Internet Security News
Our Internet security news features the latest press releases from the world´s largest online security companies with details of the latest threats to be aware of and, unfortunately, Internet security news relating to significant data breaches. While some organizations will be grateful for the advanced warning of an online threat – and details of how to protect themselves against it – for some the warnings will come too late.
Consequently it is recommended to be protected against all manner of online threats with an email filter and web filter from TitanHQ. Our Internet security solutions prevent users from accessing unsafe sites via phishing emails and malvertising, and from visiting websites that are vulnerable to exploit kits and malware. As many organizations already using TitanHQ solutions would agree, it is better to be safe than sorry.
Jun 2, 2016 | Cybersecurity News, Internet Privacy, Internet Security News, Social Media
On May 12, the microblogging website Tumblr notified users of a data breach that occurred in 2013. The company had kept quiet about the number of site users that were affected, although it has since emerged that 65 million account credentials were stolen in the Tumblr data breach. Stolen email addresses and passwords were recently offered for sale on a Darknet marketplace called TheRealDeal.
Tumblr Data Breach Ranks as One of the 5 Biggest Data Breaches of All Time
The massive Tumblr data breach may not be the largest ever discovered, but it certainly ranks as one of the biggest, behind the breach of 360 million MySpace account details, the theft of 164-million LinkedIn account credentials, and the 152 million-record Adobe breach. All of these huge data breaches occurred in 2013 with the exception of the LinkedIn breach, which happened a year earlier.
These breaches have something else in common. They were all discovered recently and the stolen data from all four data breaches have been listed for sale on illegal Darknet marketplaces by the same individual: A Russian hacker with the account “peace_of_mind” – more commonly known as “Peace”. It is not clear whether this individual is responsible for all four of these data breaches, but he/she appears to have now obtained all of the data.
The person responsible for the theft appears to have been sitting on the data for some time as according to Tumblr, as the login credentials do not appear to have been used.
Fortunately, the passwords were salted and hashed. Unfortunately, it would appear that the SHA1 hashing algorithm was used, which is not as secure as the latest algorithms. This means that hackers could potentially crack the passwords. The passwords were also salted so this offers more protection for individuals affected by the Tumblr data breach. However, as a precaution, site users who joined the website in 2013 or earlier should login and change their passwords.
Do You Reuse Passwords on Multiple Sites?
Even if victims of the Tumblr data breach have changed their password on the site before 2013, they may still be at risk of having their online accounts compromised if their password has been used for multiple online accounts.
If you have been affected by the Adobe, LinkedIn, MySpace, or Tumblr data breach, and there is a possibility that you have reused passwords on any on other platforms it is strongly advisable to change all of your passwords.
Peace may not be the only individual currently in possession of the data, and it is highly unlikely that the data will only be sold to one individual.
If you are unsure if your login credentials have been compromised, you can check by entering your email address or username on haveibeenpwned.com
May 27, 2016 | Cybersecurity News, Internet Privacy, Internet Security News, Network Security, Web Filtering
A new phishing activity report published by the Anti-Phishing Working Group (APWG) shows that the threat from phishing websites is greater than any other time in the history of the Internet. The latest phishing activity report shows that in the past six months, the number of phishing websites has increased by a staggering 250%. Most of the new websites were detected in March 2016.
The Rising Threat from Phishing Websites Should Not Be Ignored
APWG was founded in 2003 in response to the rise in cybercrime and the use of phishing to attack consumers. The purpose of the organization is to unify the global response to cybercriminal activity, monitor the latest threats, and share data to better protect businesses and consumers.
In 2004, APWG started tracking phishing and reporting on the growing threat from phishing websites. During the past 12 years, the number of phishing websites being created by cybercriminals has grown steadily; however, the past six months has seen a massive rise in new websites that trick users into revealing sensitive data.
APWG reports that there is an increase in new malicious websites around the holiday season. In the run up to the holiday period when online shopping increases and Internet traffic spikes, there are more opportunities to relieve online shoppers of their credit card details, login credentials, and other sensitive data.
In late 2015, cybercriminals increased their efforts and there was the usual spike in the number of new phishing websites. However, after the holiday period ended APWG expected activity to reduce. That didn’t happen. New sites were still being created at elevated levels.
In the first quarter of 2016, APWG detected 289,371 new phishing websites were created. However, almost half of the new websites – 123,555 of them – were detected in March 2016. Aside from a slight dip in February, the number of new websites created has increased each month. March saw almost twice the number of new sites than were created in December. The figures for Q1 and for March were the highest ever seen.
Retail and Financial Sectors Most Frequently Targeted by Phishers
Phishers tend to favor well-known brands. The phishing activity report indicates little has changed in this regard. Between 406 and 431 brands are targeted each month. Most of the new sites target the retail industry which accounts for 42.71% of the new phishing websites detected in the first quarter of 2016. The financial sector was second with 18.67% of new sites, followed by the payment service industry with 14,74% and the ISP industry with 12.01%. The remaining 11.87% of new sites targeted a wide range of industries. The United States is the most targeted country and hosts the most phishing websites.
While phishing websites are now favored by cybercriminals, emails continue to be used to send malicious links and malware-infected attachments to consumers and businesses. In January, 99,384 phishing email reports were sent to APWG. The number increased to over 229,000 in February and stayed at that level in March.
APWG also tracked malware infections. In the first quarter of the year, 20 million malware samples were intercepted – an average of 6.67 million malware samples a month.
The report shows how critical it is for business to take action to prevent end users from visiting malicious websites and the seriousness of the threat from phishing websites.
One of the best ways that businesses can reduce the risk of employees visiting phishing websites is to use a web filtering solution. By controlling the sites that can be accessed by employees, the risk of phishing, malware infections, and ransomware attacks can be greatly reduced.
May 26, 2016 | Cybersecurity News, Internet Security News, Network Security
Surprisingly, after ESET sent a request for the TeslaCrypt ransomware master key to the criminal gang behind the attacks, they responded by making the decryption key public and even issued an apology. The surprise move signals the end of the ransomware that was used primarily to target gamers
TeslaCrypt Ransomware Master Key Released
So does the release of the TeslaCrypt ransomware master key mean that the attacks will now stop? The answer to that is a little complicated. Attacks using TeslaCrypt will slow and stop soon, and even if some individuals have their computer files locked by the ransomware they will not need to pay a ransom.
Once the TeslaCrypt ransomware master key was made public, security companies started work on decryption tools to unlock infections. ESET have added the key to their TeslaCrypt decryption tool, and Kaspersky Lab similarly used the master key to update the decryption tool it had been using to unlock earlier versions of the ransomware.
That does not mean that the criminal gang behind the campaign will stop its malicious activity. It just means that the gang will stop using TeslaCrypt. There are many other types of ransomware that can be used for attacks. In fact, it would appear that TeslaCrypt has now simply been replaced with a new form of ransomware called CryptXXX. According to ESET, many of the distributers of TeslaCrypt have already switched to CryptXXX.
Under normal circumstances, contacting a criminal gang and asking for the TeslaCrypt ransomware master key would not have worked. Attackers running profitable ransomware campaigns are unlikely to respond to a polite request asking to unlock an infection without paying a ransom, let alone supply a master key that can be used to unlock all infections.
The reason for the release is TeslaCrypt was already being phased out. ESET researcher Igor Kabina noticed that TeslaCrypt infections were slowing, which signaled that either the gang behind the ransomware was phasing it out in favor of a new malware, or that a new and updated version of TeslaCrypt would soon be released. Kabina decided to contact the attackers through the channels set up to allow victims to contact the gang and pay the ransom.
Kabina asked for the private decryption keys to unlock all four versions of the ransomware. He was answered within one day and was provided the key for the version he claimed to have been infected with. He then sent another message requesting the release of the latest key to unlock v4 of the ransomware, and noticed on the TeslaCrypt page that the gang had announced that the project had been closed. The universal key had been posted on an anonymous .onion page that can be accessed using the Tor browser.
There is a constant battle between security companies and ransomware developers. Oftentimes, ransomware variants contain flaws that allow antivirus companies to develop decryption tools. When these tools are released attackers work rapidly to repair the security flaw and release a new, more robust version of the ransomware. This was the case with TeslaCrypt. Flaws in the first version allowed a tool to be developed. A decryption tool was released, and version 2 of the ransomware was released. TeslaCrypt is now on the fourth version.
As with Cryptowall, TeslaCrypt has now been shut down; however, CryptXXX is still very much active and is still being updated. Furthermore, the attackers have learnt from their mistakes and have developed CryptXXX to be a much harder nut to crack.
CryptXXX is run alongside a program that monitors the system on which it is run to check if it is in a virtual environment or sandbox or otherwise being probed. If abnormal behavior is identified, the encryption routine is restarted. CryptXXX is also spread via spam email, exploit kits, and malvertising. This means that it is much easier to spread and more attacks are likely to occur. Companies and individuals therefore face a much higher risk of an attack.
The release of the TeslaCrypt ransomware master key is therefore only good news if you have been infected with TeslaCrypt. With the move to CryptXXX it is even more important to have solutions in place to prevent attacks, and a plan in place to deal with an attack when it occurs.
May 20, 2016 | Cybersecurity News, Internet Security News, Network Security
A new study has recently been published showing the impact of security breaches on brand image, and how the behavior of consumers changes when companies experience data breaches that expose private data.
Cyberattacks are now taking place with such frequency that data breaches are now to be expected. It is no longer a case of whether a security breach will occur, it is now just a case of when it will happen. Even with the best protections in place to protect sensitive data, breaches will still occur.
Many consumers are aware that the current threat levels are greater than ever and that cyberattacks will occur. However, how do consumers react to breaches of their personal information? Do they forgive and forget or are they taking their business elsewhere?
What is the Impact of Security Breaches on Brand Image?
The FireEye study set out to examine the impact of security breaches on brand image. 2,000 interviews were conducted on consumers in the United States to find out whether security incidents changed behavior and whether data breaches altered perceptions of companies and trust in brands.
The results of the survey clearly show that the failure to invest in robust cybersecurity defenses can have a major impact on revenue. 76% of surveyed consumers claimed they would take their business elsewhere if they believed a company’s data handling practices were poor or that the company was negligent with regard to data security.
75% of respondents said they would likely stop making purchases from a company if they felt that a security incident resulted from a failure of the company to prioritize cybersecurity.
Loss of business is not the only problem companies will face following a data breach. If a breach of personal information occurs and data are used by criminals for identity theft or fraud, 59% of consumers would take legal action to recover losses.
Even when companies take action to mitigate the risk of losses being suffered by consumers – such as providing identity theft protection services – brand image remains tarnished. Reputation damage after a data breach is suffered regardless of the actions taken by companies to mitigate risk. It can also take a considerable amount of time to regain consumers’ trust. More than half of respondents (54%) said that their impression of companies was negatively impacted after a security breach occurred.
Fast action following a data breach can help to restore confidence, but this is expected by consumers. The survey showed that 90% of consumers expect to be notified of a breach of data within 24 hours of an attack taking place, yet this is something that rarely happens. All too often consumers are made to wait weeks before they are informed of a breach of their personal information.
The study also shows that as a result of large-scale breaches consumers are now much less trusting of companies’ ability to keep data secure. They are also much more cautious about providing personal information. 72% of consumers said they now share less information with companies due to the volume of data breaches now being suffered.
The take home message from the survey is organizations must do more to protect consumer data and to prevent data breaches from occurring. If companies invest heavily in cybersecurity and can demonstrate to consumers that they take privacy and security seriously, the negative impact of security breaches on brand image is likely to be reduced.
May 11, 2016 | Cybersecurity Advice, Cybersecurity News, Internet Security News, Web Filtering
This week, patch Tuesday saw updates issued to address actively exploited security vulnerabilities in Internet Explorer, along with a swathe of fixes for a number of other critical Microsoft security vulnerabilities. In total, Microsoft issued fixes for 51 vulnerabilities this week spread across 16 security bulletins, half of which were rated as important, the other eight being rated as critical.
The updates tackle vulnerabilities in Microsoft Edge and Internet Explorer, Windows, the Microsoft .NET Framework, and MS Office; however, it is the browser fixes that are the most important. These include actively exploited security vulnerabilities that can be used to compromise computers if users visit websites containing exploit kits.
Security update MS16-051 tackles the CVE-2016-0189 zero-day vulnerability in Internet Explorer, which if exploited, would allow an attacker to gain the same level of privileges as the current user. The flaw could be used to take control of the entire system. The exploit could be used to install new programs on the device, create new accounts, or modify or delete data. The vulnerability modifies the functioning of JScript and VBScript, changing how they handle objects in the computer’s memory.
The IE security vulnerability was brought to the attention of Microsoft by researchers at Symantec, who had discovered an active exploit that was being used alongside spear-phishing attacks in South Korea. Users were being directed to a website containing an exploit kit that had been updated with the IE security vulnerability.
The MS16-052 security update tackles a vulnerability in Microsoft Edge which similarly changes how objects in the memory are handled. These two updates should be prioritized by sysadmins, although all of the updates should be installed as soon as possible. Even the important updates could potentially be exploited and used to gain control of unpatched computers.
Bulletin MS16-054 is also a priority update to patch critical vulnerabilities in Adobe Flash. Since Flash is embedded in both Edge and IE, Microsoft has started issuing updates to address Adobe Flash vulnerabilities. While these security flaws are not believed to have been exploited in the wild, it will not be long before they are included in exploit kits.
Microsoft may have fixed its actively exploited security vulnerabilities, but despite Adobe issuing patches for Acrobat, ColdFusion, and Reader on Tuesday, Flash remains vulnerable to attack. Adobe has yet to issue a patch for an actively exploited Flash security vulnerability (CVE-2016-4117) that affects version 21.0.0.226 and all earlier versions of the platform. This vulnerability has been included in exploit kits and can be used to take control of devices. In total, Adobe fixed 92 separate vulnerabilities in its Tuesday update.
Between Microsoft and Adobe, 143 vulnerabilities have been addressed this week. With hackers quick to add the vulnerabilities to website exploit kits, it is essential that patches are installed rapidly. These actively exploited security vulnerabilities also highlight the importance of using a web filtering solution to prevent users from visiting compromised websites where the vulnerabilities can be exploited.
May 6, 2016 | Cybersecurity Advice, Cybersecurity News, Internet Security News, Network Security, Web Filtering
Finding a web security service for MSPs can be a time consuming process. There are a number of solutions that allow MSPs to keep their clients protected from malware and reduce the risk from internal and external threats, yet many are far from ideal for use by MSPs.
The ideal web security service for MSPs must have a relatively low cost of ownership. Clients may be more than willing to implement a web security service to deal with the growing range of web-borne threats, but the cost of implementation is a key factor.
Many solutions offer all the necessary benefits for the client, but are not practical for use by MSPs. The time taken to install web security solutions and to configure them for each client can reduce profitability. The best web security service for MSPs need to be easy to install and maintain, and have a low management overhead.
Low cost solutions that are quick to install and easy to maintain allow MSPs to easily incorporate into existing packages to create a more comprehensive Internet security service. This can increase the value provided to clients, boost client revenue, and help MSPs to win more business and differentiate their company in the marketplace.
The ideal web security service for MSPs is available as a white label. This allows the service to be easily incorporated into existing packages. White labeling allows MSPS to strengthen their own brand image rather than promoting someone else’s.
Many providers of a web security service for MSPs fall down on customer support. If any issues are experienced, it is essential that an MSP can provide rapid solutions. Industry-leading technical support is essential.
WebTitan Cloud – A Web Security Service for MSPs That Ticks All the Right Boxes
WebTitan Cloud is an enterprise-class web filtering solution for MSPs that can be used to enforce clients’ acceptable use policies and control the content that can be accessed via their wired and wireless networks.
Our DNS-based web filtering solution allows organizations to prevent phishing, stop malware downloads, protect against ransomware and botnet infections, and block spyware and adware. Controls prevent the bypassing of the content filter by blocking anonymizer services. Encrypted web traffic is also inspected.
Implementation could not be any easier. There is no need for any hardware purchases or software downloads. All that is required is a change to the DNS to point to our servers and the Internet can be filtered in under 2 minutes.
Configuring each client to incorporate their AUPs is also a quick and easy process requiring no technical expertise. Highly granular controls ensure AUPs can be quickly and easily applied. There is no need to use on premise support teams. Everything can be monitored via the control panel from any Internet browser. There is no hardware or software to maintain and no patches to apply, reducing management overhead considerably. Cloud keys can be supplied to allow guests to bypass organization-wide content control settings, with time-limits applied to prevent abuse.
Reporting is effortless. A full suite of pre-defined reports can be generated automatically and scheduled for each client to allow Internet access to be carefully monitored.
We also offer fully white-labeled solutions for MSPs allowing logos, branding, and corporate color schemes to be easily incorporated. We are also more than happy to allow WebTitan Cloud to be hosted within an MSPs infrastructure.
What Your Customers Get
- Ransomware, malware, and phishing protection. Protection from malware, ransomware and the web-based component of phishing attacks. More than 60,000 malware iterations are blocked every day.
- A quick and easy to use DNS filter to manage and control web usage – Block malicious sites and control the web content employees and guest users can access.
- Easy to implement; Easy to use. Customer accounts are up and running within 20 minutes
- Improve network performance: A no latency DNS filtering solution that can be used to reduce bandwidth waste and abuse.
- Highly granular content filtering with flexible user policies
- Support for dynamic IP’s
- Works with any device
- Full reporting suite. WebTitan contains a comprehensive reporting suite providing automated graphical reports and extensive reports on demand.
- Fully automated updating – Does not add to your patching burden and requires minimal management while ensuring maximum security.
- Whitelists and blacklists Global whitelists and blacklists and custom categories can be configured to allow/block by full website address or by IP address
Benefits for MSPs
- Save on customer support time, hours and cost – No more costly ransomware call outs.
- Easy to deploy, manage and sell our awarded-winning cloud based web filtering solution
- Simple Integration into your existing service stack through API’s and RMM integrations
- Competitive pricing with a core focus on the SMB market.
- Generous margins and monthly billing
- White labelling – WebTitan can be fully rebranded with your logos and color scheme with us working seamlessly in the background.
- Set & forget. WebTitan requires minimal IT service intervention
- Short sales cycle – only a 14 day free trial required to test
- World class support – The best customer service in the industry with scalable pre-sales and technical support and sales & technical training
- Multi-tenant dashboard – MSP-client hierarchy enables you to keep clients separated and choose whether to manage client settings in bulk or on an individual basis
To find out more about why WebTitan Cloud is a game changing web security service for MSPs contact our sales team today!
MSP Testimonials
“WebTitan is an outstanding tool for most reliable content filtering. The monitoring feature of this specific product is quite unique that totally monitors all the process of online working and also secures all the data. Additionally, its set-up is superb easy and it can be done in just few minutes that save my time and energy as well.” Kristie H. Account Manager
“WebTitan is fairly easy to setup. It is available as a cloud based solution or on prem. You can get as simple or as complicated with your filtering as you like, it will handle most situations with ease. It has provided us with a stable web filtering platform that has worked well for us for many years. ” Derek A. Network Manager
“WebTitan is outstanding software that helps me a lot in minimizing viruses. The thing I like most about WebTitan is that it is extremely easy to use and configure. I like its clear interface. It lets us block malicious content and spam easily. It is no doubt an amazing product helping us a lot in kicking out harmful bad stuff.” Randy Q. Software Engineer
“By reducing malware-related security incidents, you’re reducing your number one uncontrollable expense: the people on your IT operations team, like your help desk techs.” MSP, Washington, US
“Web filtering is one of the, if not the greatest bang for your buck services. It’s built in anti malware has protected our clients, saving us thousands of hours of repair time I am absolutely certain.” MSP, New York, US
“a key part of our security stack as we’ve scaled to over 6,000 managed endpoints, while decreasing virus and malware related tickets by 70%.” MSP, Boston, US
“It has paid for itself many times over by reducing malware calls.” MSP, Toronto, Canada
May 5, 2016 | Cybersecurity Advice, Cybersecurity News, Internet Security News, Network Security, Web Filtering
Over the past two weeks there have been three worrying instances of the Angler exploit kit being used to infect website visitors with malware and ransomware. Cybercriminals are increasingly using exploit kits to deliver their malicious payloads and all organizations need to be aware of the risk.
Why AUPs May Not Be Sufficient to Keep Networks Secure
Many companies advise employees of the types of websites that can be accessed via work networks and which are forbidden. Typically, employees are banned from visiting pornographic websites, using the Internet for the sharing of copyright-protected material, installing shareware or other unauthorized software, and using unauthorized web applications and gaming sites.
Employees are provided with a document which they are required to read and sign. They are informed of the actions that will be taken for breaching the rules: verbal and written warnings for example, and in some cases, instant dismissal. These AUPs are usually effective and employees do heed the warnings if they value their jobs.
If an employee breaches the AUPs and accesses pornography for instance, action can be taken against that individual. It is probable that no harm will have been caused and the matter can be dealt with by HR.
However, if an employee breaches AUPs and visits a website that has been compromised with malware or installs shareware that includes malicious files, taking action against the employee will not undo the damage caused.
To better protect networks, AUPs should be enforced with a software solution. By implementing a web filtering solution, HR departments can ensure that inappropriate website content is not accessed, while IT departments can be prevented from having to deal with malware infections.
Even if AUPs are followed to the letter, malware may still be downloaded onto the network. The risk has recently been highlighted by two security incidents discovered in the past two weeks.
Legitimate Websites Compromised with Angler Exploit Kit
Last week, news emerged that a toy manufacturer’s website had been compromised and was being used to infect visitors with malware. The website had been loaded with the Angler exploit kit and was being used to silently infect visitors’ devices with ransomware.
An exploit kit is a malicious toolkit used by hackers to probe for security vulnerabilities in website visitors’ browsers. A visitor to a website containing an exploit kit – BlackHole, Magnitude, Nuclear, Styx, or Angler for example – will have their browser checked for out of date plugins such as Adobe Reader, Silverlight, Flash, or Java. If the plugins are not up to date, security vulnerabilities can be exploited to download a payload of malware. These attacks are silent and the website visitor will be unaware that their machine has been compromised.
This week, two more websites were discovered to have been hijacked and were being used to direct visitors to the Angler exploit kit. These websites were much more likely to be visited by company employees. They were the sites of two CBS-affiliated TV stations: KMOV in St. Louis and WBTV in Charlotte, North Carolina.
These news websites would be unlikely to be banned in AUPs, and few organizations would see the risk of their employees visiting these websites.
News Websites Contained Malvertising Directing Users to the Angler Exploit Kit
While the toy manufacturer’s website was directly infecting web visitors, in the case of KMOV and WBTV the attackers were using a common technique called malvertising. The websites had not been loaded with the Angler exploit kit, instead the attacks were taking place via third party adverts that were being served on the sites.
The sites contain adblocks which were used to serve advertisements via the Taggify network – a legitimate advertising network. However, a rogue advertiser had got around the controls put in place by Taggify and malicious adverts were being served.
The attackers hosted the malicious ad components – images and JavaScript- on their own servers. The malicious adverts were then served on unsuspecting website visitors. However, the rogue advertiser was also serving legitimate ads and these were displayed to web crawlers and scanners to avoid detection. Other users were served an advert that redirected them to the Angler exploit kit. If those visitors had browsers with out of date plugins, they would be infected with whatever payload the attackers chose to deliver.
Reduce Risk of Attack with a Web Filtering Solution
These three recent cases are just the tip of the iceberg. Criminals are hijacking all manner of websites and using them to host exploit kits. Legitimate websites serving third party adverts are also being targeted with malvertising.
Enforcing AUPs with a web filtering solution can help to prevent end users from visiting websites that have been compromised with malware. A web filter – such as WebTitan – can also be used to block third party advertisements from being displayed.
Unfortunately for enterprises, it is not possible to install patches as soon as they are released. Many patches require reboots, and that is not practical. The number of patches being released to plug security holes is considerable, and it takes time to patch all devices that connect to a network. Good patch management policies can reduce the likelihood of a successful attack, but they cannot prevent all attacks from taking place. If a web filtering solution is used that can block malvertising and websites known to contain malware, end users and networks will be better protected.
Apr 28, 2016 | Cybersecurity Advice, Internet Security News, Network Security, Web Filtering
Organizations are investing in technology to ensure the perimeter defense are not breached; however, it is also important to address the risk of insider data breaches. According to a recent report from Forrester, internal incidents were responsible for more than half of data breaches suffered by firms. Cybercriminals have stepped up their efforts and are attacking organizations with increased vigor, but the report suggests more than half of data breaches are caused by employee errors, oversights, and negligence.
Employees are under increasing pressure to get more work completed in less time. This can easily lead to errors being made or shortcuts being taken. Employees may be security minded most of the time, but it is all too easy for sloppy data security practices to creep in. Even with the most robust perimeter security defenses in place, simple mistakes can lead to disaster.
Email Borne Attacks Are Still A Major Risk
During the past 12 months the volume of spam email has fallen considerably. This is partly due to law enforcement taking down major botnets and the increasing use of efficient spam filters. Even with the reduced volume the threat from spam email is considerable. The Forrester report indicates spam email volume has dropped from almost 89% of all emails in 2014 to 68% of emails in 2015. However, over 91% of all spam emails contain a malicious link and 2.34% contain malicious email attachments.
Cybersecurity awareness training has helped to mitigate the risk of insider breaches to some degree but they are still occurring. Most employees now know not to open email attachments from people they do not know, but what about from people they do know?
There has been an increase in business email compromise attacks in recent months. These attacks involve the sending of spam and phishing emails from within an organization. These emails are more likely to result in malicious email attachments being opened and links being clicked than emails from strangers. All emails should be treated as suspicious and should be carefully checked, not only those from outside an organization.
Employees are aware never to run an executable file that has been sent via email and to be wary of opening zip files from strangers. The Forrester report suggests that attackers are increasingly using standard office files to infect their targets. Microsoft Office files are used in 44.7% of attacks.
Employees who install unauthorized software are also placing their companies at risk. The use of shadow IT is behind many data breaches. Cybercriminals are exploiting vulnerabilities in the software installed by end users. Many of these programs contain serious vulnerabilities.
How to Address the Risk of Insider Data Breaches
Tacking the threat from within is more complicated that securing the defense perimeter as it is far harder to prevent employees from making simple mistakes. Organizations must take steps to reduce the likelihood of mistakes being made, while also ensuring that when employees do make data security snafus do not prove to be catastrophic.
Some of the ways organizations can address the risk of insider data breaches include:
- Conduct background checks before hiring new staff
- Ensuring access to systems is terminated before staff are
- Limiting network privileges
- Block the copying of critical data onto portable devices
- Provide all new staff with data security training
- Regularly conducting refresher training sessions
- Conducting quarterly cybersecurity fire-drills to ensure training is not forgotten.
- Sending regular email bulletins to keep cybersecurity awareness training fresh in the mind
- Sending dummy phishing emails to staff to test the effectiveness of training
- Scanning for shadow IT installed on user devices
- Ensuring bank transfer requests are checked by two individuals before being authorized
- Using a web filtering service to block phishing websites and limiting access to potentially risky websites
- Configuring a web filter to block the downloading of risky file types
It may not be possible to eliminate the risk of insider data breaches, but it is possible to effectively mitigate risk.
Apr 15, 2016 | Cybersecurity Advice, Internet Security News
Two new vulnerabilities in QuickTime for Windows have recently been discovered, but a patch to address the flaws will not be issued by Apple. Apple has taken the decision to depreciate QuickTime for Windows and has advised all Windows users to uninstall the software to prevent vulnerabilities from being exploited. Apple intends to keep supporting the OSX version.
The latest vulnerabilities in QuickTime for Windows (named ZDI-16-241 and ZDI-16-242) are both heap corruption remote code execution vulnerabilities, both of which allow an attacker to write data outside of an allocated heap buffer. The vulnerabilities could be exploited remotely, although user interaction is required. In order for an attacker to exploit these vulnerabilities the target would be required to open a malicious file or visit a malicious website.
One of the vulnerabilities affects the moov atom (ZDI-16-241) while the other (ZDI-16-242) involves a flaw with atom processing. Both could allow data to be written outside of an allocated heap buffer by providing an invalid index. This would allow code to be executed in the context of Windows QuickTime player.
Latest Vulnerabilities in QuickTime for Windows Require Uninstallation of the Software
The discovery of the new vulnerabilities in QuickTime for Windows spells the end of the software for Windows users. Apple, Trend Micro, and US-CERT have all advised Windows users to uninstall QuickTime ASAP in order to stay protected.
These two new vulnerabilities are unlikely to be the last to be discovered. Leaving the software installed will place users at risk of attack. Exploits for the new vulnerabilities are not believed to have been developed yet, and no active attacks are understood to have been conducted, but it is only a matter of time before the vulnerabilities are added to exploit kits.
Whenever a software developer takes the decision to stop supporting software it means users must find alternatives. IT departments should ensure that all Windows machines have QuickTime uninstalled as soon as possible.
Apple has decided to stop support for QuickTime for Windows as most media programs no longer use QuickTime to play common formats, while HTML 5 has rendered the browser add-on obsolete.
To uninstall QuickTime for Windows, conduct a search for the uninstaller – search for “uninstall QuickTime” – or remove the program via the Windows Control Panel. Apple advises users to save the registration key if using QuickTime 7 Pro, which can be found in the “Register” tab of the program (Click Edit > Preferences).
Apr 8, 2016 | Cybersecurity Advice, Cybersecurity News, Internet Security News
The dramatic rise in business email scams in the past 12 months has prompted the Federal Bureau of Investigation (FBI) to issue a new warning. Companies of all sizes are being targeted with business email compromise scams which relieve companies of tens of thousands if not hundreds of thousands or millions of dollars.
The FBI warns that scammers are now going to extraordinary lengths to fool company employees into making transfers of large sums of company funds into hacker’s accounts. These attacks are far from the random email spam campaigns typically associated with email scammers. Companies are extensively researched, individual targets are identified, and carefully crafted emails are sent. A variety of social engineering techniques are employed to convince an individual in the company to make a sizeable bank transfer to the attacker’s account.
There are two main variants of these business email scams. The first involves gaining access to the email account of the CEO or a senior executive in the company. This is usually achieved with a spear phishing campaign. This phase of the attack involves researching the company and identifying a target. That target is then sent a spear phishing email in order to gain access to their email login credentials.
Once access to an email account has been gained, emails are checked to determine the style of writing used by that individual – How they sign their emails, the terminology they use, and the level of familiarity they have with the second target: An individual that manages money or makes bank transfers for the company.
An email is then sent from the executive’s email account requesting a transfer be made. Account details are supplied with a reason for urgency, and an explanation of why the request is being made.
Since the emails come from a known source within the company, and the terminology and style of the email matches those typically received by the accounts department, the transfer is often made without being queried.
Another variation on the same theme does not require access to an email account. Instead a domain name is purchased that is virtually identical to that used by the target company, often with just two letters transposed. Typically, an L in the domain name is replaced with the numeral 1, or the letter O with a zero. Goog1e.com instead of google.com for example.
These business email scams are highly effective because they take advantage of employees’ reluctance to query requests from authority figures in their organization. The emails are also crafted so as not to arouse suspicion.
Business Email Scams Have Netted Criminals Over $2.3 Billion in Three Years
Over the past three years the FBI has received complaints about business email scams from over 79 countries, and from every state in the U.S. Recently attacks have spiked in Phoenix, with other U.S. cities also targeted. Between October 2013 and February 2016, the FBI has been informed of 17,642 victims of these attacks. Over $2.3 billion in losses have been reported.
However, recently the situation has become dire. There has been a 270% increase in business email scams since January 2015, and the amounts lost in each successful attack are substantial. FBI reports that in Arizona the typical transfers requested are between £$25,000 and $75,000. With such high rewards for criminals it is no surprise that so many attacks are being conducted.
The FBI has urged companies to exercise caution and to be on high alert for these business email scams. The advice provided is to be extremely wary of any email-only request for a wire transfer, even if it comes from within the company.
To prevent these attacks, accounts department staff should verify a transfer request with the individual by phone – never by email – and should check the email address of the sender carefully. Multi-level authentication of bank transfers should also be consider3ed to reduce the risk of a successful attack.
Mar 19, 2016 | Cybersecurity News, Internet Security News, Web Filtering
Cybercriminals are moving away from email attacks and are concentrating on web-based exploits to deliver malware. Email remains a major source of malware, but web-based attacks are now much more prevalent.
Web-Based Exploits Increasingly Used to Deliver Malware
A recent report from Palo Alto Networks showed that out of just over 68,000 malware samples collected, 25% were delivered via email, whereas 68% were delivered during web-browsing. Those figures were for known malware. When it comes to undetected samples, the figures for web-browsing rose to 90% compared to just 2% delivered via email. Undetected malware samples are those which are not detected by traditional anti-malware and anti-virus solutions.
It is easy to see why web-based exploits are being favored by cybercriminals. It takes much longer for web-based exploits to be detected by anti-virus software than email-based attacks. Palo Alto reports that it takes four times as long to detect web-based exploits as it does email-based attacks. Attackers are also able to tweak web-based malware in real-time. Email-based malware needs to be sent out and changes can only be made for each new campaign.
In the case of email-based malware attacks, the malicious software is relatively easy to detect by AV companies. They are able to give each malware sample a signature, which makes it much easier to block attacks. In the case of web-based malware this is a much harder task. The malware can be tweaked in real-time, making it harder for AV companies to capture and create a signature. A web server on which malware is hosted can be configured to re-code the malware automatically and generate many thousands of unique malware. Capturing and adding a signature to each simple takes too long.
There are many methods that can be employed to reduce the risk of malware infections from web browsing, although one of the easiest preventative steps to take is to use a web filtering solution such as WebTitan. WebTitan allows organizations to carefully control the websites that can be accessed by end users.
Palo Alto reported that HTTP proxies were frequently used in malware delivery. The blocking of HTTP proxies and web anonymizers can help to improve security posture and reduce the risk of malware downloads. P2P networks are also commonly used to deliver malware, and these can also be easily blocked with WebTitan web filtering solutions.
Social media websites are a common source of malware infections. A recent survey conducted by the Ponemon Institute revealed that 18% of respondents had experienced a malware attack via social media websites. Blocking access to social media networks, or blocking the file-transfer function of Facebook for example, can help to reduce the risk of malware downloads.
The threat landscape is constantly changing; however, by carefully controlling the actions that can be performed by end users with a web filter, the risk of malware infections can be greatly reduced.
Mar 18, 2016 | Cybersecurity News, Internet Security News
A recent study conducted by the Ponemon Institute on behalf of IBM investigated web application security visibility. The report revealed for the majority of organizations there is none. When it comes to application security, many companies are in the dark and either do not test the apps they use, or do not address the vulnerabilities they discover when they do.
640 application development and security professionals were asked questions about application security and the steps being taken to secure apps. The study also aimed to get an answer to the question, how much do organizations know about the security of the applications they are using on a day to day basis?
The results of the survey are worrying. More than a third of companies (35%) perform no application security testing. Consequently, they are unaware if the apps they use have security vulnerabilities. Worse still, 69% of respondents said they were not aware of all of the apps and databases that were in use in their organization.
Application Security Visibility Needs to be Improved
The study also revealed that more than two thirds (67%) of organizations do not have overall visibility into the state of application security in their respective companies. Out of the organizations that do perform application security testing, more than half do not take steps to address security vulnerabilities they discover. 34% of respondents said urgent security vulnerabilities are not being fixed and 43% said web application security was not a priority in their organization.
When asked why thorough testing of applications does not take place, 56% of respondents said it was due to time constraints and organizational pressure to release applications quickly. 55% said that their organization’s developers are too busy to work on application security issues and 70% said they believed their organization invested too little in securing web applications and that insufficient resources were allocated to the task.
Developers do not feel that it is their job to ensure applications are secure, and that this task should be conducted by information security professionals employed by their organizations. Another issue is web application security vulnerabilities take a long time to resolve. When asked how long, 38% said that each vulnerability takes around 20 hours to address.
There is, unfortunately, not enough time to make applications secure. However, there is no shortage of attackers willing to take advantage of security vulnerabilities that remain in web applications. Unless the security of web applications is improved, those vulnerabilities could well be exploited.
Mar 12, 2016 | Internet Security News, Network Security
Effective enterprise patch management policies can greatly improve security posture and prevent cyberattacks; however, many enterprise IT staff are confused about patch management.
A new survey conducted by Tripwire suggests that InfoSec staff often confuse patch management with vulnerability mitigation. The complexity of enterprise patch management also leaves many security professionals unsure about when patches should be applied and the impact of applying patches.
The Complexity of Enterprise Patch Management Causes Problems for Many IT Security Professionals
The Tripwire survey was conducted on 480 IT security professionals and asked questions about enterprise patch management policies at their organizations.
The results show that IT staff are struggling to ensure that all systems are maintained in a fully patched state. 67% of respondents said that at least some of the time, they are unsure about which patches need to be applied to certain systems.
The complexity of enterprise patch management is a problem. For instance, a patch may be issued to address Adobe Flash vulnerabilities, but it comes bundled with Google Chrome updates. It addresses Flash vulnerabilities in Chrome, where Adobe Flash is embedded, but does not address standalone installations or Flash vulnerabilities in other browsers. 86% of respondents said that issues such as this mean they find it difficult to understand the impact of a patch. It is all too easy for security vulnerabilities to remain after a patch has been applied.
Patches are released that address multiple security vulnerabilities, but they do not address those vulnerabilities across all systems. The application of a patch will not necessarily remediate a security vulnerability entirely. According to Tripwire, ““The relationship between patches and vulnerabilities is far more complex than most people think.”
There is also considerable confusion between patches and software upgrades. When it comes to addressing security vulnerabilities, a patch may address some, an upgrade may address others, and there is often some overlap. Because of this, organizations struggle to ensure that all software is properly patched and fully up to date.
The survey revealed that half of enterprises do not know the difference between applying patches and remediating security vulnerabilities. 7% of respondents didn’t realize there was a difference between applying a patch and resolving a security vulnerability, while 43% said their staff had trouble understanding the difference.
Patches are now being issued regularly and many enterprises find it difficult to cope with the sheer number of patches being released. Before the survey was conducted, Tripwire expected only a small number of organizations to be experiencing “patch fatigue.” However, it is clear from the results of the survey that this is a widespread problem. 50% of respondents said that patches are now being released at an unmanageable rate.
Enterprise patch management may be one of the most basic security measures, but effective patch management is anything but simple.
Mar 3, 2016 | Cybersecurity News, Internet Security News, Network Security
A new report released by the Ponemon Institute suggests data breaches caused by mobile devices are not as rare as previously thought. Last year, Verizon released a data breach report suggesting that while mobile malware is increasing, it is not yet a major threat for attacks on organizations. Attacks are conducted, but they tend to target individuals.
Are Corporate Data Breaches Caused by Mobile Devices?
Verizon determined that only 1% of data breaches use mobile devices as an attack vector. The Ponemon report suggests the figure is far higher, with 67% of respondents claiming the use of mobile devices by employees was certain or likely to have resulted in a beach of sensitive corporate data.
The Ponemon study, which was commissioned by security firm Lookout, set out to cast some light on enterprise mobile security risk. 588 IT security professionals employed by Global 2000 companies in the United States were asked about the threat from mobile devices.
The report suggests there is a disconnect between IT departments and employees when it comes to the data that can be accessed using mobile devices. Many IT departments have implemented controls to limit data access via BYOD or corporate devices. However, employees still appear to be able to access corporate data none the less
The study found significant discrepancies between the data IT departments said could be accessed, and the responses provided by employees. For instance, when both groups were asked about whether confidential or classified documents could be accessed, 33% of employees said access was possible compared to just 8% of IT security professionals. 19% of IT security professionals said mobile devices could not be used to access customer data, yet 43% of employees said the data were accessible via their mobiles.
IT departments must therefore implement better controls to ensure mobile devices cannot be used to access sensitive data, or employees must be trained on the potential risks from using their mobile devices. Policies would also need to be developed to dictate what mobile devices can and cannot be used for.
The Average Infected Mobile Device Costs Organizations $9,485
The report also looked into the cost of data breaches caused by mobile devices. The average infected device was estimated to cost an organization an average of $9,485.
According to the report, mobile malware infections are a real concern. For any given company, many of the devices in use are already be infected with malware. The study suggested that “Of the 53,844 mobile devices in the average Global 2000 enterprise, 1,700 of those devices are infected by malware at any given time.”
When asked about the protections put in place to manage data access by employees, many companies had already implemented a number of safeguards to keep corporate data secure.
47% of organizations used whitelists and blacklists, 40% used mobile device management, while 45% used identity management. However, more than 4 out of 10 respondents said that none of those security measures were used by their organizations.
With the threat from mobile malware high, organizations need to devote more time and resources to mobile device security. Fortunately, this appears to be the case. The Ponemon report indicates that mobile security budgets are increasing and will represent 37% of the IT security budget next year. A considerable improvement on the current 16%.
Feb 24, 2016 | Cybersecurity News, Internet Security News, Network Security
Security vulnerabilities in wireless devices can be exploited by hackers, but what about mousejacking wireless mice and hijacking wireless keyboards? According to a team of security researchers at Bastille, an IoT security start-up, the devices can be hijacked and used by hackers to steal data or compromise a network. Furthermore, in many cases the devices can be hijacked from up to 330 feet away. That’s far enough away for a hacker to be able to sit in his or her car outside a building and force a user to download malware. All a hacker is likely to need is about $15 of very readily accessible hardware say the researchers.
Mousejacking – A New Concern for Security Professionals
Bastille’s researchers looked at wireless mice and keyboards from major device manufacturers such as Logitech, Microsoft, Lenovo, HP, and Gigabyte. Since alerting the manufacturers to the risk of mousejacking and keyboard-jacking, some have released patches to address the vulnerabilities. For others, no patches have yet been developed leaving the devices vulnerable to attack. The problem does not appear to affect Bluetooth devices, but all other mice and keyboards that use a wireless dongle are potentially vulnerable.
With basic hardware, including a software-defined radio, a hacker could scan for the frequencies used by wireless devices and identify targets. Once a target was identified, forged packets could be transmitted to the address of the target.
While traffic sent between a wireless keyboard or mouse and the device’s dongle is encrypted, the dongle can still accept unencrypted commands, provided those keystrokes or clicks appear to come from its accompanying wireless mouse or keyboard. The researchers were able to inject keystrokes by sending unencrypted packets via the dongle that pairs with its wireless device.
Mousejacking could potentially be used to download malware onto devices, although Bastille software engineer Marc Newlin has hypothesized that the flaw could be used by a hacker to set up a wireless hotspot on the device. That hotspot could then be used to exfiltrate data, even in the absence of a network connection. A command window could also be opened on the device and a network vulnerability introduced, or a rootkit could be installed.
Logitech has already issued a patch and Lenovo has addressed the vulnerability for all new devices, but its patch cannot be applied to existing devices and must be installed at the time of manufacture. Microsoft is looking into the reported vulnerability but a patch has not yet been issued. Some Dell devices can also be patched, but not all.
While an mousejacking attack would be complicated and difficult to pull off outside of a controlled environment, a skilled hacker in close proximity to a device could potentially conduct a mousejacking attack. Since mousejacking can be used up to 330 feet away from the device, that individual would not even need to be in the building.
Feb 17, 2016 | Cybersecurity News, Internet Security News, Network Security
A Google engineer has accidentally discovered a critical glibc security vulnerability that has existed since 2008. After committing several hours to hacking the vulnerability, Google engineers managed to come up with a fully working exploit that could be used to remotely control Linux devices. The glibc security vulnerability has been compared to the Shellshock security vulnerability uncovered in 2014 due to sheer number of hardware devices and apps that could potentially be affected.
The security vulnerability came as a surprise to Google engineers who were investigating an error in an SSH application which caused a segmentation fault when trying to access a specific web address. It was only after a detailed investigation that they discovered the fault lay with glibc.
Maintainers of glibc were contacted and alerted to the security vulnerability, but as it turns out they were already aware of the issue. It had been reported in July 2015 but had not been rated as a priority. That said, when Google contacted Red Hat, they confirmed they too had discovered the flaw and were working on a patch.
Linux Devices at Risk from Critical Glibc Security Vulnerability
While Windows, OS X, and Android devices are unaffected by the glibc security vulnerability, hundreds of thousands of hardware devices could potentially be affected. The security flaw affects most distributions of Linux and thousands of applications that use GNU C Library source code. All versions of glibc above 2.9 are affected.
The code is used for Linux distributions used for a wide range of hardware, including routers. The vulnerability is a buffer overflow bug in a function that performs domain lookups: getaddrinfo()
If hackers managed to replicate Google’s exploit they would be able take advantage of the vulnerability and remotely execute malicious code. The security vulnerability could be exploited when unpatched devices make queries to domain names or domain name servers controlled by attackers.
Google engineers have been working with Red Hat to develop a patch to address the vulnerability, and by combining knowledge of the vulnerability they have been able to develop a fix for the flaw, and a patch has now been released. It is essential that the patch is applied as soon as possible to ensure that the vulnerability cannot be exploited.
Updating to the latest version of glibc may be a fairly straightforward process. Linux servers can be patched by downloading the update, although things may not be quite so straightforward for some applications, which will need to be recompiled with the new library code. This could potentially result in a number of devices remaining vulnerable for some time.
Now that the vulnerability has been announced, hackers will be attempting to develop an exploit. Google has published a proof of concept, although obviously not full details of its weaponized exploit. The exploit is apparently not straightforward, which should buy Linux administrators a little time and allow them to check systems and ensure that affected hardware devices are patched.
Feb 11, 2016 | Cybersecurity Advice, Internet Security News, Network Security, Web Filtering
One of the main priorities for IT professionals in 2016 is securing Wi-Fi hotspots. The use of unsecured public Wi-Fi is notoriously risky. Cybercriminals spy on the activity taking place at WiFi hotspots, and it is at these Internet access points is where many man-in-the-middle attacks take place.
The Dangers of Unsecured WiFi
Preventing employees from using personally owned and work devices on unsecured Wi-Fi networks is a major challenge, but one that must be met in order to keep work networks free from malware.
When employees use smartphones, tablets, and laptops to connect to unsecured Wi-Fi networks, there is a high risk that those devices may be compromised. Hotspots are frequently used to deliver malware to unsuspecting website visitors, and malicious software can subsequently be transferred to work networks. With personally owned devices increasingly used for private and work purposes, the risk of a work network malware infection is particularly high.
The risks associated with unsecured Internet access points are well known, yet people still tend to still engage in risky behavior when accessing the Internet via these wireless networks. In a rush to take advantage of free Internet access, basic security best practices are all too often ignored. Devices are allowed to connect to Wi-Fi hotspots automatically and Wi-Fi hotspots are not checked to find out if they are genuine or have been spoofed.
Security Professionals Concerned About Employees’ Use of Unsecured WiFi Networks
A recent survey conducted by the Cloud Security Alliance indicates security professionals are very concerned about the use of unsecured WiFi networks. The Cloud Security Alliance is a collective of security professionals, businesses, and privacy and security organizations that are committed to raising awareness of cybersecurity best practices.
The organization recently conducted a survey and asked 210 security professionals their opinions on the top threats to mobile computing in 2016. 2010 member organizations were polled and more than 8 out of 10 respondents (81%) said that the threat from unsecured WiFi access points was very real, and was one of the biggest mobile security risks in 2016.
The Importance of Securing WiFi Hotspots
Many organizations that operate a network of Wi-Fi hotspots have yet to implement security measures to keep users of those networks secure. Those Wi-Fi access points are made available to customers in bars, restaurants, hotels, airport lounges, sporting venues, and on public transport such as busses and trains.
Guests are allowed to connect to those networks, yet little is done to police the activity that takes place over the network. Consequently, the door is left open for cybercriminals to conduct attacks.
Failing to provide even a basic level of security is a big mistake. If patrons suffer malware infections, data loss, identity theft, or other forms of fraud as a result of accessing the internet at a particular location, they are likely never to return.
With IT professionals now educating their staff members about the dangers of using unsecured WiFi access points, businesses that offer secure WiFi access are likely to attract far greater numbers of customers than those that do not.
There is a cost associated with securing WiFi hotspots of course. However, what must be considered is the amount of business that will be lost as a result of not securing WiFi hotspots. The cost of implementing security measures is likely to be much lower in the long run.
Securing WiFi Hotspots with WebTitan Cloud for WiFi
A business offering customers wireless Internet access used to have to purchase additional hardware or software in order to secure WiFi access points. Not only was there a cost associated with adding a security solution, implementing that solution was a complex task that required skilled staff and many man-hours.
Providing a secure browsing environment for customers would mean getting them to download software to the device used to access the Internet. That is hardly a practical solution for a bar or restaurant where quick and easy access to the internet is required by customers.
WebTitan offers a much easier solution that makes securing WiFi hotspots a quick and easy task. Since WebTitan Cloud for WiFi is a 100% cloud-based security solution, it requires no additional hardware and no software installations. Any user can connect to a WiFi network and benefit from a secure browsing environment, regardless of the device they use to connect.
Setting up a WiFi web filtering security solution is also fast and painless, and doesn’t require much in the way of technical expertise. Simply change the DNS settings and point them to WebTitan, and a secure browsing environment will be available to customers in a matter of minutes.
Websites known to contain malware can be easily blocked, users can be prevented from downloading files types frequently associated with malware, and web content can be filtered to stop users from engaging in questionable internet activity such as viewing pornography. Securing WiFi hotspots couldn’t be any easier.
If you are interested in securing WiFi hotspots run by your company, contact WebTitan today to find out just how easy and cost effective it can be to offer your clients a secure browsing environment.
US Sales +1 813 304 2544
UK/EU Sales +44 203 808 5467
IRL +353 91 54 55 00
or email us at info@webtitan.com
Feb 4, 2016 | Cybersecurity News, Internet Security News, Network Security
Two highly serious Netgear NMS300 ProSafe security vulnerabilities have been discovered that could be exploited by hackers to gain control of servers running the software, and/or download any file on the server on which the software is running.
The Netgear NMS300 ProSafe network management system is used by many companies to configure and monitor their network devices. Netgear NMS300 ProSafe is popular with small to medium size businesses as the software is free to use on fewer than 200 devices.
Recently Agile Information Security researcher Pedro Ribero discovered two critical Netgear NMS300 ProSafe security vulnerabilities.
Netgear NMS300 ProSafe Security Vulnerabilities
One of the vulnerabilities (CVE-2016-1525) allows remote code execution by an unauthenticated user via the Netgear NMS300 web interface. A hacker would be able to exploit this security flaw and upload and run java files with full system privileges, potentially gaining full control of the server on which the software is being run.
The NMS300 system is used to manage a wide range of networked devices such as routers, switches, network-storage devices, wireless access points and firewalls. Not only could this vulnerability allow the configuration of these devices to be changed, it would also permit an attacker to install firmware updates on those devices.
The second vulnerability (CVE-2016-1524) discovered by Ribeiro is an arbitrary file download, that would permit an authenticated user to download any file stored on the server that is being used to run NMS300.
These Netgear NMS300 ProSafe security vulnerabilities are particularly serious and at the present time there is no patch available to plug the security flaws. Users can improve protection and prevent the Netgear NMS300 ProSafe security vulnerabilities from being exploited by restricting access to the web interface with new firewall rules to limit access. Ribeiro recommends never exposing Netgear NMS300 to the Internet or untrusted networks.
Both vulnerabilities affect Netgear NMS300 versions 1.5.0.11, 1.5.0.2, 1.4.0.17 and 1.1.0.13
Jan 28, 2016 | Cybersecurity News, Internet Security News
Ask anyone to name a basic security protection to prevent hackers from gaining access to a device or network, and the use of a secure password would feature pretty high up that list. However, even a tech giant the size of Lenovo can fail to implement secure passwords. Recent Lenovo SHAREit vulnerabilities have been discovered, one of which involves the use of a hard-coded password that ranks as one of the easiest to guess.
Recently, SplashData published a list of the 25 worst passwords of 2015, and the one chosen by Lenovo is listed in position three between “password” and “qwerty.” To all intents and purposes, Lenovo may well not have bothered adding a password at all, such is the degree of security that the password offers. That password has also been hardcoded.
In fact, the company didn’t actually bother with adding a password at all in one of the new SHAREit vulnerabilities.
Four Lenovo SHAREit vulnerabilities have now been patche
Lenovo SHAREit is a free cross-platform file transfer tool that allows the sharing of files across multiple devices, including PCs, tablets and Smartphones. Perhaps unsurprisingly, given Lenovo has been found to be installing irremovable software via Rootkit and shipping its laptops with pre-installed spyware, some security vulnerabilities exist in its SHAREit software.
Four new Lenovo SHAREit vulnerabilities have been discovered showing some shocking security lapses by the Chinese laptop manufacturer. If the Lenoto SHAREit vulnerabilities are exploited, they could result in leaked information, integrity corruption, and security protocol bypasses, and be used for man-in-the-middle attacks.
The hardcoding of the password 12345678, listed as CVE-2016-1491 by Core Security, is shocking. Configure Lenovo ShareIt for Windows to receive files, and 12345678 is set as the password for a Wi-Fi hotspot. The password is always the same and any system with a Wi-Fi Network could connect.
According to Core Security, if the Wi-Fi network is on and connected, files can be browsed by performing an HTTP Request to the WebServer launched by Lenovo SHAREit, although they cannot be downloaded. (CVE-2016-1490).
The third vulnerability, named CVE-2016-1489, is the transfer of files in plain text via HTTP without encryption. A hacker could not only view those files but also modify the content.
The fourth SHAREit vulnerability, CVE-2016-1492, concerns SHAREit for Android. When configured to receive files, an open Wi-Fi HotSpot is created and no password is set. If a hacker were to connect, the transferred files could be intercepted.
Core Security did disclose the Lenovo SHAREit vulnerabilities privately in October last year to allow a patch to be developed. Now that the patch has been issued to plug the vulnerabilities, Core Security has published the details.
Jan 27, 2016 | Cybersecurity News, Internet Security News, Network Security
An Irish data security survey conducted in December, 2015., has revealed that a third of Irish companies have suffered a data breach in the past 12 months, highlighting the need for Irish companies to improve their security posture.
ICS Irish data security survey indicates employees are the biggest risk
150 IT security professionals took part in the Irish Computer Society survey with 33% claiming their employer had suffered a data breach in the past 12 months. In 71% of cases, the data breaches occurred as a result of the actions of staff members.
Perhaps unsurprisingly given the number of inadvertent data breaches that had been caused by staff members, 45% of respondents cited employee negligence as being the biggest single data security threat they faced. Protecting networks from errors made by employees is going to be one the biggest security challenges faced by Irish IT professionals in 2016.
Other major security concerns highlighted by respondents included the increasing number of end user devices that are being used to store sensitive data, and the increasing threat of cyberattacks by hackers.
Improving security posture by tackling the issue of employee negligence
Employees are the weakest link in the security chain, but that is unlikely to change unless less technical members of staff are provided with training. It is essential that they are advised of the risk of cyberattacks and what they can personally do to lessen the chance of a data breach occurring. In many cases, some of the most fundamental data security measures are not so much ignored, but are just not understood by some members of staff.
It may be common knowledge for instance, that 123456 does not make a very secure password, that email attachments from strangers should not be opened, and links to funny videos of cats on social media networks might not turn out to be as innocuous as they seem.
Tackling the issue of (dare we say) employee data security stupidity is essential. It is far better to do this before a breach is suffered than afterwards. Proactive steps must be taken to improve understanding of cybersecurity risks, and what employees can do to reduce those risks.
ICS Irish data security survey respondents indicated the best way of improving data protection knowledge is by conducted formal training sessions. 57% of respondents said this was the best approach to deal with data security knowledge gaps.
Fortunately, the level of training being provided to staff is increasing, not only for end users but also data security staff. However, there is clearly still a long way to go. Only 56% of respondents said they had received the right level of training on how to achieve the objectives set up their organizations.
The full findings of the Irish data security survey will be made available at the Association of Data Protection Officers National Data Protection Conference, taking place on January 27/28 in Ballsbridge, Dublin.
