Wednesday, 31 May 2017

Cylance Delivers First AI-driven Endpoint Detection and Response Solution with Introduction of CylanceOPTICS

Cylance® Inc. has released an AI-driven endpoint detection and response (EDR) product for general availability. Named CylanceOPTICS and delivered on the Cylance AI Platform, the EDR augments the prevention capabilities of CylancePROTECT.
CylaneOPTICS simplifies key aspects of threat hunting and attack analysis without requiring cloud connectivity. The Cylance AI Platform serves as a data-science engine that generates specialized machine-learning models to address today’s incident response and investigative needs.

“With the explosive rate of malware growth and other threat vectors, an AI-based solution that automates time-consuming parts of the threat hunting and incident response workflow is important,” said Doug Cahill, senior analyst, cybersecurity, Enterprise Strategy Group. “Enterprises need a way to predict attacks and streamline the threat hunting and incident response workflows. The AI-driven combination of CylancePROTECT and CylanceOPTICS will be a compelling combination for many security teams.”

Today’s security teams work in a threat landscape where over 300,000 new malware variants are created daily. With expert threat-hunting professionals in short supply enterprises need to be equipped with tools that help them scale their existing security teams to protect against these threats. A recent NSS Labs test revealed that CylancePROTECT blocks 99.7 percent of all malware, including new zero-day threats. Cylance’s AI prevention-first approach to security helps businesses scale their security capabilities, reducing the time required to find, investigate and mitigate threats in their environments.

Formel D, a global service provider to the automotive and component supply industry, deployed CylancePROTECT and CylanceOPTICS across user machines, Microsoft Windows Exchange servers, application and database servers to prevent the execution of malware and fileless attacks. “CylanceOPTICS enabled us to perform on-demand enterprise-wide forensic investigations for malicious files, executables, and indicators of compromise. We were able to rapidly find pending threats and use CylanceOPTICS to analyze the origin of the threat and remove it from our enterprise, and this enables us to improve our prevention methods,” said Robert Osten, IT Manager at Formel D.

Key capabilities of CylanceOPTICS include:

  • Simple Root-cause Analysis
  • Endpoint Visibility and AI-assisted Threat Hunting
  • Integrated Incident Response
  • Works Independently of the Cloud

 

CylanceOPTICS is available worldwide through authorised Cylance channel partners. To find a reseller in your region, contact partnersupport@cylance.com. For more information or a demo of CylanceOPTICS, please visit www.cylance.com/optics or read a blog post here.

The post Cylance Delivers First AI-driven Endpoint Detection and Response Solution with Introduction of CylanceOPTICS appeared first on IT SECURITY GURU.



from Cylance Delivers First AI-driven Endpoint Detection and Response Solution with Introduction of CylanceOPTICS

Liverpool One shopping centre screen ‘hacked’

A large digital billboard outside a Liverpool shopping centre was apparently defaced by hackers on 29 May.
“We suggest you improve your security. Sincerely, your friendly neighbourhood hackers,” a message on the screen read.
It was posted on a large outdoor display at the Liverpool One shopping centre in the city.

View Full Story 

ORIGINAL SOURCE: BBC.co.uk

The post Liverpool One shopping centre screen ‘hacked’ appeared first on IT SECURITY GURU.



from Liverpool One shopping centre screen ‘hacked’

Shadow Brokers move bitcoins after hacking tool auction

Bitcoins worth £18,500 ($24,000) that were sent to hacker group the Shadow Brokers have been moved.
The funds were received during an auction of hacking tools that failed to attract much interest before the group eventually released the tools for free.
One leak included an exploit that helped the WannaCry ransomware to spread around the world.

View Full Story

ORIGINAL SOURCE: BBC.co.uk

The post Shadow Brokers move bitcoins after hacking tool auction appeared first on IT SECURITY GURU.



from Shadow Brokers move bitcoins after hacking tool auction

Cybercriminals Regularly Battle it Out on the Dark Web

People operating criminal services on Tor and other darknets attack each other frequently, a study by Trend Micro shows.
Apparently, there’s very little love lost between criminals in the cyber underworld.
A study of the Dark Web by Trend Micro shows that cybercriminals attack each other with almost the same ferocity as they reserve for their victims outside of it.

View Full Story 

ORIGINAL SOURCE: darkreading.com

The post Cybercriminals Regularly Battle it Out on the Dark Web appeared first on IT SECURITY GURU.



from Cybercriminals Regularly Battle it Out on the Dark Web

A suspected Russian hacker in the Czech Republic is one step closer to being extradited to the US — but Russia wants him back, too

A Russian suspected hacker has moved a step closer to being sent to the US as a Czech judge gave tentative approval for an extradition to go ahead, during a court hearing held inside a high-security prison in Prague.

View Full Story

ORIGINAL SOURCE: Business Insider

 

The post A suspected Russian hacker in the Czech Republic is one step closer to being extradited to the US — but Russia wants him back, too appeared first on IT SECURITY GURU.



from A suspected Russian hacker in the Czech Republic is one step closer to being extradited to the US — but Russia wants him back, too

Naked photos and personal info from thousands of plastic surgery patients including dozens of celebrities and 1,500 Britons are published on the dark web after a clinic was hacked

Hackers have published naked photos of thousands of plastic surgery patients who had work done at a Lithuanian clinic, it has been reported.
Local authorities said more than 25,000 private photos and pieces of personal information from the Kaunas-based Grozio Chirurgija clinics were published on the internet.
The leak includes intimate photos and data of more than 1,500 Brits, MailOnline has learned.

View Full Story

ORIGINAL SOURCE: dailymail.co.uk 

The post Naked photos and personal info from thousands of plastic surgery patients including dozens of celebrities and 1,500 Britons are published on the dark web after a clinic was hacked appeared first on IT SECURITY GURU.



from Naked photos and personal info from thousands of plastic surgery patients including dozens of celebrities and 1,500 Britons are published on the dark web after a clinic was hacked

Malwarebytes breaks the mould with EMEA Channel Programme

Malwarebytes™, the leading advanced malware prevention and remediation solution, today launched its inaugural channel programme for partners across EMEA. The programme has been designed to be simple and easy to join, and focuses on driving deal registrations with a commitment from Malwarebytes to help its partners close business opportunities quickly and easily. This – coupled with Malwarebytes’ strong pedigree in product development and the potential for partners to realise significant margins – is shaking up the traditional approach to partnering.

Where traditional channel schemes reward – and penalise – partners based on revenue, Malwarebytes is incentivising its reseller and distributor network based on the exposure and opportunity reach they provide for the security company. Partners can attain gold and platinum levels based on numbers of deal registrations rather than revenue, certification programs or complex points based programs.

Over the last few years, headline-grabbing online security incidents have escalated in both severity and regularity. The potential implications of a security breach are severe and can range from damaged business reputation through to company devaluation. As the average cost of a data breach increases, information security is now a board-level issue. As a result, there is a huge market opportunity for channel organisations. By providing support and positive incentives, Malwarebytes is offering the reseller community the tools they need to reap the benefits.

“As a company, Malwarebytes has always been innovative and we’re carrying that ethos through to our partner programme,” explains Anthony O’Mara, EMEA Vice-President, Malwarebytes. “Vendors often make partners jump through far too many hoops, wanting arbitrary criteria to be met, often dictating to resellers how to run their business. We’re not doing any of that. We know our partners run successful businesses. So we’ve designed our programme to be flexible, forward-looking and mutually beneficial.

We want our channel to feel part of a mutually beneficial partnership where both parties are invested in driving growth together.”

The programme is available for all reseller partners across EMEA. <<Register Here>> or contact the Malwarebytes team at emeapartnerbytes@malwarebytes.com

The post Malwarebytes breaks the mould with EMEA Channel Programme appeared first on IT SECURITY GURU.



from Malwarebytes breaks the mould with EMEA Channel Programme

FICO Survey: Nearly One-Third of UK Firms Don’t Have Cybersecurity Insurance

Most UK firms in survey by FICO and Ovum say insurance industry should improve explanations of cybersecurity insurance pricing

Highlights:

  • 31 percent of UK executives surveyed say their firm has no cybersecurity insurance, compared to 40 percent in other countries surveyed
  • Only 28 percent of UK firms surveyed have cybersecurity insurance that covers all risks
  • 69 percent of respondents say insurers should do more to explain how they price risk
  • Ovum conducted telephone surveys for FICO of security executives at 350 companies in the UK and other countries

UK firms are increasingly protecting themselves with cybersecurity risk insurance, but nearly a third of firms have not taken out insurance yet. A new survey conducted by research and consultancy firm Ovum for Silicon Valley analytics firm FICO reveals that even among those that have insurance, only 28 percent said they have cybersecurity insurance that covers all risks.

FICO will host a Tweet Chat on the cybersecurity survey with Ovum tomorrow at 16:00 BST. Individuals are encouraged to participate using #cybertrends.

Even though the majority of firms surveyed have cybersecurity insurance, most say that the risk assessment process insurers use needs improvement. Just 31 percent of respondents think their premiums reflect an accurate assessment of their risk. Nearly as many, 29 percent, said they don’t believe the assessment accurately reflects their risk, and 11 percent said they don’t know how their insurance is priced.

“The UK will soon be subject to General Data Protection Regulation (GDPR), which introduces higher fines in cases of data breach,” said Steve Hadaway, FICO general manager for Europe, the Middle East and Africa. “Even if attacks don’t increase in volume, firms could end up paying more, which makes having comprehensive insurance more important. At the same time, companies have a right to expect that they will pay less if their protection is better. The onus is on the cybersecurity insurance industry to make sure insurance rates are fairly set for each individual firm, based on a sound analysis of its risk.”

Ovum conducted the survey for FICO through telephone interviews with 350 CXOs and senior security officers based in the US, Canada, the UK and the Nordics in March and April 2017. Respondents represented firms in financial services, telecommunications, retail, ecommerce and media service providers.

For more information, read our white paper: http://www.fico.com/en/latest-thinking/white-paper/what-the-c-suite-needs-to-know-about-cyber-readiness

The post FICO Survey: Nearly One-Third of UK Firms Don’t Have Cybersecurity Insurance appeared first on IT SECURITY GURU.



from FICO Survey: Nearly One-Third of UK Firms Don’t Have Cybersecurity Insurance

Clearing the ‘AIR’ – Understanding the Impact of App-Blended Lifestyles on Personal and Corporate Security

“There’s an app for that.”

It’s an utterance that today is probably met with a resounding “Duh!”

Why? Because there’s an app for everything. Odds are if you can think it up, there is, indeed, an app for it. For many, apps have become a basic human necessity.

Apps are an essential component of our digital lives. They’re powerful business tools. They’re fun personal time-wasters. We can accomplish the most mundane to the most complex tasks with a few taps and swipes.

And while we tend to think of apps in context of smartphones, laptops and other connected devices, the term application can apply to many types of software, services, tools and clients across a wide range of platforms, such as Internet of Things (IoT) devices, vehicles, appliances, electronics and more.

The App-Blended Life                                                        

It’s hard to imagine going a day without work or personal apps. They drive our routines. When was the last time you left the house without your smartphone? If it was recently, you likely panicked slightly without it.

We call this the app-blended life, where personal and work lives are no longer compartmentalised. We use personal apps at work and business apps at home. We use some apps for both. The lines have blurred.

But do we ever stop to think: Is this app secure? And who is responsible for protecting us as users? Is it IT? Is it the developer? Is it the user? Or is it a combination of all three?

And how often do we realize how our use of applications affects business from a security and productivity perspective?

There are many security studies in our industry. They are very uniform in nature. They cover attack trends, impact of attacks and the evolution of threats. They are all important. However, A10 Networks wants to take a unique approach by illuminating the side of risk and security that is not evaluated enough – human behaviour. A10 wants to break away from the school of fish and help better understand how the global workforce’s experiences and behaviours with apps impact personal and corporate security. We want to help IT organizations and security teams understand how people use apps. Why they use them. Their perception of personal and business security when using them. And potential behavioural risks to businesses and IT teams.

So we launched the A10 Application Intelligence Report, or A10 AIR for short. A10 AIR is a global research project that examines how attitude, behaviour and experience involving apps impacts personal and corporate security.

Key Findings

Through our research, we made interesting discoveries – some startling, some not so surprising. For example:

The Importance of Apps

  • 42 percent of respondents globally say they can’t live without apps, while another 44 percent say they would struggle to live without them.
  • In a test of how literal or passionate respondents are in backing such statements, half of the respondents describe apps as equally as important or almost as important as breathing, eating or drinking.

App Behaviour and Security Due Diligence

  • 83 percent of respondents agree or strongly agree that they think about security risks when downloading an app, but note that they think about security less after the initial download.
  • Only one in four (24 percent) respondents think of security as the most important attribute when downloading apps – security is tied with ease of use and ranks behind performance as most important.
  • Fewer than one in five think about security when using business apps. Why? Because many expect IT and app developers to protect them.
  • Not only does security consideration decline after downloading applications, almost half of the respondents (47 percent) think their company’s app developers lack the necessary skills to build safe business apps.
  • More than two out of five respondents don’t believe security is a top priority for third-party app developers.
  • Laptops and mobile devices are perceived as more vulnerable than IoT devices, such as surveillance cameras, smart TVs and Internet-enabled cars. This misperception leads to problems in the era of theDDoS of Things, the large-scale DDoS attacks that leverage IoT devices that are often found on corporate property, like TVs and surveillance cameras. For example, In October 2016, the Mirai botnet leveraged nearly 500,000 webcams to launch the largest DDoS attack in human history.

Threats Realised

  • Globally, 13 percent of respondents say they have been a victim of identity theft.
  • 39 percent of respondents in China have had their identity stolen.
  • One in five (20 percent) global respondents have had their mobile device or computer hacked.
  • Almost one in three under 30 (31 percent) has been hacked.
  • One in three (34 percent) respondents under 30 has lost their mobile device or computer. One in four (24 percent) of that same age demographic has had their mobile device stolen at one time.

Behaviour Impacts Business

You may ask, what does this have to do with business? Or A10? Or our product portfolio? It’s simple: Employees bring their behaviour to work every business day.

Poor security behaviour, particularly with applications that hold sensitive personal and business information, can introduce threats to individuals and enterprises alike. As a vendor, we care about customers generating ROI from their solutions. Any breach or security compromise, whether caused by negligent or malicious behaviour, undermines ROI on security investments.

How can you cost-justify security investments if your company is breached and news about it breaks publicly? Managing human behavioural implications is part of a diligent approach to corporate security. It boils down to people, process and technology – all three must be addressed.

IT organizations can leverage this data to make better business decisions to protect users by strengthening protection of their IT infrastructure and their applications. Every action taken on a corporate network or device – yes, even within a personal app – can affect the security posture of an organization.

From a cultural perspective, IT can study the app-blended life, consider user behaviour as a factor in security planning, build enterprise-wide security awareness and influence a security-minded culture.

And from a technology perspective, IT pros can use this data to make the case for improved per-app visibility, per-app analytics, performance, removal of security blind spots and implementation of tighter controls across all application environments.

DOWNLOAD A10 AIR NOW

By Mike Hemes, Regional Director Western Europe at A10 Networks

The post Clearing the ‘AIR’ – Understanding the Impact of App-Blended Lifestyles on Personal and Corporate Security appeared first on IT SECURITY GURU.



from Clearing the ‘AIR’ – Understanding the Impact of App-Blended Lifestyles on Personal and Corporate Security

My June Vote

I must repeat what I said before the last general election in the UK: I shall not vote. I dismiss as absurd the thoughtless claims that I have a duty to vote. I do not. I have a duty to follow my beliefs, to stand for what is right and to criticise what is wrong. […]

The post My June Vote appeared first on ITsecurity.



from My June Vote

Tuesday, 30 May 2017

Investigators search Ukrainian offices of Russia’s Yandex

Ukraine’s State Security Service (SBU) raided the Kiev and Odessa offices of Russia’s top search site Yandex on Monday, accusing the company of illegally collecting Ukrainian users’ data and sending it to Russian security agencies.

View full story

ORIGINAL SOURCE: Reuters

The post Investigators search Ukrainian offices of Russia’s Yandex appeared first on IT SECURITY GURU.



from Investigators search Ukrainian offices of Russia’s Yandex

A simple file naming bug can crash Windows 8.1 and earlier

The “blue screen of death” lives on thanks to a simple Windows file system bu
In a blast from the past, a Russian researcher has uncovered a simple bug in the NTFS file system that consistently crashed Windows Vista to 8.1 PCs.
Like the infamous Windows 95/98 /con/con bug, by simply entering a file name with “$MFT” the file-system bug locks up Windows at best, or dumps it into a “blue screen of death” at worse.
View full story

ORIGINAL SOURCE: ZDNet

The post A simple file naming bug can crash Windows 8.1 and earlier appeared first on IT SECURITY GURU.



from A simple file naming bug can crash Windows 8.1 and earlier

EU to launch free WiFi4EU Internet hotspots

The hotspots will give tourists and residents alike the chance to use free public Wi-Fi in popular areas.
The EU has inked a deal to launch public Wi-Fi across member countries and give residents and tourists access to free Internet access in public areas.
The European Commission revealed the scheme, agreed under the WiFi4EU initiative in Brussels together with the European Council and European Parliament on Monday.

View full story

ORIGINAL SOURCE: ZDNet

The post EU to launch free WiFi4EU Internet hotspots appeared first on IT SECURITY GURU.



from EU to launch free WiFi4EU Internet hotspots

Companies struggling to meet GDPR standards

A new survey conducted by Vanson Bourne asked IT leaders in the U.S., UK, Germany and France about their current data policies to see how well aligned they are with the EU General Data Protection Regulation (GDPR), which comes into force on May 25, 2018.

View full story

ORIGINAL SOURCE: Help Net Security

The post Companies struggling to meet GDPR standards appeared first on IT SECURITY GURU.



from Companies struggling to meet GDPR standards

Anonymous Member Playing with Houdini RAT and MoWare Ransomware

A self-proclaimed member of the Anonymous hacker collective is behind a campaign to spread the Houdini RAT and is currently looking into deploying the MoWare H.F.D ransomware.

View full story

ORIGINAL SOURCE: Bleeping Computer

The post Anonymous Member Playing with Houdini RAT and MoWare Ransomware appeared first on IT SECURITY GURU.



from Anonymous Member Playing with Houdini RAT and MoWare Ransomware

Brits say mobile apps are as important as breathing, eating and drinking

A10 Networks, a Secure Application Services™ company, has revealed today in new research that Britons are so addicted to and dependent upon their smartphones and applications that a quarter believe mobile apps are equally as important as a basic human resource such as eating, breathing and drinking.

The Application Intelligence Report (AIR) is a global research project that examines the behaviour and attitudes of the global workforce toward the use of business and personal apps, and their impact on risk, security, and corporate culture. AIR was commissioned by A10 Networks and conducted independently with the intent to provide education for employers that can help them reassess corporate policies and ultimately protect their businesses – and their applications – by simply becoming more aware of the behaviour of their employees.

The A10 AIR research found that Britons stood out over other countries in a number of ways:

  • Brits had the largest percentage of employees (41%) who use non-sanctioned apps at work.
  • Over half (55%) of Britons would rather lose their trousers than their smartphone. Germans were the opposite, displaying a much greater attachment to their trousers than their smartphone. 22% more Germans were prepared to lose their smartphone rather than their trousers.
  • More Britons claim to have had their mobile devices hacked – one in four (24%) – than any almost any other country globally – and more than any other European country.
  • UK participants lose their mobile devices more frequently (24%) – or have them stolen (19%) – than the global average, and more than the rest of Europe.
  • Nearly one in three (32%) of UK participants said cyber-attacks are something they “just try not to think about” – more so than the global or European average.
  • Brits don’t think about security when downloading apps. The countries that think least about security risks are the UK and Japan.

When it comes to what we’d grab in an emergency, Britons showed an almost equal preference for their smartphone (38%) or a safe with important documents (37%), far higher than the number who would save family photos (19%). Only 6% of Britons would save a computer in the event of an emergency.

When compared to the rest of the world, Britons lagged far behind China in their attachment to their smartphone. 74% of Chinese people stated that they would save their smartphone in an emergency as compared to 38% of Britons and only 31% of Americans. The French displayed a below average attachment with only 29% opting to save the smartphone. This was the lowest of all the countries.

 

The research also showed:

  • Over half of employees surveyed in Brazil (61%), Great Britain (55%), India (54%), and the United States (54%) say they could not live without apps.
  • Globally, 2 of 5 (42%) survey respondents stated they cannot live without their apps, while another 44% said it would be a struggle to live without them.
  • Employees from Great Britain and the US think the likelihood of a mobile hack (45% and 43%, respectively) is comparable to the likelihood of their car being broken into (42% and 41%, respectively).
  • The largest percentage of employees who use non-sanctioned apps are located in Great Britain (41%) and India (40%). The global average was 30% and only 14% of Germans use non-sanctioned apps.
  • In the UK 51% of people surveyed would rather leave their house unlocked all day than leave their phone unattended and unlocked on a park bench for just one hour.

Mike Hemes, Regional Director Western Europe at A10 Networks, commented: “The results of the global survey are quite astonishing. In the UK we clearly place huge value on applications and our smartphones. It is amazing to think that more than half of Britons would rather leave their house unlocked all day rather than leave their phone unlocked for one hour unaccompanied in a public place. Smartphones are critical to our lives and yet as the research also showed we all too often leave them open to being hacked and used for sinister purposes.”

Overall, the results show that attitudes towards the importance of smartphones and apps vary within Europe and globally. The Germans in particular showed much less interest and attachment to their smartphones and apps compared to those in the UK. Meanwhile those in China and Brazil showed the strongest attachment, nearly always responding far above the global average in response to questions on the importance of their smartphones and apps.

Despite the importance attached to smartphones and applications the research also showed that employees all too often don’t consider or take responsibility for security. When compared to the global average Britons were less likely than average to take personal responsibility for security. When asked about who is ultimately responsible for protecting an employee’s personal identity and information when a personal, non-business app is used at work only 37% of Britons said it was their responsibility.

The complete findings are available at www.a10networks.com/AIR.

The post Brits say mobile apps are as important as breathing, eating and drinking appeared first on IT SECURITY GURU.



from Brits say mobile apps are as important as breathing, eating and drinking

In-app security will play a key role in thwarting Cloak & Dagger vulnerability, says Promon

The recent discovery of the Cloak & Dagger attack vector, which can steal personal information by mimicking the activities of apps, is indicative of the new level of sophistication that Android-targeted malware has reached. To increase the chances of defeating attacks of this nature, in-app security needs to move to the top of the agenda for any app-focused business. This is according to app security specialist Promon.

According to researchers at the Georgia Institute of Technology, Cloak & Dagger works by using Android’s design and screen behaviours against users, hiding activities such as keystroke recording, stealthy phishing and the enabling of app permissions behind seemingly innocuous screens. To combat such a dangerous strain of malware that can be so hard to detect, Promon believes that apps have a greater need than ever to be proactively protected, both during runtime and when they are idle.

Tom Lysemose Hansen, founder and CTO at Promon, said: “Cloak & Dagger is a particularly nasty example of Android malware, given its level of sophistication in being able to effectively steal information in a way that can be very difficult for users to notice. Due to its nature, it’s also likely to inspire copycat versions, so it certainly shouldn’t be treated as an isolated case.

“While it is possible to disable the exploit by turning off the ‘draw on top’ permission in a device’s settings, the stealthy nature of Cloak & Dagger makes fast, definitive action on the part of users unlikely. Instead, app developers need to think about what they themselves can do to guard against such a threat.”

Hansen believes that runtime application self-protection (RASP) software can be particularly useful in fighting malware of this nature.

He added: “RASP software is advantageous because it proactively detects and eliminates threats while an app is running. Malware such as Cloak & Dagger works by monitoring someone’s activity while they are using an app, so it is crucial that app protection is able to thwart attacks at this point.”

With the General Data Protection Regulation (GDPR) now less than a year away from implementation, Hansen also thinks that Cloak & Dagger should shine a spotlight on the urgent need for businesses to secure their mobile apps before GDPR comes into force.

He concluded: “Mobile threats are only going to increase in sophistication. At the same time, the stipulations of GDPR mean the financial penalties for experiencing a data breach will be particularly severe. The time to act is now, while the malware threat level is high, and there is still some time left to prepare for GDPR’s arrival.”

The post In-app security will play a key role in thwarting Cloak & Dagger vulnerability, says Promon appeared first on IT SECURITY GURU.



from In-app security will play a key role in thwarting Cloak & Dagger vulnerability, says Promon

Gartner Says Four Vectors Are Transforming the Security Software Market

The security software market is undergoing a dramatic transformation due to four key developments, according to Gartner, Inc. The use of advanced analytics, expanded ecosystems, adoption of software as a service (SaaS) and managed services, and the prospect of punitive regulations are causing enterprises to rethink their security and risk management software requirements and investments.

“The overall security market is undergoing a period of disruption due to the rapid transition to cloud-based digital business and technology models that are changing how risk and security functions deliver value in an organisation,” said Deborah Kish, principal research analyst at Gartner. “At the same time, the threat landscape and rise in the number of high-impact security incidents are also creating demand for security technologies and innovations that deliver greater effectiveness.”

 

Four vectors are transforming the security software market:

 

  1. By 2020, Advanced Security Analytics Will Be Embedded in at Least 75 Per Cent of Security Products
    Enterprises are increasingly seeking products that incorporate “smarter” predictive and prescriptive analytic technologies, which help warn users of potential security incidents and provide guidance on optimal responses. These more-advanced analytical capabilities are driven by a variety of underlying technologies, such as heuristics, artificial intelligence/machine learning and other techniques. Successful vendors will work with customers and prospects to understand use cases where analytics will deliver significant value and augment limited security staff and resources.
  2. Acquiring and Integrating Products and Technologies Will Be a Critical Strategy to Increase Market Share and Enter New Markets
    Given the preponderance of startups and smaller vendors pursuing innovative approaches to security problems, acquisition, integration and consolidation are highly effective strategies to increase market share and enter completely new markets. In many cases, mature vendors in search of continued growth are acquiring faster-growing companies from emerging adjacent markets. In other cases, vendors are optimising profits by consolidating similar products under a single brand, therefore leveraging economies of scale by combining core functions, such as development, support, sales and marketing.
  3. End Users’ Quest for Flexibility Will Increase Adoption of SaaS
    Security buyers are making security product investment decisions that support digital business, fit their current challenges and deliver performance value. Gartner’s recent end-user security spending survey indicates that, in order to do this, they have a preference for products in an as-a-service format. SaaS for security and risk management is becoming critical as customers transition to digital business practices. However, providers must consider the financial implications of maintaining support for legacy security products while investing in an as-a-service product or managed service.
  4. The Regulatory Environment Will Create Opportunities for Security Software Providers
    The EU General Data Protection Regulation will come into effect on 25th May, 2018 and could see organisations facing heavy fines should they receive a single complaint for mishandling private data. Punitive regulations will create board-level fears, driving security software budget decisions based on the potential financial impact of fines and noncompliance. Consequently, organisations will look to providers with products that provide the needed visibility and control of their data. Providers should identify the key regulatory requirements and constraints in target geographies by working with legal counsel to deliver product and service choices that will alleviate board-level fears.

Gartner clients can learn more in the report: “Market Opportunity Map: Security and Risk Management Software, Worldwide.”

The post Gartner Says Four Vectors Are Transforming the Security Software Market appeared first on IT SECURITY GURU.



from Gartner Says Four Vectors Are Transforming the Security Software Market

Friday, 26 May 2017

DomainTools research finds new generic top level domains (gTLDs) are hotspots for malicious activity

 DomainTools has released their 2017 DomainTools Report, looking at the various “hotspots” of malicious or abusive activity across the internet. The report examines four domain characteristics: generic Top Level Domains, Whois privacy provider, free email provider and IP geolocation.

The DomainTools research team analysed the generic top level domains (gTLDs) with the highest concentrations of malicious activity. Their research found that .science had the highest concentration of bad domains, followed by .study and .racing. None of the 2017 most malicious Top Level Domains were in meaningful operation in 2015.

Tim Helming, Director of Product Management at DomainTools said: “We expect a lot of churn for the foreseeable future as the Top Level Domain space continues to expand, but that should not stop investigators from paying attention to the top ten from this year.” Helming clarified that these TLDs are not inherently malicious, as single registrants can be responsible for the vast majority of nefarious domains. “It is worth noting that in .science, of the 230,000 domains in the TLD, over 144,000 (63%) have been blacklisted and even more noteworthy, perhaps, is that the blacklisted domains in .science are dominated by a single registrant. Similarly, the blacklisted domains in the .racing TLD are also largely the work of a single registrant entity.”

By analysing Whois records, the DomainTools team was also able to identify which email providers had the highest concentrations of malicious domains and mynet.com was at the top of the list. This list also included Microsoft mail providers live.com and outlook.com. “Mynet.com went from being completely absent in 2015 all the way to the dubious distinction of top slot this year, and live.com showed a significant increase in the rates of unsavory domains linked to it” continued Helming. “While it bears repeating that the use of any of these providers is not proof that a domain is dangerous, many of the actual concentrations are extremely high. Only one of the top ten had a lower than 10% incidence of observed bad activity among the domains connected to it.”

The full research is available on the Domain Tools blog: https://blog.domaintools.com/2017/05/the-domaintools-report-spring-2017/

The post DomainTools research finds new generic top level domains (gTLDs) are hotspots for malicious activity appeared first on IT SECURITY GURU.



from DomainTools research finds new generic top level domains (gTLDs) are hotspots for malicious activity

Independent Study Reveals 82% of Service Providers see Clear Business Opportunity in Providing Premium DDoS Protection-as-a-Service to Their Customers

Corero Network Security announced this week the results of the second annual study of service providers, with the objective uncovering the drivers, benefits, and barriers to enhanced DDoS protection with providers offering services like VoIP, UC, transit, public and private cloud services and E-Line and E-LAN functionality.

The findings offer valuable insights into the group’s needs for positioning DDoS protection across their networks, as well as the valuable business benefit to position themselves as leading the charge against DDoS attacks, both in protecting their own infrastructure and offering more comprehensive security solutions to their customers, as a paid-for managed service.

As Stephanie Weagle, VP of marketing at Corero explains- “given that DDoS attacks are growing in frequency and sophistication, it’s not at all surprising that providers are prioritizing and enhancing DDoS mitigation service offerings, and understand the revenue opportunity that such a service brings to the table.  It’s much more cost effective—and less complicated—for a business to secure DDoS protection from their trusted provider”.

And she is not wrong; 93 percent of service providers see providing DDoS mitigation in relation to other types of security services to their customers as a high priority, with 37 percent ranking it as more important and 56 percent saying it was just as important. This is an increase of 10 points from last year. A full 82 percent see a clear business opportunity in providing a DDoS Protection as-a-Service (DDPaaS) to their customers.

Even as service providers are clearly concerned about DDoS and its effects, the top issue in providing DDPaaS was proving the value of the service to customers, as cited by 39 percent survey respondents.  Other concerns in deploying DDPaaS include a requirement for per-customer visibility and protection capabilities from a single management console (held by 23 percent); and cost (21 percent).

In ranking what providers are looking for in an ideal DDoS solution, unsurprisingly, the results display a wide range of requirements.

  • The ability maintain bandwidth/throughput in the face of a DDoS attack was ranked most important at 42 percent, similarly to last year.
  • Unsurprisingly, the ability to handle high-volume, indiscriminate attacks ranked second highest in importance to 29 percent of respondents.
  • The ability to mitigate attacks in seconds’ vs minutes or more, and ability to handle attacks that are aimed at disrupting specific applications, 25 percent each.
  • The ability to reduce overall CAPEX/OPEX was key for about a fifth of service providers, 22 percent

The capability to integrate DDoS attack mitigation with third-party DDoS detection tools, the ability to provide reporting and visibility into attack types and mitigation that was executed, as well as a solution with low false blocking rates all scored relatively equally as requirements in deploying a DDoS mitigation solution.

With the end user demand for a premium DDoS as a service options, providers which position themselves with automated, sophisticated DDoS protection will not only find themselves rewarded with customer loyalty, but with an edge over their competitors as well.

For more on how ISPs can take advantage of dedicated DDPaaS offerings and how Corero is paving the way for real-time protection and significant services revenue potential, download the full Executive Summary: http://www.fiercetelecom.com/future-ddos-protection-turning-threat-into-a-revenue-generating-opportunity.

 

 

The post Independent Study Reveals 82% of Service Providers see Clear Business Opportunity in Providing Premium DDoS Protection-as-a-Service to Their Customers appeared first on IT SECURITY GURU.



from Independent Study Reveals 82% of Service Providers see Clear Business Opportunity in Providing Premium DDoS Protection-as-a-Service to Their Customers

Cybersecurity Best Practices to Win the Game of Chasing Tails

When it comes to our cyber activity, it seems that we are playing a never-ending game of chasing tails with cyber criminals. The more our technologies advance and adapt, so criminals are finding new and sneakier ways to break into systems and take personal and sensitive data hostage.

Unsuspecting industries such as healthcare and hospitality are unwittingly becoming the biggest targets of cyber attacks, as vital information such as health records and access to hotel guest records is suspended until ransom is paid. These kinds of attacks show just how creative the cybercriminal industry continues to be.

The huge WannaCry breach that took place only recently, hitting over 150 countries – including the UK’s NHS hospital system and Germany’s railways is another reminder of the bad guys’ capabilities. This attack could probably be considered the biggest online extortion attack ever recorded after hitting hundreds of thousands of computers.

So, we need to keep one step ahead at all times.

Effective cyber defence requires paying attention to the technologies that are available and using them in the way they are supposed to be used. Companies that take this approach will construct effective barriers meaning hackers will go elsewhere and find an easier target to attack.

Despite the fact that criminals are becoming more complex and scaling up their attacks, two of the fundamental issues that allow these breaches to take place are the fact that businesses are unwilling to invest in the necessary security and prioritise security and secondly there is a lack of education and care amongst employees and non IT staff when it comes to cybersecurity.

Our own AIR Research just launched in May shows  that fewer than one in five (17%) employees cite security as a top thought when using business apps. Furthermore, the number of employees in the UK who “just try not to think about cyber-attacks” was much higher at 32% than the global average which was 21%.

For the defence to stay ahead of the attackers in this cat and mouse game of cybersecurity, these factors need to change. Their needs to be a focus on cybersecurity, it needs to be prioritised and everyone within an organisation needs to take responsibility for keeping defences watertight. Security is only as strong as the weakest link and attackers are adept at finding weaknesses in the defences put in place to keep an organisation safe.

With growing attacks and new European laws most notably GDPR, companies should feel more inclined to consider security precautions as a priority, but crucially, by giving cybersecurity the attention it deserves and investing in well-managed security controls, damage control won’t be necessary.

Organisations have a responsibility to invest in well-managed security tools, which have controls designed to prevent, detect, contain and remediate data breaches. Furthermore, organisations should take care to share simple safeguarding techniques amongst employees and make sure that they are educated around the type of attacks to expect, but ultimately protection systems need to be put in place to keep hackers out.

As employees are an organisation’s greatest tools, the way they contribute to securing the company should also be well-managed. CIO’s and CISO’s should ensure staff have the knowledge, tools and ability to keep themselves and the organisation safe from the myriad of threats that are looking to jump over low barriers or get through chinks in the security armour.

Being ahead in the game of chasing tails isn’t too hard if you can keep up your pace and that’s the same in the game of cybersecurity. A little self-awareness and education and regimented security best practices in the work place can go a long way towards winning.

 

By Duncan Hughes, Systems Engineering Director, EMEA, A10 Networks

The post Cybersecurity Best Practices to Win the Game of Chasing Tails appeared first on IT SECURITY GURU.



from Cybersecurity Best Practices to Win the Game of Chasing Tails

As GDPR deadline looms, time for compliance is running out

GDPR is a game-changing piece of data protection legislation that goes into effect on May 25, 2018. While the legislation includes various components related to how organizations collect, store, manage and protect customer data, the ‘right to be forgotten’ gives individuals the right to have personal data erased. If most organizations cannot locate where their customer data is stored, it will be difficult to fulfill ‘right to be forgotten’ requests, according to Blancco Technology Group.

 

Read Full Story

ORIGINAL SOURCE: helpnetsecurity.com

The post As GDPR deadline looms, time for compliance is running out appeared first on IT SECURITY GURU.



from As GDPR deadline looms, time for compliance is running out

3 Nigerian Cyberthieves Sentenced to Total of 235 Years in Prison

A federal district court sentenced three Nigerian cybercriminals to a collective 235 years in prison for tens of millions of dollars in intended losses via identity theft, credit card fraud, mail fraud, and pilfering government property, the US Department of Justice announced today. Femi Alexander Mewase, 45, received a 25-year prison sentence; Oladimeji Seun Ayelotan, 30, received a 95-year prison sentence; and Rasaq Aderoju Raheem, 31, was sentenced to 115 years in prison. The three were part of a 20-member gang of cyberthieves, of which six were extradited from South Africa to Mississippi to face charges in the case.

View Full Story

ORIGINAL STORY: darkreading.com

The post 3 Nigerian Cyberthieves Sentenced to Total of 235 Years in Prison appeared first on IT SECURITY GURU.



from 3 Nigerian Cyberthieves Sentenced to Total of 235 Years in Prison

Kremlin critics targeted in hacking attack

Hackers are stepping up efforts to steal and manipulate emails from critics of the Russian government, security researchers say, using techniques that were hallmarks of a cyber attack on Emmanuel Macron’s campaign on the eve of France’s presidential election.

 

View Full Story Here

ORIGINAL SOURCE: Financial Times

The post Kremlin critics targeted in hacking attack appeared first on IT SECURITY GURU.



from Kremlin critics targeted in hacking attack

WannaCry: Ransom note analysis throws up new clues

As the world works towards identifying the perpetrators of the WannaCry ransomware campaign, one group of cybersecurity researchers says they’ve likely determined the native language of the writer of the ransom note, another potential step towards attributing the attack. A number of cybersecurity firms have tentatively linked the attack to North Korea, but now analysis of WannaCry ransom notes in 28 languages by researchers at Flashpoint has led them to the conclusion that those behind the ransomware text are likely Chinese speaking.

 

 

View Full Story Here

ORIGINAL SOURCE: zdnet.com

The post WannaCry: Ransom note analysis throws up new clues appeared first on IT SECURITY GURU.



from WannaCry: Ransom note analysis throws up new clues

Was the Pirates of the Caribbean 5 hack a hoax? Disney CEO says no movie was stolen

Disney CEO Bob Iger has reportedly confirmed that the company was not hacked and no movie was stolen by hackers. Reports of Disney having allegedly been hacked and held to ransomrecently broke, just days before the much-anticipated release of the Pirates Of The Caribbean: Dead Men Tell No Tales movie. However, the hackers’ threat to release portions of the movie in parts appears to have been a bluff. “To our knowledge we were not hacked,” Iger told Yahoo Finance. “We had a threat of a hack of a movie being stolen. We decided to take it seriously but not react in the manner in which the person who was threatening us had required. We don’t believe that it was real and nothing has happened.”

View Full Story Here

ORIGINAL SOURCE: IB Times

The post Was the Pirates of the Caribbean 5 hack a hoax? Disney CEO says no movie was stolen appeared first on IT SECURITY GURU.



from Was the Pirates of the Caribbean 5 hack a hoax? Disney CEO says no movie was stolen

The GDPR: The SME approach to the ‘Right to be Forgotten’

With just one year to go, businesses in the UK are looking for a practical approach to preparing for the GDPR and its more challenging aspects, in particular the ‘right to be forgotten’ (RTBF).

From May 25th 2018 onwards, if a company is presented with an RTBF request, they will have 30 days in which to find that individual’s information and delete all records of it that are no longer being used for their original purpose, unless they are required to be held for other regulatory reasons.

Where to start?

GDPR related information will often flow through a complex data supply chain and the majority of small to medium sized businesses have no mechanisms to record where it is sent or saved, let alone which data should be kept or deleted.

Much of it will be in obvious places like CRM databases or employee HR systems, however a lot will be more difficult to locate, especially when taking into consideration the operations many businesses outsource. This might include the bank details sent to a pensions provider or even the order form shared with a logistics provider via cloud applications. Even when the information goes outside of an organisation, this data is still a business’ responsibility, so they need to know who they’ve shared it with so they can make a corresponding RTBF request.

The first step any business should take is understanding how the GDPR’s requirements relate to any existing regulation the organisation might be subject to. Once current regulations have been reviewed, firms will be in a better position to conduct an information discovery audit to understand exactly what personal data they hold and where it can be found.

Putting a system in place

Furthermore, a business will need to map the data flows in and out of the organisation to build a picture of where the GDPR data is going and who it is going to. Ultimately, compliance requires three different areas to be considered:

People are an organisation’s biggest strength and biggest weakness. They make mistakes, store information in the wrong place, and use shortcuts which frequently puts data out of control of the IT department. Companies need to understand how their employees share information, and look at education or awareness programmes, or cultural changes, to plug gaps.

Processes and associated policies are not just about preparing for a RTBF request, but also defining the action a business will take when it gets one. Becoming compliant is really about good data governance and reducing risk, such as limiting who can access and share certain information, preventing information from leaving a network and creating contracts with suppliers dictating how they may use personal data.

Technology can help GDPR compliance by automating manual data protection processes, enforcing security policies and providing visibility of data flowing in and out of an organisation. Adaptive security systems can be set up to automatically and consistently redact GDPR information out of any communications, based on policy, especially when it is leaving the organisation. This helps avoid human error such as an email to the wrong person, whilst also saving a company redesigning many processes such as applications that automatically generate customer reports.

Better data governance, better business

Compliance will have a positive knock on effect on a business’ success, most notably the improved trust with existing and prospective customers and clients, as well as any partners – a significant factor in the ability for a business to grow. By implementing the right processes and policies, and strengthening this with certain technologies, businesses will be well on the way to being GDPR compliant and ready for that first RTBF request.

 

Dr Guy Bunker, SVP of Products, Clearswift

The post The GDPR: The SME approach to the ‘Right to be Forgotten’ appeared first on IT SECURITY GURU.



from The GDPR: The SME approach to the ‘Right to be Forgotten’

Thursday, 25 May 2017

Nearly 50% of manufacturers don’t test their devices highlighting critical security deficiencies in today’s medical devices

The latest Synopsys and Ponemon study Medical Device Security: An Industry Under Attack and Unprepared to Defend has been released today and highlights the critical security deficiencies in today’s medical devices.

Alarmingly only 53% of healthcare delivery organisations (HDOs) said they tested the medical device at least once a year with 43% of manufactures said they don’t test devices at all.

“The security of medical devices is truly a life or death issue for both device manufacturers and healthcare delivery organizations,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “According to the findings of the research, attacks on devices are likely and can put patients at risk. Consequently, it is urgent that the medical device industry makes the security of its devices a high priority.”

The survey, which was conducted by the Ponemon Institute, a leading IT security research organisation, reviewed more than 550 individuals from manufacturers and HDOs to identify whether device makers and HDOs are in alignment about the need to address cybersecurity risks.

Unfortunately, it was found 67% of medical device manufactures and 56% of HDOs believe an attack on a medical device built in or in use by their organisations is likely to occur over the next 12 months.

Furthermore, 80% of device makers and HDOs report that building secure devices is becoming increasingly more challenging. The main vulnerabilities in medical devices mainly revolved around coding deficiencies with accidental coding errors, lack of knowledge/training on secure coding practises and pressure on development teams to meet product deadline heighted as the main issues.

Following the industry FDA guidelines also proves to be an obstacle as only 51% of device makers and 44% of HDOs follow current FDA guidance to mitigate of reduce inherent security risks in medical devices.

“These findings underscore the cybersecurity gaps that the healthcare industry desperately needs to address to safeguard the well-being of patients in an increasingly connected and software-driven world,” said Mike Ahmadi, global director of critical systems security for Synopsys’ Software Integrity Group. “As we saw with the past two studies on the Building Security in Maturity Model (BSIMM), the healthcare industry continues to struggle when it comes to software security. The industry needs to undergo a fundamental shift, building security into the software development lifecycle and across the software supply chain to ensure medical devices are not only safe, but also secure.”

To view the full report click here: https://www.synopsys.com/software-integrity/resources/analyst-reports/medical-device-security-report.html

The post Nearly 50% of manufacturers don’t test their devices highlighting critical security deficiencies in today’s medical devices appeared first on IT SECURITY GURU.



from Nearly 50% of manufacturers don’t test their devices highlighting critical security deficiencies in today’s medical devices

Cybersecurity Eccentric series ‘The Wolf’ Returns for season 2

Cybersecurity eccentric show ‘The Wolf’ returns for season 2

The popular cyber security eccentric series by HP ‘The Wolf’ is coming back for a second season. When the first season was released, everyone wondered if we have finally reached the zenith of entertainment that is scripted.

Christian Slater was chosen as the lead of the show in which he was called Mr.Robot who would hack operating systems using his phone. Now Slater is back and the teaser of the series show him sitting on boat messing with people’s health records. The show is all set to premiere at Cannes.

Read more details 

The post Cybersecurity Eccentric series ‘The Wolf’ Returns for season 2 appeared first on Cyber Security Portal.



from Annadiane Annadiane – Cyber Security Portal https://cybersecurityportal.com/cybersecurity-eccentric-series-wolf-returns-season-2/

DDoS Attacks Fell 23% in First Quarter, Grew in Size

Although the number of DDoS attacks dropped in the first three months of the year, the average size of each attack grew, according to a Verisign report released Tuesday. DDoS attacks during the first quarter fell by 23%, but the average peak size ballooned by 26% to 14.1 Gbps compared with the previous quarter, according to the Verisign Q1 2017 DDoS Trends Report released Tuesday. The largest DDoS attack during the first quarter generated volume over 120 Gbps, with approximately 90 million packets per second slamming the targeted network at its peak, according to the report. This attack lasted more than 15 hours.
View Full Story 

Original Source: darkreading.com

The post DDoS Attacks Fell 23% in First Quarter, Grew in Size appeared first on IT SECURITY GURU.



from DDoS Attacks Fell 23% in First Quarter, Grew in Size

Android Users Tricked Into Installing Malware Via “App-For-Money” Scheme

An eight-month-long investigation by Roman Unuchek, a security researcher at Kaspersky Lab, has uncovered one of the most complex malware distribution schemes seen to date on the Android malware scene. According to Unuchek, for the last year, the criminal group behind the Ztorg Android trojan has been using so-called “rewards apps,” to deliver malware on the devices of unsuspecting users. These “rewards apps” are Android apps that provide money to users who install apps from their collection. A user using a rewards app usually earns a commission of a few US cents if he installs an app on his device. The more apps they install, the more money they earn, which they can then use to buy game coins or access to commercial apps.

View Full Story 

ORIGINAL SOURCE: bleepingcomputer.com

The post Android Users Tricked Into Installing Malware Via “App-For-Money” Scheme appeared first on IT SECURITY GURU.



from Android Users Tricked Into Installing Malware Via “App-For-Money” Scheme

Fat-thumbed dev slashes Samba security

Sysadmins tending Samba need to get patching. Samba’s announcement, here, explains that it’s suffering from a remote code execution bug that applies to all versions newer than Samba 3.5.0. The software, currently at version 4.6.4, provides *nix integration with Windows file and print services. In CVE-2017-7494, a malicious client can “upload a shared library to a writable share, and then cause the server to load and execute it.”

View Full Story 

ORIGINAL SOURCE: theregister.co.uk

The post Fat-thumbed dev slashes Samba security appeared first on IT SECURITY GURU.



from Fat-thumbed dev slashes Samba security

Tech Support Scammers Are Exploiting Mass Hysteria Surrounding WannaCry

As everyone expected, scammers are attempting to cash in on the mass hysteria currently surrounding the WannaCry ransomware outbreak, a mass-infection took place over the weekend of May 12 and 14, and whose effects we still feel today. While the WannaCry attacks have been stopped thanks to a British researcher named MalwareTech, the ransomware’s virulent attacks have made everyone take notice.

View Full Story 

ORIGINAL SOURCE: bleepingcomputer.com

The post Tech Support Scammers Are Exploiting Mass Hysteria Surrounding WannaCry appeared first on IT SECURITY GURU.



from Tech Support Scammers Are Exploiting Mass Hysteria Surrounding WannaCry

Republican lawmaker suggests DNC hack may have been ‘insider job’ citing ‘stuff on the internet’

Republican Representative Blake Farenthold of Texas suggested on Wednesday (24 May) that the 2016 Democratic National Committee hack could have been an “insider job”, citing “stuff circulating on the internet”. Last year, whistleblowing outfit WikiLeaks leaked thousands of embarrassing internal emails from top Democratic officials. Earlier this week, Fox News retracted a story that fuelled a conspiracy theory linking the murder of Seth Rich, a DNC staff member in Washington DC in July last year, to the leaking of Clinton campaign emails to WikiLeaks. The outlet determined that the story did not live up to its editorial standards.

View Full Story

ORIGINAL SOURCE: IB Times

The post Republican lawmaker suggests DNC hack may have been ‘insider job’ citing ‘stuff on the internet’ appeared first on IT SECURITY GURU.



from Republican lawmaker suggests DNC hack may have been ‘insider job’ citing ‘stuff on the internet’

Positive’s free BlackBox scanner allows companies to take control of their website security

PT BlackBox Scanner allows website owners to find vulnerabilities which are increasingly used by hackers as first point of breach

Positive Technologies have proved yet again, their dedication to provide free tools back to the cybersecurity community. In an announcement this week, Positive Technologies revealed the availability of beta testing on a free online service – giving businesses an efficient and effective way to uncover issues in their website applications.

By simply entering the sites URL into a web-based interface, the PT Black Box allows users to immediately begin a free scan, which works by tunnelling all requests through the user’s machine, confirming origination. Alternatively, they can validate their own website, by simply placing a confirmation code in the sites root directory prior to the scan.

As Yury Maskimov (CEO of Positive Technologies) explains, “Website application vulnerabilities are now one of the most common ways that cyber-attackers compromise companies.  In a world where the increasing majority of business is now run on code, this is a big problem.  For companies, both big and small, it means legal and financial risk.  For people, the possibility of having personal details exposed and fraud.” This suggests that by providing the BlackBox scanner for free, Positive Technologies is allowing companies to take initiative and control of the growing threat facing their websites today.

With over 15 years of expertise in application security, this is not the first-time Positive Technologies has provided free tools like the Backbox scanner; in fact, it traces all the way back to their roots, when in 2000, they launched the popular vulnerability scanner ‘Xspider’.

“We believe in trying to put security back on the front foot, allowing people to be proactive and find the weak points in their infrastructure before an attacker does.  We also believe in drawing on our expertise to help make the online world a safer place, which is why we are providing BlackBox Scanner for free, letting people take the initiative back and have more control over the security of their website.”

For more information on BlackBox Scanner, or to use the service, visit http://bbs.ptsecurity.com/en

The post Positive’s free BlackBox scanner allows companies to take control of their website security appeared first on IT SECURITY GURU.



from Positive’s free BlackBox scanner allows companies to take control of their website security

European businesses not seeking help from the security industry to comply with GDPR regulations

European research conducted by PAC on behalf of Reliance acsn has outlined the challenges and concerns that security professionals across Europe are facing and how they approach the serious issue of outsourcing functions. One of the key findings of the report was that compliance and GDPR were not seen as important reasons for employing third party security firms, despite the need for detailed knowledge to comply with regulations.

With just over 12 months to go until GDPR becomes active, the research indicated very little awareness of how Managed Security Service Providers (MSSPs) could support businesses to comply with the EU legislation. Only 20% of respondents said it was a good reason to employ an MSSP, highlighting the need to educate businesses on the crucial role MSSPs can play in achieving compliance.

Other key findings from the research included:

  • Key drivers of digital transformation – including cloud, mobility and IoT – are the biggest source of security concerns for European organisations. 50% of respondents see digital transformation in itself as a security risk
  • Cost savings and efficiency dominate management thinking with 69% of respondents saying they were major goals of managed security service adoption
  • The cyber security skills shortage is beginning to impact heavily on businesses’ decisions to use a MSSP, with 30% looking to gain access to expert analysis

John Madelin, CEO at Reliance acsn said: “Cybersecurity is a rapidly growing problem and a growing area of focus for the board. This report has shown that organisations are considering moving some operations in-house and that cost reductions are still the top driver for employing MSSPs, even in the face of major shifts, such as GDPR. Ultimately, organisations need to focus first on securing their critical assets and to do this properly a managed end-to-end security approach is needed. This is challenging to handle alone, not just for in-house IT departments but also for MSSPs. As a result we expect to see closer partnerships with our customers in a more integrated fashion in order to safeguard the business against cyber threats. ”

Paul Fisher, Research Analyst and Cyber Security Lead at PAC commented: “The fact that compliance and more especially, GDPR, has such a low priority among our respondents is worrying. I do not believe that they are burying their hands in the sand, more that the implications and complexity of GDPR compliance have not yet fully sunk in. It is an area that many organizations may now need urgent external help.”

The PAC research “Managing Security in the Digital Era” was conducted in February 2017 across: UK, France, Germany, Nordics, Ireland and the Netherlands. The field research questioned 200 CISCOs, CIOs, CTOs and other C-Suite professionals across manufacturing, retail, transport and services sectors.

The full research can be downloaded here: https://www.relianceacsn.co.uk/managing-security-in-the-digital-era/

The post European businesses not seeking help from the security industry to comply with GDPR regulations appeared first on IT SECURITY GURU.



from European businesses not seeking help from the security industry to comply with GDPR regulations

Role-based Access Control: Access, security, info tracking

Access to data is of the highest concern for leaders of the world’s most complex businesses. The amount of data stored on any network is typically immense. Relating this data to your user’s account information in Active Directory can be tricky and time consuming, yet there are security concerns that must be addressed. In this regard, proper data security includes three components: Ensuring new employee accounts are created properly when the employee is on boarded; ensuring those access rights remain accurate for each of the organization’s employee’s tenure; revoking access rights when an employee leaves the organization. The third step listed here is the most important of the three.

These security phases identified, a more in-depth look at solutions for all three of these phases of data security is required.

Access governance and the role of role-based access control

A profoundly effective solution to mitigate these security risks is role-based access control, which, in the real world starts with the creation of a matrix. Unlike the complexities of a dark computer otherworld ravage by a seeker named Neo, the kind of matrix referred to here is the development of a diagram that characterizes the rights of each employee with respect to every object or access they need in the system. Butler W. Lampson first introduced it in 1971. Lampson is an American computer scientist contributing to the development and implementation of distributed, personal computing, and a technical fellow at Microsoft and an adjunct professor at MIT

A role-based access control matrix along, with an identity management solution, allows you to account for the creation of new employees’ accounts and credentials generated with proper access rights. Thus, as first designated by Lampson (though it has evolved immensely) the first step of this matrix stage is to define the roles that each employee should have in every part of the organization. You can identify these roles using a combination of department, location and job title, for example. The end result of a somewhat tedious matrix-building process allows you to create a template for new employees and as an audit point of reference for use in the future.

Access rights of employees usually creeps into multiple areas over the course of an employees’ tenure. The longer an employee works with you, the more likely they are to gain access to systems they don’t necessarily need to perform their primary job. For example, rights might be assigned to one employee for special projects while one employee is covering for another on leave or when an employee changes departments and responsibilities. However, revocation of this access is infrequent at best. Automated solutions can analyze the rights of all employees at any given time and provide lists of actionable information.

RBAC and information audits

Performing information audits can be a challenge, no doubt, but you better get used to them. They are here to stay, and necessary. Once an audit of access rights is performed, it can be compared against the baseline template for each employee role initially established. Any issues can be verified or revoking of the rights can be administered automatically. That said, termination of rights must be done immediately when an employee leaves.

Here’s a real world example of a situation that might strike at the heart of current reality. In experience personally related to me by the manager of an organization I work with, a sales manager for a major corporation had terminated one of this sales reps. The organization did not have a process in place to disable access in a timely manner to a cloud-based business intelligence application used by the sales rep. At some point, the terminated employee realized the account was still “live” and he proceeded to download more than 10,000 records over the course of a month, which cost to the company more than $6,000 before they turned off the former employee’s access.

Perhaps that’s a small drop in the bucket, but imagine if these costs ballooned to 10, 20 or 30 times more. It happens, and like it or not, the majority of breaches are inside jobs. The organization simply left the side door wide open, no key required. When putting a process in place to handle terminated employees, link to your HR system. When an employee is terminated, a synchronization process can take place to decommission accounts in all internal and external systems. Ensure that proper access to data, groups and applications are right for each employee. Revoke accounts when an employee leaves. Failure to do so can be costly.

By Dean Wiech, Managing Director at Tools4ever US.

The post Role-based Access Control: Access, security, info tracking appeared first on IT SECURITY GURU.



from Role-based Access Control: Access, security, info tracking

Wednesday, 24 May 2017

CIOs increasingly focus on innovation

Two-thirds of organizations are adapting their technology strategies in the midst of global political and economic uncertainty, with 89 percent maintaining or ramping up investment in innovation, including in digital labor, and 52 percent investing in more nimble technology platforms, according to the 2017 Harvey Nash/KPMG CIO Survey. It is clear digital strategies have infiltrated businesses across the globe at an entirely new level. The proportion of organizations surveyed that now have enterprise-wide digital strategies increased 52 percent in just two years, and those organizations with a chief digital officer have increased 39 percent over last year.

View full story

ORIGINAL SOURCE: Help Net Security

The post CIOs increasingly focus on innovation appeared first on IT SECURITY GURU.



from CIOs increasingly focus on innovation

Jaff Ransomware Switches to the WLU Extension and Gets a New Design

A new variant of the Jaff ransomware was discovered by security researcher Brad Duncan that includes an updated design for the ransom note and the new WLU extension for encrypted files. Like the first variant of Jaff, this new version continues to be distributed through MALSPAM campaigns that utilize malicious documents and macros to download and install the ransomware. For those who are infected, or just wish to discuss the Jaff ransomware, you can do so in our dedicated Jaff Ransomware Help & Support Topic.

View full story

ORIGINAL SOURCE: BleepingComputer

The post Jaff Ransomware Switches to the WLU Extension and Gets a New Design appeared first on IT SECURITY GURU.



from Jaff Ransomware Switches to the WLU Extension and Gets a New Design

Twitter flaw allowed you to tweet from any account

http://www.zdnet.com/article/twitter-flaw-allowed-you-to-tweet-from-any-account/
A Twitter security flaw which went undetected for years allowed attackers to post messages masquerading as any user they chose. A security researcher that goes under the moniker Kedrisch disclosed the flaw on Tuesday, which was present on the microblogging platform until 28 February this year. Discovered in Twitter Ads Studio, a platform for advertisers to upload media and content, the high-severity bug appeared in the service library where users can review media before publishing.

View full story

ORIGINAL SOURCE: ZDNet

The post Twitter flaw allowed you to tweet from any account appeared first on IT SECURITY GURU.



from Twitter flaw allowed you to tweet from any account

Government plans to push through powers that will force tech giants to hand over encrypted messages

Swiftly after the UK’s surveillance laws came into force at the end of last year, a legal challenge was launched by privacy campaigners to fight the bulk data collection allowed under the law. The government’s implementation of the Investigatory Powers Act is now continuing with ministers saying they will push through powers to allow for almost real-time surveillance and the removal of encryption. According to a report by The Sun, following the Manchester bombings which killed 22 people, a Conservative government will approve technical regulations that say encrypted data should be accessible to law enforcement officials.

View full story

ORIGINAL SOURCE: WIRED

The post Government plans to push through powers that will force tech giants to hand over encrypted messages appeared first on IT SECURITY GURU.



from Government plans to push through powers that will force tech giants to hand over encrypted messages

Media players wide open to malware fired from booby-trapped subtitles

Hackers have gone back to the future by attempting to infect targets with booby-trapped subtitle files. By crafting malicious subtitle files for films and TV programmes, which are then downloaded by viewers, attackers can hope to take complete control of any device running the vulnerable platforms. Hackers have pushed trojans under the guise of subtitle files as far back as 2003. This time around vulnerabilities in particular media player software packages are playing a role in facilitating the attack. Users of popular players – including VLC, Kodi, Popcorn Time and Stremio – are most at risk, according to researchers at security firm Check Point.

View full story

ORIGINAL SOURCE: The Register

The post Media players wide open to malware fired from booby-trapped subtitles appeared first on IT SECURITY GURU.



from Media players wide open to malware fired from booby-trapped subtitles

Businesses should not ignore rising ransomware risks

With the number of victims of cybercrimes rising through methods such as ransomware, an IT and communication expert is calling for business owners to take action now or run the risk of being the next victim of a vicious cyber-attack that could lead a company into devastation.

Ransomware – whereby malicious software prevents or limits access to a computer system until a sum of money is paid – is causing chaos the world over and should be of major concern to businesses. This is warning from Simon Ahearne, managing director of SA1 Solutions, who claims with the top delivery method for ransomware being email, too many organisations are at risk of an attack. These emails, disguised as being from a genuine sender, contain infected attachments and/or links to malicious websites that can infect a device in seconds.

Ransomware is becoming more and more of a problem for both businesses and consumers. Skype, for example, has been highlighted recently as a new avenue for cybercriminals to target users with ransomware. This malicious ransomware campaign attacks Window’s 10 PCs through adverts in Skype – a worry for businesses using Skype for corporate communications, as well as consumers using the popular video call software.

Swansea-based SA1 Solutions advises businesses to use an advanced email security and filtering system, which gives piece of mind that security threats are minimised. Using a managed email solutions provider can give businesses a fully-integrated email security and cloud-based solution. This means an organisation is protected from the most sophisticated email threats, as well as accidental or malicious data leakage via email.

Additional methods of protection include ensuring business owners or chief information officers (CIOs) have a back-up of their organisation’s data in place as a standard practice so important information is not lost, should an attack occur; educating employees to not open links in emails or email attachments from unknown or suspicious senders; and ensuring regular updates are run on devices that help stop the latest cybercrime campaign being successful.

Ahearne commented:

“Ransomware is the biggest threat facing businesses of all sizes today. We have received an immense amount of calls of late from those who left it too left and have already fallen victim to these nuisance attacks.

“Ignoring the risks of being infected by ransomware is simply not an option unless you want your company to go into meltdown. Being a victim of an attack can not only lead to financial loss but reputational damage, and this message needs to be realised by business owners. Being proactive and having the reassurance that your business and its vital data is safe needs to happen now.”

SA1 Solutions is a leading managed service provider based in South Wales, offering services to over 200 customers across the UK.

The post Businesses should not ignore rising ransomware risks appeared first on IT SECURITY GURU.



from Businesses should not ignore rising ransomware risks