WebProNews

Category: SecurityProNews

SecurityProNews

  • Twitter Hires Famed Hacker ‘Mudge’ to Oversee Security

    Twitter Hires Famed Hacker ‘Mudge’ to Oversee Security

    As it continues to deal with security issues and misinformation, Twitter has hired Peiter Zatko, known as Mudge, as head of security.

    Twitter has dealt with a number of embarrassing security breaches and issues over the last few years. In addition, the platform has struggled to deal with the type of misinformation that has plagued social media platforms.

    To help address these challenges, the company has hired famed hacker Peiter Zatko to fill the new role of head of security. Zatko was one of the leaders of famous hacking group Cult of the Dead Cow. He also worked on some of Google’s special projects and served as a program manager at DARPA.

    According to CNBC, Zatko will report to CEO Jack Dorsey and will examine “information security, site integrity, physical security, platform integrity — which starts to touch on abuse and manipulation of the platform — and engineering.”

    Zatko confirmed the news in a Twitter (appropriately) post:

    While Twitter continues to face significant challenges moving forward, some experts are already praising Zatko’s hiring.

    “I don’t know if anyone can fix Twitter’s security, but he’d be at the top of my list,” said Dan Kaufman, who supervised Zatko at DARPA, via CNBC.

  • Companies Estimate Five Days to Recover From Unpaid Ransomware

    Companies Estimate Five Days to Recover From Unpaid Ransomware

    Some 66% of companies believe it would take them at least five days to recover from an unpaid ransomware attack, according to a new survey.

    Ransomware has become one of the most popular and lucrative types of cyber attacks in recent years, with companies of all types and sizes falling victim. Government, non-profits and healthcare organizations have increasingly been in the crosshairs as well. In fact, the first confirmed ransomware death occurred when a hospital in Germany was hit in September.

    One of the biggest challenges many organizations face is the whether to pay or try to recover on their own from an attack. According to data firm Veritas’ 2020 Ransomware Resiliency Report, 66% of companies estimate it would take at least five days to recover from an attack if they chose not to pay the ransom.

    As ransomware attackers continue to deploy more effective and potentially devastating means of holding companies’ data and workloads ransom, the time for enterprises to act is now. They need to immediately assess their resiliency approach and make their backup and disaster recovery processes more robust, no matter where their data and applications are hosted, so they can more confidently pursue their hybrid multicloud strategy.

    The full report is worth a read, and illustrates the need for companies to continue to improve their ransomware resiliency.

  • Microsoft Unveils Pluton: A New Security Chip For Windows PCs

    Microsoft Unveils Pluton: A New Security Chip For Windows PCs

    Microsoft has unveiled Pluton, a new security chip designed to improve the security of Windows PCs.

    As threats from hackers and bad actors increase, and as more companies rely on remote work and cloud-based technologies, companies are working harder than ever to secure devices and systems. Microsoft’s latest announcement is a big step in that direction.

    The company has announced its new security chip, Pluton, that applies lessons from Xbox and Azure Sphere, bringing them to the Windows PC. The new chip was designed in cooperation with AMD, Intel and Qualcomm.

    This chip-to-cloud security technology, pioneered in Xbox and Azure Sphere, will bring even more security advancements to future Windows PCs and signals the beginning of a journey with ecosystem and OEM partners.

    The new chip is a substantial improvement over the existing Trusted Platform Module (TPM). Because the TPM is a separate hardware component, hackers have been targeting communication between the TPM and the CPU. Pluton addresses that by being integrated directly into the CPU.

    The Pluton design removes the potential for that communication channel to be attacked by building security directly into the CPU. Windows PCs using the Pluton architecture will first emulate a TPM that works with the existing TPM specifications and APIs, which will allow customers to immediately benefit from enhanced security for Windows features that rely on TPMs like BitLocker and System Guard. Windows devices with Pluton will use the Pluton security processor to protect credentials, user identities, encryption keys, and personal data. None of this information can be removed from Pluton even if an attacker has installed malware or has complete physical possession of the PC.

    Pluton promises to be a substantial step toward increased security for Windows PCs, and will hopefully see rapid deployment.

  • Vertafore Data Breach Exposed 28 Million Texas Driver’s License Records

    Vertafore Data Breach Exposed 28 Million Texas Driver’s License Records

    Vertafore has acknowledge a data breach that has exposed the driver’s license records of some 28 million Texans, thanks to unsecured files.

    Vertafore is a company that serves the insurance industry, helping companies keep up with technology and the changing demands of the market. One of Vertafore’s key features is its ability to help agencies “unlock the power of data to drive growth.”

    Unfortunately for 28 million Texas drivers, Vertafore didn’t do enough to protect the data it had access to. According to the company’s announcement, three data files were left unsecured on an external storage service and accessed by unauthorized parties.

    The information contained pre-February 2019 driver information, including “Texas driver license numbers, as well as names, dates of birth, addresses and vehicle registration histories.” The data files did not contain Social Security numbers or financial information.

    Vertafore has since secured the files, launched an investigation, hired an experienced consulting firm and is working with law enforcement. Despite their efforts at damage control, this is just the latest incident that demonstrates the challenges inherent with a data-driven society.

  • Hackers Targeting COVID-19 Vaccine Companies

    Hackers Targeting COVID-19 Vaccine Companies

    Microsoft has revealed that “nation-state” actors have been targeting the companies and researchers working on COVID-19 vaccines.

    According to Microsoft, one of the groups, Strontium, originates in Russia. Two others hail from North Korea. The three groups have targeted companies and researchers in Canada, France, India, South Korea and the US.

    “Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials,” writes Tom Burt – Corporate Vice President, Customer Security & Trust. “One is a clinical research organization involved in trials, and one has developed a Covid-19 test. Multiple organizations targeted have contracts with or investments from government agencies from various democratic countries for Covid-19 related work.”

    To help protect companies and researchers, Microsoft has made its AccountGuard available at no cost to COVID-19 healthcare providers.

    “Organizations are also taking steps to protect themselves. In April, we announced that we were making AccountGuard, our threat notification service, available to health care and human rights organizations working on Covid-19,” continues Burt. “Since then 195 of these organizations have enrolled in the service and we now protect 1.7 million email accounts for health care-related groups. Any health care-related organizations that wish to enroll can do so here.”

    It’s a sad state of affairs that hackers would continue to take advantage of the COVID-19 pandemic. Microsoft is to be commended for its efforts to help protect researchers.

  • Google Play Store the Primary Source of Android Malware

    Google Play Store the Primary Source of Android Malware

    A new study has determined the Google Play Store is the prime way Android malware is distributed.

    Google’s mobile operating system has struggled to match the security of its main rival, iOS. While Apple receives its fair share of criticism for its walled garden approach and App Store review process, it is much harder to slip malware into Apple’s ecosystem.

    In contrast, Google has laxer requirements for apps to be listed. The trade-off has been ongoing security issues that lead to periodic malware purges.

    According to a study (PDF) by researchers from NortonLifeLock and the IMDEA Software Institute in Madrid, Spain, the Google Play Store is “by far the largest unwanted app distribution vector.”

    In fact, 67% of all unwanted app installs come from the Play Store. Alternative markets come in a distant second place at a mere 10%. While the number of unwanted apps is lower on the alternative markets, however, unwanted apps make up a higher percentage of apps on the alternative markets. Those markets only account for 5.7% of all Android app installs, while the Play Store accounts for 87% of all installs.

    “We reveal that the Play market is indeed the main app distribution vector of both benign and unwanted apps, while, it has the best defenses against unwanted apps,” the researchers conclude. “Alternative markets distribute fewer apps but have higher probability to be unwanted. Bloatware is another surprisingly high distribution vector. Web downloads are rare and much more risky even compared to alternative markets. Surprisingly, unwanted apps may survive users’ phone replacement due to the usage of automated backup tools.”

    This study is just the latest evidence that Google must do more to protect its users from malware and other unwanted apps.

  • FBI: Hackers Exploited SonarQube to Steal Government and Commercial Source Code

    FBI: Hackers Exploited SonarQube to Steal Government and Commercial Source Code

    The FBI has warned that hackers have been accessing proprietary source code from government agencies and businesses by exploiting SonarQube.

    SonarQube is a code inspection platform that currently supports 27 programming languages and helps developers write cleaner, more secure, bug-free code. SonarQube integrates with a number of third-party services and platforms, including GitHub, GitLab, LDAP, Active Directory, BitBucket, Azure DevOps and more.

    Unfortunately, according to the FBI (PDF), it appears a number of organizations using SonarQube left the default parameters in place, opening themselves up to security issues and code theft.

    In August 2020, unknownthreat actors leaked internal data from two organizations through a public lifecycle repositorytool. The stolen data was sourced from SonarQube instances that used default port settings and admin credentials running on the affected organizations’ networks. This activity is similar toa previous data leak in July 2020, in which an identified cyber actor exfiltrated proprietary source code from enterprises throughpoorly secured SonarQube instances and published the exfiltrated source codeon a self-hosted public repository.

    During the initial attack phase, cyber actorsscan theinternetfor SonarQube instances exposed to the open Internet using the default port (9000) and a publicly accessible IP address. Cyber actors then use default administrator credentials (username: admin, password: admin) to attempt to access SonarQube instances.

    The FBI recommends following basic security protocols that, quite frankly, organizations should have implemented from the beginning. This includes, changing the default admin username and password, the default port through which SonarQube is accessed, putting SonarQube behind a login screen, checking for unauthorized users and keeping the platform behind the company firewall.

  • IRS Warns of New Stimulus Scam

    IRS Warns of New Stimulus Scam

    The Internal Revenue Service is warning taxpayers of a new scam that uses promise of a stimulus payment to get bank information.

    According to the IRS, scammers are texting individuals asking for their bank account information. The scammers claim they need the back account info to set up a direct deposit. The text message the scammers send includes a URL that takes the victim to a phishing site that collects their information.

    “Criminals are relentlessly using COVID-19 and Economic Impact Payments as cover to try to trick taxpayers out of their money or identities,” said IRS Commissioner Chuck Rettig. “This scam is a new twist on those we’ve been seeing much of this year. We urge people to remain alert to these types of scams.”

    The IRS also reminds individuals that it never sends unsolicited texts or emails. In addition, anyone receiving one of these text messages should take a screenshot of it and email it to phishing@irs.gov. The email should include the date, time and timezone when the message was received, as well as the number that sent the text and the recipient’s number.

  • Google Goes Public With Vulnerability After GitHub Drug Its Feet

    Google Goes Public With Vulnerability After GitHub Drug Its Feet

    Google Project Zero (GPZ) has disclosed a serious vulnerability in GitHub’s Actions feature, after the version control platform drug its feet fixing it.

    GPZ discovered an issue making GitHub Actions vulnerable to injection attacks. The vulnerability has been labeled ‘high-severity’ by GPZ. According to GPZ’s Felix Wilhelm, any project that relies heavily on Actions could be vulnerable.

    The big problem with this feature is that it is highly vulnerable to injection attacks. As the runner process parses every line printed to STDOUT looking for workflow commands, every Github action that prints untrusted content as part of its execution is vulnerable. In most cases, the ability to set arbitrary environment variables results in remote code execution as soon as another workflow is executed.

    I’ve spent some time looking at popular Github repositories and almost any project with somewhat complex Github actions is vulnerable to this bug class.

    To make matters worse, GitHub wasted the normal 90-day period GPZ normally gives organizations before disclosing a vulnerability. GitHub was initially notified of the vulnerability on July 21, with a disclosure date of October 18 set.

    With no announced resolution, GPZ reached out to GitHub on October 12 and offered a 14-day grace period, which was accepted on October 16. A new disclosure date of November 2 was set. GPZ tried contacting GitHub on October 28, but received no response. On October 30, GPZ reached out to informal contacts, which indicated GitHub considered the issue fixed.

    On November 1, GitHub officially reached out to request an additional 48 hours, not to fix the issue, but to notify users of a future date when the issue would be fixed. GPZ informed GitHub there was no further provision to extend the grace period and proceeded with the disclosure on November 2.

    GitHub has provided an example of how not to handle a vulnerability. GPZ went above-and-beyond to communicate and work with GitHub, but it appears that GitHub squandered its opportunities to definitively address the issue.

  • Accenture: Cybercriminals Becoming More Brazen

    Accenture: Cybercriminals Becoming More Brazen

    “The biggest takeaway from our research is that organizations should expect cybercriminals to become more brazen as the potential opportunities and pay-outs from these campaigns climb to the stratosphere,” says Josh Ray, who leads Accenture Security’s cyber defense practice globally.

    “Since COVID-19 radically shifted the way we work and live, we’ve seen a wide range of cyber adversaries changing their tactics to take advantage of new vulnerabilities,” said Accenture’s Josh Ray. “In such a climate, organizations need to double down on putting the right controls in place and by leveraging reliable cyber threat intelligence to understand and expel the most complex threats.”

    Sophisticated adversaries mask identities with off-the-shelf tools

    Throughout 2020, Accenture CTI analysts have observed suspected state-sponsored and organized criminal groups using a combination of off-the-shelf tooling — including “living off the land” tools, shared hosting infrastructure and publicly developed exploit code — and open source penetration testing tools at unprecedented scale to carry out cyberattacks and hide their tracks.
     
    For example, Accenture tracks the patterns and activities of an Iran-based hacker group referred to as SOURFACE (also known as Chafer or Remix Kitten). Active since at least 2014, the group is known for its cyberattacks on the oil and gas, communications, transportation and other industries in the U.S., Israel, Europe, Saudi Arabia, Australia and other regions. Accenture CTI analysts have observed SOURFACE using legitimate Windows functions and freely available tools such as Mimikatz for credential dumping. This technique is used to steal user authentication credentials like usernames and passwords to allow attackers to escalate privileges or move across the network to compromise other systems and accounts while disguised as a valid user.
     
    According to the report, it is highly likely that sophisticated actors, including state-sponsored and organized criminal groups, will continue to use off-the-shelf and penetration testing tools for the foreseeable future as they are easy to use, effective and cost-efficient.

    Ransomware feeds new profitable, scalable business model

    Ransomware has quickly become a more lucrative business model in the past year, with cybercriminals taking online extortion to a new level by threatening to publicly release stolen data or sell it and name and shame victims on dedicated websites. The criminals behind the Maze, Sodinokibi (also known as REvil) and DoppelPaymer ransomware strains are the pioneers of this growing tactic, which is delivering bigger profits and resulting in a wave of copycat actors and new ransomware peddlers.
     
    Additionally, the infamous LockBit ransomware emerged earlier this year, which — in addition to copying the extortion tactic — has gained attention due to its self-spreading feature that quickly infects other computers on a corporate network. The motivations behind LockBit appear to be financial, too. Accenture CTI analysts have tracked cybercriminals behind it on Dark Web forums, where they are found to advertise regular updates and improvements to the ransomware, and actively recruit new members promising a portion of the ransom money.
     
    The success of these hack-and-leak extortion methods, especially against larger organizations, means they will likely proliferate for the remainder of 2020 and could foreshadow future hacking trends in 2021. In fact, Accenture CTI analysts have observed recruitment campaigns on a popular Dark Web forum from the threat actors behind Sodinokibi.

    Accenture-2020-Cyber-Threatscape-Full-ReportDownload
  • Dell: 80% of Companies Fast-Tracked Digital Transformation

    Dell: 80% of Companies Fast-Tracked Digital Transformation

    A Dell Technologies commissioned an independent survey of 4,300 worldwide business leaders indicates a massive shift toward digital transformation in 2020 accelerated by the pandemic. The survey indicates that 80% of organizations globally have fast-tracked some digital transformation programs this year. But just 41% accelerated all or most of their programs. Dell says that this is the third installment of their Digital Transformation Index (DT Index), designed to show how businesses are adapting to unprecedented uncertainty during a global pandemic.

    Incredibly, 79% are reinventing their business model as a result of the disruption caused by the pandemic and 50% of international business leaders worry they didn’t transition fast enough. The study notes that digital transformation is not easy, 94% of businesses surveyed say they are facing entrenched barriers spanning across technology, people, and policy.

    According to the 2020 DT Index, the following are the top-3 barriers to digital transformation success:

    1. Data privacy and cybersecurity concerns (up from 5th place in 2016)
    2. Lack of budget and resources (#1 in 2016, #2 in 2018)
    3. Unable to extract insights from data and/or information overload (a jump of eight places since 2016)

    “We’ve been given a glimpse of the future, and the organizations that are accelerating their digital transformation now will be poised for success in the Data Era that is unfolding before our eyes”, says Michael Dell, Chairman, and CEO, Dell Technologies.

    Additionally, the survey reveals a huge shift toward remote work. About 25% of employees worked remotely before the pandemic and today it is more than 50% of all employees are remote. According to the survey, remote work has become the new normal.

    Top IT Investments Are For Emerging Technologies

    Prior to the pandemic, business investments were strongly focused on foundational technologies, rather than emerging technologies. The vast majority, 89 percent recognizethat as a result of disruption this year, they need a more agile/scalable IT infrastructure to allow of contingencies. The DT Index shows the top technology investments for the next one to three years:

    1. Cybersecurity
    2. Data management tools
    3. 5G infrastructure
    4. Privacy software
    5. Multi-Cloud environment

    And recognizing the importance of emerging technologies, 82 percent of respondents envision increased usage of Augmented Reality to learn how to do or fix things in an instant; 85 percent foresee organizations using Artificial Intelligence and data models to predict potential disruptions, and 78 percent predict distributed ledgers – such as Blockchain – will make the gig economy fairer (by cutting out the intermediary).

    Despite these findings, only 16 percent are planning to invest in Virtual/Augmented Reality, just 32 percent intend to invest in Artificial Intelligence, and a mere 15 percent plan to invest in distributed ledgers in the next one to three years.

    https://www.dellemc.com/en-us/collaterals/unauth/briefs-handouts/solutions/dt-index-2020-executive-summary.pdf
  • IBM, ServiceNow In New AI Partnership

    IBM, ServiceNow In New AI Partnership

    IBM and ServiceNow are partnering to provide enterprise solutions that utilize AI to automate IT operations. The new joint solution combines IBM’s AI‑powered hybrid cloud software and professional services to ServiceNow’s intelligent workflow capabilities and IT service and operations management products. The solution raises up deep AI‑driven insights from their data and then recommends actions for IT organizations to take that help them prevent and fix IT issues at scale.

    “AI is one of the biggest forces driving change in the IT industry to the extent that every company is swiftly becoming an AI company,” said Arvind Krishna, Chief Executive Officer, IBM. “By partnering with ServiceNow and their market-leading Now Platform, clients will be able to use AI to quickly mitigate unforeseen IT incident costs. Watson AIOps with ServiceNow’s Now Platform is a powerful new way for clients to use automation to transform their IT operations.”

    “For every CEO, digital transformation has gone from opportunity to necessity,” said ServiceNow CEO Bill McDermott. “As ServiceNow leads the workflow revolution, our partnership with IBM combines the intelligent automation capabilities of the Now Platform with the power of Watson AIOps. We are focused on driving a generational step improvement in productivity, innovation, and growth. ServiceNow and IBM are helping customers meet the digital demands of 21st-century business.”

    ServiceNow says that in today’s technology‑driven organization, even the smallest outages can cause massive economic impact for both lost revenue and reputation. They note that this partnership will help customers address these challenges and help avoid unnecessary loss of revenue and reputation by automating old, manual IT processes and increasing IT productivity.

    Here is what IBM and ServiceNow are planning:

    • Joint Solution: IBM and ServiceNow will deliver a first of its kind joint IT solution that marries IBM Watson AIOps with ServiceNow’s intelligent workflow capabilities and market‑leading ITSM and ITOM Visibility products to help customers prevent and fix IT issues at scale. Now, businesses that use ServiceNow ITSM can push historical incident data into the deep machine learning algorithms of Watson AIOps to create a baseline of their normal IT environment, while simultaneously having the ability to help them identify anomalies outside of that normal, which could take a human up to 60% longer to manually identify, according to initial results from specific Watson AIOps early adopter clients. The joint solution will position customers to enhance employee productivity, obtain greater visibility into their operational footprint and respond to incidents and issues faster.

    Specific product capabilities will include:

    • ServiceNow ITSM allows IT to deliver scalable services on a single cloud platform estimated to increase productivity by 20%.
    • ServiceNow ITOM Visibility automatically delivers near real‑time visibility from a native Configuration Management Database, into all resources and the true operational state of all business services.
    • IBM Watson AIOps uses AI to automate how enterprises detect, diagnose, and respond to, and remediate IT anomalies in real time. The solution is designed to help CIOs make more informed decisions when predicting and shaping future outcomes, focus resources on higher‑value work and build more responsive and intelligent applications that can stay up and running longer. Using Watson AIOps, the average time to resolve incidents was reduced by 65 percent, according to one recent initial proof of concept project with a client.
    • Services: IBM is expanding its global ServiceNow business to include additional capabilities that provide advisory, implementation, and managed services on the Now Platform. Highly‑skilled IBM practitioners will apply their expertise to facilitate rapid delivery of valuable insights and innovation to clients. IBM Services professionals also will introduce clients to intelligent workflows to help improve resiliency and reduce IT risk. ServiceNow is co‑investing in training and certification of IBM employees and dedicated staff for customer success.

    “Businesses are facing increased pressures to match the digital pace of a cloud‑first market in order to meet the demands of their customers,” said Stephen Elliot, program vice president, DevOps, and Management Software, IDC. “The C‑ suite is transforming workflows to deliver insights and automation for more efficient customer engagement models and cost containment strategies for the business while simplifying IT operations and increasing collaboration between IT and business stakeholders.”

  • China Passes Export Control Laws for Sensitive Export

    China Passes Export Control Laws for Sensitive Export

    China has fired the latest shot in the ongoing trade war with the US, passing legislation to restrict exports of sensitive technology.

    The US has been working to isolate Chinese firms it deems as a threat to privacy and security. Huawei and ZTE have both been banned, with US officials pressuring allies to do the same. The US has also used export controls to cut Huawei off from its chipmaking suppliers, such as TSMC. The Trump administration also threatened to ban TikTok, unless the social media app was sold to a non-Chinese company.

    In retaliation, China threatened to block the sale of specific technologies, including the algorithm that is at the heart of how TikTok functions. Now, according to Bloomberg, the National People’s Congress Standing Committee has passed a law prohibiting the export of sensitive technology, including by companies that have foreign investors. The law goes into effect on December 1.

    It remains to be seen how widespread the impact will be, as there is very little information available about the law’s reach. We will continue to monitor and update as the story develops.

  • US Joins International Call For Encryption Backdoors

    US Joins International Call For Encryption Backdoors

    Once again, the US is calling for weakened encryption, along with the Five Eyes, Japan and India.

    The Five Eyes is a group of nations that cooperate on intelligence, comprised of the US, UK, Australia, New Zealand and Canada. The extent of the Five Eyes’ spying was brought to the public’s attention as a result of Edward Snowden’s leaks.

    In an international statement, the Five Eyes, along with Japan and India, have once again called on companies to achieve the impossible.

    The statement beings with the following statement supporting strong encryption:

    We, the undersigned, support strong encryption, which plays a crucial role in protecting personal data, privacy, intellectual property, trade secrets and cyber security. It also serves a vital purpose in repressive states to protect journalists, human rights defenders and other vulnerable people, as stated in the 2017 resolution of the UN Human Rights Council. Encryption is an existential anchor of trust in the digital world and we do not support counter-productive and dangerous approaches that would materially weaken or limit security systems.

    The next part of the statement, however, directly contradicts the opening remark:

    Particular implementations of encryption technology, however, pose significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children. We urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content. We call on technology companies to work with governments to take the following steps, focused on reasonable, technically feasible solutions:

    • Embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable;
    • Enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight; and
    • Engage in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions.

    As has been pointed out repeatedly at WPN, what the international statement calls for is not theoretically, practically or scientifically possible. Encryption is based on mathematics. For encryption to be “strong,” it must be based on a sound mathematical implementation.

    The minute a backdoor is created, that strength vanishes. There is simply no way to simultaneously have strong encryption combined with a method to defeat that encryption. No matter how well intentioned such a backdoor may be, any such method would ultimately weaken encryption for everyone—including those, as the statement highlights, whose very lives depend on secure, encrypted communication.

    This is one of the reasons that, as previously reported, secure messaging app Signal has already said it would not be able to continue operating in the US should legislation be passed enforcing encryption backdoors. For perspective, Signal is used by congressional staff and the military, specifically because it is so secure.

    What is not clear is whether the officials calling for encryption backdoors understand the underlying principle and are disingenuously claiming otherwise, or whether they truly do not understand how encryption works.

  • Windows 10 May Block Drivers That Are Not Verified

    Windows 10 May Block Drivers That Are Not Verified

    Microsoft unveiled a major change as part of its Patch Tuesday yesterday, indicating some drivers may no longer work.

    Apple and Microsoft have both been increasing the security of their operating systems. A big part of that is digitally signing software to verify its authenticity. With the latest Patch Tuesday, however, Microsoft may be taking it a step further, blocking any drivers that aren’t signed.

    Microsoft outlines the issue under Known Issues:

    When installing a third-party driver, you might receive the error, “Windows can’t verify the publisher of this driver software”. You might also see the error, “No signature was present in the subject” when attempting to view the signature properties using Windows Explorer.

    Microsoft goes on to describe the specific issue, as well as what impacted users should do:

     

    This issue occurs when an improperly formatted catalog file is identified during validation by Windows. Starting with this release, Windows will require the validity of DER encoded PKCS#7 content in catalog files. Catalogs files must be signed per section 11.6 of describing DER-encoding for SET OF members in X.690.

    If this happens you should contact the driver vendor or device manufacturer (OEM) and ask them for an updated driver to correct the issue.

    While potentially annoying, this should help improve the security of Windows 10.

  • BlackBerry Launches AI-Powered Blackberry Protect Mobile

    BlackBerry Launches AI-Powered Blackberry Protect Mobile

    BlackBerry has announced BlackBerry Mobile Protect, a mobile threat defense (MTD) solution based on artificial intelligence (AI).

    Once known for industry-leading mobile smartphones, BlackBerry was largely supplanted by Apple’s iPhone and Google Android phones. As a result, the company now focuses primarily on enterprise software, while licensing the rights to create Android phones to third-party companies. One thing BlackBerry has always been known for is first-class security.

    The company’s latest announcement extends the protection of BlackBerry Protect, bringing the same level of security to mobile devices. In particular, the technology leverages AI to provide “security teams with unprecedented visibility into their mobile, desktop, and server endpoints from a single security console, which is critical during a time when remote workers are being targeted with mobile malware and phishing attacks.”

    BlackBerry Protect Mobile is designed to detect attacks before they can be executed. This includes alerting users to dangerous URLs before they open them, as well as warning before a user visits a spoofing website, designed to steal their information.

    “The number of phishing attacks that target mobile users will continue to rise because business is being conducted on mobile devices and users are more susceptible to attacks when viewing and accessing content on the go,” said Billy Ho, Executive Vice President of BlackBerry Spark. “BlackBerry Protect Mobile provides mobile device security integrated into our unified endpoint security (UES) solutions for a simplified approach to identifying and alerting users and administrators to phishing attempts and mobile malware across the enterprise.”

    As mobile threats continue to rise, combined with the need for increased security for remote workers, it’s a safe bet that BlackBerry Mobile Protect will be a big hit for the company.

  • Microsoft and Datadog Announce Partnership to Secure Azure

    Microsoft and Datadog Announce Partnership to Secure Azure

    Microsoft and Datadog have announced a partnership that will see Datadog be a first-class service in Azure Portal.

    Datadog is a company that specializes in monitoring and securing cloud platforms. The company’s platform is designed to integrate with client infrastructure and provide the necessary monitoring to help companies maintain optimal performance and security.

    The new partnership will make Datadog a first-class service for Azure customers, the first partnership of its kind for Datadog.

    “Azure is the first cloud to enable a seamless configuration and management experience for customers to use partner solutions like Datadog. Together with Datadog, we are enabling customers to use this experience to monitor their Azure workloads and enable an accelerated transition to the cloud,” said Corey Sanders, Microsoft Corporate Vice President, Azure.

    “Observability is a key capability for any successful cloud migration. Through our new partnership with Microsoft Azure, customers will now have access to the Datadog platform directly in the Azure console, enabling them to migrate, optimize and secure new and migrated workloads,” said Amit Agarwal, Chief Product Officer, Datadog.

  • Administration May Restrict Chinese Firm SMIC

    Administration May Restrict Chinese Firm SMIC

    The Trump administration is considering imposing export restrictions on China’s biggest chip maker, SMIC.

    The US has been increasingly targeting Chinese companies, including Huawei, ZTE, TikTok and WeChat, citing national security concerns. Huawei and ZTE have been banned in the US, with TikTok and WeChat facing imminent bans.

    As the trade war heats up, it appears US officials are not slowing down. SMIC is China’s biggest chipmaker, and it appears it is coming under increased scrutiny. According to CNBC, the Department of Defense is analyzing whether it should be placed on the Entity List, a step that would make further restrictions much easier.

    “DoD is currently working with the interagency in assessing available information to determine if SMIC’s actions warrant adding them to the Department of Commerce’s Entity List,” said a DoD spokesperson. “Such an action would ensure that all exports to SMIC would undergo a more comprehensive review.”

    Should the US proceed with this step, it remains to be seen what retaliatory measures the Chinese government may take.

  • Homeland Security Issues Warning On Critical Windows Server Bug

    Homeland Security Issues Warning On Critical Windows Server Bug

    The Department of Homeland Security (DHS) is warning of a Windows Server bug that can give hackers access to any machine on a network.

    Microsoft issued a patch in August that serves as a stopgap measure to prevent the vulnerability from being used. A permanent fix is expected early next year. In the meantime, the vulnerability does not require a hacker to steal authentication information. Instead, a hacker merely has to forge “an authentication token for specific Netlogon functionality,” according to Tom Tervoort, Senior Security Specialist and Ralph Moonen, Technical Director at Secura.

    Once the token is used, an attacker is “able to call a function to set the computer password of the Domain Controller to a known value. After that, the attacker can use this new password to take control over the domain controller and steal credentials of a domain admin.” This attack would allow a hacker to take over any computer on the network.

    The vulnerability has been given the highest severity rating, a CVSS score of 10.0. As a result, DHS is giving government offices until 11:59 PM, Monday, September 21 to implement the patch. Needless to say, all other organizations should implement Microsoft’s patch immediately, and be on the lookout for the permanent fix early next year.

  • Ransomware Results In a Fatality In Germany

    Ransomware Results In a Fatality In Germany

    Ransomware has been a growing issue for years but, in a first, ransomware appears to have caused the death of a hospital patient.

    According to the BBC, a ransomware attack disabled Düsseldorf University Hospital in Germany. A female patient at the hospital was preparing for a life-saving procedure when the ransomware hit, and died when medical personnel were trying to transport her 30km away to the nearest hospital.

    It’s possible the hackers mistakenly targeted the hospital. The BBC quotes local reports saying the hackers were trying to hit another university. Those same reports say the hackers turned over the decryption keys without payment once they realized the hospital had been impacted.

    Whether the attack was intentional or not, authorities are now investigating it as a negligent homicide. Unfortunately, it also appears the attack could have been averted. The hackers used a well-known vulnerability in Citrix VPN software, a vulnerability that organizations had been warned about as early as January. If prosecutors do make their case, the hospital will likely face penalties for ignoring the danger.

    This tragedy should serve as a sobering reminder to companies of all kinds to keep up with security alerts and vulnerabilities, and keep their software and services up-to-date.

  • Instagram Accused of Spying on Users Via Phone Cameras

    Instagram Accused of Spying on Users Via Phone Cameras

    Facebook is being sued over allegations Instagram is spying on users via their phone cameras.

    The lawsuit was filed against Facebook on behalf of Brittany Conditi, a New Jersey Instagram users. The lawsuit alleges that Instagram is accessing the camera even when the app is not being used.

    According to the complaint, Facebook and Instagram are “obtaining extremely private and intimate personal data on their users, including in the privacy of their own homes,” giving them “valuable insights and market research.”

    Facebook has, of course, denied the reports. According to Bloomberg, the company says the issue was caused by a bug that improperly triggered a false notification that the camera was in use.

    Unfortunately for the company, last November its Facebook app was caught opening the camera in the background without permission. Then, as now, Facebook claimed it was an innocent bug that was responsible.

    Facebook either has the worst fortune with bugs that just happen to open the camera without permission, or there may be something to long-standing rumors the company spies on users without permission.