now browsing by tag
‘I was looking for love but Facebook fraudster duped me into giving them £35,000’ | #facebookdating | #tinder | #pof | romancescams | #scams
Scammers are targeting lonely singles on dating sites with the prospect of love – and money. The crooks set up false profiles to woo their victims before sweet-talking them into […]
View full post on National Cyber Security
Parenting Advice: Celebrity Moms on the Me-Time- Rituals That Help Them Unwind | #parenting | #parenting | #parenting | #kids
“I run on the treadmill while playing a game on my phone to help me unwind. I follow that by spending a little time in a steam room. And beading is […] View full post on National Cyber Security
#bumble | #tinder | #pof Slough conman met women on dating apps such as Bumble – then ripped them off to fund his lavish lifestyle | romancescams | #scams
A man who had romantic relationships with women and then defrauded them has been jailed. Vimal Popat’s victims were mostly women he met using online dating sites such as Bumble. […] View full post on National Cyber Security
#bumble | #tinder | #pof Know Someone Who Is Building The Next Instagram Or Spotify? Nominate Them — Or Yourself! – For The Next Forbes 30 Under 30 | romancescams | #scams
In the 10 years since we published the first Forbes 30 Under 30 list, the world has changed dramatically, but one thing has not: our history of spotting young innovators […] View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans A newly-discovered member of the Acrotaphus wasp family (Image: Kari Kaunisto) Scientists have discovered a new species of wasp that can seize control of its victim’s brains. Lurking in the dark depths of the Amazon rainforest is a ‘parasitoid’ wasp that can ‘manipulate the behaviour of […] View full post on AmIHackerProof.com
#deepweb | The tech giants dominated the decade. But there’s still time to rein them in | Jay Owens | Opinion
Source: National Cyber Security – Produced By Gregory Evans The 2010s will be remembered for a new era in the development of capitalism, one of mind-boggling scale. Apple, Amazon and Microsoft are closing the decade as the world’s first trillion-dollar companies. Last year, Apple’s revenue was larger than Vietnam’s GDP, while Amazon’s research and development […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans Virtual Desktop Infrastructure has been making waves since it hit the market way back in 2006. That’s when VMware coined the term VDI. The idea was to run a desktop operating system in a virtual machine located in a remote data center. End-users would connect to […] View full post on AmIHackerProof.com
HR professionals may handle everything from recruiting, interviewing, and training to payroll and benefits. That means they are the keepers of a lot of important information. And not only do they have information about their organization, but also personal information about employees too. If the wrong hands get ahold of the right information, it can be a disaster for your company and your employees. According to a survey by the National Cyber Security Alliance, after small or medium-sized businesses experienced a data breach, 37 percent suffered a financial loss, 25 percent filed for bankruptcy, and 10 percent went out of business.
Proactively protecting yourself from HR risks can give you peace of mind and let you focus on how you use your data, not how you store it. Here are some common HR risks and how to avoid them.
Risk #1: Keeping Your Data in Spreadsheets
While using spreadsheets to keep track of data may seem like a convenient and cheap solution, spreadsheets are not an incredibly secure way to store data and can leave you vulnerable to a security breach or hackers. And if your data is stored across multiple spreadsheets, it can be easy to lose track of the information you need to access.
Solution: Store your HR data in an HRIS. With a single, secure database you can store your confidential data safely. An HR software solution like BambooHR can protect your data with web application firewalls, frequent vulnerability scans, continuous security management and monitoring, and more.
Risk #2: Forgetting Security Issues When Offboarding Employees
Onboarding employees is the fun part: introducing them to new coworkers, sharing your organization’s incredible culture with them, and getting them set up to start doing great work. But employees have to be offboarded too. And when they leave, their access to all types of secure information, passwords, and applications needs to be removed. In an Intermedia Risk Report, 13 percent of people reported that they have accessed systems belonging to their previous employers after they left the job.
Solution: Automated account licensing and management. With an automated account manager, you can instantly revoke access on the day an employee leaves using a single app directory. Instead of having to individually track down which applications they had access to and nudging IT to revoke access, HR can manage accounts on their own in one convenient place.
Risk #3: Having Weak, Insecure Passwords
We all know that coworker who keeps their passwords on a Post-it-Note on their desk, visible to anyone who walks by. Or how about the team member whose passwords are all the same easy-to-remember pet’s name? Not surprisingly, these aren’t the safest ways to store or set your passwords, and once again leave your sensitive HR data at risk. But once you convince everyone on your team to use secure passwords stored in a secure place, your troubles aren’t necessarily over. There’s a good chance it will just mean more work for IT, constantly recovering passwords (which is still better than having your data stolen!).
Solution: Single sign-on. With single sign-on, your HR team has one-click access to all their apps and improves security by only having to memorize one very secure password. (You can remember just one, right?)
An HRIS like BambooHR and secure access software like Idaptive can be the difference between keeping your employee and company information safe and confidential and having a costly data breach. Don’t let your HR risks be the reason your employee’s identity gets stolen!
The post #cybersecurity | #hackerspace |<p> 3 HR Risks and How to Avoid Them <p> appeared first on National Cyber Security.
View full post on National Cyber Security
Fueled by automation, the adoption of DevOps processes and more, the role of the developer has become increasingly important and widespread for enterprises going through digital transformation. Developers need access to privileged credentials in order to access key developer tools like Kubernetes or Jenkins admin console. These credentials can be saved locally, making developers’ workstations — whether they are Macs or PCs — high-value targets for hackers.
These workstations are often vulnerable to something as simple as a phishing email, which attackers can use as an entry point to get access to the developer’s credentials. Because of these vulnerabilities, developers’ workstations are extremely important to secure. However, developers are famous for prizing speed above all else — and seeing security as little more than a speed bump. So how to ensure that developers take security seriously?
Securing privileged access through the principle of least privilege needs to be a top security priority. It is no secret that no-one should have full-time admin rights. But, what does that mean for developers?
Security teams face a difficult dilemma. They need to better secure developer workstations while still providing them the elevated permissions and privileges—and freedom—they need to get their job done. And they need to do all that without impacting velocity.
I recently encountered this comment on the Stackoverflow forum:
“There is almost no legitimate operational reason for restricting admin access to local PCs for staff that need it to do their job.”
Is that true?
Developers, DevOps and other engineers all perform administrative tasks as part of their job responsibilities, so they also have “full control” of their environment. Furthermore, because of the work developers do, there are extra challenges involved in hardening and restraining their workstations regardless of whether they are using Windows or macOS.
Developers install and uninstall software, drivers and system updates. They change operating system internals and use debugging programs on a regular basis. Without full control, developers often can’t do their jobs.
However, developers have access to source code, API keys and other shared secrets – usually more access than the standard user. Compromising a developer is a quick way for attackers to gain immediate elevated access to the most essential, mission-critical information an organization has. Consequently, developers have the kind of access that attackers want, which makes them the type of user who needs the highest levels of protection – whether they like it or not.
Want to take over a company or cause reputational damage quickly? Compromise a developer endpoint.
There are even specific types of attacks designed to target developers. For instance, “watering hole” attacks where cyber attackers will compromise common, popular developer web sites known to be good places to share code and get help troubleshooting programming issues. For example, four of the largest software developer companies in the world were compromised during a single cyber attack campaign that placed a zero-day Java exploit on an iOS developer web site.
Rights and Responsibilities
One way to deal with developers’ requests for full admin rights would be to provide them with virtual machines dedicated to programming, which could be perfectly patched and thoroughly hardened. This is doable with the right amount of monitoring and alerting, antimalware and IPS.
However, a workaround like this has a huge management overhead. It requires more budget, additional machines and another user to manage those machines. It’s not a comfortable situation for the IT team or the developer – and let’s not forget the cost of such a solution.
Additionally, while using their development tools, developers consume a lot of computer resources (e.g. generating millions of temporary files during code compilation). This leaves the security team with the job of ensuring that no significant performance impact occurs while implementing endpoint security products – not an easy task.
Conventional attempts to counter this typically require system administrators or security staff to perform manual inspections and craft security policies in response. As application complexity and development velocity increase, it becomes impractical to determine least privilege ahead of time manually. Furthermore, a central policy gatekeeper won’t scale efficiently and is likely to negatively impact delivery velocity.
Cutting the Gordian Knot
There has to be a better way to balance the needs of the developer with security concerns. Organizations need to be able to remove administrative privileges from developers without preventing them from doing their jobs, reducing velocity or overburdening security teams.
CyberArk Endpoint Privilege Manager can overcome these obstacles, allowing organizations to remove privileged credential rights on Windows workstations, servers and MacOS. It provides privileged access management (PAM), allowing enterprises to easily remove local Admin users – including developers. For instance, CyberArk Endpoint Privilege Manager can elevate specific applications used by the developer on a day-to-day basis or provide just-in-time user elevation for a specified time while recording and logging all user activity.
In addition, since developers may save credentials to their development environments, Endpoint Privilege Manager protects those repositories from credential theft while allowing trusted applications to use the credential stores.
Another key feature for the developers use-case is the out-of-the-box predefined policies for different developer tools like visual studio, Eclipse, Git and others.
Final Thought – The Developer Resistance
Each new security-driven restriction impacts the developer productivity throughout the entire software development process. Consequently, developers may fight the rules and restrictions necessary to maintain a strong security posture. What makes Endpoint Privilege Manager any different?
Endpoint Privilege Manager minimizes interference in the developer workflow. Developers – and other users – don’t need to go through the extra step of involving an administrator when they need access to certain applications. For a predefined, approved set of applications, users can seamlessly gain access through an automated process.
Furthermore, Endpoint Privilege Manager allows users to elevate privileges to access these approved applications while continuing to access other, unapproved applications as non-privileged users. This means that developers can continue to access the majority of the applications they use on a daily basis without having to slow down – without losing out on the benefits of application security.
Developers are like builders constructing a house on an empty lot. They need to be armed with the best tools to do their best work. If you give them old equipment, they will spend more time working around it than actually building. Endpoint Privilege Manager lets developers do what they do best – without interrupting their workflow with compliance and security requirements – so that they can write code faster.
Developers don’t need to be the last hold out for administrator rights within an organization. Learn how this is possible today.
The post Secure Developer Workstations Without Slowing Them Down appeared first on CyberArk.
*** This is a Security Bloggers Network syndicated blog from CyberArk authored by Vadim Sedletsky. Read the original post at: https://www.cyberark.com/blog/secure-developer-workstations-without-slowing-them-down/
View full post on National Cyber Security
Apple iPhone users are being warned to check their devices against a list of malicious apps disclosed in a new report. The exposure of such dangers on Google’s Play Store has become a theme this year, with apps laced with adware, subscription fraud and worse exposed and removed. Now Apple is taking its turn in the spotlight. A new report from the research team at Wandera claims that 17 apps from one developer load a malicious clicker trojan module on an iOS device.
Apple says that the apps in question have been removed from the App Store, and upon examination did not contain the trojan malware as claimed. Instead, the apps were removed for including code that enabled the artificial click-through of ads. A spokesperson for Apple confirmed the removal of the apps and that the App Store’s protective tools have been updated to detect similar apps in the future.
According to Wandera, the trojan focused on ad fraud, but also sent data from the infected device to an external command and control server. Wandera told me that an even more worrying element of the malware, one not included in the write-up, is a set of devious techniques to evade detection. The malware triggered only when loaded with an active SIM and left running for two days. We have seen this before on Android—an attempt to hide from security researchers in lab conditions.
“We were amazed with this one,” Wandera VP Michael Covington told me ahead of the report’s release. “We’ve seen a couple of issues creep into the Apple App Store over the last few months—and it always seems to be the network element.” In his view, Apple misses the runtime element of an app’s behaviour when scanned before approval. “They don’t have a deep threat research expertise,” he explained, “but to find malicious network traffic, you have to watch live apps and see how they perform.”
When I talked with Wandera ahead of the report being released, they provided links and said the apps were still available to install. Apple has since confirmed their removal. The fact they gained access to the store remains a concern. Wandera says it discovered the malicious apps when its monitoring platform detected network traffic back to the external C&C server. “That forced us to work backwards,” Covington told me, “we found one of those apps, and from there we found the developer and then the other indicators of compromise that led to the other apps.”
Each of the apps contain the “malicious” clicker trojan module. “Malicious,” Covington claimed, because the module can do more than just generate fraudulent ads. “It could potentially steal information, or open a backdoor,” he said. “Any time I see an app opening a connection to the outside, I think we may have more than just bad ads, we have some malicious functionality that’s being introduced.”
All of the apps will “carry out ad fraud-related tasks in the background,” the report claims, “such as continuously opening web pages or clicking links without any user interaction.” The module generated revenue for the operators “on a pay-per-click basis by inflating website traffic.” The evasive behaviour, which is not in the report, points to a level of sophistication beyond simple ad fraud. To design malware specifically to outwit a security research lab is a level beyond.
Covington takes the view that an outside connection means a high risk of data compromise—at least to some extent. The malware sends device and location information, some user data as well potentially. The apps are not games. “One managed contacts, another travel information, another had access to accelerometer and location—even without special permissions for the camera or microphone, the apps likely accessed contacts and location, with privacy implications.”
For its part, Apple disputes that any such compromise took place here—there was no danger beyond isolated click fraud, it says, emphasising that the company patrols the App Store to identify and remove any apps that represent a danger to users.
Any C&C server clearly represents some form of risk, though—an external link opens a door to further threats. “Certain information about the device and the user is used to determine what ads to deliver,” Covington said. “But we have seen C&C servers deliver other types of commands—to change configurations or trigger phishing attacks, to deliver legitimate-looking login pages to steal credentials. Or to deliver malicious payloads to bulk ups apps or install others. Once you open a connection to the outside, bad things can happen.”
In this instance, Wandera says it has seen performance degradation, battery drain, heavy bandwidth use—one ad runs a video stream for more than five minutes, others contain large images. The same C&C server was disclosed by Dr. Web as part of an Android malware campaign. Dr. Web reported that the server could target ads, load websites, alter the configuration of devices, fraudulently subscribe users to premium content. None of these additional issues have been claimed for the iOS malware.
The developer is AppAspect Technologies, based in India, an operator with apps for both iOS and Android. Wandera says it examined the Android apps—none contained the clicker trojan module, but they used to, they were pulled from the store, the module removed, the apps republished. Perhaps the heat being turned up on the Play Store forced a retreat? Perhaps the operator turned its focus to iOS where there is less expectation of such compromises? Covington thinks this is a real possibility.
Apple has confirmed that the apps have been removed, and the good news is that deleting the apps solve any problems, no remnants are left behind. “There is no access to special frameworks that might have left something behind,” Covington explained.
For Apple, in light of other security challenges in recent months, including a targeted WhatsApp hack, the Chinese malware attack on the Uighurs, new jailbreak options, this is an awkward story. The fast removal of the apps is to be applauded, as it the enhancement of protective tools, but the fact that harmful apps found their way onto the store obviously remains a worry.
Here is the list of infected apps:
- RTO Vehicle Information
- EMI Calculator & Loan Planner
- File Manager – Documents
- Smart GPS Speedometer
- CrickOne – Live Cricket Scores
- Daily Fitness – Yoga Poses
- FM Radio PRO – Internet Radio
- My Train Info – IRCTC & PNR (not listed under developer profile)
- Around Me Place Finder
- Easy Contacts Backup Manager
- Ramadan Times 2019 Pro
- Restaurant Finder – Find Food
- BMI Calculator PRO – BMR Calc
- Dual Accounts Pro
- Video Editor – Mute Video
- Islamic World PRO – Qibla
- Smart Video Compressor
Updated later on October 24 with feedback from Apple, including confirmation of removal of the apps.
The post #deepweb | <p> These 17 ‘Trojan’ Apps May Be On Your Device—Delete Them Now <p> appeared first on National Cyber Security.
View full post on National Cyber Security