OneLogin, an identity management company which provides a single sign-on platform for logging into multiple apps and sites, was hacked. US customer data was potentially compromised,“including the ability to decrypt encrypted data.”The company, which claims “over 2000+ enterprise customers in 44 countries across the globe trust OneLogin,” announced the security incident on May 31. It was short on details, primarily saying the unauthorized access it detected had been blocked and law enforcement was notified.To read this article in full or to leave a comment, please click here
About 28GB of sensitive US intelligence data was discovered on a publicly-accessible Amazon Web Services’ S3 storage bucket. The cache, containing over 60,000 files, was linked to defense and intelligence contractor Booz Allen Hamilton, which was working on a project for the US National Geospatial-Intelligence Agency (NGA). NGA provides satellite and drone surveillance imagery for the Department of Defense and the US intelligence community.The unsecured data was discovered by Chris Vickery, who now works as a cyber risk analyst for the security firm UpGuard.According to UpGuard, the “information that would ordinarily require a Top Secret-level security clearance from the DoD was accessible to anyone looking in the right place; no hacking was required to gain credentials needed for potentially accessing materials of a high classification level.”To read this article in full or to leave a comment, please click here
The idea of crowdfunding to raise enough money to buy NSA-linked hacking tools from the Shadow Brokers is picking up steam and making some people steam.The price tag for getting hold of stolen Equation Group hacking tools is 100 Zcash. When I started the article about the Shadow Brokers revealing details about its June dump of the month subscription service, the cost of 100 Zcash was equal to $22,779. By the time I finished writing, it was equal to $23,251. As I start this article, 100 Zcash is equal to $24,128. By tomorrow, the first day to subscribe to the Shadow Brokers monthly dump service, Zcash will likely cost even more dollars. If you don’t have that kind of money, but want to partake in the spoils of the June dump, then maybe crowdfunding is the way to go?To read this article in full or to leave a comment, please click here
The WannaCry outbreak has been troubling in many regards – exposing flaws, and opening doors to much finger-pointing and blaming that have gone well beyond the handling and disclosure of nation-state cyber weapon stockpiling.The attackers likely had a good idea of how quickly and widely the attack would spread, evidenced by the fact that their ransom demand was created in 28 languages, suggesting that they had very high expectations of the success of their attack.WannaCry targeted Microsoft systems that were not running the latest patches, and older versions of Windows such as Windows XP, which is still widely deployed in the NHS despite being 16 years old and no longer supported by Microsoft, except under custom contracts.To read this article in full or to leave a comment, please click here
This column is available in a weekly newsletter called IT Best Practices. Click here to subscribe.Anyone who has spent any amount of time trying to secure their organization’s endpoints or network would not be surprised to learn that phishing is now the #1 delivery vehicle for malware and ransomware.According to Mandiant, phishing was used in about 95 percent of the cases of successful breaches where an attacker has been able to get into a target network and do something malicious. A phishing campaign is likely to have a 90 percent success rate—i.e., someone takes the bait—when the campaign is sent to 10 or more people.To read this article in full or to leave a comment, please click here
The Shadow Brokers revealed pricing and other details about its monthly dump service which kicks off in June. Subscribers of the dump of the month club will not be shelling out bitcoins, but a different cryptocurrency: 100 (ZEC) Zcash. At the time of publishing, 100 Zcash was equal to $23,251.Over the weekend, the Shadow Brokers moved bitcoins worth about $24,000 to over 30 smaller wallets. The bitcoins had been received back when the group was trying to auction off the hacking tools. Mikko Hypponen noticed the change after an alert he set on their bitcoin wallet went off.To read this article in full or to leave a comment, please click here
Security in multiplesImage by ShutterstockThe Internet of Things (IoT) describes an interconnected system of standalone devices, which communicate and transfer data within the existing internet infrastructure, providing greater insight and control over elements in our increasingly connected lives. With an estimated 30 billion connected devices to be deployed across the globe by 2020, the promise of a global Internet of Things is fast approaching, posing a whole new level of threats to connected organizations. To a potential attacker, a device presents an interesting target for several reasons. First, many of the devices will have an inherent value by the simple nature of their function. A connected security camera, for example, could provide valuable information about the security posture of a given location when compromised. Hackers are already using IoT devices for their malicious purposes in multiple types of attacks on networks and servers. DSL, DDoS and bot attacks in 2016 have proven that there is no shortage of opportunities that hackers are willing to exploit. Portnox explains these common misconceptions.To read this article in full or to leave a comment, please click here
Penetration testing was much like taking a battering ram to the door of the fortress. Keep pounding away and maybe find a secret backdoor to enter through. But what happens if pieces of the network are outside of the fortress? With the flurry of Internet of Things devices, is it harder to conduct a pen test with that many devices and end points?Claud Xiao, principal security researcher, Unit 42 at Palo Alto Networks, said for just testing some network services on IoT devices in a black box way, the difficulty level and the steps are similar with regular pen testing. But if you're discovering vulnerabilities via analyzing firmware or via analyzing wireless communications (e.g., Bluetooth or ZigBee), that's much harder.To read this article in full or to leave a comment, please click here
With only one year until this business-changing regulation goes into effect, it's time for companies to start planning their approach. Let's run through eight steps you can take to be ready.
One year from today, the recently passed regulation known as “GDPR” (General Data Protection Regulation) goes into effect. While EU-specific, it can still dramatically affect how businesses that work with personal data of citizens and residents of the EU. GDPR was approved a year ago and will be going into effect in another year. It applies directly to organizations within the EU, but also applies to organizations outside the EU if they 1) offer goods and services to the EU, 2) monitor the behavior EU subjects, or 3) process or retain personal data of EU citizens and residents. And the regulation can place very serious fines and sanctions for non-compliance.To read this article in full or to leave a comment, please click here
Deploying password quality checking on your Debian-base Linux servers can help to ensure that your users assign reasonable passwords on their accounts, but the settings themselves can be a bit misleading. For example, setting a minimum password length of 12 characters does not mean that your users' passwords will all have twelve or more characters. Let's stroll down Complexity Boulevard and see how the settings work and examine some settings worth considering.First, if you haven't done this already, install the password quality checking library with this command:apt-get -y install libpam-pwquality
The files that contain most of the settings we're going to look at will be:To read this article in full or to leave a comment, please click here
Deploying password quality checking on your Debian-base Linux servers can help to ensure that your users assign reasonable passwords on their accounts, but the settings themselves can be a bit misleading. For example, setting a minimum password length of 12 characters does not mean that your users' passwords will all have twelve or more characters. Let's stroll down Complexity Boulevard and see how the settings work and examine some settings worth considering.First, if you haven't done this already, install the password quality checking library with this command:apt-get -y install libpam-pwquality
The files that contain most of the settings we're going to look at will be:To read this article in full or to leave a comment, please click here
Deploying password quality checking on your Debian-base Linux servers can help to ensure that your users assign reasonable passwords on their accounts, but the settings themselves can be a bit misleading. For example, setting a minimum password length of 12 characters does not mean that your users' passwords will all have twelve or more characters. Let's stroll down Complexity Boulevard and see how the settings work and examine some settings worth considering.First, if you haven't done this already, install the password quality checking library with this command:apt-get -y install libpam-pwquality
The files that contain most of the settings we're going to look at will be:To read this article in full, please click here
Network traffic analysis should be used more in the fight against malware. That’s because pointers show up on the network “weeks and even months” in advance of new malicious software being uncovered, scientists from the Georgia Institute of Technology explain in an article on the school’s website.The researchers, who have been studying historic network traffic patterns, say the latest malware tracking should take advantage of inherent network-supplied barometers and stop simply focusing on trying to identify malware code already on networks and machines. By analyzing already-available, suspicious network traffic created by the hackers over a period of time, administrators will be able to pounce and render malware harmless before it can perform damage.To read this article in full or to leave a comment, please click here
Network traffic analysis should be used more in the fight against malware. That’s because pointers show up on the network “weeks and even months” in advance of new malicious software being uncovered, scientists from the Georgia Institute of Technology explain in an article on the school’s website.The researchers, who have been studying historic network traffic patterns, say the latest malware tracking should take advantage of inherent network-supplied barometers and stop simply focusing on trying to identify malware code already on networks and machines. By analyzing already-available, suspicious network traffic created by the hackers over a period of time, administrators will be able to pounce and render malware harmless before it can perform damage.To read this article in full or to leave a comment, please click here
If your website, in common with roughly 25% of all websites, is running WordPress then it's pretty much certain that it's being constantly attacked. WordPress is to hackers what raw meat is to jackals because unless sites are assiduously maintained, they quickly become vulnerable to a huge number of exploits.The root cause of this vulnerability is WordPress' ecosystem of complex core software augmented by thousands of third party developers whose themes and plugins are often buggy and not quickly (or often, never) updated to fend off known security problems. Add to that many site owners being slow to update their core WordPress installation and you have an enormous and easily discovered collection of irresistible hacking targets.To read this article in full or to leave a comment, please click here
If your website, in common with roughly 25% of all websites, is running WordPress then it's pretty much certain that it's being constantly attacked. WordPress is to hackers what raw meat is to jackals because unless sites are assiduously maintained, they quickly become vulnerable to a huge number of exploits.The root cause of this vulnerability is WordPress' ecosystem of complex core software augmented by thousands of third party developers whose themes and plugins are often buggy and not quickly (or often, never) updated to fend off known security problems. Add to that many site owners being slow to update their core WordPress installation and you have an enormous and easily discovered collection of irresistible hacking targets.To read this article in full or to leave a comment, please click here
If your website, in common with roughly 25% of all websites, is running WordPress then it's pretty much certain that it's being constantly attacked. WordPress is to hackers what raw meat is to jackals because unless sites are assiduously maintained, they quickly become vulnerable to a huge number of exploits.The root cause of this vulnerability is WordPress' ecosystem of complex core software augmented by thousands of third party developers whose themes and plugins are often buggy and not quickly (or often, never) updated to fend off known security problems. Add to that many site owners being slow to update their core WordPress installation and you have an enormous and easily discovered collection of irresistible hacking targets.To read this article in full, please click here
Do you use Kodi, Popcorn Time, VLC or Stremio? Do you use subtitles while you watch? If so, then you need to update the platform as Check Point researchers revealed that not all subtitles are benign text files and hackers can remotely take control of any device running vulnerable software via malicious subtitles.The attack is not in the wild, since Check Point developed the proof of concept attack vector; however, with news of the attack vector and an estimated 200 million video players and streaming apps running vulnerable software, attackers might jump on the malicious subtitle wagon to gain remote access to victims’ systems.To read this article in full or to leave a comment, please click here