security
now browsing by tag
#romancescams | Two Russians Charged in $17M Cryptocurrency Phishing Spree — Krebs on Security | romancescams | #scams
U.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout […] View full post on National Cyber Security
Beijing Attempts To Remake Hong Kong In Its Image As National Security Law Takes Hold | #teacher | #children | #kids | #parenting | #parenting | #kids
Textbooks censored. Teachers investigated for improper speech. Students arrested and charged with secession for their social media posts. Just over a month after Beijing imposed a national security law in […] View full post on National Cyber Security
The Role of Real-time Information for Corporate Security Practitioners | #corporatesecurity | #businesssecurity | #
In this webinar, you’ll hear from Senior Intelligence Analyst Claire Prestwood, who will talk about the role that real-time alerts play in the business decisions that Cargill makes in her […] View full post on National Cyber Security
Simplicity should underpin enterprise security in a Covid-19 world: Magda Chelly surveys the global infosec landscape | #corporatesecurity | #businesssecurity | #
Responsible Cyber co-founder will focus on education, communication, and more at this year’s RSA Conference
Infosec recruitment flaws and adapting cybersecurity posture for a global pandemic are two notable topics being discussed at tomorrow’s virtual RSA Conference.
These themes will be the focus of three talks from Magda Chelly, head of cyber risk consulting for Marsh Asia.
She is a certified CISO, on the advisory board for the Executive Summit of Black Hat Asia 2020, runs a popular YouTube channel focused on cybersecurity, and has won a string of accolades for being a cybersecurity influencer. Chelly is also the co-founder of Singapore-based security-as-a-service company Responsible Cyber.
Speaking to The Daily Swig, Chelly gives the inside track on her RSA presentations and reflects on the global disparities in cybersecurity maturity and the career opportunities open to female infosec professionals.
How did you get into cybersecurity?
I started being interested in cybersecurity when I was doing my PhD in telecoms engineering.
I evolved into an IT/CRM [customer relations management] consultant and even worked in sales and business development roles.
Since then I have had advisory roles [in cybersecurity], which have mostly evolved from governance to more technical cybersecurity – for example, cloud security with AWS, Microsoft Azure, Office 365 – to a more global approach when it comes to being a CISO.
That means building the whole cybersecurity strategy and rolling it out across one to three years, especially with regulated businesses like insurance. It was exciting because I needed to ensure that the company was not only getting up to speed, but also that they didn’t get themselves into trouble.
Magda Chelly
Please tell us about your role at Marsh…
Marsh Asia provides cyber risk consulting. It focuses on risk quantification, as companies are still facing challenges evaluating and quantifying cyber risks to find out the related financial losses.
Unlike other risks, there is limited historical data about cybercrime, mainly because it is a relatively new risk area, but also due to its constantly changing form.
Cyber risk management has not yet been ‘reduced to practice’ on a wide scale.
This approach enables point estimates of the financial cost – the severity – of cyber events with good accuracy.
YOU MIGHT ALSO LIKE Virtual cybersecurity conferences: An expanding list
Having credible quantitative estimates for both severity and likelihood will allow risk managers to answer the fundamental question: “What is the likelihood that our organization will experience a cyber event causing a loss of greater than, say, $100 million in the next 12 months?”
Most often, it is the likelihood question that derails many attempts at quantifying cyber risk, due to the unpredictable nature of a human-initiated threat.
So we’re talking dollars here – how data loss might happen, how much my business might lose, and how much I can get in terms of investment.
What can RSA Conference attendees expect to hear about ‘Getting the Security and Flexibility Balance Right in a Covid-19 World’?
I’ll be addressing how to be aware of the evolving risks within an uncertain environment.
And I’ll be [urging attendees to make] simplicity [a pillar of their cybersecurity approach] because fundamentals can be applied. You can, for example, apply your NIST compliance checklist every time a risk changes. I will be talking about alternatives.
I will be presenting about use cases and some additional changes that are super interesting.
I believe that cybersecurity professionals tend to be over confident about their capabilities.
We’re talking about an environment with a lot of factors that might impact our security. We’re not talking about traditional corporate security and enterprise boundaries. We cannot take the same approach.
RELATED How to become a CISO – Your guide to climbing to the top of the enterprise security ladder
If you go into an employee’s ecosystem and you understand how they work, you realize that they will find a way to [surmount] technical challenges by using their personal emails, etc, so that of course raises additional risks. And working in a quarantine environment raises risks that were not considered.
And the fact that some [employees] will go back to the office, some will stay working remotely – how do you manage that securely?
Cybersecurity professionals also have a challenge communicating with employees, who [sometimes] do not even know that there is a [security] team.
We tend to make employees feel that we are not reachable. If you’re a CISO of a big company then, obviously, you’re very busy. You have a team and you cannot spare time to talk to everyone, but it’s extremely important to go beyond just sending a newsletter and make sure that employees see cybersecurity as part of the culture.
So don’t talk about only corporate requirements. Talk about how they need to consider cybersecurity in everyday activities – no matter if it’s a corporate requirement or not.
This year’s RSA Conference is taking place virtually
And what about your other talk: ‘Hacking the Cybersecurity Job Market: A Primer for Students and Grads’?
This is about helping the student understand the different [available] career paths.
We hear about a big skills gap globally. Sometimes [this is exacerbated by] the fact that HR will request everything and anything in the job description. From a hacker to a compliance manager, to a CISO, [all skills and experience] is put in one job description, which is of course impossible. [Or they ask for] someone junior, but already with experience, so it just doesn’t make sense.
So [I will talk about] finding the right balance, and how to address the challenges and start the discussions with HR teams.
How does Singapore, or Asia more widely, compare to Europe or North America in terms of its cybersecurity maturity?
I would say it’s very different. The Asian market is very fragmented. Every country has different maturity, different initiatives, and different – especially regulatory – requirements.
Singapore is one of the most mature in terms of regulations – we have the PDPA privacy law, the Cybersecurity Act, the MAS TRM guidelines.
In countries where maturity is much lower, companies just do not feel that they need to do anything [to strengthen cybersecurity].
The Asian market compared to Europe or the US is still much, much lower in terms of general maturity, which means, again, there is a greater opportunity to help those companies.
You founded the Singapore chapter of Women of Security, or WoSEC. How would you summarize the chapter’s aims?
I’m trying to help female professionals get the right support, to give them a safe environment with talks, workshops, social gatherings where we can talk about challenges, we can give some job opportunities, and recommend mentors.
How much progress are you seeing in terms of achieving parity of opportunity between female and male professionals?
I think there are a lot of unconscious biases, but it is changing.
I’ve seen a very positive change in the US and Europe. Asia is still trying its best but it’s not there yet. There’s a lot of work to do.
Companies like Marsh have diversity programs, and they are supporting WoSEC, so the problem is not there as such.
But general feedback from the top of other companies in the region [suggests that] the problem is that the HR process doesn’t [encourage] that inclusion or diversity very well. And then unconscious biases don’t help female professionals [once they do get roles].
It really depends on the country and the culture.
Finally, you noted that cybersecurity is often seen as exclusively the domain of IT teams. Experts also often feel that cybersecurity’s status as a cost center devalues its importance. Are attitudes improving in the boardroom?
Small and medium-sized enterprises are generally focused on increasing sales.
They still lack awareness around cyber risk and do not consider it as a business risk. So they try to get it outsourced. But they are ignorant of the risks that they are exposed to, because the IT or managed service provider [might not be] doing anything about security because it’s not in the contract. This is something I have seen in Singapore and abroad.
What mostly drives change is the regulatory requirement. We cannot just assume that a company will raise their understanding of cybersecurity just because then they are aware [of the problem] – unless the business owner is technologically savvy.
It needs a regulatory push. In Singapore, we have the Monetary Authority of Singapore technology guidelines, for example.
READ MORE Strategies for combating increased cyber threats tied to coronavirus
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
View full post on National Cyber Security
WhatsApp “Martinelli” hoax is back, warning about “Dance of the Pope” – Naked Security
Source: National Cyber Security – Produced By Gregory Evans
If you follow @NakedSecurity on Twitter, you’ll have noticed that we warned last week about an old WhatsApp hoax that suddenly reappeared.
The bogus news is generally known as the “Martinelli hoax”, because it starts like this:
If you know anyone using WhatsApp you might pass on this. An IT colleague has advised that a video comes out tomorrow from WhatsApp called martinelli do not open it , it hacks your phone and nothing will fix it. Spread the word.
When we last wrote about “Martinelli”, back in 2018, we noted that the hoax was given a breath of believability because the text above was immediately followed by this:
If you receive a message to update the WhatsApp to WhatsApp Gold, do not click!!!!!
This part of the hoax has a ring of truth to it.
Back in 2016, hoax-checking site Snopes reported that malware dubbing itself WhatsApp Gold, was doing the rounds.
The fake WhatsApp was promoted by bogus messages that claimed, “Hey Finally Secret WhatsApp golden version has been leaked, This version is used only by big celebrities. Now we can use it too.”
So WhatsApp Gold was actual malware, and the advice to avoid it was valid, so the initiator of the Martinelli hoax used it to give an element of legitimacy to their otherwise fake warning about the video.
The latest reincarnation of the hoax has kept the text of the original precisely, including the five-fold exclamation points and the weird extra spaces before punctuation marks.
The new hoax even claims that the video first mentioned several years ago still “comes out tomorrow.”
But there’s a new twist this time, with yet another hoax tacked on the end referring to yet another video “that formats your mobile.”
This time, the video is called Dance of the Pope:
Please inform all contacts from your list not to open a video called "Dance of the Pope". It is a virus that formats your mobile. Beware it is very dangerous. They announced it today on BBC radio. Fwd this message to as many as you can!
Ironically, Snopes suggests that this piece of the hoax – which is basically the same as the Martinelli hoax but with a different video name – is even older than the Martinelli part, dating back to 2015.
Quite why the hoax has reappeared now is not clear, though it may have been triggered by March 2020 news headlines about wunderkind Brazilian footballer Martinelli.
Martinelli currently plays for Arsenal in England, but has been tipped to appear in the Brazilian national squad at just 18 years of age; he’s also been the subject of media speculation that he might get poached from Arsenal by Spanish heavyweights Real Madrid.
Is it even possible?
In theory, playing a deliberately booby-trapped video file on your mobile phone could end up in a malware infection, if your phone has an unpatched bug in its media player software that a crook could exploit.
In practice, however, that sort of bug is very rare these days – and typically gets patched very rapidly and reported very widely.
In other words, if the creator of this warning knew enough about the “bug” to predict that it could infect any mobile phone, and could warn you about this “attack” in a video that isn’t even out yet, it’s highly unlikely that you wouldn’t have heard about the actual bug itself either from the vendor of your phone or from the world’s cybersecurity news media.
Additionally, even if there were a dangerous bug of this sort on your phone and your phone were at risk, it’s unlikely that “nothing would fix it”.
As for the imminent and unconquerable danger of an alleged double-whammy video attack of “threats” that first surfaced in 2015 and 2016…
…well, if the videos were supposed to “come out tomorrow” more than four years ago, we think you can ignore them today.
What to do?
- Don’t spread unsubstantiated or already-debunked stories online via any messaging app or social network. There’s enough fake news at the moment without adding to it!
- Don’t be tricked by claims to authority. Anyone can write “they announced it today on BBC radio,” but that doesn’t tell you anything. For all you know, the BBC didn’t mention it at all, or announced it as part of a hoax warning. Do your own research independently, without relying on links or claims in the message itself.
- Don’t use the “better safe than sorry” excuse. Lots of people forward hoaxes with the best intentions, but you can’t make someone safer by “protecting” them from something that doesn’t exist. All you are doing is wasting everyone’s time.
- Don’t forward a cybersecurity hoax because you think it’s an obvious joke. What’s obvious to you might not be to other people, and your comments may get repeated as an earnest truth by millions of people.
- Don’t follow the advice in a hoax “just in case”. Cybersecurity hoaxes often offer bogus advice that promises a quick fix but simply won’t help, and will certainly distract you from taking proper precautions.
- Patch early, patch often. Security updates for mobile phones typically close off lots of holes that crooks could exploit, or shut down software tricks that adware and other not-quite-malicious apps abuse to make money off you. Take prompt advantage of updates!
- Use a third-party anti-virus in addition to the standard built-in protection. Sophos Intercept X for Mobile is free, and it gives you additional protection not only against unsafe system settings and malware, but also helps to keep you away from risky websites in the first place.
- Don’t grant permissions to an app unless it genuinely needs them. Mobile malware doesn’t need to use fancy, low-level programming booby-traps if you invite it in yourself and then give it more power that it needs or deserves.
The post WhatsApp “Martinelli” hoax is back, warning about “Dance of the Pope” – Naked Security appeared first on National Cyber Security.
View full post on National Cyber Security
#nationalcybersecuritymonth | Moody’s, Nasdaq and many others choosing Lithuania for cyber security GBS functions
Source: National Cyber Security – Produced By Gregory Evans
The following article by Invest Lithuania’s Senior Investment Advisor Monika Vilkelytė first appeared in the Outsourcing&More magazine. You can find the original here.
Assigning cyber security operations to GBS centres is a smart move for international companies. But finding the right location for such a centre can be a serious headache. Suitable locations need to have both fast, secure IT infrastructure and a strong pool (and future pipeline) of IT talent. Affordable locations offering this combination are few and far between. That’s why Lithuania, which is ranked 4th globally in the Cyber Security Index, is proving so attractive to global company groups in terms of cyber security operations. The likes of Oracle, Nasdaq and Outokumpu already have cyber security teams in Lithuania, while Moody’s is on the way to building its cyber security capabilities in Vilnius. With a strong pipeline of talent and a clearly defined National Cyber Security Strategy, there’s plenty of room for future growth.
The ever-changing face of cyber security
The number of cyber attacks made against organizations around the world is increasing every year. Worse still, the complexity and severity of these attacks is also growing, as criminals search for ever-more sophisticated ways to break through a company’s cyber defences. With huge amounts of both company and customer data in their systems, and processes that are more deeply interconnected than ever, a major cyber attack could have catastrophic consequences.
GBS and cyber security – a smart combination
To face this ever-changing threat, companies need to be innovative and responsive, constantly updating their cyber defences to meet the latest dangers. And increasingly, global companies are using the GBS model as the most effective way to manage their Cyber Security operations. By centralizing their cyber security team in one location, it becomes easier to adopt new innovative solutions. These teams are also more effective at focusing the limited time and resources a company has on mission-critical cyber services.
Finding a home for your cyber security team
Finding the right model for managing cyber security (a GBS approach) is an important first step, but executing this model well is just as important. And one of the critical decisions a company has to make is where to locate the GBS centre that manages their cyber security.
Two features characterise the ideal location for a cyber security team. The location needs to have fast, well-developed and robust IT infrastructure. It also needs a wealth of IT talent from which to build a team of experts capable of responding to the latest threats.
Finding this combination is already a tall order, without even factoring in cost. This is not an area of operations where you want to cut corners, so low cost locations that don’t offer the quality needed are out of the question. On the other hand, building a team of high quality IT experts is prohibitively expensive in many cities and countries.
Lithuania offers quality infrastructure and talent
Lithuania offers the IT infrastructure and talent businesses need for cyber security, and at competitive costs compared to other EU locations.
Ranked 4th in the Global Cyber Security index, Lithuania’s IT infrastructure is well suited to cyber security operations. It is robust, with a strong focus at the executive level on cyber readiness and resilience. In 2017 Lithuania established a National Cyber Security Centre, and the following year a National Cyber Security Strategy was approved. This strategy covers not only the government, but also a wide range of non-governmental organizations, private sector players, and scientific and educational institutions. This means the whole ecosystem is building resilience, as shown by the introduction of advanced warning systems at critical infrastructure facilities last year.
In terms of talent, there are currently 38,000 IT professionals in Lithuania, with a further 10,600 students enrolled in IT studies. Funding for IT studies was recently doubled, ensuring further growth in the flow of IT talent. The government has also invested in an upskilling project focused on key areas including cyber security and AI, with the aim of adding new specialists to the market. Universities in Lithuania’s two largest cities, Vilnius and Kaunas, offer dedicated programmes for cyber security specialists, including MScs in Information and Information Technology Security, a BSc programme in Information Systems and Cyber Security and an MSc in Cybersecurity Management.
This means the level of quality, in terms of both talent and infrastructure, is comparable to other leading EU destinations. But, unlike those locations, Lithuania is a far more cost-competitive option.
Cost advantages to help you build the right team
Junior IT staff such as database administrators of Unix / Linux administrators can be hired to a around €2,000 per month, including taxes. The average salary for a senior QA specialist with 5 years’ experience is €2,700 tax inclusive, while a Senior cyber security specialist with 5 years experience earns €3,360. This means assembling a skilled cyber security team which includes highly experienced professionals is affordable and sustainable in Lithuania.
What’s more, Lithuania has the 3rd most affordable internet rates in Europe, and office rental costs are also highly competitive. As a result, overheads for GBS centres are also low in comparison with other EU locations.
Nasdaq, Moody’s, Oracle and more
These strong fundamentals have attracted some of the world’s largest companies to set up cyber security teams in Lithuania. Moody’s established a GBS centre in Vilnius in early 2019 which is planned to include an advanced cyber security unit. In fact, the availability of talent in this area was one of the major reasons Moody’s chose Lithuania, as Duncan Neilson, SVP HR Regional Lead EMEA explained when the centre was announced:“Given our goals of hiring diverse talent and further developing our automation and cyber security capabilities, choosing Lithuania as our newest EU location makes good business sense.”
Nasdaq also operates an IT centre in Vilnius. This centre has been developing constantly since its establishment in 2015 – it grew from 30 to 300 FTEs in 3 years – and includes a cyber security team. On a visit to Lithuania, Nasdaq’s CEO and president Adena Friedman noted the strength of the IT talent available. “This place has a great talent pool,” she commented. “At first we thought Lithuania was a centre of low cost, but today Vilnius is a centre of professionalism for us. This city is going to be an ever more important player for us.”
Overall, almost 10% of the GBS centres in Lithuania perform cyber security functions. This includes GBS centres of companies such as Danske Bank, DXC Technology, Outokumpu, Devbridge Group, TransUnion and many more. And the number is growing all the time.
Cyber security products developed in Lithuania
Lithuanian cyber security teams are adept at product development as well. Oracle runs an office of 50 specialists in Kaunas who develop a range of products, including web application firewalls, and advanced API, DDoS, and cloud-based malware protection. According to Leon Kuperman, Vice President of the company’s software development division Oracle Dyn, the Kaunas team will be further expanded: “We are planning significant growth in the region, so we may need to move to a bigger office.”
TransUnion has a special team of Lithuanian cyber security specialists who continuously monitor the online security of more than 1,200 company employees and the information systems of TransUnion’s corporate customers worldwide. “The platform monitoring teams who are working on cyber security are the only TransUnion UK teams that operate 24/7, ensuring the uninterrupted and stable operation of all systems,” says Jonas Lukošius, Manager of TransUnion’s Kaunas office.
There are a number of other cyber security development teams operating in the Kaunas-Vilnius hub. NRD Cyber Security focuses on offering protection for public service providers, law enforcement, critical infrastructure and more, while US-based Arxan offers guarding solutions injected directly into its clients’ binary code. “We currently have offices in the US, the UK, and Japan,” says Andrew Whaley, Arxan’s SVP Head of Engineering. “In the near future, Vilnius has the potential to become our largest software development office.” Then there is CUJO AI, a Lithuanian tech company that develops AI-based online security solutions.
More talent and expertise
This developed ecosystem, combined with the range of cyber security training opportunities offered by local universities, means there is plenty of know-how and experience on offer in Lithuania. Existing players are actively involved in training up new talent – Moody’s cooperates with ISM business school, Oracle offers its own multi-level training programme, and Danske Bank offers flexible arrangements to students so they can begin working while they complete their studies.
Therefore, as the sector matures, an even deeper pool of expertise in cyber security will be available to companies looking to establish GBS centres in Lithuania.
The original article can be found here.
The post #nationalcybersecuritymonth | Moody’s, Nasdaq and many others choosing Lithuania for cyber security GBS functions appeared first on National Cyber Security.
View full post on National Cyber Security
Tor browser fixes bug that allows JavaScript to run when disabled – Naked Security
Source: National Cyber Security – Produced By Gregory Evans
The Tor browser has fixed a bug that could have allowed JavaScript to execute on websites even when users think they’ve disabled it for maximum anonymity.
The Tor Project revealed the issue in the release notes for version 9.0.6, initially suggesting users manually disable JavaScript for the time being if the issue bothered them.
That was subsequently revised after the NoScript extension – used by Tor to control the execution of JavaScript, Java, Flash and other plugins – was updated to version 11.0.17.
Whether the issue matters depends on how users have configured Tor to treat JavaScript.
Tor’s ‘standard’ setting enabled JavaScript by default, which users can upgrade to either ‘safer’, which disables JavaScript on non-HTTPS sites, or ‘safest’, which disables JavaScript completely.
Each setting has its pros and cons. Leaving JavaScript enabled opens users to the hypothetical risk that their anonymity might be compromised, for example using a vulnerability in the underlying Firefox browser.
There have been a small number of reports of this happening, for example in 2013, and again in 2016 when Mozilla issued a patch to fix a real-world JavaScript attack aimed at Tor by a government. On the other hand, many websites rely on JavaScript and disabling it can cause them to break, or at least work less well.
The new upgrade alert is urgent for anyone using Tor in the ‘safest’ setting. In short, the bug might in some circumstances allow JavaScript to continue to function even though this setting disallows that. Tor release notes advise that the extension will normally update automatically:
Noscript 11.0.17 should solve this issue. Automatic updates of Noscript are enabled by default, so you should get this fix automatically.
Why not just use NoScript to whitelist JavaScript on trusted sites, as is the case when used with non-Tor browsers?
Users can’t do this in Tor because doing so might make things even less secure – the act of enabling JavaScript only on some websites could itself become an inadvertent cookie used to fingerprint users as they pop up around the web.
That means that for everyone using Tor, JavaScript is either on or off with no ambiguous ‘on sometimes’ halfway house.
Things could be worse. Last year, a problem with digital signatures caused Firefox and Tor to temporarily stop trusting lots of add-ons, including NoScript. Unsure of what was going on, cautious users who understood NoScript’s importance had stopped using Tor until the problem was fixed.
Latest Naked Security podcast
The post Tor browser fixes bug that allows JavaScript to run when disabled – Naked Security appeared first on National Cyber Security.
View full post on National Cyber Security
#cybersecurity | #hackerspace | Coronavirus and cybersecurity crime – Security Boulevard
Source: National Cyber Security – Produced By Gregory Evans
Consumers and businesses alike have been scrambling to take steps to protect themselves from the coronavirus, from flocking to stores to buy out supplies of hand sanitizer, to encouraging workers to avoid large gatherings and work remotely. While we hope our customers are taking the necessary steps to stay healthy (check out best practices from the World Health Organisation here), in addition to health risks, there are increased cybersecurity risks, too. The European Central Bank recently issued a warning to banks about the heightened potential for cybercrime and fraud, as many users are opting to stay at home and use remote banking services during the coronavirus outbreak. At a time of uncertainty and vulnerability for many, hackers and fraudsters are taking advantage of fear surrounding the virus as it continues to spread across the globe. We pulled together the following tips to help you improve your cybersecurity hygiene during this time:
1) According to recent PCI Pal research, almost half (47%) of Americans use the same password across multiple sites and apps. We all know this is a big cybersecurity no-no, but it’s especially important during times of heightened risk that we ensure our passwords are unique and secure. Consider updating your passwords and using a password manager tool to improve account security.
2) In addition to varying passwords, consider adopting two-factor authentication for accounts – most services offer some sort of two-factor authentication, yet 23% of Americans report they have never used these tools to protect passwords or payments! Take advantage of these tools – especially if you’re going to be engaging with more digital services while you stay home to wait out coronavirus.
3) In addition to online fraud, there’s also an increased risk for phone fraud – whether you’re engaging with a customer service agent from your bank over the phone or simply ordering takeout. When speaking with a customer service representative, make sure you double check their credentials and only use the phone number provided by the company’s website.
4) For businesses looking to protect customer data during this time, consider PCI compliance, the strongest standard for payment security. PCI compliance standards can help protect your customers from data breaches and hacks – even when they ignore the above steps to protect themselves!
5) Phishing scams relating to Coronavirus will be prevalent, including emails pretending to offer advice from governments and the World Health Organisation. Scammers will use such techniques to infect your laptop/PC and gain access into your systems. Every care should be taken before opening such communications.
Contact us today to learn how PCI Pal’s solutions can help ensure your customers’ sensitive payment information is safe from opportunistic fraudsters.
The post Coronavirus and cybersecurity crime appeared first on PCI Pal.
*** This is a Security Bloggers Network syndicated blog from Knowledge Centre – PCI Pal authored by Stacey Richards. Read the original post at: https://www.pcipal.com/en/knowledge-centre/news/coronavirus-and-cybersecurity-crime/
The post #cybersecurity | #hackerspace |<p> Coronavirus and cybersecurity crime – Security Boulevard <p> appeared first on National Cyber Security.
View full post on National Cyber Security
#nationalcybersecuritymonth | The Web’s Bot Containment Unit Needs Your Help — Krebs on Security
Source: National Cyber Security – Produced By Gregory Evans
Anyone who’s seen the 1984 hit movie Ghostbusters likely recalls the pivotal scene where a government bureaucrat orders the shutdown of the ghost containment unit, effectively unleashing a pent-up phantom menace on New York City. Now, something similar is in danger of happening in cyberspace: Shadowserver.org, an all-volunteer nonprofit organization that works to help Internet service providers (ISPs) identify and quarantine malware infections and botnets, has lost its longtime primary source of funding.
Image: Ghostbusters.
Shadowserver provides free daily live feeds of information about systems that are either infected with bot malware or are in danger of being infected to more than 4,600 ISPs and to 107 national computer emergency response teams (CERTs) in 136 countries. In addition, it has aided the FBI and other nations’ federal law enforcement officials in “sinkholing” domain names used to control the operations of far-flung malware empires.
In computer security lexicon, a sinkhole is basically a way of redirecting malicious Internet traffic so that it can be captured and analyzed by experts and/or law enforcement officials. Typically, a sinkhole is set up in tandem with some kind of legal action designed to wrest control over key resources powering a malware network.
Some of these interventions involving ShadowServer have been documented here, including the Avalanche spam botnet takedown, the Rustock botnet takeover, the Gameover malware botnet seizure, and the Nitol botnet sneak attack. Last week, Shadowserver was instrumental in helping Microsoft kneecap the Necurs malware network, one of the world’s largest spam and malware botnets.

Image: Shadowserver.org
Sinkholing allows researchers to assume control over a malware network’s domains, while redirecting any traffic flowing to those systems to a server the researchers control. As long as good guys control the sinkholed domains, none of the infected computers can receive instructions about how to harm themselves or others online.
And Shadowserver has time and again been the trusted partner when national law enforcement agencies needed someone to manage the technical side of things while people with guns and badges seized hard drives at the affected ISPs and hosting providers.
But very recently, Shadowserver got the news that the company which has primarily funded its operations for more than 15 years, networking giant Cisco Systems Inc., opted to stop providing that support.
Cisco declined to respond to questions about why it withdrew funding. But it did say the company was exploring the idea of supporting the organization as part of a broader support effort by others in the technology industry going forward.
“Cisco supports the evolution of Shadowserver to an industry alliance enabling many organizations to contribute and grow the capabilities of this important organization,” the company said in a written statement. “Cisco is proud of its long history as a Shadowserver supporter and will explore future involvement as the alliance takes shape.”
To make matters worse, Shadowserver has been told it needs to migrate its data center to a new location by May 15, a chore the organization reckons will cost somewhere in the neighborhood of $400,000.
“Millions of malware infected victims all over the world, who are currently being sinkholed and protected from cybercriminal control by Shadowserver, may lose that critical protection – just at the time when governments and businesses are being forced to unexpectedly stretch their corporate security perimeters and allow staff to work from home on their own, potentially unmanaged devices, and the risk of another major Windows worm has increased,” Shadowserver wrote in a blog post published today about their financial plight.
The Shadowserver Foundation currently serves 107 National computer emergency response teams (CERTs) in 136 countries, more than 4,600 vetted network owners and over 90% of the Internet, primarily by giving them free daily network reports.
“These reports notify our constituents about millions of misconfigured, compromised, infected or abusable devices for remediation every day,” Shadowserver explained.
The group is exploring several options for self-funding, but Shadowserver Director Richard Perlotto says the organization will likely depend on a tiered “alliance” funding model, where multiple entities provide financial support.
“Many national CERTs have been getting our data for free for years, but most of these organizations have no money and we never charged them because Cisco paid the bill,” Perlotto said. “The problem for Shadowserver is we don’t blog about our accomplishments very frequently and we operate pretty quietly. But now that we need to do funding it’s a different story.”
Perlotto said while Shadowserver’s data is extremely valuable, the organization took a stance long ago that it would never sell victim data.
“This does not mean that we are anti-commercial sector activities – we definitely believe that there are huge opportunities for innovation, for product development, and to sell cyber security services,” he said. “Shadowserver does not seek to compete with commercial vendors, or disrupt their business models. But we do fundamentally believe that no-one should have to pay to find out that they have been a victim of cybercrime.”
Most immediately, Shadowserver needs to raise approximately $400,000 by the end of this month to manage the migration of its 1,300+ servers out of Cisco’s California data center into a new facility.
Anyone interested in supporting that migration effort can do so directly here; Shadowserver’s contact page is here.
Update 10:46 a.m., ET: Added comment from Cisco.
Tags: Cisco Systems, Richard Perlotto, Shadowserver Foundation
The post #nationalcybersecuritymonth | The Web’s Bot Containment Unit Needs Your Help — Krebs on Security appeared first on National Cyber Security.
View full post on National Cyber Security
#hacking | Windows SMB: Accidental bug disclosure prompts emergency security patch
Source: National Cyber Security – Produced By Gregory Evans
Don’t Panic: Potentially wormable flaw only present in latest systems
Microsoft released an out-of-band security update to patch a remote code execution (RCE) vulnerability impacting Server Message Block (SMB) on Thursday, just two days after its regular Patch Tuesday releases.
The software vendor was obliged to rush out a fix after security partner inadvertently disclosed details of the flaw, which is of a type previously exploited by high-profile threats such as the WannaCry worm.
If left unaddressed, the vulnerability (CVE-2020-0796) in Microsoft SMB 3.1.1 (SMBv3) could be exploited by a remote attacker to plant malicious code on vulnerable systems.
Exploitation would involve sending a specially crafted, compressed data packets to a targeted SMBv3 server.
The flaw stems from bugs in how “Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests”, an advisory from Microsoft explains.
New flaws on the Block
SMB is a networking protocol that’s used for sharing access to file and printers. The same protocol that was vulnerable to the EternalBlue (CVE-2017-0144) exploit harnessed by the infamous the WannaCry ransomware.
The vulnerability exists in a new feature that was added to Windows 10 version 1903, so older versions of Windows do not support SMBv3.1.1 compression are immune from the security flaw.
Both Windows 10 clients and Windows Server, version 1903 and later, need patching
Preliminary scans by security experts suggest only 4% of publicly accessible SMB endpoints are vulnerable.
Server-side workarounds have been released for organizations running affected software but unable to rapidly roll out patches. This includes disabling compression for SMBv3 as well as blocking TCP port 445 at the perimeter firewall.
Accidental disclosure
Satnam Narang, principal security engineer at security tools vendor Tenable, commented: “The vulnerability was initially disclosed accidentally as part of the March Patch Tuesday release in another security vendor’s blog.
“Soon after the accidental disclosure, references to it were removed from the blog post.”
At the time of writing, no proof of concept exploit code for CVE-2020-0796 has been publicly released.
Narang added that how readily exploitable this vulnerability might prove to be currently remains unknown.
“This latest vulnerability evokes memories of EternalBlue, most notably CVE-2017-0144, a remote code execution vulnerability in SMBv1 that was used as part of the WannaCry ransomware attacks,” Narang explained.
“It’s certainly an apt comparison, so much so that researchers are referring to it as EternalDarkness. However, there is currently little information available about this new flaw and the time and effort needed to produce a workable exploit is unknown.”
RELATED Microsoft Exchange Server admins urged to treat crypto key flaw as ‘critical’
The post #hacking | Windows SMB: Accidental bug disclosure prompts emergency security patch appeared first on National Cyber Security.
View full post on National Cyber Security