ANCHOR CYBER FEED

As the Internet of Things (IoT) market progresses, the number of malware threats targeting the sector is rising as well. The ultimate goal for many of these IoT threats is to build solid botnets in order to launch distributed denial of service (DDoS) attacks. Some of the threats that lack DDoS capabilities might still install DDoS-capable malware, researchers say. “DDoS attacks remain the main purpose of IoT malware. With the rapid growth of IoT, increased processing power in devices may prompt a change of procedures in the future, with attackers branching out into cryptocurrency mining, information stealing, and network reconnaissance,” Symantec concludes. http://www.securityweek.com/ddos-attacks-are-primary-purpose-iot-malware ​ http://www.securityweek.com/linux-xor-ddos-botnet-flexes-muscles-150-gbps-attacks

A few weeks ago a vulnerability was publicized in the VPN functionality of Cisco PIX firewalls, along with a tool to exploit it. This exploit was part of the Shadow Brokers dump of tools allegedly stolen from the NSA; in this case it was the BENIGNCERTAIN tool. This exploit was viewed as being of limited impact, since Cisco discontinued support for the PIX firewall years ago in favor or their newer ASA firewall line. This weekend it was announced that the same vulnerability exists in the IOS software that powers the vast majority of Cisco devices. This means that Cisco routers and routing switches with VPN functionality can be exploited with the BENIGNCERTAIN tool as well, rendering their VPN sessions subject to snooping. The vulnerability affects all versions of IOS going back to 12.2, as well as most versions IOS XR and IOS XE. Cisco has not yet released updated software to fix this issue, and they say there are no work-arounds; they have, however, published intrusion detectio

Last week, former Secretary of State General Colin Powell became the latest public figure to have his personal email account hacked and his messages exposed publicly, to great embarrassment to himself and others. He joins a long list of political, government, and entertainment figures who have endured this same fate. Organizations cannot ignore the potential impact of such an incident occurring to one of their personnel, especially senior management in highly visible roles. The good news is that this type of incident is avoidable. The majority of these incidents have happened when a user's password was guessed, obtained via keystroke monitoring or other snooping, or reset via social engineering. The social engineering method that has been used against many prominent people, including the Director of the CIA and the Director of National Intelligence, was to contact their Internet provider or phone company and request a password reset. These methods can be largely defeated using

This post is one in a series of blog posts on the fundamentals of an information security program. You can see the complete list of posts in this series here . If anti-virus is the most basic control people think of in securing a computer, then firewalls serve the same role in network security. To many laypersons, “firewall” is synonymous with network security. But it was not until the late 1980s that practical network packet filters were introduced, allowing organizations to connect two networks while controlling what types of traffic were allowed, to which endpoints, and in which directions. Firewalls these days have evolved into “next-generation firewalls” or even “unified threat management devices.” These names denote two trends in the evolution of firewalls: the ability to filter traffic based on more detailed traffic properties, and the incorporation of other security functions (such as intrusio detection/prevention) that were traditionally provided by other devices. The f

In many organizations, more and more work is being conducted via “mobile devices” like smartphones and tablets rather than traditional PCs and laptops. The most common of these by far are those running Apple’s iOS (iPhones and iPads) and those running Google’s Android OS. These devices are light, portable, convenient, handy, and generally easy to maintain and manage. However, they are still powerful computing devices that can store a lot of critical information and can also prevent serious security challenges. Some basic measures that you should take include: Set a password and set your phone to lock automatically after a short period of non-use. It’s so easy to lose a phone on a bus or train or in a restaurant, and if someone picks it up while it’s unlocked they can do and access pretty much everything on the device. Consider enabling a function to wipe the data and settings from your device if the passcode is entered incorrectly enough times. This function does allow for some

This post is one in a series of blog posts on the fundamentals of an information security program. You can see the complete list of posts in this series here . The most basic of basic security principles is that you must know what you are defending in order to defend it. It sounds obvious at first blush, but it is an oft-neglected step in securing your network, your systems, and your information. Getting a handle on what devices are present on your network is essential to a proper security program. One of the notes in the Office of Personnel Management (OPM) Inspector General's report on their systems security in November 2014 (just before they suffered a massive breach) was that the office did not "maintain a comprehensive inventory of servers, databases, and network devices." 1 This shortcoming clearly underlies many of the other shortcomings there, including the failure to conduct comprehensive vulnerability scans -- you can't be sure if you're scanning

Let us discuss the importance of using strong, complex passwords, and being diligent to use different passwords for everything. Most of us can agree that is good advice, but many of us don't follow it. The reason is simple: it is too hard to remember all those passwords! I understand completely; I personally have about 300 passwords right now! The old wisdom was to never write down your passwords and never record them ANYWHERE. However, the big threat to your data today is not someone who finds your password hidden under your keyboard, but someone on the other side of the world cracking or guessing your password. So to make complex and unique passwords possible, many security professionals recommend the use of a "password manager" software or service. Password managers are apps used to safely store ALL of your passwords and keep them safely encrypted in one place. Most are offered by providers who will store the data in the cloud so that you can sync it to all your

Passwords are perhaps the oldest and best-known security technologies in use today, as well as perhaps the most hated and despised. Security professionals dislike passwords because they often provide woefully inadequate security, and users hate them because they are hard to remember and manage. Security policy requirements often exacerbate this situation by imposing arcane requirements for password "complexity" and by requiring users to change passwords frequently (just when they are really, solidly stuck in our memory).The latest publication from the National Institute of Standards and Technology (NIST) on the topic of authenticators (NIST Special Publication 800-63B) advances some exciting ideas that run counter to the typical ideas about how passwords should be chosen and managed: Systems should give users a minimum of ten attempts at entering their password.  Users should be encouraged to make their passwords long, and the length of passwords should not be limited t

Keeping your computer and information secure is challenging all the time, but is especially challenging when you are on the go. Both your device(s) and data can be at risk, and some of the protections you may be used to having on your corporate and/or home networks are not present. Extra vigilance is warranted in such situations. Whether you're traveling out-of-town or just working at a table in the Starbucks down the street, here are a few things to keep in mind to keep secure while traveling: Avoid Wi-Fi hotspots in cafes, hotels, restaurants, etc., especially “open” hotspots (which most publicly-accessible ones are.) iPhones have a built-in capability to connect to a VPN , so this is a way of more safely using open Wi-Fi. A wired connection in your hotel is better than Wi-Fi — less subject to monitoring. When you work over non-secure networks (and any network you don’t control should be treated as such), a good practice is to work over a VPN connection or other remot

Many organizations now are using multi-factor security for user authentication, especially in higher-risk cases (e.g., admin users, remote access). Many popular consumer-oriented services offer this as a feature as well. If your Gmail, Apple, Microsoft, Facebook, Twitter, Yahoo, or other account doesn't currently require a two-factor or two-step login, it is easy to enable. If your bank or other online financial service doesn't offer this feature, tell them you want it or move to one that does. Here are two great sites with a lists of services that support two-factor authentication and links to set it up:    https://twofactorauth.org/ http://www.pcmag.com/article2/0,2817,2456400,00.asp Most two-factor authentication schemes can work from an app or a text message on your smartphone. It can take a bit of learning at first, but for most users it quickly becomes routine and trouble-free.

The phrase “the Internet of things” (IOT) has gained currency over the past several years as more devices aside from traditional computing devices ​are being connected to the Internet. The term was coined in a 1999 presentation on the use of radio-frequency ID (RFID) chips to track items in the manufacturing and delivery process. Since then it has become a major issue in technology circles and a subject of much concern regarding the security implications of such Internet-connected "things." Many appliances and other devices are connected to the Internet now, primarily in order to provide for remote control and/or monitoring. Common examples include security cameras, thermostats, door locks, automobile systems, medical devices, and home lighting control systems (indeed, whole-house control systems). The Nest thermostat (and later smoke detector and cameras) was perhaps the first highly-visible and widely-known Internet-connected “thing,” and its popularity helped bring th

"Patch your systems in a timely manner" is a mantra of security experts, but what happens when patches are not available because a product's maker no longer supports it? With 30 to 50 percent of the hardware and software assets in the average large enterprise end-of-life these products pose a serious security risk to the enterprise. More than 99 percent of vulnerabilities exploit out-of-date software with known vulnerabilities,   http://www.technewsworld.com/story/83764.html

The most frequent way that malicious software and other threats get into computers and networks is via malicious "phishing" emails designed to entice users into opening documents or clicking on web links that will result in the compromise of their computer. Spearphishing is a more focused type of phishing, where the "lure" is customized to the target organization or individual. Whereas broadly-targeted phishing emails may be relatively easy to detect, spearphishing emails can be very convincing and difficult to detect. Some tips to avoid being compromised by spear-phishing messages: Implement a good email security device or service. This will filter out the majority of phishing and spearphishing attempts.  Check closely the "from" and "reply-to" addresses of suspicious emails. These won't always match for legitimate emails, but often in the case of spearphishing one or the other is an obviously inappropriate address. Check web links t

When it comes to security, it would seem like encryption is a good thing, right? Encryption is a good tool for protecting the confidentiality of your information, but (as the trend of ransomware has shown us) it has a down side. Secrecy can work for the the good guys and the bad guys both. Securing your network requires being aware of what is going on and what communications take place, and encryption can make that difficult. Just a few years ago, encryption on the web was used primarily just for logins and for sensitive parts of session, such as payments. However, that began to change in 2010 when Google changed Gmail to use HTTPS by default. That was followed by Facebook and Google search going to HTTPS by default in 2011 (Google completed the switch in 2012), Twitter in 2012, YouTube in 2014, and Wikipedia in 2015. Netflix has announced their intention to move entirely to HTTPS, but currently most of their actual streaming is still un-encrypted. Currently, most networks see more

This post is one in a series of blog posts on the fundamentals of an information security program. You can see the  the complete list of posts in this series here . When most people think of technical controls for information security, the first one they tend to think of is anti-virus software. After it was first widely commercialized in the late 1980s, antivirus software became known as the thing you needed to have to deal with the security of your computer. And by the mid-90s, when the connecting, communicating, and downloading over the Internet became more and more the reason for using a computer, antivirus software came to be seen as an essential accessory to modern computing life. The traditional approach of anti-virus software was to check digital files against a set of “signatures” of known virus (or, more broadly, malicious software or malware) files, in order to delete or quarantine dangerous files found stored on the computer. This technique has been refined and enhanc

Do you believe your organization has an effective and comprehensive cyber security plan? Don’t bet on it. Eight in 10 small-businesses with less than 250 workers don’t have a basic cyber-attack incident response plan, even though a majority was hit by cyber crimes. With today’s technology making information highly convenient and accessible, smart organizations are taking a big picture approach to their cyber security and preparing for a multitude of worse-case scenarios so they are able to quickly detect and mitigate a breach when it occurs. ​ Many small companies don’t think that they are a target for a cyber breach, as they feel that they do not have the sensitive information a hacker would be interested in. What they fail to realize is they have become an easy target to cyber hackers. http://www.foxbusiness.com/features/2016/04/27/cyber-attacks-on-small-businesses-on-rise.html https://www.entrepreneur.com/article/252138

The attention on information security over the past several years has made hiring qualified personnel for security positions extremely difficult. The availability of talent is low, and salaries are sky high. So how can an organization find and hire personnel to meet their security requirements? In a recent survey of large and midsize organizations, only 29% of IT pros said they had a qualified cybersecurity expert in their IT department. 23% said they had access to an contracted or 3rd-party expert. The rest? Apparently they are on their own, and while most IT pros have at least a basic understanding of security, this is generally not adequate to meet all of an organization's needs. And if this is true of even large organizations, what are smaller organizations to do? One answer is to outsource your IT security needs to a trusted partner. Most organizations use outside providers for various security needs, such as providing assessments or security software. But operating i

Cyber breaches and hacks are, for the most part, preventable today. Most of what is happening to the average user or corporation could have been prevented with a solid Cyber strategy, a quality cyber program and quality tools. The problem is that users and corporations are inundated with solutions and ideas to "fix" the problem. So many conversations we have around security are started through users exploring the next "thing" available, promising to fix it all. Things are great, but may not effectively manage your cyber risk, especially if you have never evaluated what risks there actually are in your environment. This shouldn't be done at a basic level either. For the very same reason you shouldn't get the opinion of a "doctor" in an alley for a nickel, nor should you invest in a security assessment that isn't comprehensive or performed by experts. Cyber security is not IT and is best evaluated by expert consultants which each having over

Drupal pre-announced major updates yesterday in three different modules to fix some very critical vulnerabilities that have been discovered. These vulnerabilities may allow for remote code execution on vulnerable servers, so installing these updates should be at the top of anyone's priority list who is running a Drupal website. The updates themselves were released just this afternoon (Wednesday the 13th). Drupal is a very popular web-based content management system (CMS), implemented in PHP, that is used by organizations large and small, from the White House and CNN to small businesses. https://www.drupal.org/psa-2016-001 https://www.drupal.org/security/contrib

Summer is officially here, and with that comes vacation season. But before you go, make sure you’re following these simple steps to stay cyber-secure while you soak up the sun: Stay with mobile payment apps and carrier networks when traveling - avoid open public WiFi. Don't announce your plans or locations via social media. Enable the location and remote wipe capabilities on your mobile device. Make sure to have a short timeout for your mobile lock-out function, and use an adequate password/PIN.Hackers know you want to connect and they will do their best to gain access to your device and/or important data, not to mention being more than willing to just steal the device itself if they can. ​ http://www.darkreading.com/endpoint/5-tips-for-staying-cyber-secure-on-your-summer-vacation/d/d-id/1325930? http://www.nationalcybersecurityinstitute.org/small-business/summer-traveling-cybersecurity-tips/

A phishing campaign was discovered last week that targeted possibly millions of users of Microsoft's Office365 Corporate service. The campaign was delivering the Cerber ransomware, which encrypts documents, videos, and photos on the compromised computer, as well as any network file shares to which the compromised computer is attached, and then demands a ransom to provide the ability to decrypt them. The malware was delivered via a document with malicious macros embedded in it. Previous versions of Cerber were delivered via web-based exploits that exploited Flash vulnerabilities. The malware was able to bypass the built-in security tools in Office365, but was detected using the Check Point SandBlast malware protection system. The SandBlast technology can run on a Check Point firewall, as an agent on network endpoints, or as a cloud-based service. To learn more about Check Point Sandblast, contact Anchor.

By far, the biggest story in malware over the past two years or more is the rise of ransomware. This species of malicious software seeks to encrypt a computer or user's files then hold them hostage, demanding a ransom in order to provide the key to decrypt the data. While the first modern ransomware began to appear in 2005, it was the emergence of the CryptoLocker ransomware in 2013 that began the sharp increase in ransomware incidents that we are still observing today. Today, ransomware has largely displaced "banking trojans" and other financial and credit card information stealing malware as the most common form of financially-motivated malware in use today. How to Be Prepared for Ransomware Attacks Have adequate backup and restoration capability. While obviously we hope to avoid being hit by ransomware, we want to be prepared in case it does successfully strike us. Ensure that backups are frequent, and (very importantly) that backup file locations are NOT in w

What puts you at the greatest threat of being hacked? Is it your operating system, the websites you visit, the up-to-datedness of your anti-virus software? All of those things matter - and they matter a great deal - but what it really comes down to is this: how complacent are you about cybersecurity? Hackers looking for a computer to take advantage of may ping yours to see if it’ll reply; if it does, the answer lets them know what operating system your computer is running—an excellent starting point for their despicable games. ​ All computers have some kind of basic input/output system (BIOS), the basic program that brings a machine to life. It's the kind of thing you should never tamper with. And it should obviously remain heavily protected. http://www.huffingtonpost.com/jason-glassberg/are-apple-products-really_b_10241742.html?utm_hp_ref=cybersecurity http://money.cnn.com/2015/06/03/technology/mac-bug/ http://www.macworld.com/article/1051456/protectfw.html

Cybercrime is evolving at a rapid pace, and it's been predicted that data breaches could cost businesses $2.1 trillion globally by 2019. In order to stay ahead and protect data and businesses, security teams must adapt fast in the escalating arms race. To help you win the war Gartner has picked the top ten cyber security technologies for 2016. ​ www.information-age.com/technology/security/123461612/gartner-picks-out-top-ten-cyber-security-technologies-2016

Tuesday was the regular day for Adobe to release software updates, and this Tuesday they released a bulletin for Flash announcing that there was a newly-discovered vulnerability which was already being used, "in limited attacks," in the wild by cyber criminals. However... not patch was available. Yet. That patch was released this afternoon (Thursday), and is now available both on their website and via auto-update. The vulnerability it fixes (CVE-2016-4171) affects Flash on all platforms: Windows, Macintosh, Linux, and Chrome OS. It was reported to Adobe by researchers from Kaspersky Labs, who have observed it being used by an "advanced persistent threat" (APT) group that Kaspersky has dubbed "ScarCruft." Organizations are urged to ensure their system are updated as soon as possible. This is the third time in recent months that Adobe has delayed a Flash update from its normal, expected release time in order to include a patch for an active zero-day ex

There's a new ransomware program infecting computers called RAA that's written entirely in JavaScript and locks users' files by using strong encryption. It's rare to see client-side malware written in web-based languages such as JavaScript, which are primarily intended to be interpreted by browsers. Attackers have taken to this technique in recent months resulting in a spike in malicious email attachments. http://www.infoworld.com/article/3083419/javascript/dont-run-js-email-attachments-they-can-carry-potent-ransomware.html http://www.pcworld.com/article/3083392/security/dont-run-js-email-attachments-they-can-carry-potent-ransomware.html

Check Point Software Technologies, found a security flaw in Facebook’s Messenger platform that allowed hackers to change messages in a Facebook chat after they had been sent. In essence, it would allow anyone to essentially take control of any message and replace that message with a different link sent by Chat or Messenger, modify its contents, distribute malware and even insert automation techniques fooling you into infecting your system. https://securitytoday.com/articles/2016/06/07/facebook-vulnerability-allows-hacker-to-alter-conversations.aspx ​ http://blog.checkpoint.com/2016/06/07/facebook-maliciouschat/ https://www.helpnetsecurity.com/2016/06/07/facebook-vulnerability-chat-messenger/

Smart technology and access to high-speed internet has been a part of the Class of 2016. Their lives from the get-go, are making this group incredibly tech savvy. But, their hyper-connected behavior doesn’t come without its limitations. Bring in the next, extremely tech-adaptive generation into the workforce, we need to learn how you can protect your network from their laidback security behavior. As the workforce becomes increasingly mobile, managing all types of devices and network security is imperative to data security. http://www.darkreading.com/operations/5-ways-to-protect-your-network-from-new-graduates-/d/d-id/1325764? http://www.darkreading.com/cloud/millennials-could-learn-from-baby-boomers-when-it-comes-to-security/d/d-id/1325687?ngA http://www.darkreading.com/endpoint/believe-it-or-not-millennials-do-care-about-privacy-security/d/d-id/1322622

Data warehouses and business intelligence tools aren't just for measuring and monitoring business operations and performance. They can also be valuable in an organization's security program. http://www.infoworld.com/article/3071112/security/defend-yourself-build-a-cyber-security-database.html ​ http://www.darkreading.com/application-security/database-security/databases-remain-soft-underbelly-of-cybersecurity/d/d-id/1325216

Organizations are taking steps to assess and improve cybersecurity knowledge among their employees. Methods include new employee orientation, continued training programs, online courses and arbitrary security audits. Strict and coordinated security policy helps an organization in data management, and makes employees clear about data sharing, and its usage. Make employee training mandatory, with follow-up tests and assessments. These are a few of the steps that would improve effectiveness. http://www.securitymagazine.com/articles/87104-cybersecurity-breaches-hit-nearly-three-in-four-organizations https://securityledger.com/2016/05/on-data-breaches-is-our-employees-learning/ https://www.clickssl.net/blog/data-breach-an-overlooked-issue-in-organizations ​

Cybercrime is now such a part of everyday life that we are no longer shocked by the sophistication and staggering numbers being reported these days. It's easy to assume that you are safe from online crime if you stick to well-known websites. But that's not the case anymore. You really don't have to go to some "bad part" of the web to get infected. Cybercriminals are taking advantage of flaws in legitimate websites to spread their malevolent software. The data lost, the money stolen and the disruption caused by cybercriminals is worse than ever. Despite all this, there are things you can and should do to protect yourself whenever or however you go online. Just remember that the internet never forgets. http://www.nbcnews.com/tech/tech-news/cyber-threats-are-mind-blowing-crooks-getting-smarter-report-n554176 http://www.adn.com/article/20160413/what-do-when-cybercrook-locks-your-computer-and-demands-ransom http://www.securityweek.com/paying-not-option-when-ransomw

The next time you do some online shopping or call your bank, you may find you no longer have to scuttle around to find or remember your security password. Banks and other companies are gradually turning to voice and face recognition technology as their ideal way of ensuring customers are who they say they are when they use telephone banking services. But does this kind of technology really mean that you will soon be able to just forget all of your passwords? Right now the answer is “no.” The benefits are real, perfect security and perfect convenience are difficult goals to balance – but this technology has the potential to make our digital lives a lot less frustrating. ​ http://www.technewsworld.com/story/83244.html ​ http://dailyjour.com/selfies-can-protect-online-purchases-amazon/ ​ https://cyber-security.news/amazon-selfie-password-is-this-the-future

The latest malware, Viking Horde, has set sight on Android phones and tablets. Viking Horde is taking siege of these devices by infecting apps at the Google Play store. It affects both rooted and non-rooted Android devices. The rooted devices are more vulnerable to malware, thus taking advantage of these devices by installing software that can execute code remotely. Any data on the device is then at risk and it's difficult to remove the malware since it gains root access. ​ http://www.cnet.com/news/viking-horde-malware-attacks-android-devices/

When it comes to security, it would seem like encryption is a good thing, right? Encryption is a good tool for protecting the confidentiality of your information, but (as the trend of ransomware has shown us) it has a down side. Secrecy can work for the the good guys and the bad guys both. Securing your network requires being aware of what is going on and what communications take place, and encryption can make that difficult. Just a few years ago, encryption on the web was used primarily just for logins and for sensitive parts of session, such as payments. However, that began to change in 2010 when Google changed Gmail to use HTTPS by default. That was followed by Facebook and Google search going to HTTPS by default in 2011 (Google completed the switch in 2012), Twitter in 2012, YouTube in 2014, and Wikipedia in 2015. Netflix has announced their intention to move entirely to HTTPS, but currently most of their actual streaming is still un-encrypted. Currently, most networks see more