Tag Archives: Security

The Dangers of Plug-ins

Plug-ins are add-ons developed for all types of solutions and applications. The most well-known provide new features for browsers, messenger services and tools such as WordPress. All of them, without exception, can cause significant security breaches at your company.

Plug-ins as an attack target

The widespread use of certain plug-ins is the main reason that some hackers have focused their attention on acquiring or using plug-ins to launch attacks. It should be noted that the nature of these add-ons, as well as their objective, is highly varied. All plug-ins are susceptible to security breaches, no matter what they are geared towards.

For example, for WordPress, plug-ins such as Display Widgets (with more than 200,000 users), Appointments (8,000 users), Captcha (300,000 users), and NextGEN Gallery (more than one million users) highlight the growing trend of using these add-ons to house attacks are insert malicious code These affect all users that visit a page that has the plug-in activated.

Browser plug-ins for Chrome, Firefox and Internet Explorer are not any less dangerous. For example, the well-known LastPass (password manager) has received criticism due to serious problems with security over the past year. Malicious software such as adware and hijacking software has appeared in these kinds of plug-ins. One of the best examples is from last year when Fireball managed to infect more than 250 million computers.

Although plug-ins vary widely, all have the potential to create security problems that often begin with a loss of control of the device: the appearance of pop-up ads, erratic behavior, etc. They can also cause data loss given that they collect personal information, including login information, and send it secretly. Furthermore, they can insert harmful software: viruses, all types of malware and backdoors.

Why plug-ins?

There are two main reasons that hackers pay so much attention to plug-ins. The first, as we mentioned, is the massive user base that many plug-ins have. Exploiting a security flaw of already established plug-ins is a sure bet for cyber criminals. The second reason is the diversity of available plug-ins.

The use of open-source solutions and wide variety of languages and tools have given rise to exponential growth of solutions to use in our day-to-day lives. However, all this has also resulted in potential security issues. These applications are in constant battle against hackers who are trying to exploit their vulnerabilities. The more diverse the panorama, the more possibilities there are of solutions being exploited.

For WordPress, the preferred techniques are using exploits and existing flaws in PHP, Ajax and Java, along with many others. This exponentially increases the possibility of a security problem. On the other hand, this affects visitors to the page as well as the servers where they are located, allowing for criminals to spread infections rapidly.

Plug-ins at companies

This should give us an idea of the potential impact the indiscriminate use of plug-ins can have on companies. If a corporate website uses this popular CMS (or a similar one such as Drupal, Joomla, etc.) company data, as well as that of servers and users, could be at risk.

One should know that add-ons in a company’s system, used as attack vectors, can cause huge data losses. What is the solution? Firstly, it is vital to have a good IT team and for employees to have a solid knowledge of security.

Secondly, intelligence and predictive security tools, such as Panda Adaptive Defense 360, are the best option to maintain an exhaustive control of a company’s network, foreseeing, preventing and remedying potential attacks thanks to its ability to monitor all system processes in real time.

Lastly, there is always taking the extreme measure of prohibiting plug-ins, both in a company’s browsers and well as on its website. There should be no problem for websites if they are “custom-built”. For browsers and apps, with proper control, the amount of damage that a company can suffer can be severely limited.

The post The Dangers of Plug-ins appeared first on Panda Security Mediacenter.

Read More

Apple Blocks Sites From Abusing HSTS Security Standard to Track Users

If you are unaware, the security standard HTTP Strict Transport Security (HSTS) can be abused as a ‘supercookie’ to surreptitiously track users of almost every modern web browser online without their knowledge even when they use “private browsing.”

Apple has now added mitigations to its open-source browser infrastructure WebKit that underpins its Safari web browser to prevent HSTS abuse after

Afraid of insider attacks? This is how you can defend your company

There is no doubt that insider attacks at a company can be catastrophic. According to Haystax, they can cost a company on up to $500,000 to $1,000,000. What’s more, 90% of companies surveyed in the latest Crowd Research report are considered to be vulnerable to this type of security problems. In fact, 53% of companies claim they have suffered an insider attack in the last 12 months. However, not all security managers know about the implications or even the origins of this problem. How can one take on a problem that comes from within?

Where do these attacks originate?

When speaking of insider threats, there are usually two clear but different causes: negligence and malicious intent. While the first usually happens due to a deficiency at a company, the second is more dangerous since it is intentionally harmful. In both cases, the main actors are users with privileges and administrators. It is also important to keep in mind the role of consultors and temporary employees as well as regular employees who can also pose a threat. The origin of the security breach is the first thing to consider in order to stay protected.

Insider attacks are on the rise

According to data gathered by Crowd Research, the number of insider attacks has grown and they are becoming more frequent. The percentage of deliberate data breaches also grew as opposed to unintentional incidents. The vast majority of these vulnerabilities stem from regular employees, but as we mentioned, attention should also be paid to providers and users with privileges.

What points are most vulnerable? Cyber-criminals are most interested in information concerning accounts of users with privileges, as well as confidential business information.  After this, they are interested in is personal information, followed by different information related to industrial espionage.

Taking care of vulnerabilities

The main vulnerabilities stem from a lack of control, according to Crowd Research. The most common vulnerabilities stem from an excess of users with privileges and misuse of privileges, which can allow criminals a simpler way to gain unsupervised access. The increase in the number of devices that have access to sensitive information has also caused networks to be more vulnerable.

In addition to increasingly complex technology, there is a clear lack in education, which is one of the main culprits in internal security failures. Therefore, companies should invest heavily in cybersecurity training for employees. This might seem costly, but as we mentioned, the cost of repairing an internal problem and the consequences thereof often exceeds hundreds of thousands of dollars.

How to defend your company

Bearing all this information in mind, some protection measures should be put into place. Firstly, it is crucial to observe and monitor employee behavior within the network in real time, review the server logs to look for any suspicious behavior and use specific data to analyze how to prevent a possible insider threat.

This means preventing information leaks caused by malware or employees, as well as having protection against attacks or fixing vulnerabilities found in the system. Solutions such as Panda Adaptive Defense 360 combine the latest-generation protection (NG EPP) and Endpoint Detection and Response (EDR) technology with the ability to classify 100% of running processes.

Having a Data Loss Prevention (DLP) strategy and encrypting information are the main measures against insider threats as cited by 60% of security professionals surveyed by Crowd Research. It is necessary to have impeccable identification access control as well as restrict and control all endpoints.

Lastly, it is vital to control and monitor access to valuable resources such as information, databases, connections, anything that can result in a significant loss. It’s also a good idea to reasonably track employee activity, something that can easily be done with the correct tools. In short, having a solid control and repair plan overseen by the right team, together with exhaustive monitoring and proper security training is the best path to protect oneself from an unexpected security failure.

The post Afraid of insider attacks? This is how you can defend your company appeared first on Panda Security Mediacenter.

Read More

Pre-Installed Malware Found On 5 Million Popular Android Phones

Security researchers have discovered a massive continuously growing malware campaign that has already infected nearly 5 million mobile devices worldwide.

Dubbed RottenSys, the malware that disguised as a ‘System Wi-Fi service’ app came pre-installed on millions of brand new smartphones manufactured by Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE—added somewhere along the supply chain

Keys for an Effective Incident Response Plan

Despite the fact that a cyberattack can have devastating effects, the majority of companies are not prepared to deal with such problems. And even though a company may have a good prevention plan and a solid security team, breaches do occur. That’s why a good incident response plan needs to be in place.

What is a SIRP?

A Security Incident Response Plan (SIRP) is, as its name indicates, a guide to applying measures in case of a breach in security. Its objective is to minimize the amount and severity of cybersecurity incidents. According to experts, many companies learn to deal with the damage caused by a security problem after an attack. But this can be very costly.

A SIRP allows companies to deal with an incident as soon as possible, making sure no damage is extended and solutions are applied almost immediately. Therefore, in addition to a SIRP, it is advisable to have a Computer Security Incident Response Team, or CSIRT. However, preparing a plan requires a seasoned and experienced IT team, which does not preclude the need to be prepared from the outset.

Preparing an incident response plan

Every SIRP consists of a series of steps, which are not always necessary but establish a general action plan. A SIRP can be divided into three stages.

  • Initial course of action

This stage begins by evaluating the situation, paying special attention to all activity. Steps should be taken to make sure a false positive has not been given. The seriousness of a possible attack should be assessed a priori. From here on out, all information is meticulously logged. The next step is to assure proper communication of the incident to the rest of the CSIRT to ensure coordination. Containing the damage is essential, so it is necessary to decide which data is most important and to protect it according to its priority. To minimize any risk, one must keep in mind that it is always better to interrupt an IT process than to try to repair any damage afterwards.

  • Classifying the attack

From here on, the SIRP identifies the type of and severity of the attack. This is essential in order to correctly repair the system. It is necessary to identify the nature of the attack, its origin, its intent and what systems and files are exposed. The next step is to identify unexpected physical access points and examine key groups to find any unauthorized entry. Special attention must be paid to any gaps which show losses in the system’s log.

Log files and unusual connections should be examined, as should the security audit, any failed login attempts and any other indication of unusual activity to give a clue as to how the incident occurred. This is the most meticulous part of the process. Once the attack has been correctly identified, the entire team may proceed to secure the logs, tests and all relevant information. This should not be neglected due to the significant legal implications.

  • Notification, documentation and review

In the last stage, information is organized, the incident is documented, and everyone involved is notified. Informing everyone involved is necessary to prevent future damage and to contain any possible future attacks.  Furthermore, from May 2018, notifying those involved of incidents will be even more important. The entry into force of GDPR will require companies to report to authorities any personal data breaches within 72 hours. Once the notification has been made, the systems and documentation will need to be recovered. The recovery will depend on the motives of the breach, its targets and the amount of damage caused to the system. Having backup files is crucial, and backups should be reviewed for any weak points to prevent security problems.

Lastly, a detailed report should be included in the documentation. Since all processes have been logged during the incident, this information should be saved and organized accurately and chronologically. A cost assessment of the incident should also be included as it could be used as further evidence. The last step consists of reviewing the response and action guidelines to improve the incident response plan, evaluating the errors committed and proposing improvements.

Advanced cybersecurity solutions, such as Adaptive Defense 360, allow IT teams to have complete visibility of a corporate network and perform detailed forensic reports on infections.

The post Keys for an Effective Incident Response Plan appeared first on Panda Security Mediacenter.

Read More

13 Critical Flaws Discovered in AMD Ryzen and EPYC Processors

Security researchers claimed to have discovered 13 critical Spectre/Meltdown-like vulnerabilities throughout AMD’s Ryzen and EPYC lines of processors that could allow attackers to access sensitive data, install persistent malware inside the chip, and gain full access to the compromised systems.

All these vulnerabilities reside in the secure part of the AMD’s Zen architecture processors and

CredSSP Flaw in Remote Desktop Protocol Affects All Versions of Windows

A critical vulnerability has been discovered in Credential Security Support Provider protocol (CredSSP) that affects all versions of Windows to date and could allow remote attackers to exploit RDP and WinRM to steal data and run malicious code.

CredSSP protocol has been designed to be used by RDP (Remote Desktop Protocol) and Windows Remote Management (WinRM) that takes care of securely

MOSQUITO Attack Allows Air-Gapped Computers to Covertly Exchange Data

The team of security researchers—who last month demonstrated how attackers could steal data from air-gapped computers protected inside a Faraday cage—are back with its new research showing how two (or more) air-gapped PCs placed in the same room can covertly exchange data via ultrasonic waves.

Air-gapped computers are believed to be the most secure setup wherein the systems remain isolated

5 Simple Steps Employees Can Take to Prevent Cyberattacks

You may be costing your company over $20,000 without even knowing it. That’s how much the average small business pays to resolve cybersecurity attacks and data breaches. It only takes one infected file or one stolen laptop to crush a company’s bottom line. But there’s a silver lining in the dark cloud of cybercrime. You have the power to save the company from data destruction by practicing good cybersecurity habits.

Pro-level cybersecurity comes through practice and self-awareness. It requires you to scrutinize your online and offline work activities a bit more. Too little skepticism is a big problem. When a hacker sends you a phishing email from your credit card company, they count on you assuming it’s legitimate. You see the familiar logo, and so, you click the link. However, that’s a dangerous assumption to make. Throw everything you know out the window and start with fresh eyes and new habits.

Changing your work habits to be more cybersecure helps you and your employer. The $20,000 spent on a cyberattack could have gone to a raise for you and your coworkers, to increasing benefits, or to expanding the businesses. When you protect your employer’s data, you’re also safeguarding your job. Here are five things you can do today to improve cybersecurity at work.

Regularly update your operating system

Your operating system or OS is central command for your desktop, laptop, or smartphone. It’s the Captain Kirk of your devices. Unsurprisingly, it’s a prime target for hackers. Access to your OS means cyberthieves “have the conn” to your computer. They can download, install, and otherwise exploit your workstations. Taking control is how hackers steal your employer and clients’ data.

Regularly updating your OS applies critical security fixes to your Windows, Mac, or Linux software. Make your work life easier by setting up automatic updates to your OS. With this simply adjustment to your work habits, you’ll “boldly go where no one has gone before” with your cybersecurity skills.

Create strong passwords

Ever year, the published list of the top worst passwords show how little thought users give to protecting access to their accounts. Don’t be one of the millions of users who used the following horribly ineffectual passwords in 2017:

  • 123456
  • Password
  • 12345678

Whether for work or social accounts, strong passwords keep your clients’ data safe from identity thieves and data hackers. You may feel that string of numbers you created from your old gym locker combination will protect your data as well as it did your smelly socks, but that’s hardly the case. You need a strong password that’s hard to guess, not a strong password that’s easy to smell, and that gym combo is a real stinker.

Strong passwords are both difficult to guess and easy to remember. Striking the right balance is a breeze when you know the basics of creating strong passwords. Here are a few tips to get started:

Be unpredictable

If you were asked to substitute the letter “S” with a number or symbol in your password, what would you choose? You probably guessed “$”, right? If not, you’re on your way to creating stronger passwords. However, the reality is that most users would choose “$”.

Strong passwords are unique, but most of us try and make them unique in the same ways. It’s a paradox that seems hard to overcome until you know a handy trick: Randomize your letter substitutions and capitalizations. Instead of “$” for “S”, choose “&” for “S”.

Length does matter

Passwords, unlike the “Lord of the Rings” trilogy, should be as long as possible. But there is a caveat: Long passwords are harder for cyberthieves to guess — but they’re also harder to remember. At minimum, your passwords need to be eight characters long, but you can increase the character count by applying a common memory strategy: Turn long phrases into acronyms. Then turn those acronyms into passwords. Here are the steps:

  • 1. Create a unique phrase that’s personal and easy to remember. Example: “My Favorite Movie Of All Time Is Star Trek Wrath Of Khan”.
  • 2. Form an acronym from the first letters of your phrase: “mfmoatistwok”
  • 3. Apply a few random substitutions. m#mo9ti3twok
  • 4. Promote yourself to Ensign Level 2 for creating a strong password.

Use these tips to create strong passwords, and you’ll make it exponentially harder for hackers to steal your identity or your employer’s data.

Post-it notes are for lunch appointments only!

Look around your desk. How many Post-it Notes do you see? Now, of those, how many have account numbers, passwords, or other confidential data written on them? If it’s only one, that’s one too many. Your office may seem like the last place for a data breach to happen, but cyberthieves do their dastardly deeds in the physical world as well as online.

Any list of data breaches will show plenty of “inside job” examples to go along with straight-up cyberhacks. Data theft only takes one disgruntled worker, one nosey janitor, or one sudden break-in to put your employer or their clients’ private information in the hands of cyberthieves. Keep data safe by following these rules:

  • Never leave private information out in the open
  • Don’t throw away sensitive data in trash cans
  • Keep USB drives, CDs, and DVDs that contain sensitive information locked away when not in use
  • Lock your computer when you’re away from it
  • Be aware of your physical surroundings

These tips to safeguard sensitive data apply whether you’re in the office, at home, or at the coffee shop, so make them a part of your overall cybersecurity routine and use Post-it notes for lunch appointments only.

Back up your data regularly

Ransomware increased by 250 percent in 2017, affecting businesses of every size and type. Enterprising cybercriminals hack into computers, encrypt the data inside, and hold it for ransom. It’s a lucrative practice that costs employers millions every year. But regularly backing up your employer’s data takes away the profit incentive.

Use both a physical and cloud-based drive for backups. If one drive is hacked, you’ll have the other available. Most backups to the cloud sync your data automatically and let you choose which folders to upload. Talk with your employer about which files need to be backed up and which can remain locally stored. Set up a regular maintenance schedule to review your backup plans.

Get antivirus software

You can do the most to protect your employer by installing antivirus software, which protects work devices from phishing emails, spyware, botnets, and other harmful malware. But first, talk to your employer about getting comprehensive cybersecurity solution. For your personal devices, consider getting your own antivirus software. Most major antivirus brands offer free downloads of basic plans.

Just like any of your work projects, cybersecurity is a team effort that needs everyone to contribute. These five cybersecurity tips for the workplace are just a jumping-off point for your overall improvement. You now have the basics covered. Expand your cybersecurity arsenal with additional cybersecurity tips and online resources. Make sure you’re doing your part and everyone at work will benefit.

The post 5 Simple Steps Employees Can Take to Prevent Cyberattacks appeared first on Panda Security Mediacenter.

Read More