yet their confidence in them isn’t,” Baergen added.

As per Symantec’s Q2 Mobile Threat Intelligence Report: Mobility and Finance found that twenty five percent of mobile devices used by employees at financial services organizations are at risk.

“Since user behavior is such a huge factor in mobile security, user education is one of the most important things an organization can do to… minimize the threat to their organizations through mobile devices,” the report suggests.

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen. AlertSec ACCESS checks all computers and smartphones and detects all encryption types.

North Korea Hackers Hit US Companies

October 14th, 2017

FireEye researchers recently mentioned that spear phishing emails were sent to U.S. electric companies which can be traced back to North Korea.

The emails contained fake invitations to a fundraiser. Anyone who opened attachment will get malware.

The researchers mentioned that the attack is early-stage reconnaissance.

“Nation-states often conduct cyber espionage operations to gather intelligence and prepare for contingencies, especially at times of high tension,” the researchers wrote.

Two years ago North Korean hackers has released sensitive data on South Korean nuclear power plants.

Researchers mentioned that North Korea linked hackers are bold and “likely remain committed to pursuing targets in the energy sector, especially in South Korea and among the U.S. and its allies, as a means of deterring potential war or sowing disorder during a time of armed conflict.”

“North Korea linked hackers are among the most profilic nation-state threats, targeting not only the U.S. and South Korea but the global financial system and nations worldwide,” the researchers wrote. “Their motivations vary from economic enrichment to traditional espionage to sabotage, but all share the hallmark of an ascendant cyber power willing to violate international norms with little regard for potential blowback.”

Eddie Habibi, CEO of PAS Global mentioned that with the growing tension between US and North Korea the frequency of the attack will rise.

And while critical infrastructure is as prepared as it has ever been for phishing attacks, Habibi said, it’s not well prepared for the consequences of attacks that provide the attackers with “access to the process control networks where you find systems that control volatile processes or ensure worker safety.”

“These systems are often 15 or 20 years old and consequently do not adhere to today’s secure by design principles,” Habibi said. “They are also not visible to security personnel, which makes detecting and reacting sufficiently to compromise difficult at best. Exploiting these systems can lead to loss of production, shareholder value, and even life under certain circumstances.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology. It is designed to enforce that devices are encrypted before access to a network is granted. Encrypted devices secure your data in case a device is lost or stolen. AlertSec ACCESS checks all computers and smartphones and detects all encryption types.

Fast Flux Botnets is a Security Risk

October 8th, 2017

Attackers use many techniques which is hidden in nature. Akamai research mentioned that a botnet with over 14,000 IP addresses uses fast flux DNS technique to avoid detection. It is technique which uses Domain Name System (DNS) to hide the source of an attack.

Multiple sets of IP address are rapidly swapped in and out of the DNS records which avoids detection. Most of the attack are coming from eastern Europe.

“No attribution to a specific attacker, but the research shows that the majority of botnet IP addresses are from Ukraine, Romania and Russia,” Or Katz, Principal Lead Security Researcher, Akamai, told eSecurityPlanet.

Botnets have been using fast flux techniques earlier which includes the zBot and Avalanche networks.

It is not a new technique. The focus of the research conducted by Akamai is to show analysis using data science approaches.

“According to the evidence we were able to collect, we assume that the botnet infrastructure is based on compromised machines and the machines that are associated with the botnet are constantly changing,” Katz said. “The fast flux technique being used is abusing the features of DNS in a way that serve their objectives.”

Akamai has not given the specifics of the attack.

“While tracking fast flux botnet is challenging, it is possible to do so by using algorithms that capture the fluxing behavior by looking on the relevant features, and this can lead to detecting such networks out-of-the-box,” Katz said.

One can detect botnets attack by having threat landscape visibility along with DNS and web traffic monitoring.

“Fast flux botnets are using domain names as the way for communication with malware,” Katz said. “Having algorithms that can track those domain names, once they start to become active, can reduce the effectiveness of such botnets.”

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra. AlertSec ACCESS will also verify that all smartphones running IOS and Android are encrypted before access is granted.