Security trends 2017

Year 2017 will not have any turn towards better data security. The internet is rife with such well-known than the unknown threats. The company’s systems are supposed to be protected.Hackers are going to continue to look for new ways to extort and steal information from businesses and organizations, which unfortunately means those businesses and organizations will have to continue to look for new ways to protect themselves.

Critical infrastructure cames under attack in 2017. Critical infrastructures must be better protected from criminals and terrorists who take advantage of modern technologies that are essential for the functioning of society and the economy. IT security functions of industrial control systems (ICS), energy grids and IoT networks needs to be improved in 2017.

There is push for better web security in 2017. Starting New Year’s Day, Google’s Chrome will begin labeling as “insecure” all websites that transmit passwords or ask for credit card details over plain text HTTP. Beginning in January 2017 (Chrome 56), HTTP sites that transmit passwords or credit cards are marked as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.

SHA-1 is insecure. Starting on Jan 1, 2017, most CAs will migrate to SHA-2 certificates, and major browser makers have already announced plans to adopt the change, including Microsoft, Google, and Mozilla. Their browsers will no longer trust sites that use SHA-1 starting with that date, and they will mark these websites as insecure. 1/3 of Websites Use SHA-1 Certificates Despite Looming Deadline. SHA-1 will still hang around, like a fart in a spacesuit, for many years to come because some people are lazy enough not to make the change.

There will be changes in how security is viewed in 2017 by businesses. We will likely see cloud adoption continue to grow across the United States, network visibility will no longer just be an option, AI and machine learning will shake old security models, and IoT-powered attacks will continue to rise. All of this will factor into how businesses set up, monitor and secure their networks.

The Commoditization of Cyberattacks Will Make Them More Frequent in 2017. More and more companies suffer from disruption to business due to cyber attacks. Cyber-attacks cause companies significant financial losses, but the studies shows that companies are not prepared for attacks. According to Gartner, by 2018 only 40 per cent of large companies have official plans in case of cyber attacks. Last year, the percentage was zero.

Strap yourself in for a bumpy ride in 2017. 2016 sucked. 2017 won’t be much better, sorry. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. DDoS attack toolkits have been around for years, as have services that will enable you to pay for an attack. Expect to see more of them. It seems that 2017 promises to be the most dramatic year yet in DDoS conflict. Whale-sized DDoS attacks will increase, the IoT will become a bigger factor in DDoS and DDoS will overshadow ransomware attacks and is used for extortion. Expect to see the Internet of Things (IoT) and other connected devices play an important part in these attacks.

Biometric identification will become more common in 2017, but it will not replace passwords. Fingerprint identification has become increasingly common in smartphones and already the technology is fast and reliable. This year biometric identification devices were sold for 4.5 billion dollars (most of them go to smart phones and laptops). 91 percent of biometric sales were fingerprint sensors, four per cent of face detection and three per cent iris detection.

Biometrics Won’t Kill Passwords any time soon. Even though PIN codes and passwords are actually pretty lousy protection case against skilled cybercriminal, the password will never disappear entirely, as two per cent of the world’s population is persons with a fingerprint not suitable for biometric identifier to work. Other biometric identification systems have also similar limitations and/or are not yet commonly available at reasonable cost. While biometrics, including fingerprint-, face-, iris-, palm- and speech-recognition, will continue to grow as a more secure substitute for passwords, they will not render passwords obsolete. Until the other common biometrics become commonplace, passwords are here to stay until circa 2030.

Fights with encryption and backdoors for them is not over in 2017. Many public figures in law enforcement have consistently argued that device encryption presents a new threat to police powers of investigation. On the other side House Judiciary Committee’s Encryption Working Group report says encryption backdoors pose a security threat, siding with tech experts in their latest report . The problem is that any system allowing police to get into those encrypted system (let it be phone, computer or communications) could also be exploited by criminals. Any action in this space should weigh any short-term benefits against the longterm impacts. Many industry experts will rightly tell you there is no such thing as partial data encryption. You either have a fully capable system or none at all.

Given the security events of 2016, coupled with the rapid advancements and adoption of cloud computing, 2017 will be the year in which many finally accept that network infrastructure and security will have to be rethought from the ground up. In 2017 the cloud will become a risk for users: The cloud becoming insecure – extortion and IoT openings.

The rivalry between the network attacks and network security is in acceleration. Crippling Internet services with denial of service attacks are becoming more common throughout the world. DDoS attacks have been around since at least 2000, and they’re not going away. In fact, as the number of devices online grows, the volume and velocity of these attacks is also increasing. IoT-powered attacks will continue to rise and stopping the attack is not easy. For most companies the key thing is that the attack traffic is stopped before it reaches the company’s Internet connection or servers (needs to use telecom operator and external services increase). In addition to service disturbion Denial of Service Attacks are often used as distraction during the actual data burglary.DDoS may take over from ransomware as a cause for concern.

In 2017 the IT and security professionals talk about more about business risks. Historically, firewalls, DLP, antivirus, SIEM and other technical point solutions have been the centerpiece of security conversations, but the mindset is slowly shifting from technology to risk. The goal of stopping all attacks and preventing all business impact has been recognized as a fool’s errand, and has shifted to measuring risk and minimizing business impacts. Cyber security is increasingly being viewed as a risk management problem.

In 2017 ‘Security’ Must be Added to our Existing Ethical and Philosophic Concerns Over Artificial Intelligence and Algorithms. Algorithms soon run the world. They present problems that are seriously questioned on both ethical and philosophic grounds; and they have become the basis of fictional Armageddons.

Cyber insurance will be more thoughs as on solution for handling cyber risks in 2017. The global cyber insurance market is expected to generate $14 billion by 2022, according to a new report published by Allied Market Research (AMR). That figure represents an impressive compound annual growth rate (CAGR) of nearly 28% from 2016 to 2022.

In 2017 Big Brother will be watching you 24/7.Those of you who’ve read George Orwell’s book 1984 or seen the movie ,will remember how the citizens of the fictitious totalitarian state of Oceana are constantly under surveillance by order of its dictator, Big Brother. So now swap your home desktop computer, laptop or smart phone for the fictitious telescreen and not only are you sitting in front of what is a modern day version of the Big Brother telescreen you are also walking around with one in your pocket or handbag. Sound a bit far fetched to you? Well it’s set to become a reality in many countries.

Users will want better security or at least to feell more secure in 2017. Many people are prepared to to extremes for better security. According to a recent survey of over 2,000 adults conducted by Harris Poll Nearly 40% of Americans Would Give Up Sex for a Year or eating their favourite food in Exchange for Better Online Securit, meant they’d never have to worry about being hacked. When you consider that 87 percent of U.S. adults use the internet, it makes sense that cyber security is one of the biggest concerns today. The single biggest thing people can do to help keep their online identity safe is probably the easiest – a solid password – and not giving it to other people. Still nearly 50% of people have shared a password to an e-mail account or to an account like Netflix.

Security Becomes A Multi-System Issue and more people talking about the issue. Design teams will have to bake strategies in from the start, no matter how insignificant the device.The good news is that it more people talking about the issue. The real challenge is packing enough security features into designs to prevent security breaches of every sort, including those that can come from other electronics that weren’t even considered as part of the design process. Just as devices get more sophisticated, so do hackers.The reality is that security breaches can even cause physical harm. It’s time to look at this at a multi-system, multi-disciplinary level. Otherwise, we literally could be playing with fire.

Block chains have been a big trend for several years. The block chain market is divided now when 2017 starts. During the autumn 2016, we have seen a number of initiatives on cooperation between the financial sector and consulting companies. Microsoft has chosen a platform for Ethereum-block chain and offers it to the Azure cloud service. IBM has jumped Hyperledger consortium bandwagon and offering their own block chains to Bluemix service. Google and Amazon still shine by their absence. Even banks may prefer to see the use of cloud for the block chains.

 

Other prediction articles worth to look:

What Lies Ahead for Cybersecurity in 2017?

Network Infrastructure, Visibility and Security in 2017

DDoS in 2017: Strap yourself in for a bumpy ride

Cybersecurity Industry Outlook: 2017 to 2021 | CSO Online

IBM’s Cybersecurity Predictions for 2017 – eForensics

https://eforensicsmag.com/ibms-cybersecurity-predictions-2017/

Top 5 Cybersecurity Threats to Watch Out for in 2017

Experts Hopeful as Confidence in Risk Assessment Falls

 

 

3,151 Comments

  1. Tomi Engdahl says:

    Windows 10 tip: Keep unwanted software off PCs you support
    http://www.zdnet.com/article/windows-10-tip-keep-unwanted-software-off-your-pc/

    Everyone who does part-time PC support knows the pain of continually having to clean up after a click-happy friend or family member. Here’s how to keep that poor soul out of trouble.

    For some people, the most painful PC problems are self-inflicted. Ordinary mortals who don’t have an engineering degree or 10 years of experience on the help desk sometimes unwittingly install unwanted or even malicious software, and the results can range from annoying to catastrophic.

    One way to reduce those support calls dramatically is to lock down Windows 10 so users can’t install new software unless it comes from a trusted source, the Windows Store. With the relatively new capability for developers to convert desktop apps into Universal Windows packages, the selection in the Store is larger and more powerful than you might think.

    (This option is new in Windows 10 version 1703, the Creators Update; you won’t see it if you’re running an older Windows 10 version.)

    Go to Settings > Apps > Apps & Features and look for the Installing Apps setting at the top of the page. You have three choices:

    Allow apps from anywhere – This is the default setting and allows you to install apps downloaded from any source.
    Warn me before installing apps from outside the Store – With this option set, trying to run a conventional installer for a Windows desktop program results in the message shown here. As an administrator, you can override the setting, but any standard user accounts will need your permission to continue.
    Allow apps from the Store only – Use this option if you don’t want users to be able to install apps from anywhere except the Store.

    Reply
  2. Tomi Engdahl says:

    Convergence of Blockchain with Emerging Technologies Set to Disrupt the Healthcare Industry by 2025
    http://www.prnewswire.com/news-releases/convergence-of-blockchain-with-emerging-technologies-set-to-disrupt-the-healthcare-industry-by-2025-300482979.html

    In the next five to 10 years, a blockchain ecosystem with healthcare-focused use cases involving health data exchanges, smart assets management, insurance and payment solutions, blockchain platform providers, and consortiums will emerge. On-going digital democratization of care delivery models towards a much-anticipated personalized and outcome-based treatment paradigm will be the major impetus for blockchain adoption. Furthermore, the convergence of blockchain with emerging technologies such as artificial intelligence (AI), machine learning, mHealth and Internet of Medical Things (IoMT) provides new opportunities to explore digital health economies. At its core, blockchain would offer the potential of a shared platform that decentralizes healthcare interactions ensuring access control, authenticity, and integrity while presenting the industry with radical possibilities for value-based care and reimbursement models.

    “Burgeoning connected health devices and the need to protect against data breaches make blockchain, with its ubiquitous security infrastructure, the obvious foundation for emerging digital health workflows and advanced healthcare interoperability. It creates an additional trust layer through unique distributed network consensus that uses cryptography techniques to minimize cyber threats,” said Transformational Health Industry Analyst Kamaljit Behera. “Blockchain technology may not be the panacea for healthcare industry challenges needs but it holds the potential to save billions of dollars by optimizing current workflows and disintermediating some high-cost gatekeepers.”

    Reply
  3. Tomi Engdahl says:

    Free as in Beer, or the Story of Windows Viruses
    http://hackaday.com/2017/07/05/free-as-in-beer-or-the-story-of-windows-viruses/

    Whenever there’s a new Windows virus out there wreaking global havoc, the Linux types get smug. “That’ll never happen in our open operating system,” they say. “There are many eyes looking over the source code.” But then there’s a Heartbleed vulnerability that keeps them humble for a little while. Anyway, at least patches are propagated faster in the Linux world, right?

    While the Linuxers are holier-than-thou, the Windows folks get defensive. They say that the problem isn’t with Windows, it’s just that it’s the number one target because it’s the most popular OS. Wrong, that’d be Android for the last few years, or Linux since forever in the server space. Then they say it’s a failure to apply patches and upgrade their systems, because their users are just less savvy, but that some new update system will solve the problem.

    There’s some truth to the viruses and the patching, but when WannaCry is taking over hospitals’ IT systems or the radiation monitoring network at Chernobyl, it’s not likely to be the fault of the stereotypical naive users, and any automatic patch system is only likely to help around the margins.

    So why is WannaCry, and variants, hitting unpatched XP machines, managed by professionals, all over the world? Why are there still XP machines in professional environments anyway? And what does any of this have to do with free software? The answer to all of these questions can be found in the ancient root of all evil, the want of money. Linux is more secure, ironically, at least partly because it’s free as in beer, and upgrading to a newer version is simply cheaper.

    In our Bureau, we had a few thousand Windows XP installs. When Vista came out, they looked into upgrading, but for monetary reasons, had to put the project on hold.

    But then along came Windows 7 and the end-of-life plans for XP. Even so, it took a number of years to get through all of the security and compatibility testing required to make the switch. And that’s just the cost of labor. On top of this, they had to pay for all new software licenses. I’m sure they’re working through the same thing with Windows 10 right now.

    The Moral

    The point of this story is a simple one. The cost of upgrading Windows is non-trivial, and Microsoft is always going to insist on receiving payment for newer versions of their OSes — fair enough, that’s how they make money after all, and they need to pay their coders and shareholders. But this will push some institutions, not to mention individual users, to forgo upgrades and keep on limping with out-of-date or otherwise unpatchable systems, which will be ripe for mayhem. There will always be insecure Windows systems out there because you have to pay to upgrade. It’s all about the money.

    And although Microsoft eventually offered free patches for XP against WannaCry, they allegedly held back the release of the patch for a few days, in an attempt to shake down some of their former customers who had not yet upgraded. On one hand, you can hardly blame them — they’re stuck supporting 15-year old software at this point. But they also need make users pay for XP support so that they’ll have an incentive to buy the next thing.

    Microsoft isn’t the only company out there making money on OSes. Android may be free, but since new versions of Android are often bundled with new phones, phone companies are reluctant to give up the new hotness for their old devices.

    But I’m also an economist by training, so I see the invisible hand working nearly everywhere. And watching wave after wave of Windows viruses attacking outdated systems that should have been upgraded made me wonder why, and I think it’s all about the Benjamins. So if you’re a fellow Linux zealot all caught up in “free as in speech”, spill a little for the power of “free as in beer”.

    Reply
  4. Tomi Engdahl says:

    OpenBSD Will Get Unique Kernels On Each Reboot
    https://tech.slashdot.org/story/17/07/05/2327234/openbsd-will-get-unique-kernels-on-each-reboot

    A new feature added in test snapshots for the upcoming OpenBSD 6.2 release will create a unique kernel every time an OpenBSD user reboots or upgrades his computer. This feature is named KARL — Kernel Address Randomized Link — and works by relinking internal kernel files in a random order so that it generates a unique kernel binary blob every time. Currently, for stable releases, the OpenBSD kernel uses a predefined order to link and load internal files inside the kernel binary, resulting in the same kernel for all users.

    OpenBSD Will Get Unique Kernels on Each Reboot. Do You Hear That Linux, Windows?
    https://www.bleepingcomputer.com/news/security/openbsd-will-get-unique-kernels-on-each-reboot-do-you-hear-that-linux-windows/

    A new feature added in test snapshots for OpenBSD releases will create a unique kernel every time an OpenBSD user reboots or upgrades his computer.

    This feature is named KARL — Kernel Address Randomized Link — and works by relinking internal kernel files in a random order so that it generates a unique kernel binary blob every time.

    Currently, for stable releases, the OpenBSD kernel uses a predefined order to link and load internal files inside the kernel binary, resulting in the same kernel for all users.

    KARL should not be confused with ASLR — Address Space Layout Randomization — a technique that randomizes the memory address where application code is executed, so exploits can’t target a specific area of memory where an application or the kernel is known to run.

    “It still loads at the same location in KVA [Kernel Virtual Address Space]. This is not kernel ASLR!,” said de Raadt.

    Instead, KARL generates kernel binaries with random internal structures, so exploits cannot leak or attack internal kernel functions, pointers, or objects.

    “A unique kernel is linked such that the startup assembly code is kept in the same place, followed by randomly-sized gapping, followed by all the other .o files randomly re-organized. As a result the distances between functions and variables are entirely new. An info leak of a pointer will not disclose other pointers or objects. This may also help reduce gadgets on variable-sized architectures, because polymorphism in the instruction stream is damaged by nested offsets changing.”

    “As a result, every new kernel is unique,” de Raadt says.

    “It’s not implemented in Linux,” Turbureanu said. “This looks like a great idea,” the expert added, regarding the possibility of having this feature ported to the Linux kernel.

    Instead, the Linux project has just added support for Kernel Address Space Layout Randomization (KASLR), a feature that ports ASLR to the kernel itself, loading the kernel at a randomized memory address.

    This feature was turned on by default in Linux 4.12, released last week. The difference between the two is that KARL loads a different kernel binary in the same place, while KASLR loads the same binary in random locations. Same goal, different paths.

    Reply
  5. Tomi Engdahl says:

    Tom Miles / Reuters:
    UN report: Singapore, US, Malaysia, Oman, Estonia lead world for best cyber security strategies, but only ~50% of countries are operating or even developing one

    U.N. survey finds cybersecurity gaps everywhere except Singapore
    http://www.reuters.com/article/us-cyber-un-idUSKBN19Q19L

    Singapore has a near-perfect approach to cybersecurity, but many other rich countries have holes in their defenses and some poorer countries are showing them how it should be done, a U.N. survey showed on Wednesday.

    Wealth breeds cybercrime, but it does not automatically generate cybersecurity, so governments need to make sure they are prepared, the survey by the U.N. International Telecommunication Union (ITU) said.

    “There is still an evident gap between countries in terms of awareness, understanding, knowledge and finally capacity to deploy the proper strategies, capabilities and programmes,” the survey said.

    The United States came second in the ITU’s Global Cybersecurity Index, but many of the other highly rated countries were small or developing economies.

    The rest of the top 10 were Malaysia, Oman, Estonia, Mauritius, Australia, Georgia, France and Canada. Russia ranked 11th.

    “Cybersecurity is an ecosystem where laws, organizations, skills, cooperation and technical implementation need to be in harmony to be most effective,” the survey said.

    Reply
  6. Tomi Engdahl says:

    Kelly Jackson Higgins / darkREADING:
    Symantec to buy Israeli cybersecurity firm Fireglass to add remote browser isolation technology to its security portfolio

    Symantec to Buy ‘Browser Isolation’ Firm Fireglass
    http://www.darkreading.com/application-security/symantec-to-buy-browser-isolation-firm-fireglass/d/d-id/1329281

    Fireglass’s emerging Web security technology will become modular component in Symantec’s Integrated Cyber Defense Platform.

    Reply
  7. Tomi Engdahl says:

    David Kravets / Ars Technica:
    Electronic Privacy Information Center files privacy suit over Trump election commission’s voter data request

    States refuse to give Trump commission personal data of registered voters
    Lawsuit: Commission asks states “to send voter records to an unsecure web site.”
    https://arstechnica.com/tech-policy/2017/07/personal-data-of-us-registered-voters-hangs-in-the-privacy-balance/

    As many as 44 US states are now refusing to hand voter data over to President Donald Trump and his administration citing legal and privacy concerns. This cache includes information such as voters’ full names, political affiliations, addresses, dates of birth, criminal records, the last four digits of Social Security numbers, and other personal identifying information. The tussle continues despite the fact that some of the desired data, including whether individuals have voted in the past decade, is set to become part of the public record separate from this situation.

    This wave of refusals comes a week after the Presidential Advisory Commission on Election Integrity sent a letter (PDF) to the nation’s 50 states seeking the information so the newly created Trump commission could “analyze vulnerabilities and issues related to voter registration and voting.” Trump signed the executive order in May to create the commission amid his own claims that there was voter fraud on a massive scale during the 2016 election. Trump alleged that millions had voted illegally, but so far those claims have been unfounded.

    According to a CNN inquiry, many states said that some of the data—like dates of birth and Social Security numbers—could not be released because it was a breach of state laws. But the Election Integrity commission sees value in such data points.

    The Electronic Privacy Information Center (EPIC), a non-profit research organization in DC, is suing the commission on accusations that the requested information violated the privacy of American voters. EPIC also says the commission is asking the states to forward the data to an unsecure website. On Tuesday, EPIC filed a Freedom of Information Act claim in a bid to obtain internal commission communications about the data request.

    “The President’s Commission has quickly politicized its work by asking states for an incredible amount of voter data that I have, time and time again, refused to release,”

    What voter information becomes publicly available varies state to state.

    CNN contacted all 50 states, and only three—Colorado, Missouri, and Tennessee—confirmed they would assist the commission’s investigation.

    Reply
  8. Tomi Engdahl says:

    Symantec to Buy ‘Browser Isolation’ Firm Fireglass
    http://www.darkreading.com/application-security/symantec-to-buy-browser-isolation-firm-fireglass/d/d-id/1329281

    Fireglass’s emerging Web security technology will become modular component in Symantec’s Integrated Cyber Defense Platform.

    Security giant Symantec plans to acquire Israel-based endpoint security firm Fireglass in a move to add remote browser isolation technology to its security portfolio.

    Browser isolation, also known as Web isolation, is a proxy-based method that processes a Web session remotely rather than on the endpoint or in a sandbox. The technology also provides remote rendering of files and email attachments to avoid malicious downloads onto an endpoint machine. Browser isolation was one of the top technologies for information security named by Gartner recently.

    Reply
  9. Tomi Engdahl says:

    Tom Miles / Reuters:
    UN report: Singapore, US, Malaysia, Oman, Estonia lead world for best cyber security strategies, but only ~50% of countries are operating or even developing one

    U.N. survey finds cybersecurity gaps everywhere except Singapore
    http://www.reuters.com/article/us-cyber-un-idUSKBN19Q19L

    Singapore has a near-perfect approach to cybersecurity, but many other rich countries have holes in their defenses and some poorer countries are showing them how it should be done, a U.N. survey showed on Wednesday.

    Wealth breeds cybercrime, but it does not automatically generate cybersecurity, so governments need to make sure they are prepared, the survey by the U.N. International Telecommunication Union (ITU) said.

    “There is still an evident gap between countries in terms of awareness, understanding, knowledge and finally capacity to deploy the proper strategies, capabilities and programmes,” the survey said.

    Reply
  10. Tomi Engdahl says:

    “Cybersecurity is an ecosystem where laws, organizations, skills, cooperation and technical implementation need to be in harmony to be most effective,” the survey said.

    “The degree of interconnectivity of networks implies that anything and everything can be exposed, and everything from national critical infrastructure to our basic human rights can be compromised.”

    Source: http://www.reuters.com/article/us-cyber-un-idUSKBN19Q19L

    Reply
  11. Tomi Engdahl says:

    Russia jails hacker for spilling top government officials’ secrets
    http://www.reuters.com/article/us-russia-cyber-sentence-idUSKBN19R22K

    A Russian court sentenced a prominent hacker to two years in jail on Thursday after a secret trial which heard how he had accessed and leaked the email accounts of top government officials, Russian news agencies reported.

    The TASS news agency said he was accused of breaking into the email account of Prime Minister Dmitry Medvedev’s spokeswoman as well as the account of an official in the presidential administration among many others.

    Reply
  12. Tomi Engdahl says:

    Lorenzo Franceschi-Bicchierai / Motherboard:
    Interviews reveal a slow start for Apple’s bug bounty program as some feel financial rewards are too small or reporting bugs would prevent research

    iPhone Bugs Are Too Valuable to Report to Apple
    Lorenzo Franceschi-Bicchierai

    Lorenzo Franceschi-Bicchierai
    https://motherboard.vice.com/en_us/article/gybppx/iphone-bugs-are-too-valuable-to-report-to-apple
    Jul 6 2017, 6:11pm
    For now, security researchers who have been invited by Apple to submit high-value bugs through the program prefer to keep the bugs for themselves.

    Reply
  13. Tomi Engdahl says:

    Know Where to Find Your Digital Risk
    http://www.securityweek.com/know-where-find-your-digital-risk

    Approximately 250 years ago Samuel Johnson said, “The next best thing to knowing something, is knowing where to find it.” This is quite a fitting quote from the author of A Dictionary of the English Language and equally fitting today when it comes to understanding your digital risk.

    There’s a great deal of intelligence organizations can find on the deep and dark web. Credit card numbers, bank account information, patient information and intellectual property are widely known to be for sale on forums. Now some of the intelligence is more eye opening. We’re seeing W-2 forms , and employee credentials available, making any organization ripe for tax fraud or account takeover, respectively.

    One of the most popular marketplaces on the dark web for such information is AlphaBay. Not only is information related to a company’s assets available, but information about new techniques to compromise targets is for sale as well. One of the latest is a tool to bypass SMS account verification, making multi-factor authentication that relies on SMS vulnerable.

    There are dozens of marketplaces on the dark web and competition for business is steep.

    Reply
  14. Tomi Engdahl says:

    Android Ransomware Mimics WannaCry
    http://www.securityweek.com/android-ransomware-mimics-wannacry

    Android file-encrypting ransomware SLocker was recently observed using an interface similar to that of the WannaCry malware that hit Windows systems worldwide last month, TrendMicro security researchers reveal.

    One of the first Android ransomware families to encrypt files on compromised devices, SLocker had a short lived success before, as the suspect supposedly responsible for it was arrested within five days after the initial detection.

    The malware initally infected a small number of users because of limited transmission channels (forums like QQ groups and Bulletin Board Systems), but is back in an attempt to capitalize on the success of the WannaCry outbreak.

    According to Trend Micro, the original ransomware sample found earlier this month was named King of Glory Auxiliary and was posing as a cheating tool for the game King of Glory. Once installed, however, the ransomware featured a similar appearance to WannaCry.

    To lure users into installing it, the SLocker ransomware also disguises as video players, and other types of programs. After the application is first run, however, it changes the icon and name, along with the wallpaper of the infected device.

    “We see that the ransomware avoids encrypting system files, focuses on downloaded files and pictures, and will only encrypt files that have suffixes (text files, pictures, videos).”

    Reply
  15. Tomi Engdahl says:

    Google Patches Critical Vulnerabilities in Android
    http://www.securityweek.com/google-patches-critical-vulnerabilities-android-0

    Google on Wednesday announced that a total of 138 vulnerabilities were addressed in the Android platform with the release of this month’s set of security patches.

    The July 2017 Android Security Bulletin was split in two partial security patch level strings: the 2017-07-01 security patch level that addresses issues in the platform itself, and the 2017-07-05 security patch level, which resolves device-specific vulnerabilities in various components supplied by manufacturers.

    While in the security bulletins prior to June 2017 Google focused on detailing the resolved vulnerabilities, starting last month the company moved to underline the vulnerable components and the number of issues affecting them.

    The 2017-07-01 security patch level addresses a total of 43 bugs in Android, including 10 vulnerabilities rated Critical, 28 assessed with a High severity ranking, and 5 Moderate.

    Reply
  16. Tomi Engdahl says:

    Hackers Target Prominent Chinese-Language News Sites
    http://www.securityweek.com/hackers-target-prominent-chinese-language-news-sites

    Several prominent Chinese-language news websites that are blocked in China have been targeted in malware, phishing and reconnaissance attacks, according to a new report from the University of Toronto’s Citizen Lab group.

    Reply
  17. Tomi Engdahl says:

    Cisco Fixes Critical Flaws in Ultra, Elastic Services Products
    http://www.securityweek.com/cisco-fixes-critical-flaws-ultra-elastic-services-products

    Cisco has released updates for its Ultra Services Framework and Elastic Services Controller products to address several vulnerabilities rated critical and high severity.

    Security advisories published by the company on Wednesday describe two critical and two high severity flaws affecting the Ultra Services Platform, a software-defined mobility framework designed for mobile network operators.

    Reply
  18. Tomi Engdahl says:

    Fake WannaCry Ransomware Uses NotPetya’s Distribution System
    http://www.securityweek.com/fake-wannacry-ransomware-uses-notpetyas-distribution-system

    The NotPetya wiper wasn’t the only piece of malware distributed last week using the compromised M.E.Doc update mechanism: a fake WannaCry ransomware variant was delivered using the same channel, Kaspersky Lab reports.

    Called FakeCry, the ransomware was delivered to M.E.Doc users on June 27, the same day as the NotPetya outbreak started.

    Written in .NET and including a “WNCRY” string, the ransomware was clearly making reference to the massive WannaCry epidemic in May 2017

    However, the malware also pretends to be “made in China,” which researchers suggest is a false flag

    Reply
  19. Tomi Engdahl says:

    Understanding Geopolitics Key to Analyzing Cyber Espionage: German Intelligence Service
    http://www.securityweek.com/understanding-geopolitics-key-analyzing-cyber-espionage-german-intelligence-service

    Understanding geopolitics is key to understanding the perpetrators and victims of cyber espionage. This is one of the key messages from the German federal domestic intelligence service (BfV) 2016 annual report (summary PDF).
    https://www.verfassungsschutz.de/download/annual-report-2016-summary.pdf

    Russia, suggests the BfV, advocates a multipolar world — but is suffering economically from the EU’s economic sanctions imposed over the Crimea/Ukraine crisis.

    This has led the Russian intelligence services to focus in Europe on the strained relationship between the EU and Turkey, the EU post-Brexit, and the European policy on security and defense

    Reply
  20. Tomi Engdahl says:

    Less Malware, Better Quality: AV-TEST
    http://www.securityweek.com/less-malware-better-quality-av-test

    While the number of malware samples spotted in 2016 decreased compared to the previous year, threats have been more sophisticated, according to the latest security report from antivirus research company AV-TEST.

    AV-TEST identified roughly 127.5 million malware samples last year, which represents a 14% decrease from the 144 million seen in 2015. This translates to approximately 350,000 new samples each day, or four new samples per second.

    The number of samples may have declined, but malware is becoming increasingly sophisticated, as demonstrated by the NotPetya and WannaCry ransomware attacks, banking Trojans, and threats designed to target Internet of Things (IoT) devices. This includes complex encryption and increased flexibility in the case of ransomware, and the use of special malware in attacks aimed at the SWIFT banking network.

    Ransomware development peaked in the first quarter of 2017, with more than 110,000 samples detected by the company in April.

    Reply
  21. Tomi Engdahl says:

    NeutrinoPoS – Old Trojan Shifts to New Targets
    http://www.securityweek.com/neutrinopos-old-trojan-shifts-new-targets

    Kaspersky Lab security researchers have observed a new step in the evolution of the Neutrino malware, with a recently observed variant targeting point of sale (PoS) terminals.

    The first thing that caught researchers’ attention was that the malware takes a long sleep before starting its malicious routine, in an attempt to avoid anti-virus sandboxes. The malware uses a pseudorandom number generator to determine the period of delay

    NeutrinoPOS was observed mainly infecting users in Russia and Kazakhstan, and Kaspersky notes that nearly 10% of the infected computers belong to small business corporate customers.

    “Despite belonging to an old, well-known and researched family, [Neutrino] continues to bring various surprises to malware analysts and researchers in the form of atypical functionality or application. We can see the same situation with Mirai forks, for example, which generate an enormous count across all platforms and in different species,” Yunakovsky says.

    The researcher also notes that Neutrino variants “with functionality for crypto-currency mining” might already be in the works.

    Reply
  22. Tomi Engdahl says:

    Enabling a “Secure Summer Mindset” for Employees
    http://www.securityweek.com/enabling-secure-summer-mindset-employees%C2%A0

    As employees spend more time outside the office in the summer months, risk increases. Most of us bring our work, and the devices that we use to access it, with us wherever we go, including on our vacations. Keeping up with work so that we’re not buried when we return is a real temptation, although not the healthiest way to decompress.

    1. Be suspicious of public Wi-Fi hotspots
    2. Keep your device locked
    3. Use Two-Factor Authentication (2FA)
    4. Out of Office messages
    5. Update your software

    Reply
  23. Tomi Engdahl says:

    The Truth About Micro-Segmentation: It’s Not About the Network (Part 1)
    http://www.securityweek.com/truth-about-micro-segmentation-its-not-about-network-part-1

    Never confuse a marketecture from an architecture. Marketecture is how to simplify a company’s technology to represent what a product can do.

    By contrast, architectures represent the overall components, interrelationships and operations of products. It is how things really work. And the devil is in the details, especially when it comes to micro-segmentation.

    A purely network-centric approach to micro-segmentation cannot operate at scale or deliver complete data center and cloud security. Traffic steering, service-chaining, and requiring proprietary network operations falls apart in today’s dynamic, distributed, heterogeneous and distributed computing operations. The proprietary network chokepoint/enforcement point model re-introduces the complexity of client server technology into the cloud world. When a vendor talks about throughput in the context of security in today’s hybrid cloud world, they are reaching for the past, not the future.

    The big “aha” for security and networking teams is not that segmentation will support better data center hygiene – they already knew that. What is different is that network segmentation is related to, security segmentation, but is not the same. While network segmentation and security segmentation both introduce forms of isolation, they were built for different purposes:

    ● Network segmentation was designed initially to create smaller networks (subnets) to reduce performance considerations such as layer 2 broadcast storm, and then later to create isolation. It is built on top of IP addressing.

    ● Security segmentation focuses on the policy model of applications: should applications and application components be allowed to communicate and is built on top of data/workload tagging.

    The original segmentation model for the data center was the network security perimeter firewall.

    Network devices do a good job of coarse grain, micro-segmentation, not only for the perimeter, but for well-defined zones that include environmental separation in relatively static and well-defined boundaries.

    Where networking fails – and this includes the network stack in the hypervisor or containers – is where you need the more granular security segmentation of micro-segmentation. As you move to ringfence applications, tiers of applications or individual workloads, the network and hypervisor model both lacks the context and the flexibility to do the job. What happens if an application spans several data centers?

    While the network- and hypervisor-centric versions of micro-segmentation do a fine job of “micro-segmentation” (i.e., read environmental segmentation), they then become complex and operationally stultified when you move to true micro-segmentation.

    This becomes self-evident as we move to the need to segment processes or individual ports at the workload or container level.

    Said simply: networks are great for macro-segmentation, but software-centric approaches are required for micro-segmentation.

    Reply
  24. Tomi Engdahl says:

    The Emergence of Virtual Reality and Augmented Reality in the Security Operations Center
    https://securityintelligence.com/the-emergence-of-virtual-reality-and-augmented-reality-in-the-security-operations-center/

    Organizations are increasingly clustering their skills and capabilities into security operations centers (SOCs). An SOC is a focused facility where security specialists monitor, assess and defend against computer security issues. Introducing virtual reality (VR) and augmented reality (AR) technology into this environment can enhance the team’s performance.

    An organization wishing to invest in an SOC typically has two options to accomplish this goal:

    1. Set up an SOC staffed by its own security team, at a site exclusive to them and under their control.
    2. Leverage the skills, technologies and capabilities of an existing managed service.

    But with a global skills gap translating to an estimated 1.8 million unfilled cybersecurity positions by 2022, it is critical to find better ways to detect and identify threats and vulnerabilities.

    What Can Augmented Reality Offer an SOC?

    The VR experience has the potential to further evolve into the AR space, where digital contexts and layers can be presented on top of the real-world SOC itself.

    With AR, any operator at any level can superimpose views on the fly to augment the data presented, improving forecasting, analysis and decision-making. AR is also a prevalent emerging technology with significant advantages over the VR prototype we built. In the case of the SOC, AR could enable a personalized and customizable second virtual screen (or view) for each operator.

    Reply
  25. Tomi Engdahl says:

    Nathaniel Popper / New York Times:
    Dark web market AlphaBay down since Tuesday, prompting fears of law enforcement action or theft of user funds; admins claim the site is down for maintenance

    AlphaBay, Biggest Online Drug Bazaar, Goes Dark, and Questions Swirl
    https://www.nytimes.com/2017/07/06/business/dealbook/alphabay-online-drug-bazaar-goes-dark.html

    The largest online black market for drugs, AlphaBay, has been down for nearly two days, raising questions about whether it was seized by law enforcement authorities or taken down in a swindle.

    The administrators of AlphaBay have posted on the social network Reddit that they are doing maintenance and that the site should be up again soon. But those messages were posted long after AlphaBay went down on Tuesday, leading to rampant speculation among its users.

    Reply
  26. Tomi Engdahl says:

    Brit teen accused of running malware factory and helpdesk for crims
    http://www.theregister.co.uk/2017/07/05/brit_student_charged_as_malware_mastermind/

    Lad cuffed after worldwide manhunt leads cops to parents’ home in Stockport, UK

    A British teenager is accused of flogging and supporting malware used to launch distributed denial-of-service attacks against top multinationals.

    Reply
  27. Tomi Engdahl says:

    Google Punished Chinese Certificate Authorities for Deceiving.

    Google Chrome Bans Chinese SSL Certificate Authorities WoSign and StartCom
    http://thehackernews.com/2017/07/chrome-certificate-authority.html?m=1

    As a punishment announced last October, Google will no longer trust SSL/TLS certificate authorities WoSign and its subsidiary StartCom with the launch of Chrome 61 for not maintaining the “high standards expected of CAs.”

    Reply
  28. Tomi Engdahl says:

    Cory Doctorow / Electronic Frontier Foundation:
    After controversial vote, W3C announces it will publish Encrypted Media Extensions, a type of DRM for web video, without protection for security researchers — Early today, the World Wide Web Consortium (W3C) standards body publicly announced its intention to publish Encrypted Media Extensions …

    Amid Unprecedented Controversy, W3C Greenlights DRM for the Web
    https://www.eff.org/deeplinks/2017/07/amid-unprecedented-controversy-w3c-greenlights-drm-web

    Today, the W3C announced that it would publish its DRM standard with no protections and no compromises at all.

    Early today, the World Wide Web Consortium (W3C) standards body publicly announced its intention to publish Encrypted Media Extensions (EME)—a DRM standard for web video—with no safeguards whatsoever for accessibility, security research or competition, despite an unprecedented internal controversy among its staff and members over this issue.

    EME is a standardized way for web video platforms to control users’ browsers, so that we can only watch the videos under rules they set. This kind of technology, commonly called Digital Rights Management (DRM), is backed up by laws like the United States DMCA Section 1201 (most other countries also have laws like this).

    EFF objects to DRM: it’s a bad idea to make technology that treats the owner of a computer as an adversary to be controlled, and DRM wrecks the fairness of the copyright bargain by preventing you from exercising the rights the law gives you when you lawfully acquire a copyrighted work (like the rights to make fair uses like remix or repair, or to resell or lend your copy).

    Today, the W3C announced that it would publish its DRM standard with no protections and no compromises at all, stating that W3C Director Tim Berners-Lee had concluded that the objections raised “had already been addressed” or that they were “overruled.”

    Even by the W3C’s own measures, EME represents no improvement upon a non-standards approach, and in some important ways, the W3C’s DRM is worse than an ad-hoc, industry approach.

    At root is the way that DRM interacts with the law.

    EME only solves part of the video-transmission standard: for a browser to support EME, it must also license a “Content Decryption Module” (CDM). Without a CDM, video just doesn’t work.

    All the big incumbents advocating for DRM have licenses for CDMs, but new entrants to the market will struggle to get these CDMs

    The W3C says that none of this makes DRM any worse than what was there before the standards effort, but they’re dead wrong. DRM is covered by a mess of criss

    Disposition of Comments for Encrypted Media Extensions and Director’s decision
    https://lists.w3.org/Archives/Public/public-html-media/2017Jul/0000.html

    On March 16, the W3C solicited a review from its Advisory Committee of
    the Encrypted Media Extensions on its advancement to Recommendation:

    Reply
  29. Tomi Engdahl says:

    DJI Is Locking Down Its Drones Against a Growing Army of DIY Hackers
    https://motherboard.vice.com/en_us/article/3knkgn/dji-is-locking-down-its-drones-against-a-growing-army-of-diy-hackers

    Drone hackers have forced DJI into an arms race.

    The tension between drone pilots who want complete control over their aircraft that they bought and DJI, the world’s biggest consumer grade drone maker, has come to a head. An arms race between hackers and the company is earnestly underway.

    On YouTube, Facebook, drone forums, and Slack groups around the internet, hackers have published instructions for altering the firmware on DJI’s drones, leading to a rising number of drone pilots who have circumvented flight restrictions imposed by DJI on its products. In recent days the company has updated its software to render these hacks moot, and has started removing vulnerable versions of its firmware from its servers in an attempt to regain control of its drones.

    Reply
  30. Tomi Engdahl says:

    Marcus Baram / Fast Company:

    How Software Is Eating The Military And What That Means For The Future Of War
    https://www.fastcompany.com/40436077/how-software-is-eating-the-military-and-what-that-means-for-the-future-of-war

    As software-based weapons and information systems start to touch all phases of conflict, military leaders are grappling with a new set of challenges.

    How Software Is Eating The Military And What That Means For The Future Of War
    https://www.fastcompany.com/40436077/how-software-is-eating-the-military-and-what-that-means-for-the-future-of-war
    As software-based weapons and information systems start to touch all phases of conflict, military leaders are grappling with a new set of challenges.

    Reply
  31. Tomi Engdahl says:

    China’s mobile operators are reportedly being told to ban all use of VPNs
    https://techcrunch.com/2017/07/10/china-vpn-ban/?ncid=rss&utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook

    China’s latest move to crackdown on VPN software that enables people to circumvent its internet censorship system appears to be a very worrying one.

    Bloomberg reports that the government has requested that state-run telecom operators prevent their customers from running VPN apps on their network. Citing sources, the publication said that the government intends for the VPN block to come into effect by February 1 2018.

    The impact of such a move would be enormous. China Mobile (860 million subscribers), China Unicom (268 million subscribers) and China Telecom (227 million subscribers) are the biggest three telcos and each is stated-owned.

    An effective block on VPNs would mean that these customers would be unable to access websites blocked by the government.

    Beijing has played cat and mouse with VPN providers over the past few years.

    Bloomberg’s report comes just over a month after China instituted a wide-ranging set of cybersecurity laws that could potentially impact foreign businesses.

    Reply
  32. Tomi Engdahl says:

    ransomware disadvantages came to big headlines, especially through the Spring Wannacry epidemic.

    The AV-Test report reveals that keystrokes in the crunch software use the latest encryption methods. The RSA key is 1024 to 4096 bits wide, the AES key 256 bits. In practice this means that the key can not be broken by any practical means.

    However, Ransomware is a very marginal phenomenon. For example, Windows malware still accounts for less than one percent. Nearly 87 percent of the Windows disadvantages are viruses, worms and Trojans.

    Source: http://www.etn.fi/index.php/13-news/6549-kiristyshaittaohjelmaa-ei-voi-murtaa

    Reply
  33. Tomi Engdahl says:

    Russell Brandom / The Verge:
    Two-factor authentication is a mess, as companies offer various implementations, with SMS and email account recovery methods vulnerable to determined hackers

    Two-factor authentication is a mess
    It was supposed to be a one-stop security fix. What happened?
    https://www.theverge.com/2017/7/10/15946642/two-factor-authentication-online-security-mess

    For years, two-factor authentication has been the most important advice in personal cybersecurity — one that consumer tech companies were surprisingly slow to recognize. The movement seemed to coalesce in 2012, after journalist Mat Honan saw hackers compromise his Twitter, Amazon, and iCloud accounts, an incident he later detailed in Wired.

    At the time, few companies offered easy forms of two-factor, leaving limited options for users worried about a Honan-style hack. The result was a massive public campaign that demanded companies to adopt the feature, presenting two-factor as a simple, effective way to block account takeovers.

    Five years later, the advice is starting to wear thin. Nearly all major web services now provide some form of two-factor authentication, but they vary greatly in how well they protect accounts. Dedicated hackers have little problem bypassing through the weaker implementations, either by intercepting codes or exploiting account-recovery systems. We talk about two-factor like aspirin — a uniform, all-purpose fix that’s straightforward to apply — but the reality is far more complex. The general framework still offers meaningful protection, but it’s time to be honest about its limits. In 2017, just having two-factor is no longer enough.

    Reply
  34. Tomi Engdahl says:

    Bloomberg:
    Sources: Chinese government has told state-run telecoms to block individuals’ access to VPNs by February 1, 2018

    China Tells Carriers to Block Access to Personal VPNs by February
    https://www.bloomberg.com/news/articles/2017-07-10/china-is-said-to-order-carriers-to-bar-personal-vpns-by-february

    2018 deadline to stop individuals from accessing global web
    Tightening controls come amid Xi’s goal of “cyber-sovereignty”

    China’s government has told telecommunications carriers to block individuals’ access to virtual private networks by Feb. 1, people familiar with the matter said, thereby shutting a major window to the global internet.

    Beijing has ordered state-run telecommunications firms, which include China Mobile, China Unicom and China Telecom, to bar people from using VPNs, services that skirt censorship restrictions by routing web traffic abroad, the people said, asking not to be identified talking about private government directives.

    The clampdown will shutter one of the main ways in which people both local and foreign still manage to access the global, unfiltered web on a daily basis. China has one of the world’s most restrictive internet regimes, tightly policed by a coterie of government regulators intent on suppressing dissent to preserve social stability.

    Reply
  35. Tomi Engdahl says:

    Davey Alba / Wired:
    As internet firms receive more orders to remove content worldwide, experts worry the internet could be forced to comply globally with the strictest local laws — THE RULINGS ON online speech are coming down all over the world. Most recently, on June 30, Germany passed a law …

    The World May Be Headed for a Fragmented ‘Splinternet’
    https://www.wired.com/story/splinternet-global-court-rulings-google-facebook

    The rulings on online speech are coming down all over the world. Most recently, on June 30, Germany passed a law that orders social media companies operating in the country to delete hate speech within 24 hours of it being posted, or face fines of up to $57 million per instance. That came two days after a Canada Supreme Court ruling that Google must scrub search results about pirated products. And in May a court in Austria ruled that Facebook must take down specific posts that were considered hateful toward the country’s Green party leader. Each of those rulings mandated that companies remove the content not just in the countries where it was posted, but globally. Currently, in France, the country’s privacy regulator is fighting Google in the courts to get the tech giant to apply Europe’s “right to be forgotten” laws worldwide. And, around the world, dozens of similar cases are pending.

    The trend of courts applying country-specific social media laws worldwide could radically change what is allowed to be on the internet, setting a troubling precedent. What happens to the global internet when countries with different cultures have sharply diverging definitions of what is acceptable online speech?

    Reply
  36. Tomi Engdahl says:

    Reuters:
    Indian telecom operator Reliance Jio is investigating an alleged data breach of 100M+ customers including names, telephone numbers, and email addresses — India’s Reliance Jio is investigating whether personal data of over 100 million of its customers had leaked onto a website …

    India telecom operator Reliance Jio investigating claims of data breach
    http://www.reuters.com/article/us-reliance-jio-cyber-idUSKBN19U10X

    India’s Reliance Jio is investigating whether personal data of over 100 million of its customers had leaked onto a website, in what analysts said could be the first ever large-scale breach at an Indian telecom operator.

    Jio, India’s newest telecoms entrant, said that the data on the website, “Magicapk.com”, appeared to be “unauthentic” and that its subscriber data was safe and maintained with the highest security.

    Newspaper Indian Express said it was able to cross-verify details on a number of Jio customers known to them.

    Reply
  37. Tomi Engdahl says:

    Electronic Frontier Foundation:
    EFF Gov’t Data Requests 2017 report finds Adobe, Dropbox, Pinterest, Uber, Wickr, and WordPress best protect users; AT&T, Verizon, Comcast, T-Mobile fall short

    Who Has Your Back? Government Data Requests 2017
    https://www.eff.org/who-has-your-back-2017

    Executive Summary

    In this era of unprecedented digital surveillance and widespread political upheaval, the data stored on our cell phones, laptops, and especially our online services are a magnet for government actors seeking to track citizens, journalists, and activists.

    In 2016, the United States government sent at least 49,868 requests to Facebook for user data. In the same time period, it sent 27,850 requests to Google and 9,076 to Apple.1 These companies are not alone: where users see new ways to communicate and store data, law enforcement agents see new avenues for surveillance.

    Reply
  38. Tomi Engdahl says:

    Charlie Osborne / ZDNet:
    Google plans to completely distrust certificates issued by WoSign and StartCom with its Chrome 61 release, following several instances of wrongly issued certs

    Google guillotine falls on certificate authorities WoSign, StartCom
    http://www.zdnet.com/article/google-guillotine-falls-on-certificate-authorities-wosign-startcom/

    When Chrome 61 is released, the Chinese CA and its subsidiary will be completely blacklisted.

    Reply
  39. Tomi Engdahl says:

    Chris Duckett / ZDNet:
    After tweet about discussing an “impenetrable Cyber Security unit” with Putin, Trump tweets he doesn’t think the joint effort can happen

    Trump backs down from ‘impenetrable cyber unit’ with Russia
    http://www.zdnet.com/article/trump-backs-down-from-impenetrable-cyber-unit-with-russia/

    Fellow politicians have lined up to deride US President Donald Trump’s idea of a cybersecurity partnership with Russia.

    Only 13 hours after floating the idea of forming an “impenetrable Cyber Security unit” alongside Russia that would prevent “election hacking”, United States President Donald Trump has backed away from his previous statement.

    “The fact that President Putin and I discussed a Cyber Security unit doesn’t mean I think it can happen. It can’t,” Trump said on Twitter on Sunday night US time.

    “Putin & I discussed forming an impenetrable Cyber Security unit so that election hacking, & many other negative things, will be guarded and safe,” Trump wrote on Twitter earlier in the day.

    “It’s not the dumbest idea I have ever heard, but it’s pretty close,” Graham told NBC’s Meet the Press program.

    Rubio, on Twitter, said: “Partnering with Putin on a ‘Cyber Security Unit’ is akin to partnering with [Syrian President Bashar al] Assad on a ‘Chemical Weapons Unit’.”

    “If that’s our best election defence, we might as well just mail our ballot boxes to Moscow,” Schiff added.

    Putin said in June that his country does not conduct hacking activities, but that patriotic Russians might strike out and attack others.

    “Hackers are free people, just like artists who wake up in the morning in a good mood and start painting,” Putin said at the time.

    Reply
  40. Tomi Engdahl says:

    Ingrid Lunden / TechCrunch:
    UK cybersecurity startup Darktrace raises $75M Series D led by Insight Venture Partners, at an $825M valuation

    More funding for AI cybersecurity: Darktrace raises $75M at an $825M valuation
    https://techcrunch.com/2017/07/11/more-funding-for-ai-cybersecurity-darktrace-raises-75m-at-an-825m-valuation/

    With cybercrime projected to reap some $6 trillion in damages by 2021, and businesses likely to invest around $1 trillion over the next five years to try to mitigate that, we’re seeing a rise of startups that are building innovative ways to combat malicious hackers. In the latest development, Darktrace — a cybersecurity firm that uses machine learning to detect and stop attacks — has raised $75 million, giving the startup a post-money valuation of $825 million, on the back of a strong business: the company said it has a total contract value of $200 million, 3,000 global customers and has grown 140 percent in the last year.

    The funding will be used to expand the company’s business operations into more markets. Notably, Darktrace also separately announced today that it is now in a strategic partnership with Hong Kong-based CITIC Telecom CPC, a telecoms firm serving China and other parts of Asia, “to bring next-generation cyber defense to businesses across Asia Pacific.”

    IT security has been around for as long as we have even had a concept of IT, but a wave of new threats — such as polymorphic malware that changes profile as it attacks — plus the ubiquity of networked and cloud-based services, has rendered many of the legacy antivirus and other systems obsolete, simply unable to cope with what’s being thrown at organisations and the individuals that are a part of them.

    Reply
  41. Tomi Engdahl says:

    Issie Lapowsky / Wired:
    A look at QuantaVerse’s AI tech that is increasingly being used to identify financial crimes in some of the world’s biggest ban

    Banks Deploy AI to Cut Off Terrorists’ Funding
    https://www.wired.com/story/quantaverse-ai-terrorist-funding

    One thing that makes ISIS so hard to fight is that the terrorist network is diffuse and scattered, with small cells of operatives all over the world. Not only does this make it hard for law enforcement to predict where the group might strike next; it makes it incredibly complicated to track activity on the network—activity like banking transactions. Small sums of money flow from foreign fighter to foreign fighter, yet banks struggle to identify it within their systems.

    Banks have long used anti-money laundering systems to flag suspicious activity, and in the aftermath of September 11th, they have turned to those same legacy tools to catch terror-related transactions, too. But these legacy tools are not up to the job. They rely upon hard-coded “if-then” rules about predictably suspicious behavior.

    The pattern of small transactions a terrorist in hiding makes might not raise red flags for the usual anti-money-laundering systems.

    Unless those systems use artificial intelligence.

    Banks are increasingly turning to machine learning to mine vast quantities of bank data and find anomalies in accounts and transactions that might otherwise have gone unnoticed. “It’s a surgical approach to finding a needle in a haystack,”

    Banks Must Help Find Criminals

    Ever since the Bank Secrecy Act of 1970, banks have been required to assist government agencies in detecting money laundering. Software has helped automate that process somewhat. Yet, the process is beset by false positives, in which the system flags behavior that is not actually criminal. A recent Dow Jones survey of more than 800 anti-money laundering professionals found that nearly half of them said false positive alerts hurt their confidence in the accuracy of the screening process.

    Still, to comply with governments, banks invest billions of dollars in these systems every year. “That’s billions invested—a lot of humans investigating the flags a legacy system will generate, and a large majority of those turn out not to be financial crimes,” says David McLaughlin, who founded QuantaVerse in 2014. “Meanwhile, the real financial crimes are going unnoticed.”

    Reply
  42. Tomi Engdahl says:

    Ewan Spence / Forbes:
    HP Elitebook x360 review: security built into hardware, built-in privacy screen, great software and design with wide range of ports, starts at $1,279

    https://www.forbes.com/sites/ewanspence/2017/07/09/microsoft-windows10-hp-elitebook-x360-g2-review/#48584d806b51

    It also supports HP’s SmartCard security system, a Kensington security lock port, and HP’s legacy AC barrel port for charing. Curiously, the laptop will also charge through the USB-C port if you have a high enough rated power supply and a good quality USB-C cable. The balance between new methods and legacy support in the business environment is evident.

    Reply
  43. Tomi Engdahl says:

    Dropping Zip Bombs on Vulnerability Scanners
    http://hackaday.com/2017/07/08/dropping-zip-bombs-on-vulnerability-scanners/

    If you’ve ever looked at the server logs of a computer that lives full-time on the Internet, you know it’s a rough world out there. You’ll see hundreds of attempts per day to break in to your one random little box. Are you going to take that sitting down? Christian Haschek didn’t.

    Instead of simply banning IPs or closing off services, [Christian] decided to hit ’em where it hurts: in the RAM. Now, whenever a bot hits his server looking for a poorly configured WordPress install, he serves them 10 GB of zeroes, compressed down into 10 MB

    The classic trick uses zip multiple times on itself, which lets you compress arbitrarily large files into just a few kB.

    Nobody really knows if this works on the bad guys’ servers, but [Christian] said that they stopped hitting him after downloading a couple payloads.

    How to defend your website with ZIP bombs
    the good old methods still work today
    https://blog.haschek.at/2017/how-to-defend-your-website-with-zip-bombs.html

    Reply
  44. Tomi Engdahl says:

    The .io Error – Taking Control of All .io Domains With a Targeted Registration
    https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/index.html

    Since a TLD can have authoritative nameservers at arbitrary domain names it’s possible that through a misconfiguration, expiration, or some other issue that someone would be able to register a nameserver domain name and use it to serve new DNS records for the entire TLD zone.

    As it turns out, this method was not only a plausible way to attack a TLD, it actually led to the compromise of the biggest TLD yet.

    The .io Anomaly
    While graphing out the DNS delegation paths of various TLDs late on a Friday night I noticed a script I had written was giving me some unexpected results for the .io TLD

    It appeared that Gandi’s API was returning that multiple .io nameserver domains were available for purchase! This does not necessarily mean you can actually register these domain names however

    Reporting a Security Issue in a TLD
    With my server no longer responding to any DNS queries my mind was then set on getting this fixed as quickly as possible. My main concern was that there were still multiple other nameserver domains which could still be registered and that could be done by anyone with the money and the knowledge to do so.

    Later that day I called NIC.IO’s support phone number and requested the appropriate email to contact any security personnel/team that they had for the TLD.

    All said and done this was actually an excellent response time

    Impact
    Given the fact that we were able to take over four of the seven authoritative nameservers for the .io TLD we would be able to poison/redirect the DNS for all .io domain names registered.

    I’ve already written at some length about how some of these issues could be mitigated from a TLD perspective

    Reply
  45. Tomi Engdahl says:

    Bloomberg:
    Company emails: Kaspersky Lab has made products for Russian intelligence and accompanied agents on raids; CEO has insisted that ties to Kremlin are “total BS”

    Kaspersky Lab Has Been Working With Russian Intelligence
    https://www.bloomberg.com/news/articles/2017-07-11/kaspersky-lab-has-been-working-with-russian-intelligence

    Emails show the software-security maker developed products for the FSB and accompanied agents on raids.

    Russian cybersecurity company Kaspersky Lab boasts 400 million users worldwide. As many as 200 million may not know it. The huge reach of Kaspersky’s technology is partly the result of licensing agreements that allow customers to quietly embed the software in everything from firewalls to sensitive telecommunications equipment—none of which carry the Kaspersky name.

    BOTTOM LINE – Kaspersky Lab’s ties to the Russian government may threaten its business in the U.S. and Western Europe, which account for almost 60 percent of its sales.

    Reply
  46. Tomi Engdahl says:

    Lorenzo Franceschi-Bicchierai / Motherboard:
    1Password moves away from one-time licensing with a local storage option to a cloud-based $2.99/month subscription

    Why Security Experts Are Pissed That ‘1Password’ Is Pushing Users to the Cloud
    https://motherboard.vice.com/en_us/article/evdbdz/why-security-experts-are-pissed-that-1password-is-pushing-users-to-the-cloud

    1Password is moving away from its one-time license, local storage option, and security researchers are not happy about it.

    If you’re worried about getting hacked and want to keep your data safe, one of the easiest things to do is use a password manager, an app that let’s you create and store unique passwords for all of your services in a secure vault. If you use one of these, all you need to remember is one strong master password—something your brain can very well do—and the app takes care of remembering dozens of unique passwords across the web.

    There are many different password managers, but in the last few years, 1Password has become a favorite for hackers and security researchers who often recommend it above all other alternatives.

    What makes 1Password different, and more desirable for certain sectors of the hacker and security community, is that it allows users to keep all their passwords stored in a local “vault,” a password protected database that only lives inside their computers or smartphones. For some, this is better because your passwords never leave your computer, meaning that the user has complete control over their passwords

    Last weekend, though, several security researchers tweeted that 1Password was moving away from allowing people to pay for a one-time license and have local password vaults, in favor of its cloud-based alternative that requires a monthly subscription.

    “We cannot recommend them.”

    Using the cloud-based alternative is much easier for regular people. You can check your passwords from any computer by logging into your account on 1Password.com, and your passwords can still be retrieved if you lose your device. This is the same model most password managers (such as LastPass) use.

    Hicks also clarified that the new 1Password for Windows is “is built for1Password.com and has no licence option.” So, in practice, Windows user already are forced into the cloud.

    In other words, 1Password really wants you to stop using its local storage version, though Hicks also added that the company is not planning to “remove support for local/Dropbox/iCloud vaults from the software,” at least for now.

    Reply
  47. Tomi Engdahl says:

    Reuters:
    Sources: Symantec in talks to sell web certificate business, which it bought from Verisign for $1.28B in 2010, for $1B+

    Symantec explores selling web certificates business: sources
    http://www.reuters.com/article/us-symantec-divestiture-idUSKBN19W2WI

    (Reuters) – Cybersecurity firm Symantec Corp (SYMC.O) is considering selling its website certification business, in a deal that could fetch more than $1 billion and extricate it from a feud with Alphabet Inc’s (GOOGL.O) Google, people familiar with the matter said on Tuesday.

    Google said in March that it was investigating Symantec’s failure to properly validate its certificates, which confirm that websites can be trusted.

    Symantec said in June it was reviewing a proposal by Google and other internet companies to help fix issues with its security certificates.

    Symantec acquired most of its web certification business in 2010, when it paid $1.28 billion to buy Verisign Inc’s (VRSN.O) security business. The unit has about $400 million in revenue, according to one of the sources.

    moving away from services that are more commoditized

    Reply
  48. Tomi Engdahl says:

    Here’s how trolls treat the women of CNET
    The internet can be a hateful place for women. CNET’s comment section is no different.
    https://www.cnet.com/news/cnet-women-hate-troll-comments/

    We’ve received countless reader comments over the years. Usually, CNET readers are thoughtful and insightful. Their comments provide constructive criticism and move the conversation forward.

    Usually, but not always. There is a small but vocal group of readers who regularly leave disturbing and hateful comments on our site. Sadly though predictably, these comments are often lobbed at the women of CNET.

    This isn’t to say that our male colleagues don’t get nasty comments too.

    It’s gone on for years and continues to do so.

    Reply
  49. Tomi Engdahl says:

    This lawsuit could shut internet Nazis down
    https://www.cnet.com/news/taking-trolls-to-court-lawsuit-targets-the-daily-stormer/

    The victim of a troll attack takes on the neo-Nazi who runs “the top hate site in America.” The result might prompt trolls to think twice before they post.

    In a federal lawsuit filed in April, Gersh accuses Andrew Anglin, who publishes the neo-Nazi Daily Stormer website, of invading her privacy, intentionally inflicting emotional distress and violating Montana’s Anti-Intimidation Act by organizing more than 700 instances of harassment since December 2016.

    Gersh’s lawsuit, if successful, could change the environment for hate sites, making it clear to trolls they can be held responsible for the repercussions of what they write, at least in US civil cases. The SPLC has used similar tactics against hate groups since the 1980s, according to its newsletter, the SPLC Report, though many of those cases occurred before widespread adoption of the internet.

    Criminal cases are often hard to pursue, experts say, in part because law enforcement officials may not understand online harassment the way they understand stalking, for example, or take it as seriously as other kinds of intimidation. The situation is complicated by the fact that no one law enforcement agency goes after cyberharassment in particular.

    Reply
  50. Tomi Engdahl says:

    Wildcard Certificates Coming January 2018
    Jul 6, 2017 • Josh Aas, ISRG Executive Director
    https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html

    Let’s Encrypt will begin issuing wildcard certificates in January of 2018. Wildcard certificates are a commonly requested feature and we understand that there are some use cases where they make HTTPS deployment easier. Our hope is that offering wildcards will help to accelerate the Web’s progress towards 100% HTTPS.

    Let’s Encrypt is currently securing 47 million domains via our fully automated DV certificate issuance and management API.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*