WebProNews

Category: SysAdminNews

SysAdminNews

  • Hackers Access 150,000 Security Cameras: Tesla, Hospitals and Prisons Exposed

    Hackers Access 150,000 Security Cameras: Tesla, Hospitals and Prisons Exposed

    A groups of hackers has gained access to roughly 150,000 Verkada security cameras, exposing a slew of customer live feeds.

    Verkada is a Silicon Valley startup that specializes in security systems. The company’s cameras are used by a wide range of companies and organizations, including Tesla, police departments, hospitals, clinics, schools and prisons.

    The group responsible is an international collective of hackers. They claim to have hacked Verkada to shed light on how pervasive surveillance has become.

    In one of the videos, seen by Bloomberg, eight hospital staffers are seen tackling a man and restraining him. Other video feeds include women’s clinics, as well as psychiatric hospitals. What’s more, some of the feeds — including those of some hospitals — use facial recognition to identify and categorize people.

    The feeds from the Madison Country Jail in Huntsville, Alabama were particularly telling. Of the 330 cameras in the jail, some were “hidden inside vents, thermostats and defibrillators.”

    The entire case is disturbing on multiple fronts. It’s deeply concerning that a company specializing in security, and selling that security to other organizations, would suffer such a devastating breach. It’s equally concerning, however, to see the depth of surveillance being conducted, as well as the lengths being taken to hide the surveillance.

  • Remote Work IT Spending Will Hit $332.9 Billion In 2021

    Remote Work IT Spending Will Hit $332.9 Billion In 2021

    Gartner is predicting companies will spend some $332.9 billion on remote work IT in 2021 as the digital transformation continues.

    The coronavirus pandemic has sparked an unprecedented digital transformation, as organizations have turned to remote work, schools have turned to remote learning and individuals have had to rely on videoconferencing to stay in touch.

    That trend is expected to continue full force for the next several years. In fact, Gartner predicts businesses will have to accelerate their digital transformation by at least five years through 2024, as they continue to deal with a permanently altered workforce — one where remote work is part of the new reality.

    “There are a combination of factors pushing the devices market higher,” said John-David Lovelock, distinguished research vice president at Gartner.. “As countries continue remote education through this year, there will be a demand for tablets and laptops for students. Likewise, enterprises are industrializing remote work for employees as quarantine measures keep employees at home and budget stabilization allows CIOs to reinvest in assets that were sweated in 2020.”

    As a result, Gartner predicts remote work-related global IT spending will reach $332.9 billion in 2021, an increase of 4.9% from 2020.

    “Digital business represents the dominant technology trend in late 2020 and early 2021 with areas such as cloud computing, core business applications, security and customer experience at the forefront. Optimization initiatives, such as hyperautomation, will continue and the focus of these projects will remain on returning cash and eliminating work from processes, not just tasks,” said Mr. Lovelock.

    Gartner’s report is the latest evidence that remote work has become a permanent part of society, with workers continuing to demonstrate their preference for it.

  • 83% of Engineers Want Remote Work Post-Pandemic

    83% of Engineers Want Remote Work Post-Pandemic

    The pandemic has resulted in a major shift in software engineers, with 8 in 10 wanting remote or hybrid work options post-pandemic.

    Terminal conducted a survey of 1,108 software engineers. The respondents were primarily from Canada, Mexico and Latin America, although also included ones from the US, Europe and Asia.

    According to the survey, 80% of engineers want remote work anywhere from 60 to 100% of the time post-pandemic. 83% of respondents said they wanted some kind of hybrid option, allowing them to work from both home and office.

    “The rise of the remote work movement, fueled by the COVID-19 pandemic’s stay-at-home orders, has established a new era of engineer expectations,” said Clay Kellogg, CEO of Terminal. “Our findings show that overall, engineers love the flexibility and benefits that remote work offers and aren’t going back to the old ways. Business leaders risk widening the tech talent shortage at their companies if they don’t build a long-term remote work strategy that focuses on mental health, flexible schedules and team-building.”

    Terminal’s research is the latest indication that companies will need to make permanent changes if they want to retain top talent post-pandemic.

  • Snowflake CEO: Once You Get To The Cloud The Lid Is Off

    Snowflake CEO: Once You Get To The Cloud The Lid Is Off

    “Once you get to the cloud all of a sudden the lid is off,” says Snowflake CEO Frank Slootman. “People can just pursue their backlogs and whatever they can imagine. We’re now in a situation where technology is ahead of what people are capable of and imagining what they could actually do with it. That’s really a big part of what you see in Snowflake’s growth profile, a completely variable paradigm.”

    Frank Slootman, CEO of Snowflake, says that on-premise data centers can only accommodate a tiny fraction of what their real demand for data analytics really is:

    Once You Get To The Cloud The Lid Is Off

    The important thing to understand is that there’s a couple of long-term secular trends that are coinciding and driving the development of the market overall. One is, as everybody knows, the movement towards cloud. It’s really a modernization play. We’re moving from on-premise data centers and we’re taking workloads to the cloud because we get to take advantage of better economics and utility models. Then we no longer have to manage capacity, we pay by the drink and all that sort of thing.

    The other aspect that’s really important for our business is that we’ve had an extraordinary amount of pent up demand. The on-premise data centers could only accommodate a very tiny fraction of what their real demand for data analytics really is. Once you get to the cloud all of a sudden the lid is off. People can just pursue their backlogs and whatever they can imagine. We’re now in a situation where technology is ahead of what people are capable of and imagining what they could actually do with it. That’s really a big part of what you see in Snowflake’s growth profile, a completely variable paradigm.

    Notion Of Headquarters Is Evaporating

    We don’t have a yearning to go back to where we were. I can see why people would have that because of lockdowns and things of that sort. From a business standpoint, there’s a lot of positives to the shock to the system that we received. It’s almost like a wake-up call that is just opening our eyes to the opportunity. This whole notion that the office is your workday home we just realized that it’s nonsense. In other words, offices need to be there for specific purposes, for events, for training, for meetings specifically, but not a place to hang out nine to five. That’s definitely changing. It’s going to really reduce the real estate footprint that companies have.

    The other trend and you’ve seen it with companies leaving California, the likes of Oracle and HP and Tesla, and so on is that the whole notion of headquarters is pretty much evaporating in front of our eyes. We’re no longer operating with a physical center of the universe. We’re completely virtual. We’re connecting as needed. We’ve been operating for the better part of a whole year without a headquarters and it’s just fine. All of a sudden everybody’s staring at each other and saying like what is the headquarters anyway. You’ve seen companies like Pinterest and you’re writing up massive leeches in San Francisco and saying we’re going to be headquarter-less. It’s just a concept whose time has gone away… and that’s very profound.

    We Are Buying Talent And Technology, No M&A

    Usually, big M&A is a function of people running out of market and running out of a lot of opportunity. They’re trying to invade adjacent territories to give themselves new runway. That is obviously not the case for Snowflake. We’re in a tremendous marketplace and we are buying talent and technology. We sometimes refer to it as stem cells that we can use that we don’t have ourselves that we can build very specific technologies around that are very much built snowflake way. We can really enable our platform mission or footer. That’s really been our mode. If you looked at our history we don’t have a history of doing big acquisitions.

    Snowflake CEO Frank Slootman: Once You Get To The Cloud The Lid Is Off
  • Corellium Successfully Runs Ubuntu Linux on M1 Mac

    Corellium Successfully Runs Ubuntu Linux on M1 Mac

    Corellium has announced it has Ubuntu Linux running on an M1 Mac, in what is described as a “completely usable” experience.

    Mac computers are popular options for Linux users and developers. Many want to combine their operating system (OS) of choice with machines that are widely considered to be among the best industrial designs in the business.

    With Apple moving to its own custom silicon, however, there was doubt about the future of Linux on Macs. Apple’s new M1 chip is an ARM-based designed, similar to what the company has been running in iPhones and iPads for years.

    Even Linus Torvalds has said he would love to run one of the new M1 Macs, but wasn’t optimistic it could run Linux.

    It appears the folks at Corellium have managed to get it done. Corellium specializes in ARM-based virtualization software that runs on iOS, making them the perfect team to get Linux running on the new Macs.

    Chris Wade, Corellium’s CTO made the announcement via Twitter:

    A company blog post provides a detailed explanation of what went into making this happen and is well worth a read. While there’s obviously still work to be done, the future is definitely looking promising.

    After a few days of figuring out the details of USB, we were finally able to connect an external USB hub and connect a keyboard, mouse and a Flash drive, opening the possibility for running a normal desktop Linux distribution.

  • Mozilla Expands VPN to Mac and Linux – Testing Included

    Mozilla Expands VPN to Mac and Linux – Testing Included

    Mozilla has been looking to expand its services and products beyond its Firefox web browser in an effort to diversify its profits. One of those endeavors is its VPN service that started life as a Firefox extension, before transitioning to a closed beta and then a publicly available service.

    The initial releases, however, only supported Windows, Android and iOS. The company has now expanded its support to include macOS and Linux, rounding out support for every major platform.

    Mozilla VPN currently offers service in the US, the UK, Canada, New Zealand, Singapore and Malaysia. This makes its focus far more narrow than competing services, such as ExpressVPN, although Mozilla says more countries will be added.

    Mozilla promises it doesn’t log network activity and doesn’t restrict bandwidth. Like many of its competitors, Mozilla VPN can be run on five different devices from a single account.

    The company has claimed that its service is faster than rivals because it uses less code. In our testing, however, those claims seem highly subjective, based on the selected VPN server.

    For example, starting with an internet connection that averages 35 to 40 Mbps, we connected to Mozilla VPN using the three closest available locations. Two of the locations yielded speeds ranging from 0.37 to 0.44 Mbps. The third location, Chicago, yielded speeds of 32 and 33 Mbps.

    Mozilla VPN Speed Tests
    Mozilla VPN Speed Tests

    While not comprehensive, our brief testing shows Mozilla still has some work to do before it rivals ExpressVPN, widely considered the fastest service available.

    Nonetheless, with Mozilla’s well-established reputation for protecting user privacy, their entry into the market is a welcome one.

  • Oracle Forms New Cloud and AI Organization

    Oracle Forms New Cloud and AI Organization

    Oracle has formed a new organization, focused on the cloud and artificial intelligence (AI) and helmed by executive VP Don Johnson.

    Oracle has been making significant headway in the cloud market, although it still lags behind market leaders AWS, Microsoft Azure and Google Cloud. Nonetheless, the company is doubling down on its cloud and AI business, and has scored some big wins agains its bigger rivals.

    According to Business Insider, Oracle is tapping Don Johnson, the former Oracle Cloud Infrastructure (OCI) boss to run the new organization, called Oracle Cloud Platform & AI Services. Johnson was once considered a top contender for the co-CEO job, making his appointment to the new role an indication of its importance.

    Interestingly, the new organization does not replace or operate independently of OCI, but will serve as an extension and expansion of it.

    “It’s important to note: this is an extension of OCI, not a division of it,” said an email announcing the change that was seen by Business Insider. “Together we’ll operate this as a unified OCI team, with a common all-hands, product roadmap, the usual meetings and processes, etc. One big tent and a common culture.”

    The email also emphasized how much the company is betting on the cloud moving forward.

    “Oracle is now fundamentally a cloud company, with a clear and simple vision: a marriage of the best cloud infrastructure, and leading data platform, together with the most pervasive cloud applications,” the email continued.

  • FBI Warns of Increased Voice Phishing Attacks Over VoIP

    FBI Warns of Increased Voice Phishing Attacks Over VoIP

    The FBI is warning that cyber criminals are taking advantage of VoIP systems to target company employees in sophisticated voice phishing attacks.

    As the pandemic has forced unprecedented numbers of employees to work remotely, maintaining the same level of corporate security has become an issue. Cyber criminals are taking advantage of this by gaining access to VoIP systems and company chatrooms and then convincing employees to log into a fake VPNs in an effort to steal their credentials.

    The FBI issued an advisory to warn companies and help them mitigate the threat.

    As of December 2019, cyber criminals collaborated to target both US-based and international-based employees’ at large companies using social engineering techniques. The cyber criminals vished these employees through the use of VoIP platforms. Vishing attacks are voice phishing, which occurs during a phone call to users of VoIP platforms. During the phone calls, employees were tricked into logging into a phishing webpage in order to capture the employee’s username and password. After gaining access to the network, many cyber criminals found they had greater network access, including the ability to escalate privileges of the compromised employees’ accounts, thus allowing them to gain further access into the network often causing significant financial damage.

    In one instance, the cyber criminals found an employee via the company’s chatroom, and convinced the individual to log into the fake VPN page operated by the cyber criminals. The actors used these credentials to log into the company’s VPN and performed reconnaissance to locate someone with higher privileges. The cyber criminals were looking for employees who could perform username and e-mail changes and found an employee through a cloud-based payroll service. The cyber criminals used a chatroom messaging service to contact and phish this employee’s login credentials.

    The FBI recommends multiple mitigation steps, including enabling multi-factor authentication, starting new employees with minimal security privileges, actively scanning for unauthorized access or modifications, implementing network segmentation and giving administrators two accounts, one with admin privileges and the second for other duties.

  • Judiciary Returning to Paper In Wake of SolarWinds Attack

    Judiciary Returning to Paper In Wake of SolarWinds Attack

    The US Judiciary is going decidedly low-tech in an effort to protect important information in the wake of the SolarWinds attack.

    The SolarWinds attack was one of the most devastating hacks the US has experienced. Multiple government agencies were compromised, with the federal Judiciary suspected to be among them.

    The attack was so successful because it was a supply chain attack. Rather than attacking individual target organizations, a supply chain attack relies on compromising a legitimate piece of software up the supply chain, installing a trojan and then gaining access to all the organizations that use the software in question. In this example, the compromised software was SolarWinds’ Orion IT monitoring and management software, used by government agencies and corporations alike.

    In the wake of the attack, access to public documents will not be impacted, but the Judiciary is taking no chances with sensitive documents.

    Under the new procedures announced today, highly sensitive court documents (HSDs) filed with federal courts will be accepted for filing in paper form or via a secure electronic device, such as a thumb drive, and stored in a secure stand-alone computer system. These sealed HSDs will not be uploaded to CM/ECF. This new practice will not change current policies regarding public access to court records, since sealed records are confidential and currently are not available to the public.

    These extraordinary measures are the latest indication of the damage and impact the SolarWinds attack has had on public and private institutions.

  • Mid-Size Jurisdictions Finally Catching Up In Cloud Adoption

    Mid-Size Jurisdictions Finally Catching Up In Cloud Adoption

    Mid-size jurisdictions have lagged in cloud adoption, but new information seems to indicate they’re finally catching up.

    Few technologies have become more important during the global pandemic than cloud computing. Cloud platforms have helped companies stay productive, enabled remote workers to keep working and have helped cities and jurisdictions continue functioning.

    Unfortunately, many mid-size jurisdictions have been slower to adopt cloud technologies, compared to some of the larger cities. It’s unclear why this is the case, although budget and expertise concerns may have been factors. Others may have wanted to see how well cloud computing worked for larger jurisdictions before getting on board.

    “The COVID-19 pandemic exploded that kind of thinking,” says Phil Bertolini, co-executive director of the Center for Digital Government.

    “With all this happening, cloud starts to make more sense,” Bertolini continues. “Cities and counties that haven’t started with cloud no longer have the luxury of waiting. And jurisdictions that already have started will go faster.”

    According to the Center for Digital Government’s research, cloud adoption has now become “a top-10 technology priority over the next 12 to 18 months.”

  • Elon Musk: Use Signal

    Elon Musk: Use Signal

    Secure messaging app Signal has received a boost from one of the titans of tech, as Elon Musk tells his Twitter followers to “use Signal.”

    Signal exists in the same space as WhatsApp and Telegram. The app provides end-to-end encrypted chat and voice calls, and is widely considered one of the most secure communication methods on the planet. In fact, the EU commission, US Senate and some military units all recommend their members use it.

    While WhatsApp may be more popular, there have been growing concerns regarding its security and privacy. Most recently, WhatsApp announced a changed to its privacy policies, wherein it will share significant user data with Facebook and other Facebook companies. Needless to say, this has not gone over well with users who value privacy and security.

    Elon Musk is the latest to come out in favor of WhatsApp’s more secure alternative.

    Facebook has shown a repeated lack interest or ability in protecting people’s privacy. Using WhatsApp for secure communication is the equivalent of having the fox guard the henhouse.

    For any individuals concerned with privacy and security, Musk is right: Use Signal.

  • Biden Taps Open Source Dev David Recordon As White House Director of Technology

    Biden Taps Open Source Dev David Recordon As White House Director of Technology

    The Biden transition team has selected David Recordon as the next White House Director of Technology.

    Recordon is well-known in the open source community. He is one of the developers behind OpenId and oAuth, he has served as Engineering Director at Facebook and even served as the first Director of White House Information Technology under President Obama.

    Recordon made the announcement of his appointment on LinkedIn:

    I’m honored to have the opportunity to join the Biden-Harris administration’s White House senior team and am excited to both rebuild past and create new relationships with the incredible teams of career civil servants, active duty military members, and intelligence professionals who make technology work day in and day out for such an important set of missions. The pandemic and ongoing cyber security attacks present new challenges for the entire Executive Office of the President, but ones I know that these teams can conquer in a safe and secure manner together.

    Give his vast, and prior, experience, it’s a safe bet Recordon will be well-equipped for his new role.

  • FBI Investigating If JetBrains Was Compromised by SolarWinds Hackers

    FBI Investigating If JetBrains Was Compromised by SolarWinds Hackers

    The FBI is trying to determine if JetBrains was compromised as part of the SolarWinds attack.

    The SolarWinds attack was one of the largest, most damaging hacks against US government and corporate entities. Some experts have said it will take months, or even years, to understand the extent of the damage.

    What made the SolarWinds attack so successful was that it was a supply chain attack. Rather than trying a brute force attack, or tricking organizations into installing suspect software, hackers compromised SolarWinds’ Orion IT monitoring and management software. Since this legitimate software is in use by countless organizations, by compromising it and installing a trojan directly in it, hackers were able to hack organizations using Orion IT.

    The FBI is now concerned a second application may have been compromised in a similar nature, according to Reuters. JetBrains makes a project management application called TeamCity. Like Orion IT, TeamCity is used by companies around the world, making it extremely important to determine if it was compromised as well.

    “We are not aware of any investigation nor have we been contacted by any agencies,” a JetBrains spokesman said. “We are not aware of any vulnerabilities in the product or breaches that would allow for this, nor that any of our customers were affected.”

  • iboss Raises $145 Million to Aid Remote Work Security

    iboss Raises $145 Million to Aid Remote Work Security

    Cybersecurity firm iboss has raised an additional $145 million as the company continues to focus on cloud-based security.

    With an unprecedented number of employees working from home, companies have been forced to rethink security. With on-premise security, hardware plays a critical role in keeping corporate networks and resources secure. In contrast, remote work relies more heavily on software-based security.

    Iboss is a cybersecurity firm specializing in cloud-based security. The company recently won “a coveted Platinum 2020 ‘ASTORS’ Homeland Security Award from American Security Today for Best Network Security Solution.” The company has now raised an additional $145 million in funding as it looks to eventually have an IPO.

    “COVID-19 has exposed massive vulnerabilities with outdated, hardware-based cybersecurity solutions and accelerated the timeline of moving away from the old method of securing physical office perimeters,” said iboss CEO Paul Martini. “Implementing modern architecture that provides network security in the cloud is the best way to ensure safety and productivity, even as remote workers rely more and more on fast connections for things like video meetings and online productivity apps.”

    Iboss’ funding round is further evidence of how important cybersecurity has become, especially with the rise of remote work.

  • FBI Warns of Cyberattacks Against Online Learning

    FBI Warns of Cyberattacks Against Online Learning

    The FBI is warning that hackers are increasingly targeting online learning as students get back to class after the holidays.

    While the success of remote work and distance learning have exceeded many people’s expectations, it has also provided new opportunities for hackers and bad actors. Companies have had to take measures to ensure employees can connect remotely and schools have worked to protect their classes from Zoom-bombing and other hacks.

    Even so, the FBI is warning that hackers are increasing their attacks.

    “It’s of greater concern now when it comes to K-12 education, because so many more people are plugged into the technology with schooling because of the distance learning situation,” FBI Cyber Section Chief Dave Ring told ABC News. “So things like distributed denial of service attacks, even ransomware and of course, domain spoofing, because parents are interacting so much more with the schools online.”

    While Zoom-bombing may be one type of attack, ransomware is another common, more dangerous attack. According to the FBI, there has been a nearly 30% increase in ransomware attacks against schools.

    “The broader the move to distance learning, I think the more attacks you’re going to see, just simply because there are more opportunities for it and it’s more disruptive,” Ring said. “Not everybody’s looking to make money when it comes to criminal motivations for these attacks. A lot are they’re looking to steal information. They’re looking to use that for financial gain. They’re looking to collect ransoms.”

  • Exposed Credentials Leave 100,000+ Zyxel Firewalls and VPNS Vulnerable

    Exposed Credentials Leave 100,000+ Zyxel Firewalls and VPNS Vulnerable

    A researcher at Dutch security firm EYE has discovered a critical vulnerability in Zyxel’s firewall and VPN gateways, as a result of exposed credentials.

    Zyxel sells a line of popular firewall and VPN gateway devices. Niels Teusink, a researcher with EYE, discovered a major issues that leaves over 100,000 devices vulnerable.

    When doing some research (rooting) on my Zyxel USG40, I was surprised to find a user account ‘zyfwp’ with a password hash in the latest firmware version (4.60 patch 0). The plaintext password was visible in one of the binaries on the system. I was even more surprised that this account seemed to work on both the SSH and web interface.

    Teusink goes on to highlight why this vulnerability is so dangerous.

    As the zyfwp user has admin privileges, this is a serious vulnerability. An attacker could completely compromise the confidentiality, integrity and availability of the device. Someone could for example change firewall settings to allow or block certain traffic. They could also intercept traffic or create VPN accounts to gain access to the network behind the device. Combined with a vulnerability like Zerologon this could be devastating to small and medium businesses.

    Teusink recommends updating to the latest firmware version immediately.

  • NSA Warning of On-Premise to Cloud Attacks

    NSA Warning of On-Premise to Cloud Attacks

    The National Security Agency is warning of attacks that target the local network and ultimately compromise organizations’ cloud resources.

    As companies migrate to the cloud, improved security is one of the top selling points. While that is generally true, many security processes need to be reworked to account for cloud computing. This is especially true as many cloud systems and platforms are designed to interoperate with each other.

    One security measure that has become popular is federated single sign-on (SSO). SSO is a way for an individual to use a single set of credentials to log into any number of authorized applications and services. Federated SSO advances that concept to allow a user to log into services across networks and platforms with the same trusted credentials.

    Unfortunately, hackers appear to be using federated SSOs to escalate attacks from compromised local networks to cloud resources.

    The NSA has documented two such type of attacks:

    In the first TTP, the actors compromise on-premises components of a federated SSO infrastructure and steal the credential or private key that is used to sign Security Assertion Markup Language (SAML) tokens (TA00061, T1552, T1552.004). Using the private keys, the actors then forge trusted authentication tokens to access cloud resources. A recent NSA Cybersecurity Advisory warned of actors exploiting a vulnerability in VMware Access®2 and VMware Identity Manager®3 that allowed them to perform this TTP and abuse federated SSO infrastructure. While that example of this TTP may have previously been attributed to nation-state actors, a wealth of actors could be leveraging this TTP for their objectives. This SAML forgery technique has been known and used by cyber actors since at least 2017.

    In a variation of the first TTP, if the malicious cyber actors are unable to obtain an on-premises signing key, they would attempt to gain sufficient administrative privileges within the cloud tenant to add a malicious certificate trust relationship for forging SAML tokens.

    In the second TTP, the actors leverage a compromised global administrator account to assign credentials to cloud application service principals (identities for cloud applications that allow the applications to be invoked to access other cloud resources). The actors then invoke the application’s credentials for automated access to cloud resources (often email in particular) that would otherwise be difficult for the actors to access or would more easily be noticed as suspicious (T1114, T1114.002).

    The NSA’s document contains migration techniques and should be read immediately by all systems admins.

  • Security Firm FireEye Details Hack, State-Sponsored Attack

    Security Firm FireEye Details Hack, State-Sponsored Attack

    Security firm FireEye is the latest victim of a cyberattack, and likely the victim of a state-sponsored attack.

    FireEye is one of the leading cybersecurity firms, providing consulting, services, software and hardware to customers. The company has been involved in detecting and fighting multiple high-profile attacks. Its history and expertise make the news it was attacked all the more concerning.

    CEO Kevin Mandia outlined the attack in a blog post:

    Based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities. This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.

    Mandia says the attackers used some of the company’s Red Team tools that FireEye uses to test its customers’ security. As a result, FireEye is releasing the necessary information for customers to mitigate the threat those tools now pose.

    We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them. Nevertheless, out of an abundance of caution, we have developed more than 300 countermeasures for our customers, and the community at large, to use in order to minimize the potential impact of the theft of these tools.

    FireEye is working with the FBI and Microsoft to investigate the incident. Nonetheless, the fact that the attackers are using methods the company has never seen before is not very encouraging for the cybersecurity industry.

  • Cloudflare, Apple and Fastly Create Improved, Private DNS

    Cloudflare, Apple and Fastly Create Improved, Private DNS

    Engineers from Cloudflare, Apple and Fastly have worked together to create an improved DNS protocol that protects user privacy.

    DNS is the backbone of the internet, responsible for mapping domain names (such as WebProNews.com) to the IP addresses where the site and its content resides. Unfortunately, because the internet was conceived and designed at a time when security was not a big concern, DNS queries are sent in clear text. This means it is relatively easy to intercept DNS traffic and see what site a person is trying to reach, as well as the IP address of the device they’re using.

    There have been attempts to address this security issue, including DNS over HTTPS (DoH) and DNS over TLS (DoT). Both of these upgrades, however, rely on an ISP, or similar company, responsible for resolving the DNS queries. As a result, there is still a potential trust issue, as the DNS resolving entity can still see the DNS queries.

    This is where Cloudflare, Apple and Fastly’s work comes into play. The three companies have announced the creation a new protocol: Oblivious DNS over HTTPS (ODoH). This new protocol is designed to separate the client from the DNS resolver, providing total privacy and anonymity.

    “ODoH is a revolutionary new concept designed to keep users’ privacy at the center of everything,” says Michael Glynn, Vice President, Digital Automated Innovation, PCCW Global. “Our ODoH partnership with Cloudflare positions us well in the privacy and ‘Infrastructure of the Internet’ space. As well as the enhanced security and performance of the underlying PCCW Global network, which can be accessed on-demand via Console Connect, the performance of the proxies on our network are now improved by Cloudflare’s 1.1.1.1 resolvers. This model for the first time completely decouples client proxy from the resolvers. This partnership strengthens our existing focus on privacy as the world moves to a more remote model and privacy becomes an even more critical feature.”

    ODoH is an important step forward in privacy and security, and will hopefully see fast and widespread adoption.

  • Sophos Suffers Data Exposure Incident

    Sophos Suffers Data Exposure Incident

    Security firm Sophos has informed customers it suffered a data breach as a result of a misconfigured database.

    According to ZDNet, customers’ personal information was exposed, including names, emails and phone numbers. The company informed impacted customers via email, which ZDNet got a copy of.

    On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support.

    The company confirmed the breach to ZDNet, saying that only a “small subset” of its customers were impacted. Nonetheless, this is the second major security issue this year for Sophos, a major source of embarrassment for a company in the business of providing computer security to its customers.

    The company tried to assure customers it was doing everything it could to address the issue.

    At Sophos, customer privacy and security are always our top priority. We are contacting all affected customers,” the company said. “Additionally, we are implementing additional measures to ensure access permission settings are continuously secure.

  • AWS Network Firewall Unveiled to Help Protect VPCs

    AWS Network Firewall Unveiled to Help Protect VPCs

    AWS has unveiled the AWS Network Firewall in an effort to help customers protect their cloud-based virtual networks.

    AWS is currently the top cloud platform, with 31% of the cloud computing market. One of AWS’ biggest strengths is the breadth and depth of services the platform offers.

    The company is building on that with its latest announcement, AWS Network Firewall, “a high availability, managed network firewall service” for virtual private clouds (VPC). The new service complements the other firewall capabilities AWS currently provides, such as “Security Groups to protect Amazon Elastic Compute Cloud (EC2) instances, Network ACLs to protect Amazon Virtual Private Cloud (VPC) subnets, AWS Web Application Firewall (WAF) to protect web applications running on Amazon CloudFront, Application Load Balancer (ALB) or Amazon API Gateway, and AWS Shield to protect against Distributed Denial of Service (DDoS) attacks.”

    The AWS Network Firewall can be setup with just a few clicks, and the company touts its ability to scale as needed, eliminating the need to manage additional infrastructure.

    “With AWS Network Firewall, you can implement customized rules to prevent your VPCs from accessing unauthorized domains, to block thousands of known-bad IP addresses, or identify malicious activity using signature-based detection,” writes Channy Yun is a Principal Developer Advocate for AWS. “AWS Network Firewall makes firewall activity visible in real-time via CloudWatch metrics and offers increased visibility of network traffic by sending logs to S3, CloudWatch and Kinesis Firehose. Network Firewall is integrated with AWS Firewall Manager, giving customers who use AWS Organizations a single place to enable and monitor firewall activity across all your VPCs and AWS accounts. Network Firewall is interoperable with your existing security ecosystem, including AWS partners such as CrowdStrike, Palo Alto Networks, and Splunk. You can also import existing rules from community maintained Suricata rulesets.”

    The news is a welcome addition to AWS’ cybersecurity services and will help customers keep their VPCs even safer.