Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for February 2016

Check Point Announces Breach Detection and Operation Technology Partnerships

Check Point Announces Breach Detection and Operation Technology Partnerships

Check Point has announced partnerships with SCADAfence and GuardiCore to secure smart manufacturing networks and protect critical assets in the modern data center.

The collaboration between SCADAfence and Check Point mitigates inherent risks for manufacturers including operational downtime, process manipulation and theft of intellectual property, which can come with connecting operation technology networks with traditional information technology networks in the pharmaceutical, chemical, automotive and food and beverage industries.

“Check Point’s ICS/SCADA cyber security solutions provide advanced threat prevention paired with ruggedized appliance options and comprehensive protocol support with full visibility and granular control of SCADA traffic in order to ensure vital industrial assets are never compromised,” said Alon Kantor, vice president of business development, Check Point.

“We are pleased to have SCADAfence join us in offering an augmented solution to help keep customers one step ahead in securing these critical infrastructure and industrial control organizations”

Also, GuardiCore’s breach detection technology, a core component of its Data Center Security Suite, has been integrated with Check Point to help organizations better protect their data centers from targeted attacks. GuardiCore now works with Check Point vSEC Virtual Gateways to provide real-time data center breach intelligence, allowing administrators to block ongoing and future attacks inside the data center and at the perimeter.

Once GuardiCore detects a breach inside the data center, it provides Indicators of Compromise to Check Point Security Gateways using the STIX API, allowing security administrators to block future attacks in the data center and at the perimeter.

Kantor said: “Integrating Check Point vSec Virtual Gateways with IOCs generated by GuardiCore enhances our comprehensive security platform. Now, our customers can quickly detect breaches and block future attacks by securing virtual machines (VMs) and applications with the full range of protections of the Check Point Software Blade architecture.”

Source: Information Security Magazine

MouseJack Flaw Affects Billions of Devices

MouseJack Flaw Affects Billions of Devices

A massive security risk in wireless mice and keyboard dongles is leaving billions of PCs, Macs and millions of enterprise networks at risk.

Using an attack which Bastille researchers have named “MouseJack,” hackers can remotely hack the mice from within 100 meters away. Once paired, the MouseJack operator can insert keystrokes or malicious code with the full privileges of the PC owner and infiltrate networks to access sensitive data. The attack is at the keyboard level; therefore, PC’s, Macs and Linux machines using wireless dongles can all be victims.

Affected vendors include: Logitech, Dell, HP, Lenovo, Microsoft, Gigabyte, AmazonBasics, but most non-Bluetooth wireless dongles are vulnerable.

“MouseJack poses a huge threat, to individuals and enterprises, as virtually any employee using one of these devices can be compromised by a hacker and used as a portal to gain access into an organization’s network,” said Chris Rouland, founder, CTO, Bastille. “The MouseJack discovery validates our thesis that wireless internet of things (IoT) technology is already being rolled out in enterprises that don’t realize they are using these protocols.”

As protocols are being developed so quickly, they have not been through sufficient security vetting, he added: “The top 10 wearables on the market have already been hacked and we expect millions more commercial and industrial devices are vulnerable to attack as well. MouseJack underscores the need for security across the entire RF spectrum as exploitation of IoT devices via radio frequencies is becoming increasingly popular among the hacker community.”

The MouseJack vulnerability affects a large percentage of wireless mice and keyboards, as these devices are ubiquitous and often found in sensitive environments. While some vendors will be able to offer patches for the MouseJack flaw with a firmware update, many dongles were designed to not be updatable. Consumers will need to check with their vendor to determine if a fix is available or consider replacing their existing mouse with a secure one.

“Wireless mice and keyboards are the most common accessories for PC’s today, and we have found a way to take over billions of them,” said Marc Newlin, Bastille’s engineer responsible for the MouseJack discovery. “MouseJack is essentially a door to the host computer. Once infiltrated, which can be done with $15 worth of hardware and a few lines of code, a hacker has the ability to insert malware that could potentially lead to devastating breaches. What’s particularly troublesome about this finding is that just about anyone can be a potential victim here, whether you’re an individual or a global enterprise.”

Photo © anaken2012

Source: Information Security Magazine

(ISC)2 Opens Noms for US Government Security Awards

(ISC)2 Opens Noms for US Government Security Awards

(ISC)2 has opened the nominations process for its 2016 U.S. Government Information Security Leadership Awards (GISLA).

The GISLA program, which is sponsored by the (ISC)2 U.S. Government Advisory Council (USGAC), was established in 2004 as part of (ISC)2’s effort to recognize government information security leaders whose commitment to excellence is helping to improve government information security and to advance an in-demand workforce.

Awards are given in several categories to recognize individuals whose initiatives in the areas of technology improvement, process/policy improvement, workforce improvement and as an up-and-comer have led to significant improvements in the security posture of a department, agency or the entire US government. Awards are also given for outstanding team projects in the areas of community awareness and industry partnership.

“Each year, GISLA nominees demonstrate that people can be their organization’s greatest cybersecurity asset,” said Dan Waddell, (ISC)² managing director, North America Region, and director, U.S. Government Affairs. “Through the GISLA program, (ISC)2 is in the unique position to set the bar for the future workforce and to validate to organizations that investing in the human element of security will yield a high return.”

A nominations committee comprised of senior information security experts from government and industry will review and select winners from the six categories of finalists based upon the selection criteria and eligibility requirements. The submission deadline for nominations is March 11, 2016.

(ISC)2 officials, sponsors and others will honor the 2016 GISLA recipients at a gala dinner and awards ceremony being held on May 19, 2016, in conjunction with (ISC)2’s CyberSecureGov training event in Washington D.C.

Photo © Chones

Source: Information Security Magazine

Most SSL VPNs are Wildly Insecure

Most SSL VPNs are Wildly Insecure

VPNs are a time-worn fixture of the enterprise landscape, allowing users to securely access a private network and share data remotely through public networks. Unfortunately, they’re also often full of security issues, like the fact that 77% of tested SSL VPNs still use the insecure SSLv3 protocol.

High-Tech Bridge conducted large-scale Internet research on live and publicly-accessible SSL VPN servers, and found that in addition, only about a hundred of the tested servers have SSLv2.

“SSLv3 protocol was created in early 1996,” explained the firm in its report. “Today, its failings are recognized and it’s not recommended, with the majority of international and national security standards and compliance norms, such PCI DSS or NIST SP 800-52, prohibiting its usage due to numerous vulnerabilities and weaknesses discovered in it over the years.”

About three-quarters (76%) of tested SSL VPNS also use an untrusted SSL certificate. An untrusted certificate allows a remote attacker to impersonate the VPN server, perform man-in-the-middle attacks, and intercept all the data, including files, emails and passwords the user passes over the allegedly “secure” VPN connection. The largest risk observed was due to usage of default pre-installed certificates from the vendors.

The bad news doesn’t end there: 74% of certificates have an insecure SHA-1 signature, despite the fact that the majority of web browsers plan to depreciate and stop accepting SHA-1 signed certificates, as the algorithm’s weaknesses can potentially allow an SSL certificate to be forged, impersonating a server and intercepting critical data.

About 41% of SSL VPNs use insecure 1024 key length for their RSA certificates, which are used for authentication and encryption key exchange. RSA key length below 2048 is considered insecure, allowing various attacks.

10% of SSL VPN servers that rely on OpenSSL are still vulnerable to Heartbleed. And, only 3% are compliant with PCI DSS requirements, and none is compliant with NIST guidelines, which are considered a minimum required level of security.

Overall, less than 3% of tested SSL VPNs got the highest “A” grade for security, while almost 86% got the lowest failing “F” grade.

“Today many people still associate SSL/TLS encryption mainly with HTTPS protocol and web browsers, and seriously underestimate its usage in other protocols and Internet technologies,” said Ilia Kolochenko, CEO of High-Tech Bridge. “A lot of things can be done to improve reliability and security of SSL VPNs.”

Photo © kubais

Source: Information Security Magazine

Last Year 700 Million Records Were Compromised

Last Year 700 Million Records Were Compromised

Over 700 million data records were compromised last year thanks to 1,673 data breaches, according to digital security firm Gemalto.

The vendor tracks publicly available global breach data and ranks incidents according to their impact to compile its Breach Level Index.

In 2015, 22 records were lost every second, yet in only 4% of total cases strong encryption was used to render that stolen data useless to the attacker.

The majority of incidents (53%) were related to identity theft rather than financial access (22%) or account access (11%).

This is a shift away from a pattern of previous years, when credit card and other financial data was the main target for cybercriminals, according to Gemalto data protection CTO, Jason Hart.

He argued that it’s hard to remediate attacks compromising personal data.

“As companies and devices collect ever-increasing amounts of customer information and as consumers’ online digital activities become more diverse and prolific, more data about what they do, who they are and what they like is at risk to be stolen from the companies that store their data,” Hart added.

“If consumers’ entire personal data and identities are being co-opted again and again by cyber thieves, trust will increasingly become the centerpiece in the calculus of which companies they do business with.”

Malicious outsiders accounted for the majority of breach incidents (58%), with accidental loss (24%) and then malicious insiders (14%) coming next.

However, some argue that the damage and costs associated with insider threats can often outweigh those that stem from external attackers.

Over three-quarters of breaches (77%) happened in North America – although the high number could be down to mandatory notification laws there. Europe (12%) and APAC (8%) came next.

Government was by far the most targeted sector, accounting for 43% of records lost, followed by healthcare (19%). That makes sense considering the major attacks on the US OPM, and health companies Anthem and Premera.

More than 3.6 billion data records have been exposed since 2013, when Gemalto began the index.

Source: Information Security Magazine

TEISS – Brexit Will be Damaging for Information Sharing Initiatives

TEISS – Brexit Will be Damaging for Information Sharing Initiatives

The potential British exit from the European Union could disrupt the major engine for economic growth that is the internet.

Speaking in a panel session at The European Information Security Summit in London, Adrian Davis, Managing Director of (ISC)2, said the potential “Brexit” will affect the political side of sharing, but not the professional side.

“The thing to remember, it is a political decision that will affect the political side of sharing, but not professionals as they have social networks across industries and I’d argue that if we do leave, more people to leave to rebuild those links,” he said.

“It comes down to one simple thing: if we don’t share the bad guys will win and destroy trust, and ruin one of the best engines for economic growth of the last 15-20 years. We have to build trust in the internet and maintain trust regardless of politics.”

Also on the panel was Mike McLellan, head of incident handling at CERT UK. He said that from the perspective of the response team, the exit could affect the EU stance on mandatory reporting and the requirement to report breaches. “That could be something we lose out on, but it is important depending on focus,” he said.

The panel focused on building trust and sharing information. Davis claimed that we have to share information, be it process, technology or product. “If don’t share you cannot deliver and anyone can copy it and you cannot recoup the cost,” he said.

“What you don’t know will hurt you – Target will attest to that. If suppliers don’t look after information and if you are connected over internet or personally, your risks have changed to a level that you cannot express.”

McLellan agreed, saying that you need trust as the attacker is good at that and works at scale, and we need to work to build more trust more quickly across organizations.

However he called for better sharing of information in formats that are useable, as current reports in PDF format are time consuming and do not scale well. He said: “We work closely with the OASIS group so we share in a structured format, but it doesn’t matter what format it is in as long as it is known.”

Scott Algeier, executive director of IT-ISAC said that information is not the goal, but instead should be treated as a tool. He said: “The goal is to implement risk management practises and too often we see information sharing as the goal, but we need to do it better. There are advanced companies who can consume STIX and some who cannot, but you still have small companies for whom this is not that useful.

“In ISAC there are members who can consume it and others who cannot, so it is important to understand what best practise is for you, and target specific campaigns and identify subsets of member companies of like-minded companies in addition to sharing new threat reports and information exchange.”

Source: Information Security Magazine

MasterCard Set for Global ‘Pay-by-Selfie’ Launch

MasterCard Set for Global ‘Pay-by-Selfie’ Launch

Credit card giant MasterCard is set to extend its ‘pay-by-selfie’ facial recognition technology to 14 countries including the UK this summer as part of its ongoing attempt to crack down on identity fraud.

The firm told the FT that the decision was made after trials of the system in the US and the Netherlands went well.

It means that UK customers will soon be able to complete their online purchases simply by taking a photo of themselves via their smartphone.

The idea is that, like other biometric authentication systems, it will reduce the risk of identity fraud because it doesn’t rely on the user inputting passwords or other credentials which can be phished and reused by scammers.

The card giant is also said to be trialing iris and voice recognition technology, as well as a system which authenticates by measuring the user’s heartbeat via a connected bracelet device.

Paco Garcia, CTO at UK start-up Yoti, welcomed the news from MasterCard.

“By offering an alternative to the hassle of remembering passwords and usernames, they are making their customers’ lives easier and more secure,” he argued.

“The key challenge for any of the selfie authentication solutions we are seeing emerge at the moment is ensuring the right live person is in front of their phone.”

Intel Security CTO, Raj Samani, also welcomed the news.

“In today’s technology driven world, it’s about time passwords caught up and evolved with it, because the reality is there have been many developments in the security industry that don’t rely on consumer memory to keep information secure anymore – one being biometric security,” he argued.

It’s thought the new service will be particularly for younger customers, who are used to taking selfies with their phones.

According to Get Safe Online, the top 10 internet fraud campaigns between September 2014 and August 2015 cost the UK over £268 million.

The average sum stolen was £738 per person, it claimed.

Meanwhile, the Office of National Statistics estimated 5.1 million cases of fraud in the UK over the past year, although this also includes offline incidents.

Source: Information Security Magazine

Riskware Bypasses Apple’s Code Reviewers

Riskware Bypasses Apple’s Code Reviewers

Apple has been forced to remove a risky app which managed to bypass its strict code review process and end up on the official App Store.

The app in question was identified by Palo Alto Networks as “?????? (Happy Daily English),” but renamed by the company ‘ZergHelper.’

It was officially classified as “riskware” by the security vendor, who described it in a blog post as a “complex, fully functional third party App Store client for iOS users in mainland China.”

Specifically, the app provides an installation of modified versions of iOS apps “whose security can’t be ensured,” as well as requesting users’ Apple ID to perform a variety of operations in the background.

It also abuses enterprises and personal certificates to sign and distribute apps.

Palo Alto Networks added that ZergHelper’s author is trying to extend its capabilities via dynamic updating of its code, which could further bypass iOS security restrictions.

It seems to have been able to bypass Apple’s review process by virtue of the fact it performs differently depending on where in the world the user is located. For users outside China it apparently looks and acts like an English language studying app.

“In addition to its abuse of enterprise certificates, this riskware used some new and novel approaches to install apps on non-jailbroken devices. It re-implemented a tiny version of Apple’s iTunes client for Windows to login, purchase and download apps,” explained Palo Alto security researcher, Claud Xiao.

“It also implemented some functionalities of Apple’s Xcode IDE to automatically generate free personal development certificates from Apple’s server to sign apps in the iOS devices – which means the attacker has analyzed Apple’s proprietary protocols and abused the new developer program introduced eight months ago. ZergHelper also shares some valid Apple IDs with users so that they don’t need to use their own IDs.”

In total, the security vendor found over 50 versions of ZergHelper signed by nine different enterprise certificates.

Source: Information Security Magazine

Linux Mint Users Compromised After Hack

Linux Mint Users Compromised After Hack

Linux distributor 'Linux Mint' warned users over the weekend that it has been hacked, exposing users to a malicious backdoor and compromising sensitive customer information.

Project leader Clement Lefebvre explained in a blog post that the attacker made a modified Linux Mint ISO, with a backdoor in it, and then hacked the distributor’s website to point to it.

Only Linux Mint 17.3 Cinnamon edition is thought to have been affected – specifically for those who downloaded on 20 February – and users who downloaded it via torrents or a direct HTTP link aren’t at risk.

For those who think they are, Lefebvre urged them to delete the offending ISO, back up any data on their PC, reinstall the OS or format the partition and change any passwords for sensitive sites.

On top of that, the Linux Mint team also discovered that the same hacker had compromised its forums database.

This means user names, encrypted passwords, email addresses and potentially other sensitive personal information has been exposed.

“People primarily at risk are people whose forums password is the same as their email password or as the password they use on popular or sensitive websites. Although the passwords cannot be decrypted, they can be brute-forced (found by trial) if they are simple enough or guessed if they relate to personal information,” Lefebvre explained.

“Out of precaution we recommend all forums users change their passwords.”

The backdoor apparently connects to a domain hosted in Sofia. Linux Mint said it doesn’t know the motivation behind the attack, although ZDNet claims to have spoken to the hacker.

The individual, going under the alias of ‘Peace,’ claimed to be in control of a few hundred Linux installs and has already put the stolen information up for sale on the darknet, with the data dump going for around $85.

Source: Information Security Magazine

Consolidation and Medical Devices still Cause Headaches for Healthcare

Consolidation and Medical Devices still Cause Headaches for Healthcare

Healthcare security is still pretty abysmal, but companies that are investing in it are starting to see a return on investment and have a competitive advantage.

Ben Johnson, chief security strategist at Carbon Black, told Infosecurity that US healthcare providers offer security as a sign of a competitive advantage in the USA, and those providers are perceived to be better if they talk up their security.

“It is not that mature, but it is becoming a big topic for CISOs and CIOs to know that the people that they do business with are relatively secure,” he said.

Johnson said that the two main problems with healthcare are a fear of anything connected to a human and you install software on it, then it will affect the person.

“But the problem is that they are not ready to try and secure the systems,” he said. “They try to do an update, but they are concerned that an attacker may be able to get to it.”

He said that the second is that there is so much consolidation and acquisitions, especially in the USA, that there are completely different IT systems which are integrated and different variants of IT systems, and with so much diversity it is difficult to manage.

“It is like your goalkeeper is also playing cricket and playing basketball,” he said. “We see more teeth in the US for breaches, but there is definitely a different view of security culture.”

David Flower, EMEA vice president and managing director of Carbon Black, commented that insurers are putting elements of this into their premiums. Healthcare security took a major hit 12 months ago when Premera and Anthem suffered major breaches of customer data.

Source: Information Security Magazine