Getting

now browsing by tag

 
 

#nationalcybersecuritymonth | Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC

Source: National Cyber Security – Produced By Gregory Evans Hank Thomas and Mike Doniger, getting the specs on the cyber SPAC Sunday, January 26, 2020 In this special edition, our extended conversation with Hank Thomas and Mike Doniger from their new company SCVX. Both experienced investors, their plan is to bring a new funding mechanism […] View full post on AmIHackerProof.com

#cybersecurity | Have you updated your browser yet? Severe Chrome Zero-day vulnerability getting actively exploited

Source: National Cyber Security – Produced By Gregory Evans

Estimated reading time: 2 minutes

Attention! Are you using Chrome as your web browsing software on your Windows, Linux and Mac? High time you update your browser!!

That’s right. With Google recently releasing Chrome version 78.0.3904.87 for Windows, Mac, and Linux, there come’s an urgent warning, requesting billions of users to update their software immediately. The warning comes after news of hackers exploiting two high-severity zero-day vulnerabilities. Apparently, the new Chrome version addresses these vulnerabilities.

What are these zero-day vulnerabilities?

According to Google, the following 2 zero-day vulnerabilities have been detected:

  • CVE-2019-13720 – This is basically a use-after-free-bug that has been detected in the audio component of Chrome.
  • CVE-2019-13721 – This again is a user-after-free security vulnerability and affects the PDFium library. This is basically used to view and generate PDF files in your browser, a feature that is commonly required by users.

How do these vulnerabilities work?

user-after-free security vulnerability is basically a memory-corruption flaw that allows modification or corruption of memory data, allowing a hacker to take control of an affected software or system. All that the remote attackers need to do, is to escalate privileges on your Chrome web browser by convincing you to click and visit a malicious website. This instantly allows attackers to run malicious code on your affected system while bypassing any sandbox protections.

How can you protect yourself?

The use-after-free vulnerability has been existing in the wild for quite some time now and is one of the most commonly discovered vulnerabilities. Thus, the chances of it reappearing in frequent periods are high.

Thankfully, Google has already released an update for this new Chrome version, to patch this active zero-day vulnerability and the stable channel has been updated to 78.0.3904.87. So now, all you need to do is to Click on the update arrow visible at the top-right corner of Chrome browser. Once you have successfully updated to the latest version of Chrome across your desktop and mobile, you will become safe from these vulnerabilities.

Such security bugs and vulnerabilities are bound to appear and reappear from time to time. It is for this reason that Quick Heal strongly recommends that you keep your web browser and security products up-to-date and follow best security practices for optimum defense against the rising/evolving threats and zero-day vulnerabilities.

 

Have something to add to this story? Share it in the

Source link

The post #cybersecurity | Have you updated your browser yet? Severe Chrome Zero-day vulnerability getting actively exploited appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Cyber threats in financial institutions: Getting the basics right

Source: National Cyber Security – Produced By Gregory Evans

Murali Urs

The WannaCry Ransomware which hit businesses including banks globally didn’t spare India, which was the second-worst affected country in APAC according to reports. It was a reality check for financial institutions as the attack was estimated to have affected more than 150 countries and caused millions of dollars in damage. The banking system often emerges as a sitting duck since it is the softest and most effective target.

In India too, cyber frauds are on the rise. According to a report by the Reserve Bank of India, a total of 2,059 cases of cyber fraud were reported in 2017-18 amounting to Rs 109.6 crore. The recent frauds at Cosmos Bank and State Bank of Mauritius branch based in Mumbai are only the beginning, with rise in digital transactions and their spread to the interiors of the country, cyber frauds at banks are on the rise.

Why Financial services?

The financial services industry is naturally a lucrative target for cyber criminals. The primary targets which are usually compromised in cyberattacks on banks are the SWITCH and SWIFT systems. SWITCH is a group of servers that are responsible for sending approval request from the ATM to the core banking system. SWIFT, on the other hand, is a global provider of a secure inter-banking messaging solution.

The SWITCH and SWIFT are the most sensitive components of the banking infrastructure, as they are responsible for the authorization of fund transfers. Each piece of information hacked—whether it is the data stored on the network, competitive intelligence, access to confidential email or trading strategies–typically has different types of buyers and methods for selling. Many forums and dark web sites exist for this purpose.

It is estimated that over 90% of all successful hacking scams start with a phishing attack. CFOs and finance staff are one of the most targeted employees in the company when it comes to email fraud. Hackers choose finance employees due to their access to company finances and other sensitive information.

Fighting the threat

The industry needs to start thinking cybersecurity from the ground-up and not as an afterthought. Organisations must act more aggressively, constructively and comprehensively to address security threats. There needs have better understanding about simple vulnerabilities such as weak endpoint security and lack of security awareness.

100 percent security is impossible for any organisation; however, the below approach will go a long way in combating financial hacking:

  • Installing Threat Detection: Organizations in India can improve their cybersecurity systems with more focused monitoring of critical servers and the usage of powerful detection technologies.
  • Automation: Automating to optimize incident response and building resiliency.
  • Initiate checkpoints for large fund transfers with manual inspection: As we have seen in the case of multiple financial heists, there are few common errors that could have been easily caught using manual inspection.
  • Train the employees: Employees are primary concern in cyber security. Lack of skilled cybersecurity professionals, unprepared security operations team are all proving to be great challenges. Training the workforce and creating awareness will help prevent a lot of cyber incidents.

The best way to fend off and respond to an attack is to internalize cyber-resiliency and cyber-agility tactics. Additionally, financial services companies must prioritize the value of information assets. Allocating additional budget towards company crown jewels is a good place to start. Leading technologies are only as effective as the company’s cyber-risk culture. Financial institutions must be aware of evolving risks and establish a plan for business continuity.

The author is Country Manager – India at Barracuda Networks. Views are personal.The Great Diwali Discount!
Unlock 75% more savings this festive season. Get Moneycontrol Pro for a year for Rs 289 only.
Coupon code: DIWALI. Offer valid till 10th November, 2019 .

Source link

The post #cyberfraud | #cybercriminals | Cyber threats in financial institutions: Getting the basics right appeared first on National Cyber Security.

View full post on National Cyber Security

NIST #Cybersecurity Framework #Getting a #Facelift, Looking to Make #Adoption #Easier

One of the biggest obstacles to securing the nation’s critical infrastructure components, as well as to securing enterprise environments, is poor coordination.

Whether it’s the lack of a common vocabulary, a lack of agreement about best practices and recommended methodologies, or simply seeing security through different lenses, it’s clear that without a common playbook from which to collaborate, the public and private sectors both struggle to work create truly effective security strategies.

It’s against that backdrop that the National Institute of Standards and Technology is preparing to release an updated version of its Cybersecurity Framework, with an eye on making the framework easier to understand and adopt. NIST is currently reviewing public comments on the draft update (the comment period ended in January), and is expecting to release the new framework later this year.

The Cybersecurity Framework, which was first mandated by the Cybersecurity Enhancement Act of 2014, was born from an executive order issued by Barack Obama in 2013. Originally conceived as a way to get private sector entities charged with protecting critical infrastructure components such as roads, bridges and the power grid on the same page, the Cybersecurity Framework has subsequently been adopted by industries and organizations of all types and sizes.

Read More….

advertisement:

The post NIST #Cybersecurity Framework #Getting a #Facelift, Looking to Make #Adoption #Easier appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Why We Need to Worry More Than Ever About Getting Hacked

Source: National Cyber Security – Produced By Gregory Evans

The narrative around hacking has changed. Thanks to the proliferation of high-profile hacks in recent years, we’re no longer asking ourselves, “What if?” Now, the question is, “When?” After all, if a powerhouse with unlimited resources like HBO is vulnerable to a hack, surely anyone is susceptible. It can be…

The post Why We Need to Worry More Than Ever About Getting Hacked appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Bitcoin Exchange Denies Getting Hacked After Customers Lose $3 Million

Source: National Cyber Security – Produced By Gregory Evans

OKEx, a Bitcoin exchange based in China, issued a statement over the weekend, denying it was hacked and blaming recent thefts on careless users who didn’t secure their accounts. Rumors that hackers breached OKEx started since the end of August when several users began complaining about funds disappearing from their…

The post Bitcoin Exchange Denies Getting Hacked After Customers Lose $3 Million appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Getting the Word Out: How Cyber Security Marketers Can Respond to Major Cyber Attacks

Source: National Cyber Security – Produced By Gregory Evans

As we head into the second half of 2017, cyber attacks and security breaches are increasing in both size and frequency. For example, information from the Computer Crime and Intellectual Property Section of the U.S. Department of Justice shows that more than 4,000 ransomware attacks occurred every day in 2016,…

The post Getting the Word Out: How Cyber Security Marketers Can Respond to Major Cyber Attacks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Karamba Is Writing Software to Keep Your Connected Car from Getting Hacked

Source: National Cyber Security – Produced By Gregory Evans

With cars becoming more connected and autonomous, cybersecurity is a constant worry for automakers. They dread the likelihood of intrusions into the connected car from hackers, terrorists, extortionists, and thieves (see “Your Future Self-Driving Car Will Be Way More Hackable”)—not to mention the random 12-year-old with mischief in mind. Apprehensions…

The post Karamba Is Writing Software to Keep Your Connected Car from Getting Hacked appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

IRS is getting better at helping identity theft victims

Source: National Cyber Security – Produced By Gregory Evans

IRS is getting better at helping identity theft victims

The Internal Revenue Service is making strides in assisting victims of tax-related identity theft more promptly and making fewer errors on cases, thanks to a more centralized approach, according to a new government report. The report, from the Treasury Inspector General for Tax Administration, found the IRS has improved its…

The post IRS is getting better at helping identity theft victims appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Billings cyber security businesses getting busier in the wake of global WannaCry virus

A cyber attack that spread ransomware across the globe managed to disable computer networks and strike panic in private businesses and government agencies. But by one measure, the WannaCry attack was a dud. The perpetrators of the virus — some are pointing fingers at hackers in North Korea — demanded that their victims pay ransom […] View full post on National Cyber Security Ventures