fbpx
Security, Monitoring, Access Control, Networking, LVT, Liquid Video Technologies, Greenville South Carolina, Election

Election Official Highlights Email Threat

US Election Security Official Highlights Email Threat

SANTA FE, N.M. (AP) — Beware the phishing attempts.

An election security official with the U.S. Department of Homeland Security on Tuesday warned top state election officials nationwide to safeguard against fraudulent emails targeting state and local election workers.

The emails appear as if they come from a legitimate source and contain links that, if clicked, can open up election data systems to manipulation or attacks.

Geoff Hale, director of the department’s Election Security Initiative, told a gathering of secretaries of state that the nation’s decentralized voting systems remain especially vulnerable to emails that can trick unsuspecting workers into providing access to elections databases.

“We know that phishing is how a significant number of state and local government networks become exploited,” Hale told scores of secretaries of state gathered in the New Mexico capital city. “Understanding your organization’s susceptibility to phishing is one of the biggest things you can do.”

Email phishing schemes haunted the electoral landscape in 2016. Hillary Clinton’s 2016 campaign chairman, John Podesta, fell for trick emails on his personal account, allowing Russians to steal thousands of messages about the inner workings of the campaign. Targeted phishing emails also allowed Russians to gain access to the Democratic Congressional Campaign Committee’s networks and eventually exploited that to gain entry to the Democratic National Committee.

In the run-up to the 2020 vote, Iowa Secretary of State Paul Pate, a Republican, is calling phishing the No. 1 concern when it comes to securing election-related computer systems in his state.

Iowa’s 100 county political subdivisions make the threat especially challenging. He said his fear is that phishing emails may target overlooked public employees who don’t have adequate training.

“If they get into the courthouse, they can then get into the county auditor, which is our elections folks — and that’s not a good thing,” Pate said.

Pate’s agency is fighting back with two-factor identification requirements for anyone accessing state voter systems, and mandatory annual cyber-security training sessions.

Phishing threats lay bare the difficulties of guarding election systems across large rural expanses. New Mexico Democratic Secretary of State Maggie Toulouse Oliver says new federal funding is needed to bolster cyber security in counties that are too small to hire information technology specialists. There are seven counties in the state with fewer than 5,000 residents; Harding County is home to about 700.

State election chiefs gathered in Santa Fe for the first time since the release of special counsel Robert Mueller’s report documenting Russian meddling in the 2016 election.

California’s Secretary of State Alex Padilla said he, too, is concerned about so-called soft cybersecurity threats, beyond voting equipment or software, such as predatory phishing for security weaknesses among election workers.

“You can read the Mueller report on what the most effective strategies were that the Russians engaged in, and most cyber experts will tell you that it’s still phishing attempts that are rampant,” he said.

Article Provided By: SFGate

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

 

Security, Monitoring, Surveillance, Access Control, Networking, LVT, Liquid Video Technologies, Greenville South Carolina

Microsoft Adds an Extra Security Layer

Microsoft Adds an Extra Security Layer to its OneDrive Storage Service

Microsoft  today announced OneDrive Personal Vault, a new security layer on top of its OneDrive online file storage service that adds additional security features to keep your files save. The security features ensure that the only way to access these files is with a strong authentication method or two-step verification, which can include a fingerprint or face recognition with a Window Hello-compatible device, PIN code or a one-time code sent by email or SMS (which isn’t necessarily the most secure method, of course), or by using Microsoft Authenticator.

Security, Surveillance, Monitoring, Computer Networking, Networking, Liquid Video Technologies, Greenville South CarolinaIn addition, Microsoft is also doubling the storage plan for its $1.99/month standalone OneDrive subscription from 50GB to 100GB. If you’re on a free plan, you’ll be able to try Personal Vault, too, but Microsoft will limit the number of files you can store in it.

The new Personal Vault will be available to OneDrive users on the web, on Windows 10 and through Microsoft’s mobile apps. It’ll roll out to users in Australia, New Zealand and Canada soon and become available to all OneDrive users by the end of the year.

By default, all OneDrive files are already encrypted at rest and in transit. Personal Vault essentially adds another layer of optional security features on top of this. In that OneDrive app, this is represented by a special Personal Vault folder that you can then use to save your most important files — or those with the largest amount of sensitive information (think financial records etc.).

On Windows 10 PCs, Personal Vault also sets up a Bitlocker-encrypted area on your local hard drive to sync your Personal Vault files.

Article Provided By: techcrunch

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Monitoring, Computer Networking, Access Control, Networking, Liquid Video Technologies, Greenville South Carolina, File Sharing

Increase in Abuse of File Sharing Services

Security researchers are warning of a “dramatic” increase in the exploitation of legitimate file sharing services to deliver malware in email-based attacks, especially OneDrive.

FireEye claimed in its latest Email Threat Report for Q1 2019 that services including WeTransfer, Dropbox, Google Drive and OneDrive are increasingly being used to host malicious and phishing files.

However, while Dropbox was most commonly used of all the services, OneDrive is catching up fast. From hardly being used in any attacks in Q4 2018, it shot up by over 60% in the intervening months.

Hackers are using such services as they bypass the initial domain reputation checks made by security tools.

Detection filters are also challenged by the use of “nested emails.” With this tactic, a first email contains a second email as attachment, which in turn contains the malicious content or URL.

FireEye also warned of a 17% increase in total phishing emails spotted over the previous quarter, with the most-spoofed brands including Microsoft, followed by OneDrive, Apple, PayPal and Amazon.

Hackers are increasingly using HTTPS in phishing attacks featuring URLs in a bid to trick users into clicking. FireEye observed a 26% quarter-on-quarter increase in the tactic, which exploits the consumer perception that HTTPS is inherently secure.

In fact, the FBI was recently forced to issue an alert warning that HTTPS and padlock icons in the address bar are not enough to prove the authenticity of sites.

It said that users should resist clicking on links in unsolicited emails, it added.

Finally, FireEye warned that cyber-criminals are expanding their repertoire when it comes to BEC attacks.

In one version they target the payroll department with requests to change the bank details of senior executives with the hope of diverting their salary. In another, they focus on accounts payable but pretend to be trusted suppliers who are owed money, instead of the CEO/CFO.

Article Provided By: infosecurity

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Monitoring, Security, Access Control, Networking, Liquid Video Technologies, Greenville South Carolina, Cybersecurity

5 Keys to Improve Your Cybersecurity

Cybersecurity isn’t easy. If there was a product or service you could buy that would just magically solve all of your cybersecurity problems, everyone would buy that thing, and we could all rest easy.

However, that is not the way it works. Technology continues to evolve. Cyber attackers adapt and develop new malicious tools and techniques, and cybersecurity vendors design creative new ways to detect and block those threats. Rinse and repeat.

Cybersecurity isn’t easy, and there is no magic solution, but there are a handful of things you can do that will greatly reduce your exposure to risk and significantly improve your security posture.

The right platform, intelligence, and expertise can help you avoid the vast majority of threats, and help you detect and respond more quickly to the attacks that get through.

Challenges of Cybersecurity

Effective cybersecurity is challenging for a variety of reasons, but the changing perimeter and the confusing variety of solutions don’t help.

Long ago, during a time that is all but a distant memory by tech standards, cybersecurity was built around a concept of inside vs. outside, and us vs. them. The servers, applications, users, and data inside the network were inherently trusted, and everything outside of the network was assumed to be a potential threat.

The advent of free public Wi-Fi, portable laptops, mobile devices, and cloud computing have eroded the idea that there is any sort of perimeter, and most attacks leverage valid credentials and appear to be legitimate users, so the old model of defending the perimeter is no longer valid.

Meanwhile, as new platforms and technologies are developed, cybersecurity vendors inevitably create targeted point solutions for each one.

The result is a confusing mix of tools and services that protect specific facets of the environment, but don’t play well with each other and don’t provide a holistic view of the whole infrastructure so you can understand your security posture as a whole.

The constantly expanding and evolving threat landscape doesn’t make it any easier, either. Attacks are increasingly complex and harder to identify or detect—like fileless or “Living off the Land” (LotL) attacks.

The complexity of the IT infrastructure—particularly in a hybrid or multi-cloud environment—leads to misconfiguration and other human error that exposes the network to unnecessary risk. Attackers are also adopting machine learning and artificial intelligence to automate the process of developing customized attacks and evading detection.

Improve Your Cybersecurity

All of that sounds daunting—like cybersecurity is an exercise in futility—but there are things you can do. Keep in mind that your goal is not to be impervious to attack—there is no such thing as perfect cybersecurity.

The goal is to increase the level of difficulty for an attacker to succeed in compromising your network and to improve your chances of quickly detecting and stopping attacks that occur.

Here are 5 tips to help you do that:

  • Assess your business objectives and unique attack surface — Choose a threat detection method that can address your workloads. For instance, cloud servers spin up and spin down constantly. Your detection must follow the provision and deprovision actions of your cloud platform(s) and collect metadata to follow events as they traverse this dynamic environment. Most SIEMs cannot do this.
  • Eliminate vulnerabilities before they need threat detection — Use vulnerability assessments to identify and remove weaknesses before they become exploited. Assess your full application stack, including your code, third party code, and code configurations.
  • Align data from multiple sources to enhance your use cases and desired outcomes — Collect and inspect all three kinds of data for suspicious activity: web, log, and network. Each data type has unique strengths in identifying certain kinds of threats and together present a whole picture for greater accuracy and actionable context.
  • Use analytics to detect today’s sophisticated attacks — ensure your threat detection methods look at both real-time events and patterns in historical events across time. Apply machine learning to find what you do not even know to look for. If you use SIEM, enlist machine learning to see what correlation missed and better tune your SIEM rules.
  • Align security objectives to your business demands — There is more than one way to improve your security posture and detect threats. While SIEMs are a traditional approach, they are most useful for organizations that have a well-staffed security program. A SIEM alone is not the best solution for security monitoring against today’s web applications and cloud environments.

Article Provided By: TheHackerNews

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Access Control, Monitoring, Networking, Liquid Video Technologies, Greenville South Carolina, Data Breach

3 U.S. Universities Disclose Data Breach

Three U.S. Universities Disclose Data Breaches Over Two-Day Span

Three U.S. universities have disclosed data breach incidents impacting personally identifiable information of students or employees following unauthorized access to some of their employees’ email accounts.

All three universities — Graceland University, Oregon State University, and Missouri Southern State University — have notified the individuals whose personal information was potentially stolen or accessed about the security incidents.

In addition, no evidence has been found of the impacted personal information being stolen or used in a malicious manner while investigating the disclosed data privacy incidents involving all three universities.

Graceland University says in a notice of data breach published on June 14 that an “unauthorized user gained access to the email accounts of current employees,” on March 29, 2019, as well as “from April 1-30 and April 12-May 1, 2019, respectively.”

As the university discovered during the breach investigation, “the personal information of some people who had interacted with these email accounts over the past several years was available during the time the unauthorized user(s) had access.”

The information that could have been accessed during the incident contained:

• full name
• social security number
• date of birth
• address
• telephone number
• email address
• parents/children
• salary information
• financial aid information for enrollment or possible enrollment at Graceland

Oregon State University (OSU) states in a press release that “636 student records and family records of students containing personally identifiable information were potentially affected by a data privacy incident that occurred in early May.”

OSU says that a joint investigation carried out with the help of forensics specialists found that an employee’s hacked email account containing documents with the info of the 636 students and their family members was also used by the attackers to “send phishing e-mails across the nation.”

As detailed by Steve Clark, OSU’s VP for university relations and marketing:

OSU is continuing to investigate this matter and determine whether the cyber attacker viewed or copied these documents with personal information.

According to Clark, the university is also reviewing the protection systems and procedures used to shield OSU’s e-mail accounts and information systems.

Missouri Southern State University (MSSU), the third entity which reported a breach, states in a notice of data breach sent to the Office of the Vermont Attorney General that it was alerted of a possible cyber attack triggered by a phishing email on January 9.

The phishing attack made several victims among the university’s employees which prompted a law enforcement notification. The university officials were told afterward to delay notification of affected individuals until investigations are complete.

MSSU also hired a leading forensic investigation firm to look into the security incident and to “block potential email exploitation, including a mass password reset of all employee Office 365 accounts.”

After analyzing the contents of the impacted Office 365 accounts, MSSU found that the emails contained within stored “first and last names, dates of birth, home addresses, email addresses, telephone numbers, and social security numbers.”

As further explained in the data breach notification send to the Vermont Attorney General by MSSU:

In late March, April, and early May, the University identified emails containing personal information that may have been compromised by the attack. In mid-May, the University confirmed that your first and last name and social security number were contained in the impacted accounts.

Article Provided By: BleepingComputer

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Access Control, Networking, Monitoring, LVT, Liquid Video Technologies, Greenville South Carolina, Android

Android Users Plagued By Pop-Ups

440 Million Android Users Plagued By Extremely Obnoxious Pop-Ups

The mobile ad plugin, found in hundreds of Google Play apps, uses well-honed techniques from malware development to hide itself.

Over 440 million Android phones have been exposed to an obnoxious advertising plugin hidden within hundreds of popular applications available via Google Play, which ultimately can render phones almost unusable.

Lookout Research discovered the plugin being bundled with 238 unique applications that have racked up millions of downloads between them – all from one company in China, CooTek. Dubbed BeiTaPlugin, the ad module forcibly displays ads on the user’s lock screen, triggers video and audio advertisements (even while the phone is asleep) and displays out-of-app ads in other areas too.

“Users have reported being unable to answer calls or interact with other apps, due to the persistent and pervasive nature of the ads displayed,” Lookout said in a posting on Tuesday.

Developers of free mobile apps turn to advertising plugins to monetize their wares. These automatically fetch ads at specified times to display, usually within the context of the application itself. For instance, when a player completes a level in a mobile game, he usually has to suffer through a 30-second ad before being able to go onto the next challenge.

However, out-of-app ads skirt the line between legitimate business modeling and obtrusive scamminess by pushing pop-up ads to users when they’re doing other things. The offending app could push an ad to the notification area of the phone, or present a pop-up anywhere, anytime – and the unfortunate part is that the user wouldn’t know which app is the one being obnoxious.

Users in the on an Android forum discussion were monitoring their devices and came to this conclusion:

BeiTaPlugin takes this dodgy practice to an entirely new level, according to Lookout, by employing obfuscation techniques normally reserved for standard malware in order to hide from utilities that block or detect out-of-app ad plugins.

For instance, it takes a little sleep before swinging into action. “These ads do not immediately bombard the user once the offending application is installed, but become visible at least 24 hours after the application is launched,” the researchers said. “For example, obtrusive ads did not present themselves until two weeks after the application ‘Smart Scan’ had been launched on a Lookout test device.”

The BeiTaPlugin also hides its true nature by appending fake file names and suffixes to its components. It names itself “icon-icomoon-gemini.renc” in the system files – purporting to be a legitimate application called Icomoon, which is an application that provides vector icon packs for designer and developer use. One of those icon packs is named Gemini.

“Malware authors commonly employ this technique of renaming executable files to other file types (pdf, jpg, txt) to hide malicious assets in plain sight,” researchers said. “In both cases, the .rec or .renc filetype suffix is intentionally misleading; the file is actually .dex (Dalvik Executable) file type that contains executable code rather than an innocuous .renc file.”

The package is also encrypted, and the AES encryption key is obfuscated through a series of connected methods and finally called for use by a package named “Hades SDK.”

“Increased encryption and obfuscation techniques are applied to hide the plugin’s existence,” explained Lookout researchers. “All strings related to plugin activity are XOR-encrypted and Base64-encoded, courtesy of a third-party library called StringFog. Each class that facilitates the loading of the plugin is encrypted with its own separate key.”

BeiTaPlugin was bundled a popular keyboard app, TouchPal, as well as numerous add-ons to the TouchPal keyboard, and several popular health and fitness apps, according to Lookout. Lookout reported the malicious functionality to Google, and the adware has now been removed from all the affected apps on the Play store – although users with the apps already installed are still likely affected.

Google Play and other app stores are cracking down on the use of out-of-app advertising, so it’s likely that the BeiTaPlugin saga is a sign of things to come, researchers noted.

“This BeiTaPlugin family provides insight into future development of mobile adware,” Lookout said. “As official app stores continue to increase restrictions on out-of-app advertisements, we are likely to see other developers employ similar techniques to avoid detection.”

Article Provided By: threatpost

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

0
Security, Monitoring, Networking, Computer Networking, Access Control, LVT, Liquid Video Technologies, Greenville South Carolina, Cisco fixes

Cisco Fixes High Severity Flaws

Cisco Fixes High Severity Flaws in Industrial, Enterprise Tools

Cisco patched two high severity improper input validation vulnerabilities found in the update feature of the Cisco Industrial Network Director (IND) software and the authentication service of Cisco Unified Presence (Cisco Unified CM IM&P Service, Cisco VCS, and Cisco Expressway Series).

Cisco IND is a solution designed to provide full visibility and control of industrial automation networks as detailed on its spec sheet, while Cisco Unified Presence is an enterprise platform for exchanging presence and instant messaging info in and across organizations.

Cisco IND remote code execution vulnerability

The remote code execution (RCE) flaw impacting Cisco IND is tracked as CVE-2019-1861 and it could allow potential authenticated remote attackers to execute arbitrary code on machines running the vulnerable software.

“The vulnerability is due to improper validation of files uploaded to the affected application,” according to Cisco’s security advisory.

“An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.”

While there are no workarounds for this RCE vulnerability rated with a 7.2 CVSS 3.0 base score by Cisco, the company issued software updates which address this vulnerability starting with Cisco IND 1.6.0.

Cisco Unified Presence denial of service vulnerability

Cisco Unified Presence’s authentication service is affected by a security flaw with a CVSS 3.0 8.6 ratingand tracked as CVE-2019-1845 which could enable unauthenticated remote attackers to create a service outage for users trying to authenticate on vulnerable servers, triggering a denial of service (DoS) condition.

As detailed in Cisco’s security advisory, “The vulnerability is due to insufficient controls for specific memory operations. An attacker could exploit this vulnerability by sending a malformed Extensible Messaging and Presence Protocol (XMPP) authentication request to an affected system.”

“A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing users from successfully authenticating. Exploitation of this vulnerability does not impact users who were authenticated prior to an attack.”

Cisco says that the following software products are impacted by this DoS flaw if running a vulnerable version:

  • Expressway Series configured for Mobile and Remote Access with IM&P Service (Releases X8.1 to X12.5.2)
  • TelePresence VCS configured for Mobile and Remote Access with IM&P Service (Releases X8.1 to X12.5.2)
  • Unified Communications Manager IM&P Service (multiple releases)

Cisco patched the DoS vulnerability in releases X12.5.3 and later for Cisco Expressway Series and Cisco TelePresence VCS, while for Cisco Unified Communications Manager IM&P users should update to one of the versions listed in the table below:

Cisco Unified CM IM&P Service Major Release First Fixed Release
 10.5(2)  11.5(1) SU6 or 12.5(1)
 11.5(1)  11.5(1) SU6
 12.0(1)  12.5(1)
 12.5(1)  Not vulnerable

According to Cisco’s Product Security Incident Response Team (PSIRT), no malicious or active exploitation for the vulnerabilities described above has been detected.

Article Provided By: bleepingcomputer

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Monitoring, Access Control, Computer Networking, Networking, LVT, Liquid Video Technologies, Greenville South Carolina, Security Protections

Apple Security Protections Are Bypassed

Apple MacOS Security Protections Can Easily Bypassed with ‘Synthetic’ Clicks, Researcher Finds

A security researcher has disclosed a new flaw that undermines a core macOS security feature designed to prevent apps — or malware — from accessing a user’s private data, webcam or microphone without their explicit permission.

The privacy protections, recently expanded in macOS Mojave, were meant to make it more difficult for malicious apps to get access to a user’s private information — like their contacts, calendar, location and messages — unless the user clicks ‘allow’ on a popup box. The protections are also meant to prevent apps from switching on a Mac’s webcam and microphone without consent. Apple’s Craig Federighi touted the security features as “one of the reasons people choose Apple” at last year’s WWDC developer conference.

But the protections weren’t very good. Those ‘allow’ boxes can be subverted with a maliciously manufactured click.

It was previously possible to create artificial or “synthetic” clicks by using macOS’ in-built automation feature AppleScript, or by using mouse keys, which let users — and malware — control the mouse cursor using the numeric pad on the keyboard. After fixing these bugs in previous macOS versions, Apple’s current defense is to block all synthetic clicks, requiring the user to physically click on a button.

But Patrick Wardle, a former NSA hacker who’s now chief research officer at Digita Security, said he’s found another way to bypass these protections with relative ease.

Wardle, who revealed the zero-day flaw at his conference Objective By The Sea in Monaco on Sunday, said the bug stems from an undocumented whitelist of approved macOS apps that are allowed to create synthetic clicks to prevent them from breaking.

Typically apps are signed with a digital certificate to prove that the app is genuine and hasn’t been tampered with. If the app has been modified to include malware, the certificate usually flags an error and the operating system won’t run the app. But a bug in Apple’s code meant that that macOS was only checking if a certificate exists and wasn’t properly verifying the authenticity of the whitelisted app.

“The only thing Apple is doing is validating that the application is signed by who they think it is,” he said. Because macOS wasn’t checking to see if the application had been modified or manipulated, a manipulated version of a whitelisted app could be exploited to trigger a synthetic click.

One of those approved apps is VLC, a popular and highly customizable open-source video player that allows plugins and other extensions. Wardle said it was possible to use VLC as a delivery vehicle for a malicious plugin to create a synthetic click on a consent prompt without the user’s permission.

“For VLC, I just dropped in a new plugin, VLC loads it, and because VLC loads plugins, my malicious plugin can generate a synthetic click — which is fully allowed because the system sees its VLC but doesn’t validate that the bundle to make sure it hasn’t been tampered with,” he explained

“And so my synthetic events is able to click and access the users location, webcam, microphone,” he said.

Wardle describe the vulnerability as a “second stage” attack because the bug already requires an attacker — or malware — to have access to the computer. But it’s exactly these kinds of situations where malware on a computer tries to click through on a consent box that Apple is trying to prevent, Wardle said.

He said he informed Apple of the bug last week but the tech giant has yet to release a patch. “This isn’t a remote attack so I don’t think this puts a large number of Mac users immediately at risk,” he said.

An Apple spokesperson did not return a request for comment.

It’s not the first time Wardle has warned Apple of a bug with synthetic clicks. He reported related bugs in 20152017 and 2018. He said it was “clear” that Apple doesn’t take these bugs seriously.

“In this case, literally no-one looked at this code from a security point of view,” he said.

“We have this undocumented whitelisting feature that is paramount to all these new privacy and security features, because if you can generate synthetic events you can generically thwart them of them trivially,” he said.

“It’s important to get this right,” he said.

Article Provided By: techcrunch

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Monitoring, Access Control, Networking, Computer Networking, LVT, Liquid Video Technologies, Greenville South Carolina, Gmail

Google is using Gmail to Track Purchases

Google is using Your Gmail Account to Track Your Purchases

Do you think your email on Gmail is private? If so, you may want to think again, as your Gmail messages are being scanned by Google for purchases, which are then displayed in your Google account.

This week, a user posted on Reddit about how they discovered that their Google Account’s Purchases page contained all of the purchases they have made from Amazon and other online stores even though they do not use Google Pay.

When I saw this, I checked my Google Account Purchases page, located at https://myaccount.google.com/purchases, and saw that it too contained the purchases I made from online services such as Dominos, Steam, 1-800-Flowers.com, Amazon, Adidas, and more.  Like the Reddit user, I do not use Google Pay.

Purchases Page
Purchases Page

The general consensus was that Gmail was analyzing incoming emails for purchase receipts and then extracting that information.

When BleepingComputer contacted Google about this, they confirmed the information was coming from Gmail messages. They also stated that this was being done to help their users find their data and that they do not use any information stored in your emails, including your purchases, to serve you ads.

“To help you easily view and keep track of your purchases, bookings and subscriptions in one place, we’ve created a private destination that can only be seen by you. You can delete this information at any time. We don’t use any information from your Gmail messages to serve you ads, and that includes the email receipts and confirmations shown on the Purchase page. We’re always working to help people understand and manage their data.”

While they may not be using this information to serve you ads, are they using it for something else? Google has not given us a definitive answer on this question.

Deleting purchase data is a pain

While Google told us that you can delete this information at any time, they did not mention how much of a pain it is to do so.

Instead of having a single setting that allows you to control how this data is saved, you need to go into each and every purchase and click on the Remove Purchase button. This will bring you to the original email that the data was pulled from and once this email is trashed, the purchase will be removed from the Purchases page.

Remove Purchase

With my Purchases having data going as far back as 2013 and showing approximately 300 purchases, it would be a big pain to manually delete each and every one.  Even worse, another account that I use for most of my purchasing has thousands of orders, which would take forever to clean up.

When searching for a way to stop Google from pulling purchases out of my Gmail emails, I could not find a setting that would allow me to do so.

CNBC who also covered this story this week, was also unable to find a setting that stopped Gmail from scanning emails and extracting purchase information.

G Suite customers appear to be spared

I use different email accounts depending on the particular purpose and one of these email accounts is through Google’s G Suite service.

When I checked the Purchases page for my G Suite account, I noticed that the page was empty even though it is commonly used to make online purchases. I also asked another person who uses G Suite and they too confirmed their page was empty.

While two people is not a large sample by any means, it could indicate that this data extraction is not occurring for G Suite accounts. I also could not find any settings in the G Suite Admin console that allows me configure these settings.

We have already asked Google if G Suite is excluded from this data extraction, but have not heard back as of yet.

Article Provided By: bleepingcomputer

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Networking, Computer Networking, Access Control, Monitoring, LVT, Liquid Video Technologies, Greenville South Carolina, Network Security

A Way to Improve Network Security

Scientists May Have Identified a New Way to Improve Network Security

With cybersecurity one of the nation’s top security concerns and billions of people affected by breaches last year, government and businesses are spending more time and money defending against it.

Researchers at the U.S. Army Combat Capabilities Development Command’s Army Research Laboratory, the Army’s corporate research laboratory also known as ARL, and Towson University may have identified a new way to improve network security.

Many cybersecurity systems use distributed network intrusion detection that allows a small number of highly trained analysts to monitor several networks at the same time, reducing cost through economies of scale and more efficiently leveraging limited cybersecurity expertise; however, this approach requires data be transmitted from network intrusion detection sensors on the defended network to central analysis severs. Transmitting all of the data captured by sensors requires too much bandwidth, researchers said.

Because of this, most distributed network intrusion detection systems only send alerts or summaries of activities back to the security analyst. With only summaries, cyber-attacks can go undetected because the analyst did not have enough information to understand the network activity, or, alternatively, time may be wasted chasing down false positives.

In research presented at the 10th International Multi-Conference on Complexity, Informatics and Cybernetics March 12-15, 2019, scientists wanted to identify how to compress network traffic as much as possible without losing the ability to detect and investigate malicious activity.

Reducing the amount of traffic transmitted to the central analysis systems

Working on the theory that malicious network activity would manifest its maliciousness early, the researchers developed a tool that would stop transmitting traffic after a given number of messages had been transmitted. The resulting compressed network traffic was analyzed and compared to the analysis performed on the original network traffic.

As suspected, researchers found cyber attacks often do manifest maliciousness early in the transmission process. When the team identified malicious activity later in the transmission process, it was usually not the first occurrence of malicious activity in that network flow.

“This strategy should be effective in reducing the amount of network traffic sent from the sensor to central analyst system,” said Sidney Smith, an ARL researcher and the study’s lead author. “Ultimately, this strategy could be used to increase the reliability and security of Army networks.”

For the next phase, researchers want to integrate this technique with network classification and lossless compression techniques to reduce the amount of traffic that needs to be transmitted to the central analysis systems to less than 10% of the original traffic volume while losing no more than 1% of cyber security alerts.

“The future of intrusion detection is in machine learning and other artificial intelligence techniques,” Smith said. “However, many of these techniques are too resource intensive to run on the remote sensors, and all of them require large amounts of data. A cybersecurity system incorporating our research technique will allow the data most likely to be malicious to be gathered for further analysis.”

Article Provided By: HelpNetSecurity

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

1 2 3 8