Nowadays, Macs are part of the work-from-home workforce during the COVID-19 pandemic. If you’ve brought a Mac from the office to home, it’s likely your IT department has already set it up to meet your company’s security policies. But what if you’re enlisting a Mac already at home to do duty for your company? You need to outfit it for business, to protect it and your company from infections and snooping, while ensuring it continues to run smoothly over time.
Here are 21 tips for staying secure, private, and productive while working from home on your Mac—while also making sure your personal “helpdesk” is in place, should you run into problems while doing your work.
While good security habits are important for all Mac users (since, contrary to popular opinion, Macs are as vulnerable to malicious attacks as PCs), you need to take special care when working from home on your Mac because you’ll be interacting with your company’s applications and platforms over the internet. Start your “security upgrade” with the Mac itself, to keep it free of viruses and malware. Make sure your security checklist includes the following:
|
|
Trend Micro Mac Endpoint Security solutions include:
|
|
Next, you need to make sure your work remains private. This means creating a “chain of privacy” that extends from your Mac over the internet to your company’s servers, so that each link in the chain is “locked” to ensure your company data remains private.
|
|
Trend Micro Mac Privacy/Security solutions include:
|
|
Working from home means contending with home distractions (though working in the office has its own set of distractions too). Staying productive therefore includes setting good work and break habits, physically optimizing your work-from-home Mac setup, and keeping your Mac in good working order. Effective and productive remote working, when it comes setting up good work habits, using efficiency maximizing tools, and separating work from home activities, is a whole topic in itself. Here we include only those tips that directly affect the healthy operation and optimization of your Mac:
|
|
Trend Micro Performance tools include:
|
|
Finally, should things go wrong at any time with your working Mac setup, you need to make sure to have a work-from-home “Help Desk” in place for when you need it. This can include the following:
|
|
Trend Micro Solutions include:
|
|
That’s it! These tips should get you started on the road to staying secure, private, and productive, while running smoothly, as you work from home on your Mac. During the COVID-19 pandemic, many of us are doing just that. Now is the time to keep your working Mac working for you!
The post 21 Tips to Stay Secure, Private, and Productive as You Work from Home on Your Mac appeared first on .
If the first few months of 2020 have taught us anything, it’s the importance of collaboration and partnership to tackle a common enemy. This is true of efforts to fight the current pandemic, and it’s also true of the fight against cybercrime. That’s why Trend Micro has, over the years, struck partnerships with various organizations that share a common goal of securing our connected world.
So when we heard that one of these partners, the non-profit Shadowserver Foundation, was in urgent need of financial help, we didn’t hesitate to step in. Our new $600,000 commitment over three years will help to support the vital work it does collecting and sharing global threat data for the next three years.
What is Shadowserver?
Founded in 2004, The Shadowserver Foundation is now one of the world’s leading resources for reporting vulnerabilities, threats and malicious activity. Their work has helped to pioneer a more collaborative approach among the international cybersecurity community, from vendors and academia to governments and law enforcement.
Today, its volunteers, 16 full-time staff and global infrastructure of sinkholes, honeypots and honeyclients help run 45 scans across 4 billion IPv4 addresses every single day. It also performs daily sandbox scans on 713,000 unique malware samples, to add to the 12 Petabytes of malware and threat intelligence already stored on its servers. Thousands of network owners, including 109 CSIRTS in 138 countries worldwide, rely on the resulting daily reports — which are available free of charge to help make the digital world a safer place.
A Global Effort
Trend Micro is a long-time partner of The Shadowserver Foundation. We automatically share new malware samples via its malware exchange program, with the end goal of improving protection for both Trend Micro customers and Shadowserver subscribers around the world. Not only that, but we regularly collaborate on global law enforcement-led investigations. Our vision and mission statements of working towards a more secure, connected world couldn’t be more closely aligned.
As COVID-19 has brutally illustrated, protecting one’s own backyard is not enough to tackle a global challenge. Instead, we need to reach out and build alliances to take on the threats and those behind them, wherever they are. These are even more pronounced at a time when remote working has dramatically expanded the corporate attack surface, and offered new opportunities for the black hats to prosper by taking advantage of distracted employees and stretched security teams.
The money Trend Micro has donated over the next three years will help the Shadowserver Foundation migrate to the new data center it urgently needs and support operational costs that combined will exceed $2 million in 2020. We wish the team well with their plans for this year.
It’s no exaggeration to say that our shared digital world is a safer place today because of their efforts, and we hope to continue to collaborate long into the future
The post Securing the Connected World with Support for The Shadowserver Foundation appeared first on .
This week, Defcon is still cancelled, Cyber insurance?, Phishing, rogue drones, the return of the dark web, Sarwent malware, and Dutch Grandmothers in trouble. Jason Wood joins us for the Expert Commentary on how eBay users spot the online auction house port-scanning their PCs!
Show Notes: https://wiki.securityweekly.com/SWNEpisode37
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Cloud computing has revolutionized the IT world, making it easier for companies to deploy infrastructure and applications and deliver their services to the public. The idea of not spending millions of dollars on equipment and facilities to host an on-premises data center is a very attractive prospect to many. And certainly, moving resources to the cloud just has to be safer, right? The cloud provider is going to keep our data and applications safe for sure. Hackers won’t stand a chance. Wrong. More commonly than anyone should, I often hear this delusion from many customers. The truth of the matter is, without proper configuration and the right skillsets administering the cloud presence, as well as practicing common-sense security practices, cloud services are just (if not more) vulnerable.
The Shared Responsibility Model
Before going any further, we need to discuss the shared responsibility model of the cloud service provider and user.
When planning your migration to the cloud, one needs to be aware of which responsibilities belong to which entity. As the chart above shows, the cloud service provider is responsible for the cloud infrastructure security and physical security of such. By contrast, the customer is responsible for their own data, the security of their workloads (all the way to the OS layer), as well as the internal network within the companies VPC’s.
One more pretty important aspect that remains in the hands of the customer is access control. Who has access to what resources? This is really no different than it’s been in the past, exception being the physical security of the data center is handled by the CSP as opposed to the on-prem security, but the company (specifically IT and IT security) are responsible for locking down those resources efficiently.
Many times, this shared responsibility model is overlooked, and poor assumptions are made the security of a company’s resources. Chaos ensues, and probably a firing or two.
So now that we have established the shared responsibility model and that the customer is responsible for their own resource and data security, let’s take a look at some of the more common security issues that can affect the cloud.
Amazon S3
Amazon S3 is a truly great service from Amazon Web Services. Being able to store data, host static sites or create storage for applications are widely used use cases for this service. S3 buckets are also a prime target for malicious actors, since many times they end up misconfigured.
One such instance occurred in 2017 when Booz Allen Hamilton, a defense contractor for the United States, was pillaged of battlefield imagery as well as administrator credentials to sensitive systems.
Yet another instance occurred in 2017, when due to an insecure Amazon S3 bucket, the records of 198 million American voters were exposed. Chances are if you’re reading this, there’s a good chance this breach got you.
A more recent breach of an Amazon S3 bucket (and I use the word “breach,” however most of these instances were a result of poor configuration and public exposure, not a hacker breaking in using sophisticated techniques) had to do with the cloud storage provider “Data Deposit Box.” Utilizing Amazon S3 buckets for storage, a configuration issue caused the leak of more than 270,000 personal files as well as personal identifiable information (PII) of its users.
One last thing to touch on the subject of cloud file storage has to do with how many organizations are using Amazon S3 to store uploaded data from customers as a place to send for processing by other parts of the application. The problem here is how do we know if what’s being uploaded is malicious or not? This question comes up more and more as I speak to more customers and peers in the IT world.
API
APIs are great. They allow you to interact with programs and services in a programmatic and automated way. When it comes to the cloud, APIs allow administrators to interact with services, an in fact, they are really a cornerstone of all cloud services, as it allows the different services to communicate. As with anything in this world, this also opens a world of danger.
Let’s start with the API gateway, a common construct in the cloud to allow communication to backend applications. The API gateway itself is a target, because it can allow a hacker to manipulate the gateway, and allow unwanted traffic through. API gateways were designed to be integrated into applications. They were not designed for security. This means untrusted connections can come into said gateway and perhaps retrieve data that individual shouldn’t see. Likewise, the API requests to the gateway can come with malicious payloads.
Another attack that can affect your API gateway and likewise the application behind it, is a DDOS attack. The common answer to defend against this is Web Application Firewall (WAF). The problem is WAFs struggle to deal with low, slow DDOS attacks, because the steady stream of requests looks like normal traffic. A really great way to deter DDOS attacks at the API gateway however is to limit the number of requests for each method.
A great way to prevent API attacks lies in the configuration. Denying anonymous access is huge. Likewise, changing tokens, passwords and keys limit the chance effective credentials can be used. Lastly, disabling any type of clear-text authentication. Furthermore, enforcing SSL/TLS encryption and implementing multifactor authentication are great deterrents.
Compute
No cloud service would be complete without compute resources. This is when an organization builds out virtual machines to host applications and services. This also introduces yet another attack surface, and once again, this is not protected by the cloud service provider. This is purely the customers responsibility.
Many times, in discussing my customers’ migration from an on-premises datacenter to the cloud, one of the common methods is the “lift-and-shift” approach. This means customers take the virtual machines they have running in their datacenter and simply migrating those machines to the cloud. Now, the question is, what kind of security assessment was done on those virtual machines prior to migrating? Were those machines patched? Were discovered security flaws fixed? In my personal experience the answer is no. Therefore, these organizations are simply taking their problems from one location to the next. The security holes still exist and could potentially be exploited, especially if the server is public facing or network policies are improperly applied. For this type of process, I think a better way to look at this is “correct-and-lift-and-shift”.
Now once organizations have already established their cloud presence, they will eventually need to deploy new resources, and this can mean developing or building upon a machine image. The most important thing to remember here is that these are computers. They are still vulnerable to malware, so regardless of being in the cloud or not, the same security controls are required including things like anti-malware, host IPS, integrity monitoring and application control just to name a few.
Networking
Cloud services make it incredibly easy to deploy networks and divide them into subnets and even allow cross network communication. They also give you the ability to lock down the types of traffic that are allowed to traverse those networks to reach resources. This is where security groups come in. These security groups are configured by people, so there’s always that chance that a port is open that shouldn’t be, opening a potential vulnerability. It’s incredibly important from this perspective to really have a grasp on what a compute resource is talking to and why, so the proper security measures can be applied.
So is the cloud really safe from hackers? No safer than anything else unless organizations make sure they’re taking security in their hands and understand where their responsibility begins, and the cloud service provider’s ends. The arms war between hackers and security professionals is still the same as it ever was, the battleground just changed.
The post Is Cloud Computing Any Safer From Malicious Hackers? appeared first on .
The cybercrime economy is one of the runaway success stories of the 21st century — at least, for those who participate in it. Estimates claim it could be worth over $1 trillion annually, more than the GDP of many countries. Part of that success is due to its ability to evolve and shift as the threat landscape changes. Trend Micro has been profiling the underground cybercrime community for many years. Over the past five years, we’ve seen a major shift to new platforms, communications channels, products and services, as trust on the dark web erodes and new market demands emerge.
We also expect the current pandemic to create yet another evolution, as cyber-criminals look to take advantage of new ways of working and systemic vulnerabilities.
Shifts in the underground
Our latest report, Shifts in the Cybercriminal Underground Markets, charts the fascinating progress of cybercrime over the past five years, through detailed analysis of forums, marketplaces and dark web sites around the world. It notes that in many product areas, the cost of items has dropped as they become commoditised: so where in 2015 you expected to pay $1000 per months for crypting services, today they may be as little as $20.
In other areas, such as IoT botnets, cyber-propaganda and stolen gaming account credentials, prices are high as new products spark surging demand. Fortnite logins can sell for around $1,000 on average, for example.
The good news is that law enforcement action appears to be working. Trend Micro has long partnered with Interpol, Europol, national crime agencies and local police to provide assistance in investigations. So it’s good to see that these efforts are having an impact. Many dark web forums and marketplaces have been infiltrated and taken down over the past five years, and our researchers note that current users complain of DDoS-ing and log-in issues.
Cybercriminals have been forced to take extreme measures as trust erodes among the community, for example, by using gaming communications service Discord to arrange trades, and e-commerce platform Shoppy.gg to sell items. A new site called DarkNet Trust was even created to tackle this specific challenge: it aims to verify cybercrime vendors’ reputations by analysing their usernames and PGP fingerprints.
What does the future hold?
However, things rarely stay still on the cybercrime underground. Going forward, we expect to see a range of new tools and techniques flood dark web stores and forums. AI will be at the centre of these efforts. Just as it’s being used by Trend Micro and other companies to root out fraud, sophisticated malware and phishing, it could be deployed in bots designed to predict roll patterns on gambling sites. It could also be used in deepfake services developed to help buyers bypass photo ID systems, or launch sextortion campaigns against individuals.
Some emerging trends are less hi-tech but no less damaging. Log-ins for wearable devices could be stolen and used to request replacements under warranty, defrauding the customer and costing the manufacturers dear. In fact, access to devices, systems and accounts is so common today that we’re already seeing it spun out in “as-a-service” cybercrime offerings. Prices for access to Fortune 500 companies can hit as much as $10,000.
Post-pandemic threats
Then there’s COVID-19. We’re already seeing fraudsters targeted government stimulus money with fake applications, sometimes using phished information from legitimate businesses. And healthcare organisations are being targeted with ransomware as they battle to save lives.
Even as the pandemic recedes, remote working practices are likely to stay in many organisations. What does this mean for cybercrime? It means more targeting of VPN vulnerabilities with malware and DDoS services. And it means more opportunities to compromise corporate networks via connected home devices. Think of it like a kind of Reverse BYOD scenario – instead of bringing devices into work to connect, the corporate network is now merged with home networks.
Tackling such challenges will demand a multi-layered strategy predicated around that familiar trio: people, process and technology. It will require more training, better security for home workers, improved patch management and password security, and much more besides. But most of all it will demand continued insight into global cybercriminals and the platforms they inhabit, to anticipate where the next threats are coming from.
Fortunately, this is where Trend Micro’s expert team of researchers come in. We won’t let them out of our sight.
The post How the Cybercriminal Underground Has Changed in 5 Years appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about a new security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device. Also, learn about two malware files that pose as Zoom installers but when decoded, contain malware code.
Read on:
Forward-Looking Security Analysis of Smart Factories <Part 1> Overlooked Attack Vectors
Trend Micro recently released a paper showing the results of proof-of-concept research on new security risks associated with smart factories. In this series of five columns, Trend Micro will explore the security risks to be aware of when promoting smart factories by examining overlooked attack vectors, feasible attack scenarios, and recommended defense strategies. This first column introduces the concept of “smart manufacturing,” and explains the research methods and attack vectors that are unique to smart factories.
Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers
Trend Micro found two malware files that pose as Zoom installers but when decoded, contain malware code. These malicious fake installers do not come from Zoom’s official installation distribution channels. One of the samples installs a backdoor that allows threat actors to run malicious routines remotely, while the other sample involves the installation of the Devil Shadow botnet in devices.
Adobe Releases Critical Out-of-Band Security Update
This week, Adobe released four security updates, one of them being an out-of-band security update for Adobe Character Animator that fixes a critical remote code execution vulnerability. All these vulnerabilities were discovered by Mat Powell of Trend Micro’s Zero Day Initiative and were not found in the wild.
QNodeService: Node.js Trojan Spread via Covid-19 Lure
Trend Micro recently noticed a Twitter post by MalwareHunterTeam that showed a Java downloader with a low detection rate. Its name, “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar”, suggests it may have been used in a Covid-19-themed phishing campaign. Running this file led to the download of a new, undetected malware sample written in Node.js; this trojan is dubbed as “QNodeService”.
ShinyHunters Is a Hacking Group on a Data Breach Spree
In the first two weeks of May, a hacking group called ShinyHunters went on a rampage, hawking what it claims is close to 200 million stolen records from at least 13 companies. Such binges aren’t unprecedented in the dark web stolen data economy, but they’re a crucial driver of identity theft and fraud.
Netwalker Fileless Ransomware Injected via Reflective Loading
Trend Micro has observed Netwalker ransomware attacks involving malware that is not compiled but written in PowerShell and executed directly in memory and without storing the actual ransomware binary into the disk. This makes this ransomware variant a fileless threat, enabling it to maintain persistence and evade detection by abusing tools that are already in the system to initiate attacks.
Beware of Phishing Emails Urging for a LogMeIn Security Update
LogMeIn users are being targeted with fake security update requests, which lead to a spoofed phishing page. The phishing email has been made to look like it’s coming from LogMeIn. Not only does the company logo feature prominently in the email body, but the sender’s identity has been spoofed and the phishing link looks, at first glance, like it might be legitimate.
Phishing Site Uses Netflix as Lure, Employs Geolocation
A phishing site was found using a spoofed Netflix page to harvest account information, credit card credentials, and other personally identifiable information (PII), according to a Twitter post by PartnerRe Information Security Analyst Andrea Palmieri. Trend Micro looked into the malicious site, hxxp://secure-up-log.com/netflix/, to learn more about the operation and found that the sites have geolocation features.
New Bluetooth Vulnerability Exposes Billions of Devices to Hackers
Academics from École Polytechnique Fédérale de Lausanne (EPFL) disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion modern devices to hackers. The attacks, dubbed Bluetooth Impersonation Attacks or BIAS, concern Bluetooth Classic, which supports Basic Rate (BR) and Enhanced Data Rate (EDR) for wireless data transfer between devices.
#LetsTalkSecurity: Fighting Back
This Week, Rik Ferguson, vice president of Security Research at Trend Micro, hosted the third episode of #LetsTalkSecurity featuring guest Katelyn Bowden, CEO & founder of The BADASS Army. In this week’s episode, Rik and Katelyn discuss fighting back and more. Check out this week’s episode and follow the link to find information about upcoming episodes and guests.
Fraudulent Unemployment, COVID-19 Relief Claims Earn BEC Gang Millions
An infamous business email compromise (BEC) gang has submitted hundreds of fraudulent claims with state-level U.S. unemployment websites and coronavirus relief funds. Behind the attacks is Scattered Canary, a highly organized Nigerian cybergang that employs dozens of threat actors to target U.S. enterprise organizations and government institutions. Researchers who tracked the fraudulent activity said the gang may have made millions from the fraudulent activity.
Factory Security Problems from an IT Perspective (Part 1): Gap Between the Objectives of IT and OT
The manufacturing industry is undergoing drastic changes and entering a new transition period. Today, it may be difficult to find companies that don’t include Digital Transformation (DX) or the Internet of Things (IoT) in their strategies. Manufacturing companies need to include cybersecurity in both the information technology (IT) domain and the operational technology (OT) one as well. This three-part blog series discusses the challenges that IT departments face when assigned the task of overseeing cybersecurity in factories and implementing measures to overcome these challenges.
What did you think about this week’s #LetsTalkSecuirty episode? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: New Bluetooth Vulnerability Exposes Billions of Devices to Hackers and Backdoor, Devil Shadow Botnet Hidden in Fake Zoom Installers appeared first on .
This week, we welcome Jason Nickola, COO and Senior Security Consultant at Pulsar Security, to talk about Building An InfoSec Career! In our second segment, we welcome back Sven Morgenroth, Security Researcher at Nesparker, to talk about HTTP Security Headers In Action! In the Security News, Hackers target the air-gapped networks of the Taiwanese and Philippine military, Stored XSS in WP Product Review Lite plugin allows for automated takeovers, Remote Code Execution Vulnerability Patched in VMware Cloud Director, Shodan scan of new preauth RCE shows 450k devices at risk including all QNAP devices, and The 3 Top Cybersecurity Myths & What You Should Know!
Show Notes: https://wiki.securityweekly.com/PSWEpisode652
To learn more about Netsparker, visit: https://securityweekly.com/netsparker
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week on the Wrap Up, Danny Trejo, COVID-19 Contact Tracing, SaltStack, and lots of hacked Supercomputers with cool names!
Show Notes: https://wiki.securityweekly.com/SWNEpisode36
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to discuss how RSA Conference 2021 Changes Date from February to May 2021, Docker partners with Snyk on container image vulnerability scanning, Venafi acquires Jetstack to bring together developer speed and enterprise security, Onapsis expands assessments for its Business Risk Illustration service, Volterra launches VoltShare to simplify the process of securely encrypting confidential data end-to-end, and more! In our second segment, we welcome Dan DeCloss, President & CEO of PlexTrac, to talk about Managing Enterprise Security Assessments! In our final segment, we welcome DJ Sampath, Co-Founder & CEO of Armorblox, to discuss Dealing with Phishing Attacks Outside Of Email!
Show Notes: https://wiki.securityweekly.com/ESWEpisode184
To learn more about PlexTrac or to claim your Free Month, visit: https://securityweekly.com/plextrac
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ann Cleaveland, the Executive Director of the Center for Long-Term Cybersecurity, a research and collaboration think tank housed within the University of California, Berkeley School of Information! We have the pleasure of having Ann for the entire show today in this two part interview!
Show Notes: https://wiki.securityweekly.com/SCWEpisode29
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Dr. Doug returns to the studio, to discuss how DEFCON is Cancelled, Many Applications have Security flaws, Verizon Security Report for 2019, The FBI and DoJ want encryption backdoors, and Space, the final Frontier! The Master of Commentary Jason Wood joins us to talk about how a Ransomware Gang Was Arrested for Spreading Locky to Hospitals!
Show Notes: https://wiki.securityweekly.com/SWNEpisode35
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Mike Adler, Vice President of RSA NetWitness Platform at RSA Security, for a conversation on the question: Is the Virtual SOC Our "New Normal"? In the Leadership and Communications segment, Burnt out CISOs are a huge cyber risk, to build strategy, start with the future, 78% of Organizations Use More than 50 Cybersecurity Products to Address Security Issues, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode174
To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity
To check out the RSA NetWitness Platform (SIEM and integrated EDR), visit: https://www.rsa.com/en-us/products/threat-detection-response
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jack Zarris, Senior Sales Engineer at Signal Sciences, to talk about Using Rate Limiting to Protect Web Apps and APIs! In our second segment, we welcome Tim Mackey, Principal Security Strategist at Synopsys, to discuss the Highlights From the New Open Source Security and Risk Analysis Report!
Show Notes: https://wiki.securityweekly.com/ASWEpisode108
To learn more about Synopsys, visit: https://securityweekly.com/synopsys
To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Mike Nichols, Head of Product at Elastic Security, to talk about MITRE ATT&CK & Security Visibility: Looking Beyond Endpoint Data! In our second segment, we welcome back Harry Sverdlove, Founder and CTO of Edgewise Networks, to discuss Securing Remote Access, Quarantines, and Security! In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensitive Documents from Air-Gapped Networks, vBulletin fixes critical vulnerability so patch immediately!, U.S. Cyber Command Shares More North Korean Malware Variants, and The Top 10 Most-Targeted Security Vulnerabilities!
Show Notes: https://wiki.securityweekly.com/PSWEpisode651
To learn more about Elastic Security, visit: https://securityweekly.com/elastic
To view the Elastic Dashboard of MITRE ATT&CK Round 2 Evaluation Results, visit: https://ela.st/mitre-eval-rd2
To learn more about Edgewise Networks or to request a Demo, visit: https://securityweekly.com/edgewise
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, Doug wraps up all the shows across our network, including the Show News, Bunny Lebowski's toes, STAMINA, RAMSAY, and US-Cert Vulnerabilities!
Show Notes: https://wiki.securityweekly.com/SWNEpisode34
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about how researchers at Trend Micro used an app store to demonstrate hacks on a manufacturing facility. Also, learn about this month’s patch activity from Microsoft.
Read on:
How Two Researchers Used an App Store to Demonstrate Hacks on a Factory
When malicious code spread through the networks of Rheinmetall Automotive, it disrupted plants on two continents, temporarily costing up to $4 million each week. While awareness of these type of threats has grown, there’s still a risk that too many organizations view such attacks as isolated incidents, rather than the work of a determined attacker. Federico Maggi, a senior researcher at Trend Micro, set out to dispel that mindset.
#LetsTalkSecurity: Hacker Adventures
This Week, Rik Ferguson, Vice President of Security Research at Trend Micro, hosted the second episode of #LetsTalkSecurity featuring Jayson E. Street, Vice President at SphereNY. This series explores security and how it impacts our digital world. In discussion with some of the brightest and most influential minds in the community, Trend Micro explores this fascinating topic. Check out this week’s episode and follow the link to find information about upcoming episodes and guests.
Microsoft Again Surpasses 100 Vulnerabilities on Patch Tuesday
For the third consecutive month Microsoft issued a hefty list of Patch Tuesday security updates covering 111 CVEs with 16 making the critical list. This is the third month Microsoft has had more than 100 vulnerabilities listed in its monthly security rollup, but unlike the last few months, May’s list does not contain any vulnerabilities currently being exploited in the wild.
Principles of a Cloud Migration – Security W5H – The WHERE
Where do we add security in the cloud? Start by removing the thinking that security controls are tied to specific implementations. You don’t need an intrusion prevention wall that’s a hardware appliance much like you don’t need an agent installed to do anti-malware. This blog puts the focus on your configuration, permissions, and other best practices.
Trend Micro recently published a report that surveys the Industry 4.0 attack surface, finding that within the manufacturing operation, the blending of IT and OT exposes additional attack surfaces. In the current report on rogue robots, Trend Micro collaborated with the Politecnico di Milano to analyze the range of specific attacks today’s robots face, and the potential consequences those attacks may have.
Package Delivery Giant Pitney Bowes Confirms Second Ransomware Attack in 7 Months
Package and mail delivery giant Pitney Bowes suffered its second ransomware attack in seven months. The incident came to light after a ransomware gang known as Maze published a blog post claiming to have breached and encrypted the company’s network. The Maze crew provided proof of access in the form of 11 screenshots portraying directory listings from inside the company’s computer network.
Tropic Trooper’s Back: USBferry Attack Targets Air-Gapped Environments
Trend Micro recently found that Tropic Trooper’s latest activities center around targeting Taiwanese and the Philippine military’s physically isolated networks through a USBferry attack. Trend Micro also observed targets among military/navy agencies, government institutions, military hospitals, and a national bank. The group employs USBferry, a USB malware that performs different commands on specific targets, maintains stealth in environments, and steals critical data through USB storage.
Texas Courts Won’t Pay Up in Ransomware Attack
A ransomware attack has hit the IT office that supports Texas appellate courts and judicial agencies, leading to their websites and computer servers being shut down. The office said that it will not pay the ransom requested by the cybercriminals. Specifically affected is the Office of Court Administration, which is the IT provider for the appellate courts and state judicial agencies within the Texas Judicial Branch.
New MacOS Dacls RAT Backdoor Show Lazarus’ Multi-Platform Attack Capability
Trend Micro found an application sample in April called TinkaOTP that seemed like a normal one-time password authentication tool. However, further investigation showed the application bearing a striking resemblance to Dacls remote access trojan (RAT), a Windows and Linux backdoor that 360 Netlab discovered in December 2019.
Facebook Awards Researcher $20,000 for Account Hijacking Vulnerability
Security researcher Vinoth Kumar says Facebook awarded him $20,000 after he discovered and reported a Document Object Model-based cross-site scripting (DOM XSS) vulnerability that could have been exploited to hijack accounts. The researcher says he discovered the vulnerability in the window.postMessage() method, which is meant to safely enable cross-origin communication between Window objects.
Cloud Security: Key Concepts, Threats, and Solutions
Enterprises may be migrating requirements to the cloud, starting fully in the cloud (going “cloud native”), or mastering their cloud-based security strategy. Regardless of what stage of the cloud journey a company is in, cloud administrators should be able to conduct security operations like performing vulnerability management, identifying important network events, carrying out incident response, and gathering and acting on threat intelligence — all while keeping many moving parts in compliance with relevant industry standards.
From Bugs to Zoombombing: How to Stay Safe in Online Meetings
Forced to now work, study, and socialize at home, the online digital world has become essential to our communications — and video conferencing apps have become our “face-to-face” window on the world. The problem is that as users flock to these services, the bad guys are also waiting to disrupt or eavesdrop on chats, spread malware, and steal data. In this blog, Trend Micro explores some of the key threats out there and how users can stay safe while video conferencing.
Surprised by Texas courts’ decision not to pay the ransom in its latest ransomware attack? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: How Researchers Used an App Store to Demonstrate Hacks on a Factory and Microsoft Again Surpasses 100 Vulnerabilities on Patch Tuesday appeared first on .
This week, we talk Enterprise News, to discuss how GitHub Code Scanning aims to prevent vulnerabilities in open source software, SlashNext Integrates with Palo Alto Networks Cortex XSOAR to Deliver Automated Phishing IR and Threat Hunting, Portshift Announces Extended Kubernetes Cluster Protection, Vigilant Ops InSight Platform V1 automatically generates device software bill of materials, and more! In our second segment, we welcome Georges Bellefontaine, Manager of Vulnerability Management at Toyota Financial, to discuss the approach to vulnerability management and the benefits of a full life-cycle approach to vulnerability management with Qualys' VMDR Solution! In our final segment, we welcome Sid Nanda, Senior Product Marketing Manager at VIAVI Solutions, to talk about Using the Network to Reduce Remediation Costs!
Show Notes: https://wiki.securityweekly.com/ESWEpisode183
To learn more about Qualys VMDR, visit: https://securityweekly.com/qualys
To learn more about VIAVI Solutions, visit: https://securitweekly.com/viavi
Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
The COVID-19 pandemic, along with social distancing, has done many things to alter our lives. But in one respect it has merely accelerated a process begun many years ago. We were all spending more and more time online before the virus struck. But now, forced to work, study and socialize at home, the online digital world has become absolutely essential to our communications — and video conferencing apps have become our “face-to-face” window on the world.
The problem is that as users flock to these services, the bad guys are also lying in wait — to disrupt or eavesdrop on our chats, spread malware, and steal our data. Zoom’s problems have perhaps been the most widely publicized, because of its quickly rising popularity, but it’s not the only platform whose users have been potentially at risk. Cisco’s WebEx and Microsoft Teams have also had issues; while other platforms, such as Houseparty, are intrinsically less secure (almost by design for their target audience, as the name suggests).
Let’s take a look at some of the key threats out there and how you can stay safe while video conferencing.
Depending on the platform (designed for work or play) and the use case (business or personal), there are various opportunities for the online attacker to join and disrupt or eavesdrop on video conferencing calls. The latter is especially dangerous if you’re discussing sensitive business information.
Malicious hackers may also look to deliver malware via chats or shared files to take control of your computer, or to steal your passwords and sensitive personal and financial information. In a business context, they could even try to hijack your video conferencing account to impersonate you, in a bid to steal info from or defraud your colleagues or company.
The bad guys may also be able to take advantage of the fact that your home PCs and devices are less well-secured than those at work or school—and that you may be more distracted at home and less alert to potential threats.
To accomplish their goals, malicious hackers can leverage various techniques at their disposal. These can include:
|
|
Zoom has in many ways become the victim of its own success. With daily meeting participants soaring from 10 million in December last year to 200 million by March 2020, all eyes have been focused on the platform. Unfortunately, that also includes hackers. Zoom has been hit by a number of security and privacy issues over the past several months, which include “Zoombombing” (meetings disrupted by uninvited guests), misleading encryption claims, a waiting room vulnerability, credential theft and data collection leaks, and fake Zoom installers. To be fair to Zoom, it has responded quickly to these issues, realigning its development priorities to fix the security and privacy issues discovered by its intensive use.
And Zoom isn’t alone. Earlier in the year, Cisco Systems had its own problem with WebEx, its widely-used enterprise video conferencing system, when it discovered a flaw in the platform that could allow a remote, unauthenticated attacker to enter a password-protected video conferencing meeting. All an attacker needed was the meeting ID and a WebEx mobile app for iOS or Android, and they could have barged in on a meeting, no authentication necessary. Cisco quickly moved to fix the high-severity vulnerability, but other flaws (also now fixed) have cropped up in WebEx’s history, including one that could enable a remote attacker to send a forged request to the system’s server.
More recently, Microsoft Teams joined the ranks of leading business videoconferencing platforms with potentially deadly vulnerabilities. On April 27 it surfaced that for at least three weeks (from the end of February till the middle of March), a malicious GIF could have stolen user data from Teams accounts, possibly across an entire company. The vulnerability was patched on April 20—but it’s a reminder to potential video conferencing users that even leading systems such as Zoom, WebEx, and Teams aren’t fool-proof and require periodic vulnerability and security fixes to keep them safe and secure. This is compounded during the COVID-19 pandemic when workers are working from home and connecting to their company’s network and systems via possibly unsecure home networks and devices.
So how do you choose the best, most secure, video conferencing software for your work-at-home needs? There are many solutions on the market today. In fact, the choice can be dizzying. Some simply enable video or audio meetings/calls, while others also allow for sharing and saving of documents and notes. Some are only appropriate for one-on-one connections or small groups, while others can scale to thousands.
In short, you’ll need to choose the video conferencing solution most appropriate to your needs, while checking if it meets a minimum set of security standards for working at home. This set of criteria should include end-to-end encryption, automatic and frequent security updates, the use of auto-generated meeting IDs and strong access controls, a program for managing vulnerabilities, and last but not least, good privacy practices by the company.
Some video conferencing options alongside Zoom, WebEx, and Teams include:
|
|
Whatever video conferencing platform you use, it’s important to bear in mind that cyber-criminals will always be looking to take advantage of any security gaps they can find — in the tool itself or your use of it. So how do you secure your video conferencing apps? Some tips listed here are Zoom-specific, but consider their equivalents in other platforms as general best-practice tips. Depending on the use case, you might choose to not enable some of the options here.
|
|
Fortunately, Trend Micro has a range of capabilities that can support your efforts to stay safe while using video conferencing services.
Trend Micro Home Network Security (HNS) protects every device in your home connected to the internet. That means it will protect you from malicious links and attachments in phishing emails spoofed to appear as if sent from video conferencing firms, as well as from those sent by hackers that may have covertly entered a meeting. Its Vulnerability Check can identify any vulnerabilities in your home devices and PCs, including work laptops, and its Remote Access Protection can reduce the risk of tech support scams and unwanted remote connections to your device. Finally, it allows parents to control their kids’ usage of video conferencing applications, to limit their exposure.
Trend Micro Security also offers protection against email, file, and web threats on your devices. Note too, that Password Manager is automatically installed with Maximum Security to help users create unique, strong passwords for each application/website they use, including video conferencing sites.
Finally, Trend Micro WiFi Protection (multi-platform) / VPN Proxy One (Mac and iOS) offer VPN connections from your home to the internet, creating secure encrypted tunnels for traffic to flow down. The VPN apps work on both Wi-Fi and Ethernet connections. This could be useful for users concerned their video conferencing app isn’t end-to-end encrypted, or for those wishing to protect their identity and personal information when interacting on these apps.
The post From Bugs to Zoombombing: How to Stay Safe in Online Meetings appeared first on .
This week, we welcome Jake Williams, Founder and Principal Consultant at Rendition Infosec, to talk about Security vs. Compliance: Where are the overlaps? Where are the differences?
Show Notes: https://wiki.securityweekly.com/SCWEpisode28
Visit https://www.securityweekly.com/scw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Dr. Mike Lloyd, CTO at RedSeal, to talk about Lessons for Cybersecurity From a Pandemic! In the leadership and communications section, Top 5 Tactical Steps for a New CISO, Good Leadership Is About Communicating Why , 5, ok maybe only 4, CISO Priorities During the COVID-19 Response, and more!
Show Notes: https://wiki.securityweekly.com/BSWEpisode173
To learn more about RedSeal, visit: https://securityweekly.com/redseal
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week in the Security Weekly News, DEFCON 28 is indeed cancelled, Paying Ransomware may double the recovery cost, ThunderSpy evil maid attack on thunderbolt devices, FBI to release a warning about Chinese hackers targeting virus research, and more! Jason Wood returns for the Expert Commentary to talk about Four GDPR Violations that multiple companies have been fined for!
Show Notes: https://wiki.securityweekly.com/SWNEpisode33
Visit https://www.securityweekly.com/swn for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Joe Garcia, DevOps Security Engineer at CyberArk, to discuss How Can Security Work TOGETHER, Not Against, Developers! In the Application Security News, Cloud servers hacked via critical SaltStack vulnerabilities, Samsung Confirms Critical Security Issue For Millions: Every Galaxy After 2014 Affected, Mitigating vulnerabilities in endpoint network stacks, Microsoft Shells Out $100K for IoT Security, and Secure your team s code with code scanning and secret scanning!
Show Notes: https://wiki.securityweekly.com/ASWEpisode107
To learn more about CyberArk, visit: https://securityweekly.com/cyberark
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
“Alexa, turn on the TV.”
”Get it yourself.”
This nightmare scenario could play out millions of times unless people take steps to protect their IoT devices. The situation is even worse in industrial settings. Smart manufacturing, that is, Industry 4.0, relies on tight integration between IT systems and OT systems. Enterprise resource planning (ERP) software has evolved into supply chain management (SCM) systems, reaching across organizational and national boundaries to gather all forms of inputs, parting out subcomponent development and production, and delivering finished products, payments, and capabilities across a global canvas.
Each of these synergies fulfills a rational business goal: optimize scarce resources across diverse sources; minimize manufacturing, shipping, and warehousing expense across regions; preserve continuity of operations by diversifying suppliers; maximize sales among multiple delivery channels. The supply chain includes not only raw materials for manufacturing, but also third party suppliers of components, outsourced staff for non-core business functions, open source software to optimize development costs, and subcontractors to fulfill specialized design, assembly, testing, and distribution tasks. Each element of the supply chain is an attack surface.
Software development has long been a team effort. Not since the 1970s have companies sought out the exceptional talented solo developer whose code was exquisite, flawless, ineffable, undocumented, and impossible to maintain. Now designs must be clear across the team, and testing requires close collaboration between architects, designers, developers, and production. Teams identify business requirements, then compose a solution from components sourced from publically shared libraries. These libraries may contain further dependencies on yet other third-party code of unknown provenance. Simplified testing relies on the quality of the shared libraries, but shared library routines may have latent (or intentionally hidden) defects that do not come to life until in a vulnerable production environment. Who tests GitHub? The scope of these vulnerabilities is daunting. Trend Micro just published a report, “Attacks on Smart Manufacturing Systems: A Forward-looking Security Analysis,” that surveys the Industry 4.0 attack surface.
Within the manufacturing operation, the blending of IT and OT exposes additional attack surfaces. Industrial robots provide a clear example. Industrial robots are tireless, precision machines programmed to perform exacting tasks rapidly and flawlessly. What did industry do before robots? Factories either relied on hand-built products or on non-programmable machines that had to be retooled for any change in product specifications. Hand-built technology required highly skilled machinists, who are expensive and require time to deliver. See Figure 1 for an example.
Figure 1: The cost of precision
Non-programmable robots require factory down time for retooling, a process that can take weeks. Before programmable industrial robots, automobile factories would deliver a single body style across multiple years of production. Programmable robots can produce different configurations of materials with no down time. They are used everywhere in manufacturing, warehousing, distribution centers, farming, mining, and soon guiding delivery vehicles. The supply chain is automated.
However, the supply chain is not secure. The protocols industrial robots depend on assumed the environment was isolated. One controller would govern the machines in one location. Since the connection between the controller and the managed robots was hard-wired, there was no need for operator identification or message verification. My controller would never see your robot. My controller would only connect to my robot, so the messages they exchanged needed no authentication. Each device assumed all its connections were externally verified. Even the safety systems assumed the network was untainted and trustworthy. No protocols included any security or privacy controls. Then Industry 4.0 adopted wireless communications.
The move, which saved the cost of laying cable in the factory, opened those networks to eavesdropping and attacks. Every possible attack against industrial robots is happening now. Bad guys are forging commands, altering specifications, changing or suppressing error alerts, modifying output statistics, and rewriting logs. The consequences can be vast yet nearly undetectable. In the current report on Rogue Robots, our Forward-looking Threat Research team, collaborating with the Politecnico di Milano (POLIMI), analyzes the range of specific attacks today’s robots face, and the potential consequences those attacks may have.
Owners and operators of programmable robots should heed the warnings of this research, and consider various suggested remedies. Forewarned is forearmed.
The Rogue Robots research is here: https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/rogue-robots-testing-industrial-robot-security.
The new report, Attacks on Smart Manufacturing Systems: A Forward-looking Security Analysis, is here: https://www.trendmicro.com/vinfo/us/security/threat-intelligence-center/internet-of-things/threats-and-consequences-a-security-analysis-of-smart-manufacturing-systems.
What do you think? Let me know in the comments below, or @WilliamMalikTM.
The post Securing Smart Manufacturing appeared first on .