Users of Azure cloud services have a new option for stopping the misuse of privileges as well as managing vulnerabilities through an alliance with Beyond Trust.Azure customers who buy Beyond Trust licenses can host PowerBroker, the company’s privileged access management (PAM) and its vulnerability management (VM) platform, Retina, in their Azure cloud instances.They can host BeyondSaaS perimeter vulnerability scanning in Azure as well. Both are available via the Azure Marketplace.These new services give Beyond Trust customers a third option for how they deploy PAM and VM. Before they could extend a local instance of Beyond Trust’s security to the Azure cloud via software connectors or deploy it within the cloud using software agents deployed on virtual machines there.To read this article in full or to leave a comment, please click here
More and more attackers are carrying out their work without using malware so they can evade detection by traditional, file-based security platforms, which presents a tough problem for security pros trying to defend against them.Nearly two-thirds of security researchers polled by Carbon Black say they’ve noted an uptick in these attacks just since the beginning of the year, and aren’t confident that traditional anti-virus software can deal with them.+More on Network World: IBM says cybercriminals are starting to grab unstructured data, spam has rebloomed 400% and ransomware has just gone nuts+To read this article in full or to leave a comment, please click here
More and more attackers are carrying out their work without using malware so they can evade detection by traditional, file-based security platforms, which presents a tough problem for security pros trying to defend against them.Nearly two-thirds of security researchers polled by Carbon Black say they’ve noted an uptick in these attacks just since the beginning of the year, and aren’t confident that traditional anti-virus software can deal with them.+More on Network World: IBM says cybercriminals are starting to grab unstructured data, spam has rebloomed 400% and ransomware has just gone nuts+To read this article in full or to leave a comment, please click here
The FBI warns that attackers are targeting vulnerable FTP servers used by small medical and dental offices as a way to obtain medical records and other sensitive personal information.While the dangers of placing sensitive data on these servers is well known, smaller businesses may not have the expertise or motivation to upgrade.The attackers can use the stolen data to harass, intimidate and blackmail these businesses, the FBI says, and may also include using the stolen information to commit fraud.The attackers could also write to the servers in order to store malware and launch attacks, the FBI says.The remedy is to remove any personally identifiable information or protected health information from these servers and replace FTP with something more secure.To read this article in full or to leave a comment, please click here
The FBI warns that attackers are targeting vulnerable FTP servers used by small medical and dental offices as a way to obtain medical records and other sensitive personal information.While the dangers of placing sensitive data on these servers is well known, smaller businesses may not have the expertise or motivation to upgrade.The attackers can use the stolen data to harass, intimidate and blackmail these businesses, the FBI says, and may also include using the stolen information to commit fraud.The attackers could also write to the servers in order to store malware and launch attacks, the FBI says.The remedy is to remove any personally identifiable information or protected health information from these servers and replace FTP with something more secure.To read this article in full or to leave a comment, please click here
Smartphones are by far the most popular target of mobile malware, and the infection rate is soaring, according to new research by Nokia.During the second half of 2016, the increase in smartphone infections was 83% following on the heels of a 96% increase during the first half of the year, according to Nokia’s latest Mobile Threat Intelligence Report gathered from devices on which Nokia NetGuard Endpoint Security is deployed in Europe, North America, Asia Pacific and the Middle East.+More on Network World: Cisco Talos warns of Apple iOS and MacOS X.509 certificate flaw+To read this article in full or to leave a comment, please click here
Smartphones are by far the most popular target of mobile malware, and the infection rate is soaring, according to new research by Nokia.During the second half of 2016, the increase in smartphone infections was 83% following on the heels of a 96% increase during the first half of the year, according to Nokia’s latest Mobile Threat Intelligence Report gathered from devices on which Nokia NetGuard Endpoint Security is deployed in Europe, North America, Asia Pacific and the Middle East.+More on Network World: Cisco Talos warns of Apple iOS and MacOS X.509 certificate flaw+To read this article in full or to leave a comment, please click here
When ransomware criminals lock up files and demand payment to decrypt them, don’t pay, was the advice a consultant gave to a group at SecureWorld.When there’s no risk of losing crucial data, that’s easy to say, and to make is possible requires planning, says Michael Corby, executive consultant for CGI.“Plan to have data available in a form that won’t be affected by ransomware – encrypted and stored separately from the production network,” he says. “You need a clean copy of the data in a restorable form. Test that the backups work.”Restore and recover are the key words, and they should be done keeping in mind that the malware has to be removed before recovering.To read this article in full or to leave a comment, please click here
When ransomware criminals lock up files and demand payment to decrypt them, don’t pay, was the advice a consultant gave to a group at SecureWorld.When there’s no risk of losing crucial data, that’s easy to say, and to make is possible requires planning, says Michael Corby, executive consultant for CGI.“Plan to have data available in a form that won’t be affected by ransomware – encrypted and stored separately from the production network,” he says. “You need a clean copy of the data in a restorable form. Test that the backups work.”Restore and recover are the key words, and they should be done keeping in mind that the malware has to be removed before recovering.To read this article in full or to leave a comment, please click here
BOSTON -- Blockchain can help secure medical devices and improve patient privacy, but the key is proper implementation, according to a top security pro at Partners Healthcare.The downsides would include mistrust of the technology because of blockchain’s potential performance problems, and its association with ransomware and use as payment for illegal items on the Dark Web, Partners’ Deputy CISO Esmond Kane told the SecureWorld audience this week in Boston.On the other hand, the decentralized, encrypted public ledger could have a wealth of applications in healthcare, Kane says. These include streamlining the resolution of insurance claims, management of internet of things medical devices and providing granular privacy settings for personal medical data.To read this article in full or to leave a comment, please click here
BOSTON -- Blockchain can help secure medical devices and improve patient privacy, but the key is proper implementation, according to a top security pro at Partners Healthcare.The downsides would include mistrust of the technology because of blockchain’s potential performance problems, and its association with ransomware and use as payment for illegal items on the Dark Web, Partners’ Deputy CISO Esmond Kane told the SecureWorld audience this week in Boston.On the other hand, the decentralized, encrypted public ledger could have a wealth of applications in healthcare, Kane says. These include streamlining the resolution of insurance claims, management of internet of things medical devices and providing granular privacy settings for personal medical data.To read this article in full or to leave a comment, please click here
A zero-day attack called Double Agent can take over antivirus software on Windows machines and turn it into malware that encrypts files for ransom, exfiltrates data or formats the hard drives.Based on a 15-year-old feature in Windows from XP through Windows 10, the attack is effective against all 14 antivirus products tested by security vendor Cybellum – and would also be effective against pretty much every other process running on the machines.Double Agent was discovered by Cybellum researchers and has not been seen in the wild.“The attack was reported to all the major vendors which approved the vulnerability and are currently working on finding a solution and releasing a patch,” according to a Cybellum blog. All the vendors were notified more than 90 days ago, which is the standard length of time for responsibly disclosing vulnerabilities and giving vendors time to fix them.To read this article in full or to leave a comment, please click here
A zero-day attack called Double Agent can take over antivirus software on Windows machines and turn it into malware that encrypts files for ransom, exfiltrates data or formats the hard drives.Based on a 15-year-old feature in Windows from XP through Windows 10, the attack is effective against all 14 antivirus products tested by security vendor Cybellum – and would also be effective against pretty much every other process running on the machines.Double Agent was discovered by Cybellum researchers and has not been seen in the wild.“The attack was reported to all the major vendors which approved the vulnerability and are currently working on finding a solution and releasing a patch,” according to a Cybellum blog. All the vendors were notified more than 90 days ago, which is the standard length of time for responsibly disclosing vulnerabilities and giving vendors time to fix them.To read this article in full or to leave a comment, please click here
Businesses that allow the Ask.com toolbar in their environments might want to rethink that after endpoints equipped with the browser add-on were compromised last November and then again the very next month using pretty much the same attack methods.In both cases attackers managed to infiltrate the Ask.com updater infrastructure to the point that they used legitimate Ask signing certificates to authenticate malware that was masquerading as software updates.And in both cases Ask Partner Network (APN), which distributes the Ask.com toolbar, told the security vendors who discovered the incidents that it had fixed the problem. The first one was discovered by security vendor Red Canary, and the second was caught by Carbon Black, whose researchers just wrote about it in their company blog.To read this article in full or to leave a comment, please click here
Businesses that allow the Ask.com toolbar in their environments might want to rethink that after endpoints equipped with the browser add-on were compromised last November and then again the very next month using pretty much the same attack methods.In both cases attackers managed to infiltrate the Ask.com updater infrastructure to the point that they used legitimate Ask signing certificates to authenticate malware that was masquerading as software updates.And in both cases Ask Partner Network (APN), which distributes the Ask.com toolbar, told the security vendors who discovered the incidents that it had fixed the problem. The first one was discovered by security vendor Red Canary, and the second was caught by Carbon Black, whose researchers just wrote about it in their company blog.To read this article in full or to leave a comment, please click here
Pwnie Express is adding a tool that ranks the risks its security service finds on customer networks and makes it easier to remediate them.The new feature of the company’s Pulse service assesses potential vulnerabilities that its sensors detect in customers’ networks and issues a grade in each of four categories. This Device Risk Scorecard points out problems, prioritizes them by urgency and tells how to fix them.The scorecard looks at wireless infrastructure configuration, client connection behaviors, network host configuration, and shadow IT and rogue devices and computes a grade for each. Customers can drill down to find what discoveries account for low scores and follow the remediation suggestions to fix the problems.To read this article in full or to leave a comment, please click here
Pwnie Express is adding a tool that ranks the risks its security service finds on customer networks and makes it easier to remediate them.The new feature of the company’s Pulse service assesses potential vulnerabilities that its sensors detect in customers’ networks and issues a grade in each of four categories. This Device Risk Scorecard points out problems, prioritizes them by urgency and tells how to fix them.The scorecard looks at wireless infrastructure configuration, client connection behaviors, network host configuration, and shadow IT and rogue devices and computes a grade for each. Customers can drill down to find what discoveries account for low scores and follow the remediation suggestions to fix the problems.To read this article in full or to leave a comment, please click here
Crooks are stealing code from the purveyors of Petya ransomware and using it to extort money from innocent victims, stiffing the creators of the malware out of the cut they are supposed to get.Rather than following the rules of licensing Petya, another criminal group is stealing and modifying the ransomware so they can use it without paying, according to the SecureList blog by researchers at Kaspersky Lab.+More on Network World: DARPA fortifies early warning system for power-grid cyber assault+To read this article in full or to leave a comment, please click here
Crooks are stealing code from the purveyors of Petya ransomware and using it to extort money from innocent victims, stiffing the creators of the malware out of the cut they are supposed to get.Rather than following the rules of licensing Petya, another criminal group is stealing and modifying the ransomware so they can use it without paying, according to the SecureList blog by researchers at Kaspersky Lab.+More on Network World: DARPA fortifies early warning system for power-grid cyber assault+To read this article in full or to leave a comment, please click here
The CIA exploits exposed this week reveal that the agency does hacking just like criminals do, including buying exploits from black-hat researchers who sell their wares on the dark web.It’s also a demonstration of bad security on the part of the CIA, which apparently entrusted the entire portfolio to both agency employees and contractors, one of whom turned out not to be trustworthy and passed them on to Wikileaks.A criminal investigation into who that was is underway so the CIA is rightfully busy with that, but it should try to find time to help out the vendors whose gear was exploited patch the flaws quickly. Before the leak, these attacks were not widely known. But now that they are, they have little value to the CIA anymore, so the CIA should help shore up the vulnerabilities.To read this article in full or to leave a comment, please click here
Tim Greene