Tag Archives: Cybersecurity

Enterprise security spend to continue to trend higher

A breakdown of the ‘spending pie’ shows that the ‘security services’ segment is projected to make up nearly 60% of the total IT security budgets, followed by the ‘infrastructure protection’ segment on a little over 18%.

The post Enterprise security spend to continue to trend higher appeared first on WeLiveSecurity

Read More

THN Weekly Roundup — Top 10 Stories You Should Not Miss

top-cybersecurity-news

Here we are with our weekly roundup, briefing this week’s top cybersecurity threats, incidents, and challenges, just in case you missed any of them.

Last week has been very short with big news from the theft of over 4,700 Bitcoins from the largest cryptocurrency mining marketplace to the discovery of a new malware evasion technique that works on all versions of Microsoft’s Windows operating system.

Besides this, the newly discovered Janus vulnerability in the Android operating system and a critical remote code execution (RCE) vulnerability in Malware Protection Engine (MPE) for which Microsoft released an emergency patch made their places in our weekly roundup.

I recommend you to read the entire news (just click ‘Read More’ because there’s some valuable advice in there as well).

So, here we go with the list of this Week’s Top Stories:

Process Doppelgänging: New Malware Evasion Technique

A team of researchers, who previously discovered AtomBombing attack, recently revealed a new fileless code injection technique that could help malware authors defeat most of the modern anti-virus solutions and forensic tools.

Dubbed Process Doppelgänging, the method takes advantage of a built-in Windows function and an undocumented implementation of Windows process loader, and works on all versions of Microsoft Windows operating system, starting from Windows Vista to the latest version of Windows 10.

To know How Process Doppelgänging attack works and why Microsoft refused to fix it, Read More.

Android Flaw Lets Hackers Inject Malware Into Apps Without Altering Signatures

A newly discovered vulnerability, dubbed Janus, in Android could let attackers modify the code of Android apps without affecting their signatures, eventually allowing them to distribute malicious update for the legitimate apps, which looks and works same as the original apps.

Although Google has patched the vulnerability this month, a majority of Android users would still need to wait for their device manufacturers to release custom updates for them, apparently leaving a large number of Android users vulnerable to hackers for next few months.

To know more about the vulnerability, how it works and if you are affected, Read More.

Pre-Installed Keylogger Found On Over 460 HP Laptop Models

Once again, Hewlett-Packard (HP) was caught pre-installing a keylogger in more than 460 HP Notebook laptop models that could allow hackers to record your every keystroke and steal sensitive data, including passwords, account information, and credit card details.

When reported last month, HP acknowledged the presence of the keylogger, saying it was actually “a debug trace” which was left accidentally, and affected users can install updated Synaptics touchpad driver to remove it manually.

To know how to check if your HP laptop is vulnerable to this issue and download compatible drivers, Read More.

New Email Spoofing Flaw Affects Over 30 Popular Email Clients

Researchers discovered a collection of vulnerabilities in more than 30 popular email client applications that could allow anyone to send spoofed emails bypassing anti-spoofing mechanisms.

Dubbed MailSploit, the vulnerabilities affect popular email clients including Apple Mail (for macOS, iOS, and watchOS), Mozilla Thunderbird, Yahoo Mail, ProtonMail, several Microsoft email clients, and others.

To watch the PoC video released by the researchers and know more about the vulnerabilities, Read More.

Largest Crypto-Mining Exchange Hacked; Over $80 Million in Bitcoin Stolen

Last week was the golden week in Bitcoin’s history when the price of 1 BTC touched almost $19,000, but the media hype about the bitcoin price diminishes the hack of the largest Bitcoin mining marketplace.

NiceHash mining marketplace confirmed a breach of its website, which resulted in the theft of more than 4,736 Bitcoins, which now worth nearly $80 million.

The service went offline (and is still offline at the time of writing this article) with a post on its website, confirming that “there has been a security breach involving NiceHash website,” and that hackers stole the contents of the NiceHash Bitcoin wallet.

To know more about the Bitcoin hack, Read More.

Microsoft Issues Emergency Windows Security Update

A week before its December Patch Tuesday updates, Microsoft released an emergency security patch to address a critical remote code execution vulnerability in its Malware Protection Engine (MPE) that could allow an attacker to take full control of a victim’s PC.

The vulnerability (CVE-2017-11937) impacts Windows 10, Windows 8.1, Windows 7, Windows RT 8.1, and Windows Server, and affects several Microsoft’s security products, including Windows Defender, Microsoft Security Essentials, Endpoint Protection, Forefront Endpoint Protection, and Exchange Server 2013 and 2016.

To know more about the vulnerability, Read More.

Security Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL

Scientists discovered a critical implementation flaw in major mobile banking apps—for both iOS and Android—that left banking credentials of millions of users vulnerable to man-in-the-middle attacks.

Attackers, connected to the same network as the victim, could have leveraged vulnerable banking apps to intercept SSL connection and retrieve the user’s banking credentials, like usernames and passwords/pincodes—even if the apps are using SSL pinning feature.

To know how attackers could have exploited this vulnerability to take over your bank accounts, Read More.

Massive Data Breach Exposes Personal Data On 31 Million Users

While downloading apps on their smartphones, most users may not realize how much data they collect on them, and app developers take advantage of this ignorance, wiping off more data on their users than they actually require for the working of their app.

But what if this data falls into the wrong hand?

The same happened last week, when a massive trove of personal data (over 577 GB) belonging to more than 31 million users of the famous virtual keyboard app, called AI.type, leaked online for anyone to download without requiring a password.

To know more about the data breach incident and what information users lost, Read More.

Critical Flaw in Major Android Tools Targets Developers

An easily-exploitable vulnerability discovered in Android application developer tools, both downloadable and cloud-based, could allow hackers to steal files and execute malicious code on vulnerable systems remotely.

The vulnerability was discovered by security researchers at CheckPoint, who also released a proof of concept (PoC) attack, dubbed ParseDroid, along with a video to demonstrate how the attack works.

To watch the video and know how this vulnerability can be exploited, Read More.

Uber Paid Florida Hacker $100,000 to Keep Data Breach News Secret

It turns out that a 20-year-old Florida man, with the help of another, was responsible for the massive Uber data breach in October 2016 and was paid an enormous amount by the ride-hailing company to destroy the data and keep the data breach incident secret.

Last week, Uber announced that a massive data breach last year exposed personal data of 57 million customers and drivers and that it paid two hackers $100,000 in ransom to destroy the information.

To know more about the data breach at Uber and the hackers, Read More.

What is a botnet?

Botnets have become one of the biggest threats to security systems today. Their growing popularity among cybercriminals comes from their ability to infiltrate almost any internet-connected device, from DVR players to corporate mainframes.

Botnets are also becoming a larger part of cultural discussions around cyber security. Facebook’s fake ad controversy and the Twitter bot fiasco during the 2016 presidential election worry many politicians and citizens about the disruptive potential of botnets. Recently published studies from MIT have concluded that social media bots and automated accounts play a major role in spreading fake news.

The use of botnets to mine cryptocurrencies like Bitcoin is a growing business for cyber criminals. It’s predicted the trend will continue, resulting in more computers infected with mining software and more digital wallets stolen.

Aside from being tools for influencing elections and mining cryptocurrencies, botnets are also dangerous to corporations and consumers because they’re used to deploy malware, initiate attacks on websites, steal personal information, and defraud advertisers.

It’s clear botnets are bad, but what are they exactly? And how can you protect your personal information and devices? Step one is understanding how bots work. Step two is taking preventative actions.

How Do Botnets Work?

To better understand how botnets function, consider that the name itself is a blending of the words “robot” and “network”. In a broad sense, that’s exactly what botnets are: a network of robots used to commit cyber crime. The cyber criminals controlling them are called botmasters or bot herders.

Size Matters

To build a botnet, botmasters need as many infected online devices or “bots” under their command as possible. The more bots connected, the bigger the botnet. The bigger the botnet, the bigger the impact. So size matters. The criminal’s ultimate goal is often financial gain, malware propagation, or just general disruption of the internet.

Imagine the following: You’ve enlisted ten of your friends to call the Department of Motor Vehicles at the same time on the same day. Aside from the deafening sounds of ringing phones and the scurrying of State employees, not much else would happen. Now, imagine you wrangled 100 of your friends, to do the same thing. The simultaneous influx of such a large number of signals, pings, and requests would overload the DMV’s phone system, likely shutting it down completely.

Cybercriminals use botnets to create a similar disruption on the internet. They command their infected bot army to overload a website to the point that it stops functioning and/or access is denied. Such an attack is called a denial of service or DDoS.

Botnet Infections

Botnets aren’t typically created to compromise just one individual computer; they’re designed to infect millions of devices. Bot herders often deploy botnets onto computers through a trojan horse virus. The strategy typically requires users to infect their own systems by opening email attachments, clicking on malicious pop up ads, or downloading dangerous software from a website. After infecting devices, botnets are then free to access and modify personal information, attack other computers, and commit other crimes.

More complex botnets can even self-propagate, finding and infecting devices automatically. Such autonomous bots carry out seek-and-infect missions, constantly searching the web for vulnerable internet-connected devices lacking operating system updates or antivirus software.

Botnets are difficult to detect. They use only small amounts of computing power to avoid disrupting normal device functions and alerting the user. More advanced botnets are even designed to update their behavior so as to thwart detection by cybersecurity software. Users are unaware they’re connected device is being controlled by cyber criminals. What’s worse, botnet design continues to evolve, making newer versions harder to find.

Botnets take time to grow. Many will lay dormant within devices waiting for the botmaster to call them to action for a DDoS attack or for spam dissemination.

Vulnerable Devices

Botnets can infect almost any device connected directly or wirelessly to the internet. PCs, laptops, mobile devices, DVR’s, smartwatches, security cameras, and smart kitchen appliances can all fall within the web of a botnet.

Although it seems absurd to think of a refrigerator or coffee maker becoming the unwitting participant in a cyber crime, it happens more often than most people realize. Often appliance manufacturers use unsecure passwords to guard entry into their devices, making them easy for autonomous bots scouring the internet to find and exploit.

As the never-ending growth of the Internet of Things brings more devices online, cyber criminals have greater opportunities to grow their botnets, and with it, the level of impact.

In 2016, a large DDoS attack hit the internet infrastructure company Dyn. The attack used a botnet comprised of security cameras and DVRs. The DDoS disrupted internet service for large sections of the country, creating problems for many popular websites like Twitter and Amazon.

Botnet Attacks

Aside from DDoS attacks, botmasters also employ botnets for other malicious purposes.

Ad Fraud

Cybercriminals can use the combined processing power of botnets to run fraudulent schemes. For example, botmasters build ad fraud schemes by commanding thousands of infected devices to visit fraudulent websites and “click” on ads placed there. For every click, the hacker then gets a percentage of the advertising fees.

Selling and Renting Botnets

Botnets can even be sold or rented on the internet. After infecting and wrangling thousands of devices, botmasters look for other cybercriminals interested in using them to propagate malware. Botnet buyers then carry out cyber attacks, spread ransomware, or steal personal information.

Laws surrounding botnets and cybercrime continue to evolve. As botnets become bigger threats to internet infrastructure, communications systems, and electrical grids, users will be required to ensure their devices are adequately protected from infection. It’s likely cyber laws will begin to hold users more responsible for crimes committed by their own devices.

Botnet Structures

Botnet structures usually take one of two forms, and each structure is designed to give the botmaster as much control as possible.

Client-server model

The client-server botnet structure is set up like a basic network with one main server controlling the transmission of information from each client. The botmaster uses special software to establish command and control (C&C) servers to relay instructions to each client device.

While the client-server model works well for taking and maintaining control over the botnet, it has several downsides: it’s relatively easy for law enforcement official to location of the C&C server, and it has only one control point. Destroy the server, and the botnet is dead.

Peer-to-peer

Rather than relying on one centralized C&C server, newer botnets have evolved to use the more interconnected peer-to-peer (P2P) structure. In a P2P botnet, each infected device functions as a client and a server. Individual bots have a list of other infected devices and will seek them out to update and to transmit information between them.

P2P botnet structures make it harder for law enforcement to locate any centralized source. The lack of a single C&C server also makes P2P botnets harder to disrupt. Like the mythological Hydra, cutting off the head won’t kill the beast. It has many others to keep it alive.

Botnet Prevention

It should be clear by now that preventing botnet infection requires a comprehensive strategy; one that includes good surfing habits and antivirus protection. Now that you’ve armed yourself with the knowledge of how botnets work, here are some ways to keep botnets at bay.

Update your operating system

One of the tips always topping the list of malware preventative measures is keeping your OS updated. Software developers actively combat malware; they know early on when threats arise. Set your OS to update automatically and make sure you’re running the latest version.

Avoid email attachments from suspicious or unknown sources

Email attachments are a favorite source of infection for many types of viruses. Don’t open an attachment from an unknown source. Even scrutinize emails sent from friends and family. Bots regularly use contact lists to compose and send spam and infected emails. That email from your mother may actually be a botnet in disguise.

Avoid downloads from P2P and file sharing networks

Botnets use P2P networks and file sharing services to infect computers. Scan any downloads before executing the files or find safer alternatives for transferring files.

Don’t click on suspicious links

Links to malicious websites are common infection points, so avoid clicking them without a thorough examination. Hover your cursor over the hypertext and check to see where the URL actually goes. Malicious links like to live in message boards, YouTube comments, pop up ads, and the like.

Get Antivirus Software

Getting antivirus software is the best way to avoid and eliminate botnets. Look for antivirus protection that’s designed to cover all of your devices, not just your computer. Remember, botnets sneak into all types of devices, so look software that’s comprehensive in scope.

With the Internet of Things increasing, so too does the potential for botnet size and power. Laws will eventually change to hold users more responsible for the actions of their devices. Taking preventative action now will protect your identity, data, and devices.

The post What is a botnet? appeared first on Panda Security Mediacenter.

Read More

New Study Shows “Fake News” Part of Parents’ Concerns about Online Activities

Controversies around “fake news” sites aren’t just nightly news fodder or political footballs. As it turns out, they’re new additions to the list of parental fears, sitting alongside computer viruses, social media, and online sexual predators.

Parents today aren’t just worried about their kids watching internet porn. Many are concerned their child will read a Breitbart article or watch a video on CNN.

Panda Security’s exclusive analysis of U.S. parents reveals what they fear the most when it comes to websites, online activities, and apps.

  • More than twice as many parents consider right-wing website Breitbart unsafe for children than CNN.
  • 20 percent of parents think CNN is not safe for their kids.
  • 47.9 percent of parents think Breitbart is unsafe for children.
  • 75.9 percent of parents think anonymous sharing is a danger to kids.
  • More parents block Facebook (5.9 percent), YouTube (5.8 percent), Netflix (4.3 percent), than they do Pornhub (2.5 percent).
  • 54.2 percent of parents are most concerned about sexual predators online.
  • 37.1 percent of parents concerned about sexual predators haven’t spoken to their kids about it.

We surveyed 1,000 U.S. parents to determine the websites, apps, and activities that most concern them when it comes to their children.

Parents Are Worried About Some Of The Web’s Most Popular Sites


Of our total sample of respondents, 90.1 percent ranked Pornhub as “Very Unsafe” or “Somewhat Unsafe”. Our analysis also shows some major social media sites as a source of concern for many parents. 47.0 percent of parents view Facebook as unsafe, while Reddit received the same rating from 46.1 percent of respondents.

Video streaming websites like YouTube and Netflix also ranked as concerning to parents. 36.7 percent of parents said YouTube was a safety concern while 15.5 percent also felt the same about Netflix.

Parents also considered news sites like CNN and Breitbart as a threat to their children. 20.5 percent felt concerned about CNN while 47.9 percent reported Breitbart News as somewhat or very unsafe.

For parents who felt “Very Safe” or “Somewhat Safe” towards specific websites, Amazon ranked first with 71.4 percent. More parents said they felt Netflix (69.9 percent) was safer than Wikipedia (65.5 percent).

More Parents Blocked YouTube than Pornhub

Our analysis showed there was a disconnect between parental concern and parental action. We found more parents reported blocking video websites like YouTube (5.8 percent) and Netflix (4.3 percent) than they did porn sites like Pornhub (2.5 percent).

One reason why parents may be blocking sites like YouTube and Netflix more than Pornhub is that parents may consider excessive screen time more concerning and more likely than specific content like pornography. Parents may feel the chances of their children finding/watching adult content too remote for concern, especially if the children are very young.

However, a University of New Hampshire survey of 1,500 internet-using youth between the ages 10 and 17 showed 42 percent of them had been exposed to online pornography in the past year. Of those, 66 percent reported unwanted exposure.

Parents Overwhelmingly Think Anonymous Online Sharing Is Unsafe for Kids


Of the seven online activities we listed, “anonymous sharing” was the online activity most concerning to parents. 75.9 percent reported feeling “somewhat unsafe” or “very unsafe” when it came to their kids and anonymous sharing.

The data suggests app developers need to include better parental controls for monitoring or stopping anonymous sharing activities of children.

Anonymity could factor into the perceived safety of social media sites. While there’s a good amount of safety concern among parents for a social website like Facebook (47 percent), it’s even more for 4chan (58.4 percent)—a site where anonymity is more prevalent.

Social networking was the second most unsafe online activity with 57.2 percent followed by “video sharing/watching” at 56.6 percent. A larger percentage of parents reported feeling concerned about video sharing than reported being concerned about the video sharing website YouTube.

Parents Are Worried About How Their Kids Get News


Our analysis shows 47.9 percent of the total pool of respondents who had heard of the right-wing website Breitbart rated it “somewhat unsafe” or “very unsafe”. That’s compared to 20.5 percent that responded the same to the more centrist Cable News Network. 8.1 percent said they considered both websites a safety concern when it came to their children.

Wikipedia also ranked as somewhat or very unsafe to 12.2 percent of parents. “Fake news” controversies and growing concerns about biased information are threatening the legitimacy of some online information sources like Wikipedia.

Parents Are Very Concerned About Sexual Predators


Of the six options presented, 52.4 percent of parents chose “sexual predation online” as their top online concern for their children. 14.3 percent chose “Maintaining online privacy” followed by “online bullying” at 11.8 percent.

More Than a Third of Parents Don’t Talk To Their Kids About Online Sexual Predation


While 52 percent of parents reported sexual predation as their primary concern, 37 percent of those said they hadn’t spoken to their children about the topic in the past year. Among parents who reported online bullying as their primary concern, a similar percentage hadn’t spoken to their children about the topic, at 33 percent.

For less emotionally and physically dangerous concerns like “Computer Viruses” and “Hidden Fees in Online Apps”, the percentage of all parents who expressed concern, but hadn’t spoken with their children, was even higher (54 percent and 43 percent, respectively).

Among parents most concerned about maintaining online privacy, 44 percent of parents overall hadn’t discussed the topic. The numbers suggest the threat of online privacy and identity theft is being perceived as a similar to hidden app fees.

Cyberbullying Is Being Underrated By Parents As A Concern


Our analysis shows parents biggest fears aren’t reflective of actual prevalence rates. Of the total group, 54.2 percent of parents said sexual predation online was their biggest concern while 11.8 percent said the same for online bullying. Sexual predation is defined as any person using the internet for the express purpose of targeting a minor to perform non-consensual sex acts.

Compared to sexual predation, cyberbullying occurs much more frequently for children. The prevalence rate for sexual predation online is only 13.0 percent. In contrast, a 2016 study commissioned by the Cyberbullying Research Center found 33.8 percent of U.S. high school students between the ages of 12 and 17 said they had experienced cyberbullying. Examples of cyberbullying can include sending threatening or hurtful texts, posting embarrassing photos or video, and/or spreading rumors.

Methodology

Panda Security conducted an online survey of 1,000 U.S. parents.
Our survey was designed to gather from parents four different types of data:

  • Demographic
  • Level of concern for specific websites, online activities, and apps
  • Actions they’ve taken to address their concerns.
  • Their knowledge level of their child’s online activities, friends, and passwords.

We wanted to discover what parents were the most concerned about and what they were doing to address those concerns, either directly (e.g. blocking content) or indirectly (e.g. discussing issues with their children).

Our approach to analyzing the data was to determine if there was a correlation between the level of concern and amount of reported activity.

The post New Study Shows “Fake News” Part of Parents’ Concerns about Online Activities appeared first on Panda Security Mediacenter.

Read More

Computer Security Day 2017: The Current State of Cybersecurity

Thursday 30th November marks the 29th Computer Security Day – an unofficial “holiday” used to raise awareness of cybersecurity issues that affect us all. At the most basic level, people across the world are encouraged to take the opportunity to create new strong passwords.

The annual Computer Security Day is also a useful chance to assess wider cybersecurity implications, and how well industry and individuals are protecting themselves.

So, what is the current state of IT security?

Security is more complex than ever

Every day new devices are added to home networks, most of which also connect to the Internet. From smart heating thermostats to remote controlled blinds and games consoles, technology is becoming part of the very fabric of our homes. And if smart speakers like Amazon’s Alexa and Apple’s HomePod sell as well as expected this Christmas, the home network is going to become busier (and more complicated) than ever.

The only drawback to all these devices is that they increase the number of potential attack points for cybercriminals. In the past, hackers would only have the option of breaking into your home PC. But with so many network connected devices to choose from, hacking in has actually become easier.

Security is not being prioritised by manufacturers

In the rush to sell their products as quickly as possible, some manufacturers are cutting corners. The software powering these devices often contains bugs and security holes that can be used by hackers to gain access. Once connected to the device, they can then attack other more important devices, like your laptop or PC.

Where there are decent security provisions on the device, owners are making basic mistakes that place their network at risk. As always, poor passwords are the biggest problem, making the hacker’s job even easier. If you have network connected devices at home, use this Computer Security Day to update all of those passwords too.

We are getting better at cybersecurity

Networks may be more complex than ever, but our security options are also improving. Most home routers used to connect to the Internet now include firewall functions to keep hackers out for instance. And the tools used to detect and remove malware are also improving daily.

In fact, anti-malware is the last line of defence when it comes to protecting your personal data. If hackers do manage to break through defences and compromise network-connected devices like webcams and smart speakers, anti-malware will stop them accessing your computers where the really valuable personal information is held.

If you do nothing else this Computer Security Day, please take a few minutes to download and install a free copy of Panda Antivirus for your PC. You should also take the opportunity to protect your smartphone too – download a free copy of Panda Mobile Security today.

The post Computer Security Day 2017: The Current State of Cybersecurity appeared first on Panda Security Mediacenter.

Read More

3 Poor IT Practices that Endanger Companies

An attack perpetrated by a criminal, a malicious or negligent action taken by an employee… The causes of security incidents can be very diverse. And, according to a recent study by Ponemon Institute, 28% are caused by poor IT practices. In many cases, these failures are due to limited security policies that do not cover all possible risks. By overlooking certain tasks and processes, IT teams are exposing the vulnerabilities of their companies. In this post, we will highlight three key aspects that should be adequately monitored by the security officers of any company.

Neglecting printers is dangerous

This seemingly harmless device can endanger your corporate network. It is worth remembering that printers are also sophisticated storage devices, and that they usually have a longer lifespan than any of our connected devices. According to a study by Spiceworks, only 16% of IT managers believe that printers are vulnerable to security breaches, a figure significantly lower than that corresponding to computers and mobile phones.

Since printers store sensitive document data, it is convenient to delete and review their content periodically. Also, if you stop updating the printers’ firmware, they can become an attack vector (especially if they are connected to the central corporate network). Different types of attacks could allow cybercriminals access to insecure printers, obtaining the documents that have been printed, analyzing network traffic, and even obtaining user information and passwords.

Do you know what applications your employees are using?

Another risk is not knowing what cloud services employees are using. It is important to perform a Shadow IT study and evaluate the dangers implied by applications and services not expressly authorized by security teams. According to an EMC study, annual losses that can be traced back to Shadow IT have reached up to 1.7 trillion dollars. Many organizations are unaware that their employees use services and applications outside of those put at their disposal by the company itself, increasing the blind spots and, therefore, the attack surface of the company.

To stave off malicious behavior, it is essential to monitor corporate network activity and have complete visibility of the software and applications employees are using.  These are crucial characteristics of a security system that is able to act against apps that could endanger the company’s sensitive information or intellectual property. It is very important to educate employees, but also to design policies that can satisfy their needs and prevent them from authorizing services in an insecure way, or by “taking the back door”. Likewise, IT professionals must evaluate each and every service and application, preventing access to those that are dangerous with infrastructural protocols (such as firewalls and proxies).

What if an employee loses their company phone?

The loss of corporate devices, whether mobile phones, computers, tablets, etc., should be extremely disconcerting for any IT professional. In a Tech Pro Research survey, when asked about the company’s weakest link in terms of cybersecurity, 45% answered that the most vulnerable point was mobile devices. To protect against collateral damage from loss or theft, ideally all corporate devices would be encrypted. IT administrators must ensure that contained on them is not compromising, and that these devices can only access corporate information through a VPN. And, in case of loss, administrators should have the ability to block it remotely.

By permitting mobile devices to install applications, even versions authorized by the operating system, you are, figuratively speaking, placing a door where there used to be a wall. It is important to ensure that the IT team has an identifiable base of all mobile systems connected to the corporate network and that, if possible, vulnerability tests and remote control may be performed to analyze penetration levels.

These are just three examples of areas that IT teams must take care to address. Ignoring these good practices can open the door to security incidents that cause considerable economic impact. In a context in which external threats are growing in number and complexity, avoiding risks by implementing basic protocols should be an obligation for every IT professional.

The post 3 Poor IT Practices that Endanger Companies appeared first on Panda Security Mediacenter.

Read More

Did Your Childhood Monsters Dwelling Under the Bed Grow to Be Real?

Remember when you were a youngster, and lived in nightly fear of the monsters dwelling under your bed, or those hiding in the closet? That made it an act of foolishness to swing your legs over the side of the bed and expose munch-able ankles to the demons. Even worse would be to risk opening the closet door at night, to provide a portal for their crossover into the human world.
The only way to safely make it through the night was to stay motionless in bed, fully covered by your charmed-against-monsters favorite blanket, and await the safety of morning sunlight.

Krack

The demons of the night have probably long since retreated from your bedroom – but for adult internet users, they have re-emerged from the shadows, in the form of hackers and cyber attackers, still lurking, still waiting for their opportunity. And sadly, this time they are real – lately, the internet has been buzzing with the recently discovered WPA2 vulnerabilities known as KRACK.

Everyone who listens to the news occasionally, or checks their morning news feed before heading off to work, should be aware of some of the spectacular network breaches against major corporations. In fact, one or more of those violations may even have affected you personally, since several of them have resulted in massive amounts of sensitive personal information being hijacked by criminals. But such headline-grabbing attacks are far from the only depredations being carried out these days on the Internet, nor are the big corporations the only targets.

Small businesses the target of cybercriminals

Cybercriminals are starting to realize that attacks against lots of small businesses can be just as lucrative as a single attack against a major player. Ransomware attacks and other forms of malware breaches can yield significant profits when carried out in volume against small businesses, and now hackers have upped the ante to include attacks against individuals, in the form of breaching devices which are tied to the Internet of Things (IoT). It was recently demonstrated that even using an ordinary Wi-Fi connection can expose you to attack by a smart attacker, in physical proximity.

Wi-Fi Protected Access 2 (WPA2)

Wi-Fi Protected Access 2 (WPA2) is the second, and theoretically stronger, incarnation of security protocols for wireless networks, but it was recently shown to have a vulnerability which allows attackers to modify how the protocol works so that that network traffic can be intercepted. Depending on how a specific network is configured, it would have even been possible for malware to be inserted, without the attacker ever owning or disturbing standard password security, thus evading detection.

This capability makes wireless devices, including all those connected to the IoT, vulnerable to Key Reinstallation Attacks (KRACK), which compromise the encryption component of the WPA2 protocol. Without getting into the technical weaknesses which make this possible, you should know that such attacks are likely whenever a cybercriminal is physically positioned close enough to a device on a Wi-Fi network so that the signal can be intercepted and manipulated. What all this means for devices connected to the IoT, is that they would need to have software or firmware updates which close up the vulnerability to KRACK attacks. The affected manufacturers have begun issuing patches to address the problem but remember that you don’t have to only rely on patches – there are other ways to protect yourself.

Are More IoT devices Driving More Cyber Attacks?

The short answer to this is – yes. Cybercriminals are notoriously opportunistic, and the potential ubiquity of IoT devices provides merely endless possibilities for security breaches. Just “listening in” on such network traffic can provide useful, sensitive information about accounts and other data that can be converted into profits.

The monsters under your bed have grown up with you, and they have now moved into the shadows of cyberspace, waiting to nip at your ankles or to have you barge brazenly into their closet stronghold. And unfortunately, this time they are real – make sure you have a chance to fight them off by arming yourself with a protective blanket.

The post Did Your Childhood Monsters Dwelling Under the Bed Grow to Be Real? appeared first on Panda Security Mediacenter.

Read More

Alberto Yépez: “Businesses Are More Willing to Invest in Cybersecurity”

In this guest collaboration, Alberto Yépez shares his expert vision innovation in the security sector. Alberto is co-founder and Managing Director of Trident Capital Cybersecurity, the largest global venture capital firm focused on cybersecurity startups. Alberto has extensive experience as an investor in companies such as Alien Vault, Mocana or Bluecat. In addition, he has served as a consultant for the US Department of Defense, is a member of the Board of Advisors of SINET (Security Innovation Network) and actively participates in global initiatives such as the World Economic Forum Partnership for Cyber ​​Resilience.

Panda Security: How has the cybersecurity landscape evolved over the 30 years that you have been in the sector?

Alberto Yépez: I think that cybersecurity has evolved from being a very technical and isolated issue to becoming something that is important for executives and boards of directors. I think that’s the biggest shift from a business perspective. We live in a digital age. Information is a premium, and information comes from data and is produced by applications that provide the context of the data for it to become information. And given that we are trying to protect that information, you see businesses that can succeed or fail just because that information gets compromised.

Alberto Yépez

From a technical point of view, given the complexity and the multiple platforms of computing that we use today, it has become complicated to protect. So every time there is a shift in a computing platform, there are new attack vectors that appear. And in order to defend them, you have to invest a lot of money to protect our mobile devices, our applications in the cloud, our data centers, privacy information for individuals, IoT… now you have this whole interconnected world.

The third thing that has happened, besides business and technical, is that now that we live in a digital age, to rob a bank you don’t need to go in there with a gun to steal the money. You can sit in your living room or your basement, and attack a bank and get the money. Therefore, the threat is real, the cybercriminals have changed, and these are more sophisticated individuals, very technical, that basically do it for different motives — because they are activists, or hacktivists, or they do it because they are really criminals and they want to enrich themselves and use the money or information for ransom. Or, more importantly, as we’ve seen as of late, there are a lot of state-sponsored cyberattacks, where they’re trying to destabilize democracies and governments. They’re trying to attack the national grid, or the critical infrastructure of a government, etc. So the frequency and sophistication of attacks has increased exponentially. Therefore, it is becoming harder to defend, and it all comes back to if it’s becoming harder, then the amount of money that needs to be invested is increasing, and not just by choice. The whole industry is really in a huge inflection point, where cybersecurity has become a fact of everyday life, both for the individual, the business, and for the government.

PS: What would you say are the most relevant trends in the cybersecurity industry right now?

There’s a shortage of cybersecurity professionals. Therefore the suppliers are trying to build products that are easier to deploy, easier to consume, and they’re using new technologies like the cloud and mobility to make sure that it becomes easier to protect information. In summary, it’s mobile security, cloud security, IoT security, and privacy. Especially in Europe, as you know, there’s a big push for some of the privacy directives, including the GDPR, which are at the front of the mind for business.

PS: How can security benefit from AI and Machine Learning, and what are the risks?

That’s an excellent question. So how do you solve the problem of the shortage of cybersecurity professionals? You bring in automation. Not to replace, so much but to help the humans. The role of AI is basically to automate tasks of mature segments of the security industry, using human knowledge.

PS: You’ve invested in many successful cybersecurity companies. How do you decide that a company is right for investment? What catches your eye?

We look at five different areas — so this is a good note for entrepreneurs!

Number one, we’re really market driven. We like to get a sense of what the areas are where no commercial technologies exist so emerging solutions can be funded. So we look at, how big is the market?

Number two, we look at the intellectual property — how hard it is to replicate the solution.

Number three we look at the go-to-market strategy — how the company can scale not just by selling one at a time, but by creating alliances. Which is one of the basics to reach a global audience.

Number four we look at the team — whether the people have the experience, the context, the knowledge, and the relationships to be successful.

And number five, we often look at the co-investors. The investor group is important, because companies go through several iterations and several fund-raisings, so you need investors that are committed to support a company through all this.

The post Alberto Yépez: “Businesses Are More Willing to Invest in Cybersecurity” appeared first on Panda Security Mediacenter.

Read More