Computer users who have been affected by the Dharma ransomware and have held onto their encrypted files can now restore them for free. Researchers have created decryption tools for this ransomware strain after someone recently leaked the decryption keys.Dharma first appeared in November and is based on an older ransomware program known as Crysis. It's easy to recognize files affected by it because they will have the extension: .[email_address].dharma, where the email address is the one used by the attacker as a point of contact.On Wednesday, a user named gektar published a link to a Pastebin post on the BleepingComputer.com technical support forum. The post, he claimed, contained the decryption keys for all Dharma variants.To read this article in full or to leave a comment, please click here
Matt Gangwer, CTO of Rook Security and Ryan O'Leary, VP of Threat Research Center and Tech Support at WhiteHat Security join CSO Online's Steve Ragan to talk about the evolution of ransomware, and what companies need to do to combat it.
Google has expanded its Safe Browsing service, allowing Google Chrome on macOS to better protect users from programs that locally inject ads into web pages or that change the browser's home page and search settings.The Safe Browsing service is used by Google's search engine, as well as Google Chrome and Mozilla Firefox, to block users from accessing websites that host malicious code or malicious software. The service is also used in Chrome to scan downloaded files and block users from executing those that are flagged as malicious."Safe Browsing is broadening its protection of macOS devices, enabling safer browsing experiences by improving defenses against unwanted software and malware targeting macOS," Google said in a blog post Wednesday. "As a result, macOS users may start seeing more warnings when they navigate to dangerous sites or download dangerous files."To read this article in full or to leave a comment, please click here
According to F-Secure’s The State of Cyber Security 2017 report, criminal hackers perform most cyber-attacks using basic, scriptable techniques against poorly maintained infrastructure. This will continue as long as there are loads of attack scripts and plenty of poorly secured networks.The number of attack scripts is climbing as elite hackers continue to create these scripts and sell them to others, says Itzik Kotler, CTO and Co-Founder, SafeBreach. There doesn’t seem to be any stopping this trend.CSO examines scriptable attacks and the part of the problem that you can control: getting your infrastructure in shape to shrug off these breaches.To read this article in full or to leave a comment, please click here
Preparing and responding to a cyberattackImage by ThinkstockCybersecurity incidents continue to grow in both volume and sophistication, with 64 percent more security incidents reported in 2015 than in 2014, according to a June 2016 report by the Ponemon Institute. The human instinct is to try to find those responsible. However, any attempt to access, damage or impair another system that appears to be involved in an attack is mostly likely illegal and can result in civil and/or criminal liability. Since many intrusions and attacks are launched from compromised systems, there’s also the danger of damaging an innocent victim’s system.To read this article in full or to leave a comment, please click here
The U.S. Federal Communications Commission has halted new rules that would require high-speed internet providers to take 'reasonable' steps to protect customer data.In a 2-1 vote that went along party lines, the FCC voted Wednesday to stay temporarily one part of privacy rules passed in October that would give consumers the right to decide how their data is used and shared by broadband providers.The rules include the requirement that internet service providers should obtain "opt-in" consent from consumers to use and share sensitive information such as geolocation and web browsing history, and also give customers the option to opt out from the sharing of non-sensitive information such as email addresses or service tier information.To read this article in full or to leave a comment, please click here
If your company has experienced a data breach, it's probably a good idea to thoroughly investigate it promptly.Unfortunately, Yahoo didn't, according to a new internal investigation. The internet pioneer, which reported a massive data breach involving 500 million user accounts in September, actually knew an intrusion had occurred back in 2014, but allegedly botched its response.The findings were made in a Yahoo securities exchange filing on Wednesday that offered more details about the 2014 breach, which the company has blamed on a state-sponsored hacker.To read this article in full or to leave a comment, please click here
More than 130 Android apps on the Google Play store have been found to contain malicious coding, possibly because the developers were using infected computers, according to security researchers.The 132 apps were found generating hidden iframes, or an HTML document embedded inside a webpage, linking to two domains that have hosted malware, according to security firm Palo Alto Networks.Google has already removed the apps from its Play store. But what's interesting is the developers behind the apps probably aren't to blame for including the malicious code, Palo Alto Networks said in a Wednesday blog post.To read this article in full or to leave a comment, please click here
Any reform of a controversial U.S. law allowing the National Security Agency to spy on people overseas will likely focus on its impact on U.S. residents, without curbing its use elsewhere.Section 702 of the Foreign Intelligence Surveillance Act expires on Dec. 31, and some digital rights groups are calling on Congress to overhaul the law to protect the privacy of residents of both the U.S. and other countries. Congress will almost certainly extend the provision in some form. But a congressional hearing on Wednesday focused largely on the NSA's "inadvertent" collection of U.S. residents' data, with little time given to the privacy concerns of people overseas.To read this article in full or to leave a comment, please click here
On February 5, an anonymous hacker kicked off February’s breaches, taking down a dark web hosting service that the hacker claimed was hosting child pornography sites. In the process, the hacker showed just how easily the dark web can be compromised.Then, on February 10, as many as 20 hackers (or groups of hackers) exploited a recently patched REST API vulnerability to deface over 1.5 million web pages across about 40,000 WordPress websites. “The flaw was fixed in WordPress 4.7.2, released on Jan. 26, but the WordPress team did not publicly disclose the vulnerability's existence until a week later,” Lucian Constantin reported.To read this article in full or to leave a comment, please click here(Insider Story)
Cisco today issued a security warning about a potential vulnerability in its NetFlow traffic monitoring device that could cause the system to lock-up.
+More on Network World: Cisco tries to squash Smart Install security abuse+
Specifically, Cisco wrote: “A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition. The vulnerability is due to incomplete validation of SCTP packets being monitored on the NGA data ports. An attacker could exploit this vulnerability by sending malformed SCTP packets on a network that is monitored by an NGA data port. SCTP packets addressed to the IP address of the NGA itself will not trigger this vulnerability. An exploit could allow the attacker to cause the appliance to become unresponsive or reload, causing a DoS condition. User interaction could be needed to recover the device using the reboot command from the CLI.”To read this article in full or to leave a comment, please click here
With RSA San Francisco—one of, if not the biggest security show of the year—behind us, it’s a good time to revisit security and SD-WANs. I know, we already lived through Yoda’s prognostications about the future of networking and security. In that blog post, we spoke about vendor approaches to securing the new Internet connections created by SD-WAN. There’s another dimension, though, to SD-WAN security that we didn’t discuss and that’s about the WAN.The WAN: Risk and reward for today’s attackers
For a lot of SD-WAN vendors, security integration means inspecting incoming and outgoing Internet traffic. But while services, such as Zscaler, may inspect HTTP traffic bound for the internet, they do nothing for traffic bound to other locations. And that’s a problem because increasingly site-to-site traffic requires its own inspection and protection.To read this article in full or to leave a comment, please click here
Information security is forever weaved into our daily lives. From the massive data breaches impacting Target, Yahoo and Anthem to IoT-powered DDoS attacks that take down substantial portions of the internet for extended periods of time, information security impacts everyone.The reality is providing protection in this kind of environment is so challenging that no single entity, whether it’s a company or a government agency, can accomplish this task alone. There needs to be some kind of cooperation between the private and public sectors. This leads to the questions of what kind of relationship should the government and companies have, how can they work together and what’s preventing this process from happening?To read this article in full or to leave a comment, please click here
Given my interest in cybersecurity skills and training, I’m contacted by academic institutions, professional organizations and training companies with news about some type of cybersecurity education curriculum. This isn’t surprising given the global shortage of cybersecurity skills. In fact, new ESG research discloses that 45% of organizations report a “problematic shortage” of cybersecurity skills in 2017.Clearly we need more smart and well-prepared people to enter the cybersecurity ranks, but it’s important to note that most cybersecurity professionals don’t enter the workforce directly from college or training programs. According to research conducted in 2016 by ESG and the Information Systems Security Association (ISSA), 78% of cybersecurity professionals follow a more indirect route. These folks start their careers as IT professionals and make their way into cybersecurity as their careers progress.To read this article in full or to leave a comment, please click here
Palo Alto Networks has bought LightCyber for its behavioral analytics platform that can speed the time to detect intrusions that have already breached networks and are looking around for ways to carry out exploits.The $105 million cash deal brings LightCyber’s ability to analyze behavior of devices to discover reconnaissance by malware inside networks and lateral movements as it seeks to compromise vulnerable systems.Based on machine learning, LightCyber absorbs the behaviors of individuals and devices, sets a normal level for them and finds anomalies that could indicate attacks underway.To read this article in full or to leave a comment, please click here
An analysis of robots used in homes, businesses and industrial installations has revealed many of the same basic weaknesses that are common in IoT devices, raising questions about security implications for human safety.The robotics industry has already seen significant growth in recent years and will only further accelerate. Robots are expected to serve in many roles, from assisting people in homes, stores and medical facilities, to manufacturing things in factories and even handling security and law enforcement tasks."When you think of robots as computers with arms, legs, or wheels, they become kinetic IoT devices that, if hacked, can pose new serious threats we have never encountered before," researchers from cybersecurity consultancy firm IOActive said in a new report.To read this article in full or to leave a comment, please click here
We don't hear much about John Dillinger-style bank robberies these days, with exciting police chases to the state lines. In 2015, there were 4,091 traditional bank robberies in the US, according to the FBI, with an average loss of less than $4,000 per incident. No customers or bank employees were killed in any of these robberies, though eight would-be robbers were killed.The clearance rate for traditional bank robberies is around 60 percent, while the proportion of criminals that escape could be even lower, if they commit more than one robbery -- the FBI currently has fewer than 500 people on its list of wanted and unidentified bank robbers. In most cases, the FBI has a picture of them, and a description, posted on its website.To read this article in full or to leave a comment, please click here
Did a toymaker ignore warnings about a data breach? That’s a key question swirling around Spiral Toys, a company behind a line of smart stuffed animals that security researchers worry can be easily hacked.On Tuesday, Spiral Toys said the breach, which affects 800,000 user accounts, only came to its attention last week on Feb. 22.The statement is raising eyebrows. One researcher named Victor Gevers began contacting the toymaker about the problem in late December, when he noticed that a company MongoDB database storing customer information was publicly exposed.To read this article in full or to leave a comment, please click here
Microsoft has settled a class-action lawsuit regarding sales at its Microsoft Store outlets. And if you made a purchase at one of those stores, you might be owed as much as $100.The lawsuit alleged that Microsoft Store receipts contained too much information. The lead plaintiff’s receipt listed the buyer’s name, the name of the salesperson and the first six and last four digits of the buyer’s payment card number—more than half the numbers on the card. According to the 2003 U.S. Fair and Accurate Credit Transactions Act (FACTA), retailers may print only the last five numbers of a payment card on the receipt. Retailers had until 2006 to comply with this restriction, and the Microsoft Stores are much newer than that. To read this article in full or to leave a comment, please click here
Google is pretty strict about its Project Zero rules when it comes to disclosure: a company has 90 days to fix the bug after it is informed by Google, after which it is announced to the public. Google did it last week with the announcement of two unpatched bugs, and now it's doing it again. A security flaw in Microsoft Edge and Internet Explorer was first reported to Microsoft Nov. 25, 2016. Microsoft was offered the standard 90-day lead to patch the issue before Google announced it to the world. With the cancellation of this month's Patch Tuesday, Microsoft failed to issue a fix, and now the bug is out there for the whole world to see. To read this article in full or to leave a comment, please click here