Intelligent Connections. Powerful Impact.
Call Us: 415-510-2973

Archive for the News Category

Fortinet Gets ZoneFox, Bitdefender Grabs RedSocks

Fortinet Gets ZoneFox, Bitdefender Grabs RedSocks

Fortinet and Bitdefender are hoping that their latest acquisitions will augment their threat intelligence offerings, with each organization today announcing that it has completed an acquisition that will enhance its existing security solutions.

Fortinet has finalized its acquisition of the Scotland-based ZoneFox Limited, a privately held cloud-based insider threat detection and response company, while Bitdefender has acquired the Netherland-based RedSocks Security.

The acquisition of ZoneFox will enable Fortinet to deliver deeper visibility into endpoints and associated data flow and user behavior. Combining the existing offerings within the Fortinet Security Fabric with the capabilities available in the cloud-based ZoneFox solutions will also provide more comprehensive machine learning capabilities that are able to distill billions of events per day into threat leads to uncover blind spots and alert users of suspicious activities.

“We’re pleased to join the Fortinet team and bring together our shared vision of alleviating CISO concerns about insider threats,” said Dr. Jamie Graves, chief executive officer and founder, ZoneFox. “Integrating our solution with the Fortinet Security Fabric will allow us to extend our reach to a broad spectrum of Fortinet and third-party solutions to solve customers’ most difficult challenges in network security.”

With its acquisition of the behavior and network threat intelligence company RedSocks Security, Bitdefender will add nonintrusive, real-time breach detection solutions and incident response services, extending its existing multilayered security capabilities.

"At Bitdefender, we’re now able to offer our Bitdefender and new RedSocks customers even stronger protection from sophisticated attacks,” said Bitdefender CEO and founder Florin Talpes in today’s announcement.

“By bringing RedSocks network security analytics and threat intelligence into GravityZone, a complete endpoint prevention, detection and response platform, customers will benefit from a more comprehensive, layered approach to security and deeper visibility into their threat landscape.”

RedSocks founder Pepijn Janssen said, “When we started RedSocks in 2012, our goal was to build solutions that would serve any type of organization and offer them value for the long term. Together with Bitdefender, we will now achieve that goal. We are extremely proud to be acknowledged by and part of a visionary cybersecurity company like Bitdefender.”

Source: Information Security Magazine

Saudi Investment Site Defaced After Journalist’s Murder

Saudi Investment Site Defaced After Journalist’s Murder

The website of a Saudi Arabian investment conference hosted by the crown prince has just returned to normal after being defaced following the murder of a Washington Post journalist.

The Arab nation has now admitted Saudi national Jamal Khashoggi was murdered on a visit to his country’s consulate in Istanbul at the beginning of the month, having changed its story several times.

However, the country’s foreign minister has claimed that it was a rogue operation not ordered by the powerful prince, Mohammed bin Salman.

That’s a version of events disputed by Turkey, which says it has proof that the office of the crown prince received four phone calls from the consulate after the killing. Surveillance footage received by CNN also appears to show an imposter dressed as the journalist with fake beard and glasses leaving the consulate's back door on the day he was killed.

In response to the outrage, hackers managed to deface the website of the Future Investment Initiative, a pet project of the prince’s known as “Davos in the Desert.”

According to screen grabs taken by CBC News Network journalist, Nahayat Tizhoosh, it featured an image of the prince scything down Khashoggi with a large sword.

Also published were a list of names, phone numbers and Saudi government email addresses with the accompanying message: “thousands of terrorists and spies in the Saudi regime who perform malicious activities around the globe.”

Another statement on the defaced page read:

“For the sake of security for children worldwide, we urge all countries to put sanction on the Saudi regime. The regime, aligned with the United States, must be kept responsible for its barbaric and inhuman action, such as killing its own citizen Jamal khashoggi and thousands of innocent people in Yemen. The medieval Saudi regime is one of the sources for #Terrorism_Financing in the world.”

During the writing of this story, the website returned from a blank error page to displaying a live stream of the event.

Source: Information Security Magazine

NSA Tools Used to Attack Nuclear Energy Firms

NSA Tools Used to Attack Nuclear Energy Firms

Security researchers have spotted a new campaign using two attack frameworks and a backdoor allegedly developed by the NSA to spy on scores of targets in Russia, Iran and Egypt.

The tools were originally published in March 2017 by the Shadow Brokers, a group linked to Russian intelligence which claimed they came from the US spy agency.

They include DanderSpritz — which consists of “plugins to gather intelligence, use exploits and examine already controlled machines” — and FuzzBunch — a framework for different utilities to interact and work together which features various plugins to “analyze victims, exploit vulnerabilities, schedule tasks,” and more, according to Kaspersky Lab.

The DarkPulsar backdoor links to the two frameworks together, used with FuzzBunch to exploit vulnerabilities and gain remote access to a targeted system, before DanderSpritz is brought in to observe and exfiltrate the data.

“The FuzzBunch and DanderSpritz frameworks are designed to be flexible and to extend functionality and compatibility with other tools. Each of them consists of a set of plugins designed for different tasks: while FuzzBunch plugins are responsible for reconnaissance and attacking a victim, plugins in the DanderSpritz framework are developed for managing already infected victims,” the researchers explained.

“The discovery of the DarkPulsar backdoor helped in understanding its role as a bridge between the two leaked frameworks, and how they are part of the same attacking platform designed for long-term compromise, based on DarkPulsar’s advanced abilities for persistence and stealthiness. The implementation of these capabilities, such as encapsulating its traffic into legitimate protocols and bypassing entering credentials to pass authentication, are highly professional.”

Kaspersky Lab claimed to have found around 50 victims in Russia, Iran and Egypt, with Windows Server 2003 and 2008 typical targeted systems. The organizations in question were linked to nuclear energy, telecoms, IT, aerospace and R&D, the Russian AV vendor explained.

Source: Information Security Magazine

Have Cybersecurity Training, Will Travel

Have Cybersecurity Training, Will Travel

Late last week, members of the congressional staff had an opportunity to engage in cybersecurity training through the hands-on exercises brought to them, quite literally, by IBM's X-Force command cyber-tactical operations center (C-TOC) – a first-of-its-kind mobile security operations center.

With a focus on delivering response training and preparedness, onsite cybersecurity support and education and awareness, the mobile command center will be on tour throughout 2019, attending various events, as well as visiting schools and government facilities across the U.S. before it heads to Europe.

Modeled after the military’s tactical operations centers, these mobile facilities have also been used by first responders as incident command posts. Fully operational, the IBM X-Force C-TOC is a security operations center (SOC) on wheels. 

Credit: IBM Security
Credit: IBM Security

A sleek, black tractor-trailer adorned with a blue "X," the C-TOC is large enough to accommodate two dozen security staff members. It comprises a gesture-controlled cybersecurity "watch floor," data center and conference facilities and can be deployed in a variety of environments with its self-sustaining power and satellite and cellular communications. In addition, the C-TOC brings both a sterile and resilient network for investigation and response and a state-of-the-art platform for cybersecurity training.

"Experiencing a major cyber-attack is one of the worst crisis a company can face, and the leadership, skills and coordination required is not something you want to test out for the first time when you're facing a real attack," said Caleb Barlow, vice president of threat intelligence, IBM Security, in a press release.

"Having a mobile facility that allows us to bring realistic cyber-attack preparation and rehearsal to a larger, global audience will be a game changer in our mission to improve incident response efforts for organizations around the world."

By engaging in real-time, simulated cyber-attacks, security teams can use the C-TOC to evaluate their incident response plans through three gamified challenges. including Ox Response Challenge, OpRed Escape and Cyber War Game.

Source: Information Security Magazine

Facebook Is in Retail Therapy, Shopping for Security Firms

Facebook Is in Retail Therapy, Shopping for Security Firms

Facebook is apparently heeding the wisdom in the old adage, “When things get tough, the tough go shopping.” According to The Information, Facebook is currently shopping for a major cybersecurity firm.

After spending several months in the hot seat for its failure to protect user data, Facebook is reportedly looking to solve its cybersecurity problems by acquiring another cybersecurity company. Four inside sources have reportedly revealed that the company has engaged in acquisition conversations with several security firms, none of which have been publicly named. 

“It’s good to see such a huge consumer company looking to make a large move to improve their cybersecurity posture," said Guy Bejerano, co-founder and CEO, SafeBreach. "However, as we’ve seen on the enterprise front, improving defenses isn’t about just buying tools. For Facebook to truly move the security needle, they will also need to ensure that whatever investment they choose is deployed appropriately, configured correctly, and constantly validated to ensure their investment works as expected.”

According to The Information, the company is most likely looking to acquire a cybersecurity firm that would offer a software with features like analytics or tools that flag unauthorized access into which Facebook could wrap its own systems.

“Facebook is acknowledging two factors with the public statement about acquiring a cybersecurity firm. First, there is a shortage of cybersecurity talent. Second, the company will start making cybersecurity unique solutions part of their key business value to their customers," said Joseph Kucic, chief security officer at Cavirin.

"Obviously, Facebook could purchase products and solutions from vendors, but they want to create greater value that will be a market and product differentiator for them as they move forward with an acquisition.”

There's no word yet on when the big purchase might happen, but one unidentified source reportedly suggested a deal could be in the works by the end of the year.

Source: Information Security Magazine

75K Files Accessed in Insurance Exchanges Breach

75K Files Accessed in Insurance Exchanges Breach

Early last week, the Centers for Medicare & Medicaid Services (CMS) announced some suspicious activity in the Federally Facilitated Exchanges (FFE), an agent and broker exchanges portal.

On October 13, 2018, a CMS staffer noticed the anomalous activity that resulted in the agency declaring a breach on October 16. An unauthorized user reportedly accessed the files of approximately 75,000 individuals. Since learning of the unauthorized activity, the agent and broker accounts in question have been deactivated, according to an October 19 press release

“Our number-one priority is the safety and security of the Americans we serve. We will continue to work around the clock to help those potentially impacted and ensure the protection of consumer information,” said CMS administrator Seema Verma in the press release.

“I want to make clear to the public that HealthCare.gov and the Marketplace Call Center are still available, and open enrollment will not be negatively impacted. We are working to identify the individuals potentially impacted as quickly as possible so that we can notify them and provide resources such as credit protection.”

The breach reinforces the need for both private and public insurers to adopt the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law published in late 2017, according to Michael Magrath, director, global regulations and standards, OneSpan Inc.  

The NAIC’s Model Law doesn’t go into effect until January 1, 2019, but South Carolina was the first state to become an FFE state in May 2018 when it adopted the law with the South Carolina Insurance Data Security Act.

“Although written for states to adopt, there is nothing prohibiting the federal government from mandating tighter cybersecurity controls in its own programs, especially when it comes to protecting sensitive personally identifiable information (PII) such as health insurance information,” Magrath said.

"A key provision of the regulation is the use of multifactor authentication to protect against unauthorized access to nonpublic information or information systems, with 'nonpublic information' being the individual’s private information," he said.

Source: Information Security Magazine

US Indicts Another Russian for Role in Info Warfare Campaign

US Indicts Another Russian for Role in Info Warfare Campaign

The US authorities have charged another Russian national as part of the ongoing conspiracy to interfere in its political system and attempt to undermine democracy.

Elena Alekseevna Khusyaynova, 44, of St. Petersburg is alleged to serve as the chief accountant of what the DoJ has dubbed “Project Lakhta” — an effort funded by oligarch Yevgeniy Viktorovich Prigozhin and two of his companies Concord Management and Consulting LLC and Concord Catering.

The self-styled “information warfare” effort she is alleged to have worked on had a proposed operating budget for January 2016-June 2018 of $35m, covering activities in the US, Europe, Ukraine and domestically.

Expenses she processed included payments to activists, and for social media ads, domain name registration, proxy servers and “promoting news postings” on social networks, according to the DoJ.

“Extraordinary” steps were apparently taken by the conspirators to appear as if they were everyday American voters, such as using VPNs to hide their true location and registering faked social media accounts to amplify divisive messages — using news events such as police shootings and right-wing rallies to spread further social and political discord.

Most of this is known already, from the testimony of social media companies before Congress and the DoJ’s indictment in February of 13 Russian nationals and three Russian companies, off the back of special counsel Robert Mueller’s investigation.

However, the new indictment signals the continued work of the DoJ in highlighting Russian efforts to destabilize its political system, even if Khusyaynova is unlikely ever to stand trial. These efforts are also ongoing, as the DoJ mentions $10m has been allocated for the period January-June 2018, ahead of crucial US mid-term elections next month.

“This case serves as a stark reminder to all Americans: Our foreign adversaries continue their efforts to interfere in our democracy by creating social and political division, spreading distrust in our political system, and advocating for the support or defeat of particular political candidates,” said FBI director Christopher Wray.

“We take all threats to our democracy very seriously, and we’re committed to working with our partners to identify and stop these unlawful influence operations. Together, we must remain diligent and determined to protect our democratic institutions and maintain trust in our electoral process.”

Source: Information Security Magazine

PM Urges Sanctions in Response to Cyber-Attacks

PM Urges Sanctions in Response to Cyber-Attacks

Theresa May has urged the EU to adopt a new sanctions regime to punish nation states that engage in persistent cyber-attacks.

The move comes as the bloc signed up to new chemical weapons sanctions last week.

“I believe that we have an opportunity to show our collective political leadership. We have demonstrated significant steps forward against other challenging threats. And should today make clear that malicious cyber-activities are no different; we will impose costs on all those who seek to attack us, regardless of the means they use to do so,” she’s reported to have said.

“Malign cyber-activity causes harm to our economies, and undermines our democracies. As well as protecting ourselves against attack, we must impose proportionate consequences on those who would do us harm. We should accelerate work on EU restrictive measures to respond to and deter cyber-attacks, including a robust sanctions regime.”

The call can be seen as a response to a recent surge in offensive Russian efforts to probe UK critical infrastructure and interfere in referendums and elections throughout Europe.

The EU is reportedly looking to finalize several cybersecurity-related pieces of legislation before the European parliament heads into elections in May 2019.

Sean Sullivan, security advisor at F-Secure, said May was following German chancellor Angela Merkel’s lead.

“The issue appears to be concern over whether or not Italy’s leadership will go along with sanctions,” he added.

“Of course, European level action is for the best — but the UK has plenty of leverage that it can exert on its own given the amount of Russian assets that are sheltered in the UK/London. May appears to be willing to lead the way, if others signal they’ll follow. It’s harder to imagine her leading the UK on its own though.”

Malcolm Taylor, director of cyber advisory at ITC Secure, claimed the new call is a clear signal of the UK’s willingness to put pressure on states weaponizing cyber, and to continue a close relationship with the EU on matters of security.

“Both of these responses are an attempt to demonstrate that, Brexit or no, the EU, the UK, and by extension traditional allies such as the US, are and will remain united,” he said.

“There may be domestic political reasons why Theresa May will want this to be heard now, but the more important audience is Russia. Put another way, Russia may believe it succeeded in influencing the referendum and causing division and weakness in the West; May is telling them it has failed.”

Source: Information Security Magazine

Yale Faces Additional Lawsuit After 2011 Breach

Yale Faces Additional Lawsuit After 2011 Breach

Despite its reputation as having the top law school in the country, Yale University is facing a second lawsuit after the personal information of more than 100,000 students was stolen by hackers in a data breach, according to GazetteXtra.

Between April 2008 and January 2009, electronic records containing social security numbers, dates of birth and both email and home addresses of students was stored on a Yale database. A routine review of its servers revealed that hackers had gained access to the servers and obtained the data of thousands of students, including defendant Andrew Mason.

Because the attack took place more than a decade ago, Yale reportedly said that it would not conduct an investigation. Mason’s lawsuit claims that Yale “improperly retained personal information, which was subsequently transferred to unauthorized persons during the breach, as evidenced by its statements that the personal identification information compromised in the breach was deleted from servers in September 2011 because it was unnecessary personal data.”

Industry experts believe that more lawsuits are likely to come, not just for Yale but for any organization that has mishandled the personal information it collects. “It is just going to continue until organizations realize that doing nothing is no longer acceptable and that security must be prioritized and taken seriously,” said Joseph Carson, chief security scientist at Thycotic.

“What is clear is that this data breach is a result of poor security hygiene and poor data hygiene that resulted in thousands of victims. Offering 12 months of free identity protection services is not sufficient, as the students identities can be abused or stolen for many years after an incident has occurred. Therefore, the minimum protection should be for at least five years."

With regard to Yale's stance that attribution at this time is going to be very difficult given that so much time has passed since the data breach, Carson agreed.

“Other universities should consider this as a lesson and prioritize cybersecurity immediately and ensure that they have done a data impact assessment and a risk-based assessment to determine how exposed they might be and what actions they must take," said Carson.

"The recent EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act are both taking personal identifiable information very seriously and any similar data breach that occurs moving forward could mean universities facing massive financial penalties of $20 million or more.”

Source: Information Security Magazine

Fin Firms: Look to Mobile, Social for Comms Risks

Fin Firms: Look to Mobile, Social for Comms Risks

A survey of nearly 200 financial services compliance individuals conducted throughout February and March 2018 found that organizations are struggling to keep pace with evolving technologies and have fallen behind when it comes to oversight of electronic communications, according to Smarsh.

Results of the 40-question survey were released this week in the Electronic Communications Compliance Survey Report. The survey looked at current trends in policies and practices with the usage, retention and supervision of electronic business communications, and the study revealed that companies aren’t keeping up with their retention and supervision efforts, especially when it comes to the technology used by the younger workforce.

Given that young adults rely so heavily on mobile-friendly channels, such as social media and text messaging, the report concluded that companies need to rethink their approach to the adoption and oversight of electronic communications.

Increasingly, social and mobile platforms are becoming as big a piece of the electronic communication landscape as email is. As a result, social and mobile play an important role in how firms, and investors, conduct business. Of those surveyed, 50% said they are concerned about social media, instant message/collaboration platforms and SMS/text messaging.

A majority of participants (59%) said that SMS/texts messaging poses the biggest perceived risk, coming in ahead of social media and instant messaging/collaboration platforms. However, respondents admitted that the two channels with the least supervision are SMS/text messaging and instant messaging/collaboration platforms.

In addition, the report found that a top concern for 42% of participants was the growing complexity of managing employee use of mobile devices for business communications.

“This year’s survey reveals that firms are focusing too much energy on older technologies and not enough time on the mobile and social communication channels that are growing in popularity among their customers and their advisers,” said Marianna Shafir, corporate counsel and regulatory adviser at Smarsh.

“Many don’t have archiving solutions in place for the retention and oversight of modern communications channels, such as text messages, which causes problems and significant risk when facing a regulatory examination, open records request, an investigation, e-discovery event or litigation.”

The need for comprehensive oversight policies for electronic communications is widely understood, yet the report noted that most firms are slow to formally adopt and support the governance of new channels, such as social media and mobile.

Source: Information Security Magazine