Friday, 18 August 2017

Ransomware Attacks ‘Double’ As Nation State Weapons Fall Into Hands Of Hackers

Security specialists Check Point has painted a fairly grim picture of the cyber security landscape in its latest ‘Cyber Attack Trends: Mid-Year‘ report. It revealed that ransomware attacks have doubled in the first six months of 2017; adware is mutating; and because of leaks, nation-state cyber weapons and exploits are falling into the hands of regular hackers.

View Full Story


The post Ransomware Attacks ‘Double’ As Nation State Weapons Fall Into Hands Of Hackers appeared first on IT SECURITY GURU.

from Ransomware Attacks ‘Double’ As Nation State Weapons Fall Into Hands Of Hackers

Independent inquiry called for in FCC’s secretive cyberattack claims

The FCC’s claim that its commenting system was attacked on the night of May 7 has been the subject of considerable controversy, but not because of the attack itself. The agency has been so reluctant to release any substantive details about the attack or the countermeasures it has taken since that Congress is calling for an independent investigation (PDF) by the Government Accountability Office.
View Full Story


The post Independent inquiry called for in FCC’s secretive cyberattack claims appeared first on IT SECURITY GURU.

from Independent inquiry called for in FCC’s secretive cyberattack claims

China pumping MILLIONS into developing ‘cyber army with world famous web security schools’

CHINA aims to become a “big–power in cyberspace” by building an “internet army” after announcing plans to invest huge amounts in new security schools. The Cyberspace Administration of China and China’s education ministry announced plans to “build four to six world-famous cyber-security schools in ten years [from 2017 to 2027]”. A statement claimed select colleges and universities will implement “comprehensive” interdisciplinary programs that blend engineering expertise with legal and management studies, to “train cyber-security personnel”. Critics have argued that China “aims to build a cyber army”.

View Full Story


The post China pumping MILLIONS into developing ‘cyber army with world famous web security schools’ appeared first on IT SECURITY GURU.

from China pumping MILLIONS into developing ‘cyber army with world famous web security schools’

US cops point at cell towers and say: Give us every phone number that’s touched that mast

US telecoms giant Verizon says police are increasingly asking it to cough up massive dumps of cellphone data rather than individual records. This according to the latest Verizon US transparency report for the first half of the 2017 calendar year. The dossier tracks government requests for phone records both of individual customers and large groups. The latter group is becoming an increasingly popular target, said Verizon in its report this week. In particular, investigators are asking for “tower dumps,” a record of everyone who connected to an individual phone tower as they passed by.

View Full Story


The post US cops point at cell towers and say: Give us every phone number that’s touched that mast appeared first on IT SECURITY GURU.

from US cops point at cell towers and say: Give us every phone number that’s touched that mast

Anonymous calls for Trump’s impeachment, leaks private contact details of 22 GOP senators

Hacktivist collective Anonymous has reportedly leaked the private contact details of 22 GOP senators, in the wake of the Charlottesville violence and US President Donald Trump’s controversial response to the event. The operator of a Twitter account, allegedly connected to the hacktivist group, has claimed to have leaked the private phone numbers and email addresses of 22 Republican members of Congress in a bid to push for Trump’s impeachment.

View Full Story


The post Anonymous calls for Trump’s impeachment, leaks private contact details of 22 GOP senators appeared first on IT SECURITY GURU.

from Anonymous calls for Trump’s impeachment, leaks private contact details of 22 GOP senators

Vehicle hack disables safety features on most modern cars

It has been discovered by security researchers that the majority of modern vehicles are at risk from a design vulnerability which could be potentially disabled by a hacker. The security flaw could allow an attacker to turn off the safety features, such as airbags, ABS brakes, and power steering; essentially any of the vehicles computerised components connected to its controller area network or CAN bus.

In a world where the majority of connected devices developed are flawed, there have been many examples of researchers, engineers and hackers infiltrating vehicles and exposing the vulnerabilities which have revealed some shocking results. A Jeep was hacked on a highway and a Tesla was breached, whereby the security researchers gained control of the braking system while the car was in motion.

Commenting on the news is Art Dahnert, managing consultant at Synopsys, who said “The problem identified by Trend Micro is related to the design and architecture of the CAN bus found in nearly all new cars today. The development of the technology goes back to the 1980’s, predating the World Wide Web. No one at that time thought that someone would deliberately try to sabotage a vehicle over the in car network.

“The attack involves creating a Denial of Service for a specific target by using the error management built into the CAN bus protocol. When an attacker causes the network to send too many error “messages” (frames) to a device, the design dictates that the target goes into a Bus Off state. This means that it will no longer respond to messages or send new ones, effectively disabling the device. In the case of an automobile it might be the ABS or airbags or even the electrically assisted power steering.

“Generally, these types of attacks will require access to the vehicle and the ability to persist beyond a restart. However, now that newer vehicles can be connected to the internet in a myriad of ways this is no longer true. Taking advantage of connected phones and telematics features, an attack could happen without direct physical access. And this isn’t necessarily isolated to a single manufacture or model of vehicle.

“Even though the problem has been identified, resolving it will be a long time coming. There are many factors involved, including the large number of vehicle and component manufacturers as well as the technical difficulties in developing a solution for this type of problem. Not to mention the requirements to allow access by the aftermarket and third party repair establishments.

“You can’t bolt on security, it has to be built in from the beginning. A simple update will not fix the cars on the road today.”

The post Vehicle hack disables safety features on most modern cars appeared first on IT SECURITY GURU.

from Vehicle hack disables safety features on most modern cars

UK CEOs see cyber security spend as a revenue opportunity

UK CEOs feel that investment in cyber security is a revenue opportunity rather than an expensive burden, according to a report by KPMG.


As a part of KPMG’s CEO Outlook 2017, 150 UK CEOs were asked about their investment plans for the future and the issues affecting their business. It found that 70 per cent of leaders see investment in cyber security as an opportunity to find new revenue streams and innovate, rather than as an overhead cost.


The report also found that cyber security is now firmly a part of CEOs’ agenda rather than one that previously only sat with the CIO or the CISO. 77 per cent of CEOs agreed with the statement: ‘I am personally comfortable with the degree to which mitigating cyber risk is now part of my leadership role’.


Paul Taylor, UK head of cyber security at KPMG, said: “It’s great that business leaders are finally seeing cyber security investment as a positive figure on the balance sheet rather than a negative one. However more needs to be done to make sure their businesses are prepared in the event of a cyberattack, whether it’s from external sources or even insiders.”


However, business leaders warned that they are not fully prepared for a cyber event like an employee-led data breach or business data theft.  Only 52 per cent said that they are ‘fully prepared’ for both eventualities.


“With recent high profiles attacks like Wannacry hitting the press, cyber security should be on every CEO’s radar. Businesses now need to match their investment in innovative technology with their investment into cyber security, in order to stay one step ahead of cyber criminals,” concluded Taylor.

The post UK CEOs see cyber security spend as a revenue opportunity appeared first on IT SECURITY GURU.

from UK CEOs see cyber security spend as a revenue opportunity

Top tips to protect your business from becoming a malware hub

Email is indisputably a critical enterprise communication tool essential for sending important documents quickly and efficiently between employees, managers, HR, finance, sales, legal, customers, supply chain and more.

Unfortunately, organisations often do not understand that the file-types used every day to share important information – standard files like Word docs, Excel spreadsheets and PDFs – are also the most common attack vectors widely used for the distribution of malware. For cybercriminals, it’s often too easy to target a user with a spoofed email or phishing attack, and trick them into opening an infected attachment that appears to be legitimate. With email representing an open, trusted channel that allows malware to piggyback on any document to infect a network, it’s often up to the organisations – their security teams and employees – to adopt appropriate security strategies and best practices to prevent a company-wide attack.

Here are tips about what businesses can do to thwart these threats and keep sensitive data protected from malicious actors.

  • Analyse risk factors in attached email documents

As with anything, organisations need to consider and evaluate all possible avenues of attack and decide what functions their business needs to keep or eliminate in order to operate safely. This is especially true when evaluating email attachments as a threat vector. Many people fail to understand that exchanging documents involves risk — about 98 percent of files do not conform to the manufacturers’ original document design. Before they can effectively mitigate the any potential threats, organisations need to determine whether an aberration in a file is due to an attack, or something that’s just poorly written or configured. A comprehensive understanding is required of the documents coming through their network, the types of files and structural problems, and which in-coming functional elements could represent risk. Creating a big-picture view of email security and risk posture is a critical first step towards understanding potential threats and implementing effective policies designed to mitigate risk and thwart attack.

  • Avoid relying on legacy technologies as stand-alone email security solutions

Once you get a handle on the risks, it will be imperative to apply the appropriate security solutions. Most organisations have all the standard border controls, including firewall, anti-spam, anti-virus and even a sandbox, which are often still by-passed by targeted attacks. By now it’s clear that current anti-virus and other signature-based solutions placed at the border are not stopping well-crafted, highly targeted attacks, leaving gaping holes in defensive security architecture. Meanwhile, attacks conducted via malicious email attachments have become increasingly sophisticated, luring users with phishing campaigns that appear to be completely legitimate. Assume that traditional signature-based anti-virus solutions and even relatively new sandbox technology will let a socially-engineered malicious document through to the user. Remember, it only takes a user to click on one malicious attachment for a company to face disaster. There needs to be a ‘new baseline’ for security founded on innovation that does not rely on the old border security technology.

  • Look for the good instead of going after the bad

Addressing gaps in email security defences will require a paradigm shift that supplants targeting the bad with techniques that look for and validate the “known good”. The reason? Cyber criminals are constantly updating their tactics. Validating a file’s legitimacy against “known good” provides a high benchmark and offers an accurate point of comparison. To that end, organisations need to validate documents against the manufacturers’ specifications and regenerate only “known good” files. From there, they can create a clean and benign file in its original format, which can be sent out again and passed along without any interruption to business. In short, it’s about asserting control over the document by bringing security to where it’s needed most – at the file level. Similarly, organisations should also continue this proactive stance by using deep file-inspection, remediation and sanitisation tools to eliminate malicious documents before they enter the system.

  • Restrict BYOD with specified policies around document transmission

The BYOD phenomenon undoubtedly comes with a myriad of benefits – not the least of which is giving employees flexibility to work from anywhere and conduct both personal and business activities, including document transmission, with the same device.

However, while convenient and efficient, conducting business functions from a personal device often undermines control over the types of sites and apps used by employees. This in turn potentially exposes corporate data to information-stealing malware. Meanwhile, malware that can be transmitted via attachments to employee workstations can just as easily be transmitted via mobile devices – and what’s more, many mobile devices aren’t equipped with security solutions aimed at detecting infected documents. Thus, malware from infected documents successfully downloaded on a company mobile device will have the same access to sensitive information as it does on the corporate network. While the ability to send attachments via mobile devices might be a requirement for some, it’s best to determine for whom this function is an absolute necessity, and then restrict it to employee workstations for everyone else.

  • Allow only the file-types and functional items that users need

Ultimately, organisations need to reduce the risk of a single employee opening up their whole organisation to a malware attack. Among other things, that means carefully determining the kinds of file-types and functional items that employees actually need in order to do their jobs.

There needs to be a full and careful assessment of all the variables, including potential threats employees are exposed to when receiving specific attachments, followed by a decision about the functions the business needs to operate productively. This includes, for example, which departments actually need audio, video or macros, JavaScript or embedded links in the documents they receive. If certain departments, groups or individuals don’t require these functions, reduce the risk by setting appropriate restrictions. Creating policies that prevent users from exposing the company to threats while maintaining business continuity takes the maximum amount of risk off the table.

It is difficult to achieve 100 per cent employee compliance with any set of security procedures, but if an organisation follows these tips and uses technology to ensure that only the “known good” is admitted to the system, it will hugely increase its level of protection.

by Sam Hutton, CTO at Glasswell Solutions

The post Top tips to protect your business from becoming a malware hub appeared first on IT SECURITY GURU.

from Top tips to protect your business from becoming a malware hub

Thursday, 17 August 2017

Protect Your Privacy with Webcam Protection

Today’s smart home is defined by the number of smart and internet-connected devices that work either together or individually to allow users to remotely control or automate various features for efficiency or convenience. The number of IoT devices per household has increased significantly over the past couple of years, reaching an estimated 11 smart devices/accessories per home, according to a Bitdefender survey*.

With the proliferation of smart things, security concerns have risen as security researchers have often found IoT devices lacking in even basic security to protect user privacy and data. The number of smart devices per households has reached 11 in the United States and Germany, 10 in France, and 9 in the UK.

Since in the UK most smart device users are concerned that their devices can be infected with viruses (54%) and that sensitive information (usernames, passwords, credit card details, money) can be obtained, (49%), 7 out of 10 users have at least one camera connected to the Internet.

“Any internet-connected device that has a camera attached to it will likely have a microphone built-in as well, turning them into perfect spying tools if remotely controlled by hackers,” said Liviu Arsene, Senior E-Threat Analyst at Bitdefender. “If not properly secured, attackers will not only invade your privacy but also extort victims for financial gains.”

Internet connected cameras have often been found vulnerable and remotely controllable by attackers. Since they usually share a network with other household internet-connected devices, they can be used as gateways to launch attacks on other network devices or even compromise the entire home network.

However, these are not the only devices sporting a camera that can be used to spy on users. The top 3 UK smart devices with a camera that’s connected to the Internet are smartphone (48%), laptops with windows (34%), and tablets (26%), yet only 3 out of 10 users of smart devices are concerned that someone could gain access to the devices and that they can be recorded without their knowledge.

Smart TVs are also web-camera-enabled and 7 out of 10 UK Smart TV users don’t have a security solution for this device. What’s more, 21 percent of the Smart TV users installed additional software/ apps on the Smart TV, 40 percent of which installed apps from other places / stores / websites than official ones. The same study concluded that half of smart TV owners have never changed the password on their device and 56 percent of respondents also said they did not perform a firmware update on their device.

Remembering that not only smartphones and laptops have web cameras that are connected to the internet, users also have to be wary of their privacy when other IoT devices sport such features. Smart TVs and IP cameras are often poorly secured, have default passwords, or are never updated with the latest firmware, making them viable targets for cybercriminals.

From a laptop or smartphone perspective, making sure that only legitimate applications have access to the device’s web camera is vital, as rogue software may try to spy on you. Cybercriminals will often use such private footage to extort favors – financial or otherwise – from their victims, threatening public shaming if their demands are not meant.

Something as innocent as a web camera can be used by cybercriminals against you, and it’s up to you to make sure that any web-camera-enabled device in your household is protected, so that your private life remains private.

Bitdefender’s Webcam Protection feature identifies if your PC’s or laptop’s camera is misused or abused by illegitimate applications and will protect users from cybercriminals and cyber-stalkers trying to invade their privacy.

For those that don’t have the new Bitdefender 2018, but still want to protect their privacy, unplugging the camera or manually shutting it down is always an option, provided it’s an external webcam. Physically covering the lens with tape or a specially designed webcam cover will keep Peeping Toms away, but that doesn’t mean they can’t eavesdrop.

*Note: The study consisted of a survey performed by iSense Solutions at Bitdefender’s request during April 2017, and it’s based on based on 1000 interviews. The sample used in this report is representative for the Smart device users, with WI-FI connection in USA (at age, gender and region level), 18+ y.o.. Error degree is +/-3. 1% at a confidence interval of 95%.

The post Protect Your Privacy with Webcam Protection appeared first on IT SECURITY GURU.

from Protect Your Privacy with Webcam Protection

Attackers Use Pulse Wave DDoS to Pin Down Multiple Targets

New findings from Imperva Incapsula research published today, details the emergence of a new DDoS assault pattern, which has been named Pulse Wave.  

According to lead researcher Igal Zeifman, “Pulse Wave DDoS represents a new attack methodology, made up of a series of short-lived pulses occurring in clockwork-like succession, which accounts for some of the most ferocious DDoS attacks we mitigated in the second quarter of 2017. In the most extreme cases, they lasted for days at a time and scaled as high as 350 Gbps.”

The size of these attacks, and the amount of skill they exhibit, are likely the handiwork of skilled bad actors who have become practiced in portioning their attack resources to launch simultaneous assaults. Meaning the intervals between each pulse are being used to attack a secondary target.

This new approach shows that some offenders have grown to understand that it is not necessary to hit a target continuously to take it offline; rather, repeated short bursts are enough to disrupt routers and servers, producing the same effect. By the time the systems have recovered from the first burst, or pulse, the hackers hit them again. In this way, they can double their resource utilisation and pin down several targets. 

With effective sniping, even more simultaneous attacks can be launched to pin down multiple targets and boost the offenders’ bottom line.

The existence of such capabilities spells bad news for everyone, as they enable bad actors to greatly increase their attack output. The pulse-like nature of these attacks, however, is especially harmful for appliance-first mitigation solutions, since it can cut down the communication between their two components, preventing effective fail over from the appliance to the cloud. Specifically, the attacks have the capacity to delay the time it takes for the cloud component of the mitigation solution to kick in. This increases the likelihood of the target going down and being forced to initiate a prolonged recovery process.  Moreover, the pulse wave assaults can prevent transition of data collected in the early attack stages from the appliance and into the cloud to further harm its responsiveness.

As the research points out, while pulse wave attacks constitute a new attack method and have a distinct purpose, they haven’t emerged in a vacuum. Instead, they’re a product of the times and should be viewed in the context of a broader shift toward shorter-duration DDoS attacks. Multiple industry reports—including the Imperva Incapsula quarterly DDoS Threat Landscape report— point to an increased number of short-lived DDoS events over the past year. As a result, the majority of all DDoS attacks today, both at the network and application layers, consistently last less than one hour. Moreover, the percentage of such short-burst attacks is growing each quarter. 

“For a commercial organisation, every such instance translates into tens of thousands of dollars in direct and indirect damages. For professional offenders—already inclined to split up their attack resources for optimised utilisation—this serves as another reason for them to launch pulse wave DDoS assaults. Consequently, we expect to continue encountering such assaults. We also forecast them to grow larger and become more persistent, fuelled by botnet resource evolution and the previously described macro trends we’ve observed in the DDoS landscape,” Zeifman added.

The full research paper ”Attackers Use DDoS Pulses to Pin Down Multiple Targets, Send Shock Waves,” presents a detailed dive-in into the nature of pulse wave attacks, the threat that they pose and their place in the DDoS threat ecosystem.

The post Attackers Use Pulse Wave DDoS to Pin Down Multiple Targets appeared first on IT SECURITY GURU.

from Attackers Use Pulse Wave DDoS to Pin Down Multiple Targets

Hacker Whose Tools Were Used in DNC Hack Steps Forward

A Ukranian hacker called “Profexer” who built one of the tools used to penetrate the Democratic National Committee servers last year has turned himself in to authorities. According to a report today in the New York Times, the man, who first contacted Ukranian police earlier this year, claims he wrote a piece of software called the PAS Web shell, which the Department of Homeland Security has identified as malware used in the hack.

View Full Story 

ORIGINAL SOURCE: Technology Review

The post Hacker Whose Tools Were Used in DNC Hack Steps Forward appeared first on IT SECURITY GURU.

from Hacker Whose Tools Were Used in DNC Hack Steps Forward

‘Very weak’ passwords put NHS hospitals at hacking risk

NHS hospitals are at risk of further devastating cyber attacks because staff are using “very weak” passwords, a new report reveals. Health chiefs warned that one in four official user accounts granting access to sensitive patient data and vital systems are inadequately protected, while many organisations are failing to update their security software. Around 10 per cent of administrator accounts, used by those who oversee IT systems, were also using weak passwords.The private industry briefing by NHS Digital has emerged three months after the global WannaCry attack, which pitched the health service into chaos.

View Full Story 


The post ‘Very weak’ passwords put NHS hospitals at hacking risk appeared first on IT SECURITY GURU.

from ‘Very weak’ passwords put NHS hospitals at hacking risk

200 accounts ‘locked’: In Delhi’s first WannaCry attack, publishing firm hit

After the WannaCry ransomware cyber attack spread like wildfire and paralysed computer systems across the world, isolated incidents were reported from Andhra Pradesh, Gujarat, Kerala and West Bengal. Now, the capital has seen its first ransomware cyber attack, with employees of Rachna Sagar Private Limited “locked” out of more than 200 computers. The cyber attack was reported on August 9 when staff at the publishing company found that they could not log into their user accounts, and could only use the “demo” account.

View Full Story


The post 200 accounts ‘locked’: In Delhi’s first WannaCry attack, publishing firm hit appeared first on IT SECURITY GURU.

from 200 accounts ‘locked’: In Delhi’s first WannaCry attack, publishing firm hit

HBO investigates hack of its social media accounts

HBO is reportedly investigating the hacking of its various social media accounts, including the official Facebook and Twitter accounts. The accounts were hacked by a hacker squad called OurMine Security Group on Wednesday, August 17. The hacker squad left few messages on all the hacked social media pages of Time Warner-owned premium cable network. “Hi, OurMine are here, we are just testing your security. HBO team please contact us to upgrade the security – ourmine .org -> Contact,” read the messages.

View Full Story


The post HBO investigates hack of its social media accounts appeared first on IT SECURITY GURU.

from HBO investigates hack of its social media accounts

Cyberattack on Scottish parliament ‘could last days’, MSPs warned

A cyberattack on the Scottish parliament’s IT systems could last several days, officials have warned. MSPs and staff were told some may be locked out of their email accounts after hackers launched a “brute force” cyberattack to crack passwords early on Tuesday. Parliament chief executive Sir Paul Grice said on Wednesday that Holyrood’s systems were still under attack, but added there was no indication that defences had been breached.


Read Full Story 


The post Cyberattack on Scottish parliament ‘could last days’, MSPs warned appeared first on IT SECURITY GURU.

from Cyberattack on Scottish parliament ‘could last days’, MSPs warned

Veracode and Research Shows Formal Education Leaves Developers Without Necessary Skills to Succeed in DevSecOps World

New research shows that software developers are not receiving the training they need to be successful as DevOps becomes the prevalent approach to building and operating digital products and services. In today’s application-centric economy that gap could have real impact on the productivity of businesses in every industry, as well as on the security and quality of the software that underpins the digital economy. To view the infographic and access to the full research report, visit the Veracode blog.

The 2017 DevSecOps Global Skills Survey, sponsored by Veracode, a leader in securing the world’s software, and acquired by CA Technologies (NASDAQ:CA), and, found that while 65 percent of DevOps professionals believe it is very important to have knowledge of DevOps when entering IT, they’re not receiving the necessary training through formal education to be successful in today’s DevSecOps world (70 percent). DevSecOps refers to the practice of integrating security into the development and testing of software for a “shift left” mentality for faster, better quality outcomes.

The on-demand nature of today’s digital economy has driven the need to focus on innovation and improve the overall workflow of the modern enterprise. Implementing DevSecOps processes, in software development and deployment as a means of fuelling this effort, has highlighted the fact that today’s formal education for IT and development professionals has not evolved in the same way, or as quickly, as development has shifted. Those surveyed said that their IT workforce is only somewhat prepared (55 percent) or not prepared (nearly 30 percent) with the skills necessary to securely deliver software at the speed of DevOps. In fact, nearly 40 percent of hiring managers surveyed reported that the hardest employees to find are the all-purpose DevOps gurus with sufficient knowledge about security testing. This poses a significant challenge, as more than 50 percent of organisations said that either the entire organisation or some of their teams are currently utilising DevOps practices.


DevSecOps Adoption Requires Organisations to Minimise the Skills Gap

Although nearly 80 percent of respondents have a bachelor or master’s degree – with 50 percent reporting that they studied and earned degrees in computer science – there is still a lack of cybersecurity knowledge prior to entering the workforce. The survey found that 70 percent of respondents said the security education they received is not adequate for what their current positions require, and that they’re learning their most relevant professional skills on the job (65 percent).

“With major industry breaches further highlighting the need to integrate security into the DevOps process, organisations need to ensure that adequate security training is embedded in their DNA,” said Alan Shimel, editor-in-chief, “As formal education isn’t keeping up with the need for security, organisations need to fill the gap with increased support for education.”

According to the survey, slightly less than half of respondents said their employers paid for additional training since their entry into the workforce – and nearly seven in 10 developers report that their organisations provide them with inadequate security training. Third-party training, either in the classroom or through e-learning, was identified by one in three surveyed as the most effective way to gain new, relevant skills – but the study confirmed that very few are afforded the opportunity (four percent).

“WannaCry and Petya are just two recent examples of large-scale cyberattacks that further demonstrate the importance of security in today’s exceedingly digital world. Despite this apparent need, security practices and secure software development isn’t required to earn a degree in IT or computer science,” said Maria Loughlin, VP of Engineering, Veracode. “Our research with highlights the fact that there are no clear shortcuts to address the skills gap. Higher education and enterprises need to have a more mature expectation around what colleges should teach and where organisations need to supplement education given the ever-changing nature of programming languages and frameworks. The industry will have to come together to ensure the safety of the application economy.”



The study, commissioned by Veracode and conducted by, surveyed nearly 400 DevOps professionals globally. To read more about how DevSecOps builds a bridge between fast and secure software development, download Veracode’s Developer’s Guide to the DevSecOps Galaxy.


About Veracode

Veracode, acquired by CA Technologies, enables the secure development and deployment of the software that powers the application economy.

With its combination of automation, process and speed, Veracode becomes a seamless part of the software lifecycle, eliminating the friction that arises when security is detached from the development and deployment process. As a result, enterprises are able to fully realise the advantages of DevOps environments while ensuring secure code is synonymous with high quality code.

Veracode serves more than fourteen hundred customers worldwide across a wide range of industries. The Veracode Platform has assessed more than 2 trillion lines of code and helped companies fix more than 27 million security flaws.

Learn more at, on the Veracode blog and on Twitter.

Copyright © 2017 Veracode, Inc. All rights reserved. All other brand names, product names, or trademarks belong to their respective holders.


About MediaOps

MediaOps is the premier global media resource for the emerging technology sector including DevOps, Security and Containerisation.  Their sites, including and Container Journal attracts and engages a thriving online community of technology professionals around the world. Resources include award-winning editorial from expert journalists, webinars, live events and more. As the leader in these emerging segments, MediaOps can create powerful, integrated marketing and communication platforms for clients.

The post Veracode and Research Shows Formal Education Leaves Developers Without Necessary Skills to Succeed in DevSecOps World appeared first on IT SECURITY GURU.

from Veracode and Research Shows Formal Education Leaves Developers Without Necessary Skills to Succeed in DevSecOps World

Web application attacks accounted for 73% of all incidents says report

Web application attacks accounted for 73 percent of all incidents flagged in an 18-month evaluation period according to a new report from Alert Logic which also says that web application attacks affected 85 percent of all its customers, with injection-style attacks such as SQL injection the main culprit. The company’s 2017 Cloud Security Report is based on customer data from more than 3,800 Alert Logic cloud, on-premises and hybrid cloud customers over an 18 month period, from August 1, 2015 to January 31, 2017.

View Full Story


The post Web application attacks accounted for 73% of all incidents says report appeared first on IT SECURITY GURU.

from Web application attacks accounted for 73% of all incidents says report

AP Moller-Maersk counts cost of cyber attack but swings to profit

AP Moller-Maersk said the Petya cyber attack had cost it $200m-$300m as the world’s biggest container shipping line returned to profit, buoyed by relatively strong global trade. The Danish conglomerate said the majority of the impact from the cyber attack would be felt in the third quarter, due to lost revenues in July, after its entire IT system including booking applications was brought down by malware hidden in a document used to file tax returns in Ukraine.

View Full Story

ORIGINAL SOURCE: Financial Times

The post AP Moller-Maersk counts cost of cyber attack but swings to profit appeared first on IT SECURITY GURU.

from AP Moller-Maersk counts cost of cyber attack but swings to profit

Wednesday, 16 August 2017

Evading Microsoft ATA > Another reason to use 2FA for Windows Admins

Nikhil "SamratAshok" Mittal has a great series of posts on how to avoid detection by Microsoft's Advanced Threat Analytics (ATA).

We won't say that you shouldn't deploy ATA to monitor your network for suspicious behavior, especially if your licensing already is covered.  However, it does seem like an example of technology designed to protect something that you'd be better off not having at all: static admin credentials. As we proved in our last post on defeating pass-the-hash with two-factor authentication, tools like mimikatz will fail when using WiKID's native AD protocol for Admins.  ATA seems like a great tool, but Nikhil has shown that defense-in-depth is the key as always.

from Evading Microsoft ATA > Another reason to use 2FA for Windows Admins

Tuesday, 15 August 2017

Cyber-threats in university Clearing and how to overcome them

A Level results will be issued to thousands of students across the UK on Thursday 17 August.  For many, this is a time of celebration as they take up offers for the university or college of their choice.  However, for those who have not received the results they need it can be a stressful time as they enter Clearing, and turn to online search to secure a university or college place to continue their studies.


Cybercriminals are wise to this forthcoming uptick in web traffic, and have been creating higher education phishing sites to trick stressed students into clicking on malware-laden links.  This is not a new scam, and is evidence that cybercriminals are diversifying to rework banking, online shopping and other phishing scams.  Today security researchers at Forcepoint are now warning prospective students across the UK and internationally to beware of these scams.


Carl Leonard, principal security analyst at Forcepoint said: “This activity could come from one-off individual criminal elements speculating for financial gain or as part of an organised gang spreading malware kits or adding to botnets.  Using search analytics criminals can map likely human reactions and rework tried and tested social engineering scams to target vulnerable individuals.  Broadly, if a university or college offer appears too good to be true, it probably is.”


“University students will continue to be targeted by cyber criminals at relevant times of the year.  The scammers will continue to setup fraudulent websites and send convincing emails demanding interaction in order to manipulate a student’s behaviour when they are under the most time pressure.”


As a way of preventing these cyber scams, Forcepoint advises students searching for university and college courses for the autumn to do the following:


  • Type in the URL rather than clicking on links in email or in online adverts
  • Use reputable search engines
  • Be aware of lure lines such as “discounted course fees,” “multiple course places available now,” or the usage of highly respected educational establishment names in promotions
  • Keep internet security up to date on PCs and mobiles
  • Begin your Clearing search via the UCAS website, which contains official links and the latest up-to-date places
  • Reach out to the university or colleges admin secretary office if you have doubts as to the legitimacy of a fee or offer


Wayne Gaish, IT Strategic Development Manager, Petroc said: “Petroc takes cyber security very seriously and in particular for our learners at this crucial time of year. The guidance provided by Forcepoint will help promote a better understanding for our learners in today’s digital world.”


Frank Jeffs, post-graduate researcher and former Head of Advertising at Middlesex University said:

“Scams of this nature have the potential to trick stressed UK-based students, but could also catch out international students who are seeking courses in the UK.  In my experience, scammers use well-known university names such as Oxford or Cambridge and create fake institutions which sound very similar.  Designed to look realistic and offering qualifications at a low price or attempting to capture personal information, this social engineering trick could easily catch out international studients or people who might not have the local knowledge of the official educational establishment names.  Always go via the UCAS website or type in the URL of the university or college you are interested in.”

The post Cyber-threats in university Clearing and how to overcome them appeared first on IT SECURITY GURU.

from Cyber-threats in university Clearing and how to overcome them

World’s Largest Nonprofit Association of Certified Cybersecurity Professionals Surpasses 125,000 Members

(ISC)² today announced its membership has surged past 125,000 certified cybersecurity professionals worldwide. As demand for skilled security professionals continues to grow exponentially, (ISC)2 certification and continuing education programs enable cybersecurity and IT security practitioners to prove their expertise, advance their careers and contribute to a more secure society.


“We are extremely proud of reaching the 125,000 membership milestone, but we know there is a lot more work ahead of us,” said (ISC)2 CEO David Shearer, CISSP. “Technology alone cannot solve our security challenges, and we will face a global cybersecurity workforce shortage of 1.8 million people by 2022. Working with our members, government agencies, academic institutions and others around the world, (ISC)2 is committed to attracting, enabling and retraining the security professionals and IT practitioners we need to solve our biggest security challenges.”


Leaders in their Field


“125,000 members is a very large number for a community of dedicated people continuously raising the bar by learning, researching, teaching and sharing their knowledge and skills to make our cyber world safer,” said Emmanuel Nicaise, CISSP, president, (ISC)² Belux Chapter. “Becoming an (ISC)² member is more than passing an exam, it’s a commitment to a certain ethic and to a continuous improvement in your field.”


(ISC)2 certifications are globally recognised as proof of proficiency for security professionals, leading to career growth and advancement opportunities. Every day, association members around the world use knowledge gained from (ISC)2 certifications to contribute to all aspects of cyber, information, software, IT and infrastructure security.


(ISC)2 was the first information security certifying body to meet the requirements of ANSI/ISO/IEC Standard 17024 – the leading global benchmark for certifying professionals. The (ISC)2 CISSP, CCSP and SSCP have been accredited against this standard.





“I joined (ISC)2 in 2010 with CISSP certification, and now I can already say it was one of the most important milestones in my career,” said Martin Simka, CISSP, Ph.D., Showmax CEE, secretary, (ISC)2 Poland Chapter. “The organisation helps me to follow what’s happening in the global security community. On the other hand, thanks to the local chapter meetings, I have monthly opportunities to meet other colleagues from the industry in my region and follow presentations and face to face discussions on various security-related topics. Our local and global community has a significant impact on the continuous personal development of certified IT security professionals.”


Collaboration and Solutions


“Now more than ever, the cybersecurity community needs to come together and develop new solutions and strategies to help organisations across the globe defend their data in an increasingly dangerous online world,” added Shearer. “That’s exactly what will happen next month at our annual North American Security Congress. We will bring the best and brightest minds in cybersecurity together to explore the issues, threats and other challenges the cybersecurity profession faces, and collaborate on creative, actionable solutions our members can bring back to their office to better secure their data.”


More than 1,500 (ISC)2 members are expected to attend the annual North America Security Congress in Austin, Texas, next month. Attendees will discuss security trends and issues ranging from cloud security, cybercrime, critical infrastructure, emerging threats and incident response to governance, regulation and compliance to professional development.


Learn more about (ISC)2 certifications and the value of membership at

The post World’s Largest Nonprofit Association of Certified Cybersecurity Professionals Surpasses 125,000 Members appeared first on IT SECURITY GURU.

from World’s Largest Nonprofit Association of Certified Cybersecurity Professionals Surpasses 125,000 Members

How Just Opening A Malicious PowerPoint File Could Compromise Your PC

A few months back we reported how opening a simple MS Word file could compromise your computer using a critical vulnerability in Microsoft Office. The Microsoft Office remote code execution vulnerability (CVE-2017-0199) resided in the Windows Object Linking and Embedding (OLE) interface for which a patch was issued in April this year, but threat actors are still abusing the flaw through the different mediums. Security researchers have spotted a new malware campaign that is leveraging the same exploit, but for the first time, hidden behind a specially crafted PowerPoint (PPSX) Presentation file. According to the researchers at Trend Micro, who spotted the malware campaign, the targeted attack starts with a convincing spear-phishing email attachment, purportedly from a cable manufacturing provider and mainly targets companies involved in the electronics manufacturing industry.

View Full Story


The post How Just Opening A Malicious PowerPoint File Could Compromise Your PC appeared first on IT SECURITY GURU.

from How Just Opening A Malicious PowerPoint File Could Compromise Your PC

Cloudflare is helping defend a neo-Nazi website from hackers, even as Google and GoDaddy are distancing themselves from it

Even as several tech companies moved to disassociate themselves from the Daily Stormer on Monday, one tech firm refused to cancel its dealings with the neo-Nazi website — Cloudflare. A content delivery network that helps to protect sites from denial of service attacks, Cloudflare continues to support both and, another white supremacist site, through its service.

View Full Story

ORIGINAL SOURCE: Business Insider

The post Cloudflare is helping defend a neo-Nazi website from hackers, even as Google and GoDaddy are distancing themselves from it appeared first on IT SECURITY GURU.

from Cloudflare is helping defend a neo-Nazi website from hackers, even as Google and GoDaddy are distancing themselves from it

If Anonymous ‘pwnd’ the Daily Stormer, they did a spectacularly awful job

Doubts have been cast over claims that hacktivists have taken control of neo-Nazi website the Daily Stormer. Elements of the loose hacker collective Anonymous supposedly took control of the site as a reprisal for the death of anti-racist protestor Heather Heyer after she was struck by a car during protests by white supremacists in Charlottesville, Virginia. According to the most recent “post” on the site, the hackers were ostensibly threatening to dox the Daily Stormer’s Andrew Anglin and users of the controversial site. In short, the hack is likely a hoax.
View Full Story


The post If Anonymous ‘pwnd’ the Daily Stormer, they did a spectacularly awful job appeared first on IT SECURITY GURU.

from If Anonymous ‘pwnd’ the Daily Stormer, they did a spectacularly awful job

US military spies: We’ll capture enemy malware, tweak it, lob it right back at our adversaries

The US Defense Intelligence Agency has vowed to capture enemy malware, study and customize it, and then turn the software nasties on their creators. Speaking at the US Department of Defense Intelligence Information Systems (DoDIIS) conference in Missouri on Monday, the head of the agency Lieutenant General Vincent Stewart told attendees that the US was tired of just taking hits from outside players, can so it was planning to strike back.

View Full Story


The post US military spies: We’ll capture enemy malware, tweak it, lob it right back at our adversaries appeared first on IT SECURITY GURU.

from US military spies: We’ll capture enemy malware, tweak it, lob it right back at our adversaries

UK businesses “unprepared for a cyber shock”

Lockton report shows half of UK businesses expect to be entirely operational 48 hours after a large-scale cyber security breach. A report by Lockton has revealed that UK businesses are severely “unprepared for a cyber shock”. The broker found – in the study that polled 200 chief financial officers, chief risk officers and chief information officers as well as directors of risk and general legal counsel – that 50% expect to be entirely operational 48 hours after a large-scale cyber security breach. Just 2% of UK businesses think a breach will affect them for more than 10 days.

View Full Story


The post UK businesses “unprepared for a cyber shock” appeared first on IT SECURITY GURU.

from UK businesses “unprepared for a cyber shock”

Ransomware on the rise: how to prevent an attack

If the last few months have taught us anything, it’s that enterprises clearly need to take a long hard look at the cyber security they have in place.  One thing is clear – cyber threats now present a bigger risk to organisations than ever before.  Considering the huge growth in the number of new ransomware families (an increase of 752% since 2015), online extortion has become a major issue and one that businesses must address.

When it comes to measuring up the country’s worst hit by ransomware, the UK does not appear to be faring well.  According to a recent report by Malwarebytes, 54% of UK companies have been hit by a ransomware attack compared to 47% of US companies.  It is a common misconception that hackers are only targeting financial institutions, but this year’s attacks on UK parliament and health trusts highlights the reality of the situation – no business or organisation is safe.

It is becoming increasingly easy for hackers to disrupt business operations and extort money with the availability of open source ransomware and ransomware as a service (RaaS).  Organisations are rightly concerned about the loss of productivity over anything else. It is estimated that it takes 33 man hours (on average) to fix the problem, with the financial impact potentially much larger than the demanded ransom.

In addition, companies are increasingly concerned about data protection legislation and the potential for significant fines from governing bodies, as well as damage to reputation, resulting from data loss. This comes sharply in to focus now with the EU General Data Protection Regulation coming into force from May 2018.

So what is Ransomware?

In short, it is a type of malicious software that attempts to obtain money from a computer user or organisation by infecting systems and blocking access. This is typically done through encryption of the files and documents on the victim’s machine, then demanding a sum of money to provide the keys to decrypy the files.

There are a number of ways a hacker can initiate an attack, with the most common being a phishing email. This is where the victim is tricked into clicking on a link, or opening an attachment in what appears to be a legitimate email message.  The malicious software is then covertly installed on a computer, without knowledge or intention of the user.  It can then either stay dormant or spread without user interaction, depending on the type of attack, until it receives a command from the hackers systems to encrypt the files or lock the computer.  As soon as the data is encrypted, the user receives the ransom notification and the clock starts ticking.

Once your data is locked you face a difficult choice, whether to pay or not to pay. If you pay, will you really receive the key to decrypt and get your data back?  You are dealing with criminals after all!

How can you prevent an attack?

Unfortunately, there is no silver bullet.  Cyber criminals are constantly innovating and every cyber-attack is constructed using well-defined phases, which are completed sequentially.  Rendering a cyber-attack unsuccessful is all about blocking one or more of these stages.

You therefore need to look at a layered approach to protection. This means:

  • Securing your entry points.
  • Filtering web traffic and blocking malicious sites.
  • Blocking users from certain websites of which they should have no access.
  • Blocking macro’s and ActiveX along with not allowing external content from running inside office applications.
  • Scanning all emails and attachments for phishing.
  • Educating your employees to increase their awareness of phishing techniques and general vigilance.
  • Ensuring USB devices are scanned or even restricted in some parts, with auto play disabled at the very least.
  • Locking down users’ own (BYOD) devices on secured separate networks from production systems.
  • Deploying ransom behavioural tools and scanning your network traffic.

With this layered approach, research has shown that most ransomware attacks can be stopped at the gateway level, through email and URL blocking. The last line of defence is endpoint anti-ransomware behavioural monitoring, designed to proactively detect and block ransomware execution.  However, you want to stop this at the gateway and so ensure that your intrusion prevention, email and web scanning solutions are suitably robust to protect your edge networks.

Ultimately, you need to improve your security posture, research and follow best practices for technology and solutions that you already have in place. Where possible, looking to complement these with new and improved technology and services.

But what if it still gets through?

Even with all these tools and techniques in place sophisticated malware can still get through your defences.  Cyber criminals are evasive and clever and find new weak points all the time.  If the ransomware gets in, it will begin infecting disks and mapped network shares.  You therefore need plans in place to contain and respond to an infection and ultimately restore your data.  Paying the ransom should not be an option.

Backups are key to protecting your data.  However, for a lot of organisations, restoring the previous night’s backup to recover from a ransomware incident is simply not acceptable, due to the data loss and downtime incurred.  Organisations may leverage snapshots, be they storage based or at the  virtual machine level, to provide more granular restore capabilities.  But these too will likely mean accepting several hours’ worth of data loss.  This may also not be palatable to some companies, and thus we need to go further in terms of our restore capabilities.  We need to look at journaling technologies to be able to quickly roll systems back to a specific point in time, minutes or even seconds before the infection.

Once recovered, it is key that you conduct root cause analysis to help prevent reoccurrence.  There are always lessons to be learned and weak points can then be highlighted and addressed accordingly.  After the issue is resolved, the question should always be why did this happen?  Management will want to see a plan detailing how you will stop this in future.

Vigilance is key

Organisations and their employees need to be educated to be vigilant to avoid losing data and money.  You need to be implementing a multi-layered approach to cyber security, implementing solutions that utilise behavioural monitoring and machine learning whilst protecting your gateways, networks, servers and endpoints to help prevent ransomware infections.  There is no silver bullet, you need to employ a layered approach – defence in depth.

Prevent, contain and respond – you need plans in place for each. It is time to beef up your defence and recover options against the ever-increasing threat of ransomware.

By Karl Simpson, CSO at Calligo

The post Ransomware on the rise: how to prevent an attack appeared first on IT SECURITY GURU.

from Ransomware on the rise: how to prevent an attack

Monday, 14 August 2017

A local securities firm has been hit by a cyberattack

Taipei-based securities firm Taishin had some unhappy customers this morning as its services were temporarily downed by a cyberattack — the second one this year. The DDoS attack targeted the electronic trading systems of Taishin as well as its subsidiary Ta Chong Securities, also putting the firm’s telephone trading service out of commission in the process. Taishin’s system went down at 8:54 a.m., Apple Daily quoted a reader as saying, while Ta Chong’s service went down at 8:50 a.m. Both services were restored within an hour, with Taishin’s back up at 9:32 a.m. and Ta Chong’s back online at 9:35 a.m.

View Full Story


The post A local securities firm has been hit by a cyberattack appeared first on IT SECURITY GURU.

from A local securities firm has been hit by a cyberattack

How DNA became the new hacking tool

In what could possibly be a sci-fi plot in a movie is now a reality, as researchers hack a computer using synthetic DNA. A research team at the University of Washington revealed hackers were able to encode malware into a short strand of DNA. They programmed the virus to launch on its own when run through the DNA sequencing system, which it enabled it to take control of the computer, where it can read future DNA sequences or even alter generic data. The results, therefore, indicate that it is technically possible to use DNA as a way to transfer malware and attack vulnerabilities in the sequencing computer program. Past research has already shown that it is possible to transfer data using DNA. In 2016, Microsoft and the University of Washington demonstrated a technique for storing and retrieving digital images using DNA. However, many fear of potential problems in the future with new possible ways to hack.

View Full Story

ORIGINAL SOURCE: Dispatch Weekly

The post How DNA became the new hacking tool appeared first on IT SECURITY GURU.

from How DNA became the new hacking tool

Daily Stormer Hacked

Anonymous have taken over the world’s most notorious Nazi website, following clashes with white nationalists over the weekend that left one anti-fascist protestor dead. A post on the site attributed to the hacking group said that the site was now under its control and that it would stop it posting “putrid hate”. It also suggested that it will release data that had been taken as part of the attack, as well as suggesting it could conduct attacks on its leader.

View Full Story


The post Daily Stormer Hacked appeared first on IT SECURITY GURU.

from Daily Stormer Hacked

#OpDomesticTerrorism: Anonymous shuts down Charlottesville city website with DDoS attack

The hacktivist collective Anonymous has reportedly claimed responsibility for shutting down the Charlottesville city website. The hacker group reportedly launched a distributed denial-of-service (DDoS) attack, shortly after a hit and run incident in the city, that claimed the life of 32-year-old Heather Heyer and injured at least 19 others. The DDoS attack, launched under a new banner, dubbed #OpDomesticTerrorism, was allegedly launched to protest the hit and run incident, which involved a group of activists protesting a white supremacist rally. Police have since arrested the driver of the car, 20-year-old James Fields, who has been “charged with second-degree murder, three counts of malicious wounding and failing to stop at an accident that resulted in a death.”

View Full Story


The post #OpDomesticTerrorism: Anonymous shuts down Charlottesville city website with DDoS attack appeared first on IT SECURITY GURU.

from #OpDomesticTerrorism: Anonymous shuts down Charlottesville city website with DDoS attack

Cyber attacks on online retailers double in a year as hackers try to steal shoppers’ details

The numbers of online shops hit by serious losses of customer data has doubled in the past year as hackers try to plunder retails sites for valuable personal details, a law firm has warned. Customers are increasingly at risk as retailers amass ever growing collections of their shoppers’ personal information. Online shopping, digital marketing and loyalty schemes mean shoppers submit more and more information to retailers that is of value to cyber criminals.

View Story Here


The post Cyber attacks on online retailers double in a year as hackers try to steal shoppers’ details appeared first on IT SECURITY GURU.

from Cyber attacks on online retailers double in a year as hackers try to steal shoppers’ details

Synopsys Fuzzing Report Identifies IoT and Industrial Control Systems Software as Most Vulnerable to Exploits

In the latest fuzzing report by Synopsys, Inc. it was found the overall average time to first failure (TTFF) — the first instance when a protocol crash is recorded — was 1.4 hours. In the case of more mature protocols, the length of time is in hours. But with less mature protocols, that time could be as short as a few seconds, indicating a higher likelihood of exploitable vulnerabilities.

The report aims to give analysis on potential zero-day exploits in the open source protocols and common file formats used across six key industries, including automotive, financial services, government, healthcare, industrial control systems, and Internet of Things (IoT). The results stem from more than 4.8 billion fuzz tests conducted by Synopsys’ customers in 2016 using the Defensics® Fuzz Testing solution. Download the full copy of the Synopsys State of Fuzzing 2017 report.

“Fuzz testing is a powerful component of the Synopsys Software Integrity Platform to uncover zero-day vulnerabilities and help organizations protect their software,” said Andreas Kuehlmann, senior vice president and general manager for the Synopsys Software Integrity Group. “By analysing such a large data set from our customers, the Synopsys’ fuzzing report provides visibility into unknown, hard-to-find vulnerabilities and highlights where security teams should look to improve the quality and security of their software.”

Other major findings of the Synopsys State of Fuzzing 2017 include:

  • The least mature protocol tested in 2016 was IEC-61850 MMS (ICS). This is a niche protocol used in IoT and industrial control systems. The average TTFF for IEC-61850 MMS was 6.6 seconds.
  • The most mature protocol tested in 2016 was TLS client (Core IP). This is commonly used for secure web browsing including online banking and e-commerce. The average TTFF for TLS client was 9 hours.

According to a recent Forrester Research report, “Security pros have applied fuzz testing and application hardening tools on web applications for many years. However, these tools are finding new footholds in the IoT market, where applications are hard to crawl with traditional prerelease testing tools like DAST and face the same tampering threats as mobile applications. As IoT applications become more prevalent, expect fuzz testing and application hardening tools to have a rebirth.”1

The Synopsys Fuzz Testing product was used to identify the infamous Heartbleed vulnerability OpenSSL, which had gone unidentified for more than two years and impacted more than 500,000 websites. The product uncovers hidden, unknown vulnerabilities and helps organisations improve software security with advanced test suites for 250+ standard network protocols, file formats, and other interfaces. It not only uncovers dangerous unknown vulnerabilities, but also provides expert remediation advice to help organizations future-proof the software they rely on. See more details about Synopsys’ software security products.

The post Synopsys Fuzzing Report Identifies IoT and Industrial Control Systems Software as Most Vulnerable to Exploits appeared first on IT SECURITY GURU.

from Synopsys Fuzzing Report Identifies IoT and Industrial Control Systems Software as Most Vulnerable to Exploits

IoT connected soldiers hacked in latest Cyber Security Challenge UK competition

Last Friday evening, Government communications agency HMGCC, the MoD, BAE Systems and Cyber Security Challenge UK arranged a mock cyber-attack on Internet of Things (IoT) connected soldiers in the field at the MoD’s Defence Cyber School, part of the Defence Academy, Shrivenham. Twenty-four cyber amateurs battled against a fictitious hacktivist group to avert an attack on a live test run of experimental military communications equipment as part of the MoD’s Future Soldier Vision.


The competition was the latest face-to-face semi-final round in Cyber Security Challenge UK’s 2017 series of competitions, designed to unearth and nurture the UK’s best cyber security talent and help them gain careers in the industry. The 24 competitors were selected from a series of gruelling online qualifying rounds on the Challenge’s CyPhinx (Play on Demand) system.


All its competitions are designed to reflect potential real-life cyber security scenarios. This competition comes in the wake of militaries becoming increasingly wary of cyber-attack. In October 2016, the Defence Secretary Michael Fallon announced that the Government will invest up to £265m to boost the defence of military cyber systems, highlighting the scale of the threat.


The scenario, created by cyber specialists from HMGCC, saw contestants use their cyber security skills to safeguard the experimental soldier geo-tracking technology. Midway through the test, a nefarious hacktivist group hijacked the system using a man-in-the-middle attack, a sophisticated type of cyber-attack in which attackers intercept and manipulate communications between two parties without detection. The team lost contact with the soldiers, and raced against the clock to remediate the situation.


Candidates were ordered to report to military chiefs to explain why contact was lost, and had to advise on how to respond within international legal guidelines. This tested their legal knowledge, while side tasks such as puzzles and ciphers hidden around the military site tested their cryptography and problem-solving skills.


The winning team was team Challenger 2, Andy Grabowski, Caroline Haigh and Io Swift Wolf.


The 12 candidates that will progress to Masterclass in November are: Mark Brown, Michael Carr, Chris Hatton, Zul Sadiq, David Baker, David Orelowitz, Daniel Nash, Phillip Whitehead, Joshua Green, Peter Abay, Caroline Haigh, Edward Ouzman who is just 15 year’s old!



Cyber specialists from government and industry assessed the contestants to rank their performance and suitability for careers in the industry. The top performers have been invited to the Masterclass grand final in November where they could be offered highly lucrative jobs that average around £60,000 per year.


(ISC)2, the world’s largest independent body of information security professionals, predicts a shortfall of 1.8 million workers by 2022 if current employment trends continue and it is critical that this is addressed in order to protect our country’s infrastructure. It also identified a critical need to hire more young people into the profession.


Nigel Harrison, acting Chief Executive of Cyber Security Challenge UK said:

“Cybercrime affects all organisations, whether that’s corporations, charities or even the military. Our events represent the scenarios that cyber security experts in the field could experience on a day-to-day basis, and the types of attacks they could come up against. With a widening skills gap affecting organisations’ abilities to protect themselves, events like these provide the perfect opportunity for new talent to shine in front of prospective employers.”


An HMGCC spokesperson said:

“Our work involves the design and delivery of communication systems and technical solutions to protect national security at home and overseas, and finding people with the capabilities to keep delivering this is paramount. Through initiatives such as the Cyber Security Challenge UK, we can watch the future of the industry in action, and this gives us so much confidence as we see first-hand the talent that is available to us and the country as a whole. Our customers are various Government bodies, and we’re growing fast thanks to their increasing demand for our services. Now we need even more fresh talent on board.”


Paul Bleackley, Cyber Education Manager, Defence Academy of the UK said:

“Cyber security is a huge area of focus for the UK military now, and bolstering our cyber capability is crucial for national security. We’re supporting this competition to help find and develop the cyber security talent out there and encourage them into roles that protect the country from the current and future threats.”


Cathy Sutherland, Director, National Security, BAE Systems said:

“Training, real-life experience and education are essential to develop future cyber security professionals. Working on programmes such as this puts us at the heart of finding the best talent, helping organisations stay safe from digital threats.”

The post IoT connected soldiers hacked in latest Cyber Security Challenge UK competition appeared first on IT SECURITY GURU.

from IoT connected soldiers hacked in latest Cyber Security Challenge UK competition

Everton FC tackles data security in the cloud with Netskope Active Platform

Netskope, the leader in cloud security, today announced a deal with Everton FC to implement software which protects the Premier League club’s confidential data in the cloud.


The Netskope Active Platform analyses all cloud services – sanctioned and unsanctioned – for all employees (whether on premises or remote) to provide complete visibility into what data is being stored and shared in the cloud, and the activities occurring within those cloud services. It will enable Everton FC to demonstrate best business practice by not only proactively protecting confidential data while enabling the club’s cloud-first strategy but also ensuring compliance with the incoming EU General Data Protection Regulation (GDPR).


Faced with a huge quantity of highly sensitive and confidential information, from contract negotiations and players’ medical data to personal details belonging to the club’s global fan base, Everton FC required a solution which would keep this highly sensitive data secure in the cloud and ensure personal data remained private.


Keen to understand its cloud security stance, Everton FC undertook a detailed Cloud Risk Assessment with Netskope and partner EveryCloud to reveal which cloud services were in use within the business as well as the benefits of implementing cloud access security broker (CASB) software.


Using patented technology, Netskope’s cloud-scale security platform provides context-aware governance of all cloud usage in the enterprise in real time, whether accessed from the corporate network, remotely, or from a mobile app or sync client. Armed with this information, security professionals can understand risky activities, protect sensitive data, stop online threats, and respond to incidents in a way that fits how people work today.


In using Netskope Active Platform, Everton FC now has complete visibility into cloud usage and the ability to react immediately to keep data secure, mitigating cloud security risks and reducing regulatory exposure. By eliminating the risk of staff members uploading or sharing sensitive data in unsanctioned cloud services without IT’s knowledge, Everton FC employees can work securely from any location and on any device without compromising the club’s highly sensitive data.


“Data security is a key priority for the club,” said Phil Davies, ICT manager at Everton FC. “Information on players and their contracts is a vital asset for us and fans also entrust us with their data, including personally identifiable information. We take this responsibility seriously so we’re keen to provide employees with the right tools to boost productivity without compromising on security.”


Davies continued: “Netskope’s forward-thinking technology enables us to proactively identify risks and protect data so we can rest assured that players’ and fans’ sensitive data is protected in the cloud. Its deep cloud visibility capability and risk dashboard ensures we can accelerate our move to the cloud in a safe way – while demonstrating compliance with the GDPR.”


Founded in 1878, Everton FC is one of oldest football clubs in the world and a founding member of the English League. Throughout its long history, the club has maintained a forward-looking vision, being quick to embrace technology and the benefits of a cloud-first approach.


Sanjay Beri, CEO at Netskope, commented: “Everton FC understands the importance of protecting its confidential data, particularly when faced with stringent regulation requirements and an expanding threat landscape. Any large repository of data can be a target but major sporting clubs are an incredibly lucrative avenue for cybercriminals. To face this threat, Everton FC is implementing our solution to deliver unparalleled cloud security and support the club’s cloud-first philosophy.”


Keith Purves, co-founder at EveryCloud UK: “It’s very positive to see a club like Everton FC taking strong, proactive measures to protect its most important data, and we hope other clubs will recognise the very real risk and follow suit. Netskope’s solution was a perfect match for Everton’s requirements to keep sensitive data secure while enabling employees to work in a productive manner on any device.”

The post Everton FC tackles data security in the cloud with Netskope Active Platform appeared first on IT SECURITY GURU.

from Everton FC tackles data security in the cloud with Netskope Active Platform

Friday, 11 August 2017

Lastline’s Market Momentum Dramatically Accelerates During Q2 2017

Lastline has announced explosive growth and market momentum throughout the first half of the year. In Q2 alone, the company saw its highest ever quarterly sales performance, signed partnerships with IBM and Forcepoint, completed a $28.5M Series C round of fundraising, and announced Lastline Breach Defender™, which provides unparalleled insight into network breaches. The company’s 50 percent year-over-year employee headcount growth further underlines the expansion across business activities as it positions itself for sustained and rapid growth. The company’s record financial results are attributed to success across a range of go-to-market channels including OEM and MSSP relationships, and direct enterprise sales fueled by a growing market awareness and demand for the unique capabilities and benefits that the company’s technology offers.

“Our achievements throughout the first half of the year reflect the market’s increasing understanding of how Lastline uniquely can demonstrate success in detecting network breaches where other technologies have failed,” commented Lastline CEO and co-founder, Dr. Chris Kruegel. “Cybercriminals continue to improve their ability to bypass existing security technologies with sophisticated malware-based attacks. We know malware better than anyone, and our solutions bring that expertise to bear to prevent costly and damaging data breaches.”

In the first half of 2017, Lastline:

  • Achieved Record Setting Sales
    In Q2 2017, Lastline achieved the highest quarterly sales in company history, fueled by increased adoption in banking and financial services, business services, and other global sectors.
  • Raised $28.5M in Series C Funding to Fuel Explosive Growth
    The VC community demonstrated its confidence in Lastline’s growth potential by providing the company with $28.5M in Series C funding. The financing will be used to accelerate the company’s aggressive go-to-market strategy that focuses on sales and marketing expansion, and bolstering its development organization to deliver on its vision of breach protection.
  • Inked IBM and Forcepoint Partnership Deals that Reinforce Company’s Market Leadership
    Lastline continued to expand its already impressive list of technology integration partners, each of which concluded that Lastline is the best available solution after extensive vetting. In the first half of the year, the company signed partnership agreements with IBM, Forcepoint, Avanan, and several others. New channel partners include Infinigate in the UK, signaling the company’s goal of expanding availability in Europe.
  • Announced Lastline Breach Defender, Delivering a Dynamic Blueprint of a Network Breach
    The company announced a major product upgrade in February, and then in July, just after H1 concluded, released its newest product, Lastline Breach Defender, continuing the company’s tradition of innovation and delivering breakthrough breach protection. The new product is the industry’s only solution that provides a dynamic blueprint of a breach as it unfolds and moves laterally across a network.
  • Received Prestigious Industry Recognition Included Red Herring 100 Award
    Since January 2017, the company received two gold IT World Awards, was recognized with awards in each of the five categories in which it was nominated in the Info Security Products Guide Global Excellence Awards®, was recognized as an SC Awards finalist and a semi-finalist for Ernst & Young’s Entrepreneur of the Year, and was included in the Red Herring 100 that recognizes North America’s most exciting and innovative private technology companies.
  • Hired Aggressively to Fuel Expansion
    The company initiated a high-growth hiring campaign in the first half of the year that continues into H2 as the company expands global operations to meet growing market demand. Headcount at the end of Q2 2017 reflects 50 percent growth over a year prior.

Lastline is widely acknowledged as providing the industry’s most effective advanced malware and breach protection solutions. NSS Labs’ 2016 Breach Detection Systems Test recognized Lastline as the only breach detection offering they have ever tested to achieve 100-percent detection effectiveness with zero false positives. And The Forrester Wave™: Automated Malware Analysis Q2 Report identifies Lastline as the strongest current offering on the market.

The post Lastline’s Market Momentum Dramatically Accelerates During Q2 2017 appeared first on IT SECURITY GURU.

from Lastline’s Market Momentum Dramatically Accelerates During Q2 2017

One Identity Safeguard Introduces Frictionless Security for Privileged Accounts to Aid in Organizations’ Digital Transformation

One Identity, a proven leader in helping organizations get identity and access management (IAM) right, today announced a new version of its One Identity Safeguard privileged access management solution. The new solution, called One Identity Safeguard 2.0, includes new features that enable user flexibility and add redundancy while aiding the security of today’s hybrid infrastructures, including both on-premise and cloud-based applications. Safeguard 2.0 secures and automates the management of privileged or shared accounts, crucial to mitigating potential data breaches or application misuse and a requirement of several regulatory and industry compliance rules.

Privileged accounts – which govern nearly every component of a company’s IT infrastructure – put sensitive data at risk. As companies increasingly need to provide access to privileged and shared accounts, including corporate accounts for social media channels, they face serious damage to their reputations, or worse, if those credentials fall in the wrong hands. Proper management must embrace cloud, be available on any device, and be delivered in a locked down, preconfigured appliance that minimizes risk and simplifies installation and ongoing maintenance—characteristics of One Identity Safeguard.

“Since privileged account management solutions have been around for a long time, they tend to be stale and lag behind the technologies transforming enterprises for the better,” said John Milburn, president and general manager of One Identity. “One Identity’s Safeguard, however, is all about actually enabling and capitalizing on new and increasingly popular enterprise approaches that are key to digital transformations underway – like DevOps initiatives, distributed architectures, and the adoption of cloud-based applications – to help drive efficiencies and increase employee productivity in a safe and secure way.”


“Get IAM Right”: Key features of One Identity Safeguard 2.0

A second-generation platform for management of privileged and shared accounts, One Identity Safeguard 2.0 is part of a strong and advanced software portfolio that aims to “get IAM right” for the enterprise. One Identity Safeguard 2.0 features a completely redesigned user interface that helps customers easily deploy, operate and maintain their privileged password systems. Other notable features include:


  • “Approval Anywhere” brings frictionless management to IT execs: An industry first, security admins use a cloud-based workflow to securely approve session or password requests from any device, dramatically increasing efficiency and productivity.


  • Hardened appliance form factor reduces attack surface while simplifying deployment: Provides full-disk encryption and an embedded operating system, which has removed unneeded components and disabled console access to permit only secure communications, protecting the solution from host and network-based attacks. An appliance form-factor also allows for rapid deployment; One Identity Safeguard can be up and running in a matter of hours.


  • High availability with appliance clustering helps ensure 24/7 uptime: Easily deploy additional One Identity Safeguard appliances, which communicate with each other through clustering, for redundancy as any appliance on the network can fulfill password requests. This deployment model — which is unique in the industry — maximizes response time, as a request is managed by the appliance closest on the network to the user.


  • Included two-factor authentication ensures increased protection for critical passwords: Integrates seamlessly with One Identity’s cloud-based two-factor authentication solution to enable advanced authentication options for access to the password safe. One Identity includes 25 free licenses of the solution with every Safeguard deployment.


  • Easy integration of cloud-based applications: By adding new integrations with popular cloud-based applications, companies can easily apply their privileged account policies to these applications and enhancing security while capitalizing on the efficiencies and cost savings offered by the cloud.


  • Localized language support in eleven languages: Provides a seamless experience for non-English administrators.



“One of the biggest challenges we see in deploying privileged management solutions is user acceptance of the technology. One Identity Safeguard reduces this challenge by catering to the flexibility of security pros,” said Kris Zupan, at Rallypoint Solutions. “This flexibility, combined with the extensibility of Safeguard and the unmatched security we have always experienced from One Identity privileged management solutions, will enable us to provide our customers with the security they need and the usability they want.”



One Identity Safeguard 2.0 is available immediately worldwide. For more information, visit:


About One Identity

One Identity, a Quest Software business, helps organizations get identity and access management (IAM) right. With a unique combination of offerings including a portfolio of identity governance, access management and privileged management, and identity as a service that help organizations reach their full potential, unimpeded by security yet safeguarded against threats. One Identity has proven to be a company unequalled in its commitment to its customers’ long-term IAM success. More than 7,500 customers worldwide depend on One Identity solutions to manage more than 125 million identities, enhancing their agility and efficiency while securing access to their data — wherever it might reside. For more information, visit


Supporting Resources

  • Download here our whitepaper titled “Controlling and Managing Privileged Access”
  • Register here for our upcoming Privileged Access Management webinar series

The post One Identity Safeguard Introduces Frictionless Security for Privileged Accounts to Aid in Organizations’ Digital Transformation appeared first on IT SECURITY GURU.

from One Identity Safeguard Introduces Frictionless Security for Privileged Accounts to Aid in Organizations’ Digital Transformation