security

Outsourcing Solution for Skill Gap?

October 5th, 2017

A recent survey shows that there is huge skill gap in security staff. Three hundred and fifteen IT security professionals participated. Seventy two percent mentioned that it is difficult to hire skilled staff.

Ninety percent of the participants believe that technology vendors can help to address the skills gap. Ninety six percent believe automation can solve skill gap.

Tripwire sponsored the survey and was conducted by Dimensional Research. Forty seven percent of respondents are worried about losing security capabilities due to skill gap.

Other findings include –

Fifty two percent mentioned that they’re concerned about coping up with vulnerabilities

Twenty nine percent are concerned about keeping track of devices and software on the network

Twenty four percent are concerned about identifying and responding to issues in a timely manner

“Considering the recent high-profile threats that have been attributed to unpatched systems, it’s no wonder respondents are concerned that a technical skills gap could leave their organizations exposed to new vulnerabilities,” Tripwire vice president of product management and strategy Tim Erlin said in a statement.

Eight percent believe they need expertise in the cloud.

“Growing adoption of cloud, IoT and DevOps brings about new challenges that security teams with need to keep up with, and if organizations want to bridge a technical skills gap they should look to work with security vendors and managed security providers who can help them address today’s major attack types, while also offering training to their existing IT teams,” Erlin said.

“As security continues to become an even bigger challenge for organizations, we can expect to see more and more businesses outsourcing to gain security expertise in the future,” he added.

Another (ISC)2 survey of more than 3,300 IT professionals stated that there is no adequate  resources for security training.

Only thirty five percent said that there is active action taken on security issues.

“Security is a shared responsibility across any enterprise or government agency,” (ISC)2 CEO David Shearer said in a statement. “Unless IT is adequately trained and enabled to apply best practices across all systems, even the best security plan is vulnerable to failure.”

____________________________________________________________________________________________

AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.

Oracle CEO Promises Autonomous Security Technology

October 2nd, 2017

Oracle’s founder Larry Ellison mentioned Equifax mistakes while mentioning that new Oracle technology would help to prevent Oracle customers from the data breach.

Due to vulnerability in the Apache Struts framework, there was data breach which exposed personally identifiable information on 143 million Americans.

“The biggest threat by far in cybersecurity is data theft,” Ellison said. “Preventing data theft is all about securing your data.”

As per the Oracle CEO, Oracle database is the safest database. Its new Oracle 18c database has autonomous capabilities. It has auto-tuning as well as automatic patching capabilities.

Ellison plans on announcing a new cyber-security service.

“You have to know when you’re being attacked and as they come in and you better detect that during reconnaissance phase,” Ellison said. “The attacker’s goal is to take your data and send it someplace else.”

The new system will automatically detect threats when they first appear. It will immediate defend and remediate against the detected problem.

He also mentioned that automated patching is key to the cyber defense.

“We have to automate our cyber-defences and you have to be able to defend yourself without taking your systems offline or shutting down your database,” Ellison said.

The new system makes use of machine learning and has the same underlying technology foundation as the Oracle 18c database.

“No human error means no opportunities for human malicious behaviour,” Ellison said.

“After your database’s been notified by your security system it has to be able to patch itself immediately while running,” he explained.

“There was a patch available for Equifax [but] somebody didn’t apply it. It’s a clean sweep; directors aren’t safe, nobody’s safe when something like that happens. People are going to get better at stealing data and we have to get a lot better at protecting it.”

____________________________________________________________________________________________

AlertSec ACCESS checks for full disk encryption on PCs running Windows 7, 8, and 10 Home, Pro and Enterprise as well as Mac OS El Capitan and Sierra.

APT33 Attacks US companies

September 29th, 2017

As per the FireEye researchers, Iranian government hacking group is using phishing attacks to target companies in the U.S., Saudi Arabia and South Korea. The group is named as APT33.

In the past year,  the group is able to access to many U.S. organization in the energy sector. It also targeted refining and petrochemicals in South Korean and aviation business in Saudi Arabia.

“We assess the targeting of multiple companies with aviation-related partnerships to Saudi Arabia indicates that APT33 may possibly be looking to gain insights on Saudi Arabia’s military aviation capabilities to enhance Iran’s domestic aviation capabilities or to support Iran’s military and strategic decision-making vis a vis Saudi Arabia,” the researchers wrote.

“Iran has repeatedly demonstrated a willingness to globally leverage its cyber espionage capabilities,” FireEye director of intelligence analysis John Hultquist said in a statement. “Its aggressive use of this tool, combined with shifting geopolitics, underscore the danger that APT33 poses to governments and commercial interests in the Middle East and throughout the world.”

STEALTHbits Technologies CTO Jonathan Sander told eSecurity Planet that this is changing the face of cyber attacks.”When a cyber attack occurs, most still envision some young man in a hoodie or loner in a basement,” he said. “However, most of the bad guys today are professionals working for governments, organized crime, or even private [firms] in countries with lax laws that let cybercrime be a middle-class profession.”

“Organizations tend to focus defense on attacks that would exfiltrate data,” he said. “Many use the common notion that we’ve all been penetrated already as an excuse to only worry about defending against the last stage of most attacks where that data is stolen. When the motivation is destruction, though, the part where the data leaves never happens, and the trap is never sprung.”

Virsec Systems co-founder and COO Ray DeMeo mentioned there is no surprise in such groups. “We’ve seen clear evidence for some time that nation-state funded groups are using systematic, methodical, and innovative techniques to find weaknesses in networks and critical infrastructure systems,” he said.

“Expect ongoing cyber warfare to be the new normal, and it’s critical that all organizations take security much more seriously, improve their detection and protection capabilities, and train all employees to protect their credentials against theft,” DeMeo added.

____________________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

SEC Breach Calls for Broader Use of Encryption

September 27th, 2017

U.S. Securities and Exchange Commission (SEC) chairman Jay Clayton recently mentioned that software vulnerability in its Electronic Data Gathering, Analysis and Retrieval (EDGAR) system “was exploited and resulted in access to nonpublic information”.

He added it “may have provided the basis for illicit gain through trading.”

Hackers gain access to the system last year but till August 2017 commission determined that the data may have been available for illegal trading.

AsTech Consulting chief security strategist Nathan Wenzler mentioned that hackers can sell non-sensitive data as well. “Many of them are looking for specific types of information which they can leverage as an advantage in business deals, stock trades, investments and other financial activities for huge profits,” he said.

Wenzler added, “It’s imperative that monitoring and detection for the inappropriate use of this kind of data be a standard layer of defense for organizations right alongside patching vulnerabilities, encrypting data and enforcing strong access controls.”

Gabriel Gumbs, vice president of product strategy at STEALTHbits Technologies mentioned that the hackers may have been inspired by other data breach. ”Protecting information that will be made public but has to remain private for some period of time is very difficult to govern,” he said.

“This is not an area most organizations have shown competence in, and for any publicly traded company it is an area that they must be proficient in — but until then, expect this will not be the last such insider trading hack,” he said.

Jason Hart, vice president and CTO for data protection at Gemalto mentioned that stopping such threats is unrealistic goal “A better starting point is for organizations to truly know what they are trying to protect and then putting the right safeguards like encryption in place,” he said. “Of the 1.9 billion data records compromised worldwide in the first half of 2017, less than 1 percent used encryption to render the information useless.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Deloitte Firm Data Breach

September 26th, 2017

Deloitte firm suffered data breach when it was hit last year by a cyber attack. The incident affected confidential emails and plans of at least six of its clients. Firm mentioned that attack was privileged, unrestricted ‘access to all areas.

Affected information also included usernames, passwords, IP addresses, architectural diagrams for businesses and health information.

As per the statement “In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review including mobilizing a team of cybersecurity and confidentiality experts inside and outside of Deloitte.”

“As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators,” the company added.

As per the source, the exact duration was not known to the company.

“I think it’s unfortunate how we have handled this and swept it under the rug,” the source told Krebs. “It wasn’t a few emails like reported. They accessed the entire email database and all admin accounts. But we never notified our advisory clients or our cyber Intel clients.”

Raytheon chief strategy officer for cyber services Josh Douglas mentioned that data was not protected properly. “Two-factor authentication … is a basic part of cyber hygiene, and while it might not have prevented the intrusion altogether, it would have at least slowed the attackers and forced them to use more sophisticated methods,” he said.

He added that 2FA alone isn’t enough. “Organizations need to hunt threats to their network proactively and adopt an incident response plan that prevents or limits the exfiltration of sensitive data,” he said. “Comprehensive cybersecurity is especially important in the era of cloud computing, where companies are storing sensitive data remotely. As we tell our clients, cloud computing puts your information on someone else’s computer — so it’s vital to protect the cloud exactly as you would your own servers.”

“Some key elements to such a strategy are an optimally deployed and tuned SIEM platform leveraging machine learning, a combination of internal and external expertise actively engaged in analysis, and the use of deception technology to identify active attackers and suspicious behavior,” Netsurion CISO John Christly said.

VASCO Data Security CMO John Gunn mentioned growing trends among hacker to attack other confidential. ”This was first evidenced by the successful attack on newswire services that yielded hackers more than $100 million of insider trading profits, and more recently with the successful breach of the SEC for confidential information on publicly traded companies,” he said.

“Firms such as Deloitte that have troves of sensitive, non-public information that could be used for illegal trading activity will find themselves increasingly in the cross-hairs of sophisticated hacking organizations,” Gunn added.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Superfish Privacy Claims Settled by Lenovo

September 24th, 2017

PC vendor Lenovo admitted that adware is known as ‘Superfish’ was pre-installed on their system. These PCs were sold in the U.S. Now, Lenovo and the U.S. Federal Trade Commission (FTC) and a coalition of 32 state attorneys have settled the case. The FTC claimed that Superfish Adware was violating consumer privacy and filed the legal complaint in 2014.

“Lenovo compromised consumers’ privacy when it pre-loaded software that could access consumers’ sensitive information without adequate notice or consent to its use,” Acting FTC Chairman Maureen K. Ohlhausen said in a statement. “This conduct is even more serious because the software compromised online security protections that consumers rely on.”

Earlier Lenovo denied the claim and added that there is no evidence to say that systems have security concerns. In early 2015, company changing it stance admitted that the adware has security risks.

The main issue with Superfish is that it installed a security certificate which allowed – ‘it work as a man-in-the-middle (MiTM) and intercept traffic between the user and the intended location’.

“To date, we are not aware of any actual instances of a third-party exploiting the vulnerabilities to gain access to a user’s communications,” Lenovo stated. “Subsequent to this incident, Lenovo introduced both a policy to limit the amount of pre-installed software it loads on its PCs and comprehensive security and privacy review processes, actions which are largely consistent with the actions we agreed to take in the settlements announced today. “

As per the settlement between two parties, Lenovo mentioned that it will stop misrepresenting preloaded software. It also agreed to implement a comprehensive security program for next 20 years. The program is subject to third-party audit.

Lenovo has agreed to security risks but remains firm that there is no violation of privacy of customers.

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leader’s quadrant in Gartner’s Magic Quadrant for Mobile Data Protection. 

Cybrary raises Series A Funding

September 22nd, 2017

Cybrary raised $3.5 million in a Series A round of funding led by Arthur Ventures. Tenable Network Security’s founder, Ron Gula also got involved in a new round.

The Greenbelt, Md. provider of cybersecurity training services is planning to use the funds for content catalogue and grow its online learning and testing technology platform. Millions of people till date has acquired knowledge of cyber security on the Cybrary.

The offerings include web application penetration testing, Metasploit penetration testing software and ethical hacking.

There is growing number of data breaches which is amplified due to lack of skilled security experts. Last week Equifax disclosed a data breach which affected names, addresses, driver’s license numbers, birthdates and social security numbers—valuable personal identifiable information that can facilitate identity theft.

“Beyond addressing core cybersecurity and IT skills, the material available on Cybrary focuses in on specialized areas that are lacking across industries such as incident response, technical project management, malware analysis, and penetration testing,” said Ralph Sita, co-Founder and CEO.

“Cybrary brings together people, companies, content, and technology to create an ever-growing catalogue of online courses and experiential learning tools that provide IT and cyber security learning opportunities to anyone, anytime, anywhere, continued Sita.

“With free video courses, the platform works to bridge the skills gap by providing access to tools professionals need to be competent and confident,” he said. “The open-source model fosters this ecosystem of information sharing in order to create a frictionless environment where those professionals can learn at their own pace and assess their skills while interacting with the community of over 1.2 million users.”

There is more to the offerings.

“Cybrary’s course catalogue will be the world’s largest portfolio of courses and tutorials covering unique products, industry best practices, skills-based certifications, career-based learning paths, and more. We’ve seen a huge demand for topics like data science, secure coding, enterprise risk assessment, and software development,” said Sita. “Be on the lookout for those additions in the near future.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Cloud Security Error Affects Half a Million Voters

September 16th, 2017

Kromtech researchers recently found a misconfigured CouchDB database which affected information of 593,328 Alaskan voters.

“When the database was configured, administrators bypassed important security settings that were set to ‘public’ instead of ‘private,’ allowing anyone with an Internet connection to gain access [to] the repository,” Kromtech chief security communications officer Bob Diachenko wrote in a blog post analyzing the breach.

TargetSmart CEO Tom Bonier mentioned that the breach was due to the third party. “We’ve learned that Equals3, an AI software company based in Minnesota, appears to have failed to secure some of their data and some data they license from TargetSmart, and that a database approximately 593,000 Alaska voters appears to have been inadvertently exposed, but not accessed by anyone other than the security researchers on our team and the team that identified the exposure,” he said.

Kromtech vice president of strategic alliances Alex Kernishniuk said that system needs to be updated”This is yet another wakeup call for companies, governments, and political organizations to audit their networks, servers and storage devices and ensure they take the proper security precautions,” he said.

Kromtech also discovered another breach where it affected 3,065,805 WWE fans’ personal information and 48,000 Indian citizens’ personal data.

Dome9 co-founder and CEO Zohar Alon told eSecurity Planet by email that it’s more important than ever for companies to define strict controls and practices for the handling of sensitive data.

“Attackers are looking for two things: repositories with data of value to organizations, and weak security practices,” he said.

“As more data makes its way to the public cloud and security practices around CouchDB become more standardized and robust, attackers will shift their attention to other low-hanging fruit, and exploit commonly known security gaps such as misconfigurations,” Alon added.

“With 2017 having already set new records in terms of the magnitude of cyber attacks, boards should be aware that it’s only a matter of time until their organization will be breached since most still lack efficient security shields,” Bitdefender Senior eThreat Analyst Bogdan Botezatu said in a statement.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Office Workers Not Sure of Phishing Attack

September 12th, 2017

Intermedia recent survey of more than 1,000 U.S. office workers has astonishing results. Fourteen percent do not have detailed knowledge about phishing attack or they can’t differentiate phishing email. Twenty-one percent are a victim of a phishing attack.

Thirty-four percent are company owners or executive managers who are a victim. Twenty-five percent are IT, workers.

Intermedia vice president of security and privacy Ryan Barrett mentioned that it is required to talk to employees more than considering it as a threat — otherwise, traditional education can actually lead to a false sense of security.

“Instead, companies need to offer regular interactive IT security training, simulate security incidents to help employees detect and prevent cyber attacks, and talk about the risks when big data breaches are in the news,” Barrett mentioned.

A Bitglass survey of 129 hackers at Black Hat 2017 has below findings –  

Fifty-nine mentioned phishing is the best strategy for data exfiltration

Malware and ransomware ranking second at 27 percent

“Phishing and malware are threats made all the more potent by cloud adoption and the ease with which employees can share corporate data,” Bitglass vice president of product management Mike Schuricht said in a statement.

Other survey conducted by Bromium of 500 CIOs in the U.S., U.K. and Germany found that fully 99 percent of respondents see end users as “the last line of defense” against hackers, and are spending an average of $290,033 per large enterprise on employee education in response.

“While end-users are often the easiest target for hackers, the idea that they should be ‘the last line of defense’ for a business is simply ridiculous,” Bromium CTO Simon Crosby said in a statement. “The fact is, most employees are focused on getting their jobs done, and any training will go out the window if a deadline is looming.”

“Instead of wasting time on user education policies, protect your users,” Crosby suggested. “Let them click with confidence. If they get attacked, let it happen, but do so in a contained environment. By isolating applications in self-contained hardware-enforced environments, malware is completely trapped. Users are free to download attachments, browse websites and click on links without fear of causing a breach.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Equifax Web Application Vulnerability

September 9th, 2017

Equifax mentioned that there was Web application vulnerability in May to July which exposed data of 143 million U.S. consumers.

Affected data includes names, Social Security numbers, birthdates and addresses, as well as some driver’s license numbers. Credit card numbers for approximately 209,000 consumers and dispute documents with personally identifiable information for approximately 182,000 consumers were accessed.

As per the global security strategist at Absolute, Richard Henderson – “Many people are going to lose their jobs, including Equifax executives, people will be brought before Congress to explain what happened, and consumer trust in all of the credit reporting agencies will be eroded.”

“It may be time for us to reconsider exactly how we allow companies to store all of this data,” Henderson added. “It’s clear that these mega-databases are prime targets for attack, and we may need to take a hard look at legislative changes that will force data brokers and collectors to take security up a few levels.”

“I apologize to consumers and our business customers for the concern and frustration this causes,” Equifax chairman and CEO Richard F. Smith said in a statement. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.”

As per Illumio head of cybersecurity strategy Nathaniel Gleicher it is difficult to keep large data secure.

“Even large organizations struggle because it’s far too easy for intruders to slip across the perimeter and then bide their time inside compromised networks until they can get to the most valuable data,” Gleicher said. “If we want to stop breaches like this, we have to get much better at stopping lateral movement within compromised networks.”

As per chairman and founder of CyberScout, Adam Levin highlights the importance of implementing multi-factor authentication.

“While we don’t yet know the full dimensions of the Equifax breach, where the most sensitive information of over a third of the American population could have been exposed to cybercriminals, tens of millions of us are now forced to look over our shoulders for the rest of our lives because tons of Social Security numbers, the skeleton key to our lives, are out there for cybercriminals to steal and exploit,” Levin said.

____________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc.