fbpx
0
Security, Monitoring, Networking, Computer Networking, Access Control, LVT, Liquid Video Technologies, Greenville South Carolina, Cisco fixes

Cisco Fixes High Severity Flaws

Cisco Fixes High Severity Flaws in Industrial, Enterprise Tools

Cisco patched two high severity improper input validation vulnerabilities found in the update feature of the Cisco Industrial Network Director (IND) software and the authentication service of Cisco Unified Presence (Cisco Unified CM IM&P Service, Cisco VCS, and Cisco Expressway Series).

Cisco IND is a solution designed to provide full visibility and control of industrial automation networks as detailed on its spec sheet, while Cisco Unified Presence is an enterprise platform for exchanging presence and instant messaging info in and across organizations.

Cisco IND remote code execution vulnerability

The remote code execution (RCE) flaw impacting Cisco IND is tracked as CVE-2019-1861 and it could allow potential authenticated remote attackers to execute arbitrary code on machines running the vulnerable software.

“The vulnerability is due to improper validation of files uploaded to the affected application,” according to Cisco’s security advisory.

“An attacker could exploit this vulnerability by authenticating to the affected system using administrator privileges and uploading an arbitrary file. A successful exploit could allow the attacker to execute arbitrary code with elevated privileges.”

While there are no workarounds for this RCE vulnerability rated with a 7.2 CVSS 3.0 base score by Cisco, the company issued software updates which address this vulnerability starting with Cisco IND 1.6.0.

Cisco Unified Presence denial of service vulnerability

Cisco Unified Presence’s authentication service is affected by a security flaw with a CVSS 3.0 8.6 ratingand tracked as CVE-2019-1845 which could enable unauthenticated remote attackers to create a service outage for users trying to authenticate on vulnerable servers, triggering a denial of service (DoS) condition.

As detailed in Cisco’s security advisory, “The vulnerability is due to insufficient controls for specific memory operations. An attacker could exploit this vulnerability by sending a malformed Extensible Messaging and Presence Protocol (XMPP) authentication request to an affected system.”

“A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing users from successfully authenticating. Exploitation of this vulnerability does not impact users who were authenticated prior to an attack.”

Cisco says that the following software products are impacted by this DoS flaw if running a vulnerable version:

  • Expressway Series configured for Mobile and Remote Access with IM&P Service (Releases X8.1 to X12.5.2)
  • TelePresence VCS configured for Mobile and Remote Access with IM&P Service (Releases X8.1 to X12.5.2)
  • Unified Communications Manager IM&P Service (multiple releases)

Cisco patched the DoS vulnerability in releases X12.5.3 and later for Cisco Expressway Series and Cisco TelePresence VCS, while for Cisco Unified Communications Manager IM&P users should update to one of the versions listed in the table below:

Cisco Unified CM IM&P Service Major Release First Fixed Release
 10.5(2)  11.5(1) SU6 or 12.5(1)
 11.5(1)  11.5(1) SU6
 12.0(1)  12.5(1)
 12.5(1)  Not vulnerable

According to Cisco’s Product Security Incident Response Team (PSIRT), no malicious or active exploitation for the vulnerabilities described above has been detected.

Article Provided By: bleepingcomputer

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Monitoring, Access Control, Computer Networking, Networking, LVT, Liquid Video Technologies, Greenville South Carolina, Security Protections

Apple Security Protections Are Bypassed

Apple MacOS Security Protections Can Easily Bypassed with ‘Synthetic’ Clicks, Researcher Finds

A security researcher has disclosed a new flaw that undermines a core macOS security feature designed to prevent apps — or malware — from accessing a user’s private data, webcam or microphone without their explicit permission.

The privacy protections, recently expanded in macOS Mojave, were meant to make it more difficult for malicious apps to get access to a user’s private information — like their contacts, calendar, location and messages — unless the user clicks ‘allow’ on a popup box. The protections are also meant to prevent apps from switching on a Mac’s webcam and microphone without consent. Apple’s Craig Federighi touted the security features as “one of the reasons people choose Apple” at last year’s WWDC developer conference.

But the protections weren’t very good. Those ‘allow’ boxes can be subverted with a maliciously manufactured click.

It was previously possible to create artificial or “synthetic” clicks by using macOS’ in-built automation feature AppleScript, or by using mouse keys, which let users — and malware — control the mouse cursor using the numeric pad on the keyboard. After fixing these bugs in previous macOS versions, Apple’s current defense is to block all synthetic clicks, requiring the user to physically click on a button.

But Patrick Wardle, a former NSA hacker who’s now chief research officer at Digita Security, said he’s found another way to bypass these protections with relative ease.

Wardle, who revealed the zero-day flaw at his conference Objective By The Sea in Monaco on Sunday, said the bug stems from an undocumented whitelist of approved macOS apps that are allowed to create synthetic clicks to prevent them from breaking.

Typically apps are signed with a digital certificate to prove that the app is genuine and hasn’t been tampered with. If the app has been modified to include malware, the certificate usually flags an error and the operating system won’t run the app. But a bug in Apple’s code meant that that macOS was only checking if a certificate exists and wasn’t properly verifying the authenticity of the whitelisted app.

“The only thing Apple is doing is validating that the application is signed by who they think it is,” he said. Because macOS wasn’t checking to see if the application had been modified or manipulated, a manipulated version of a whitelisted app could be exploited to trigger a synthetic click.

One of those approved apps is VLC, a popular and highly customizable open-source video player that allows plugins and other extensions. Wardle said it was possible to use VLC as a delivery vehicle for a malicious plugin to create a synthetic click on a consent prompt without the user’s permission.

“For VLC, I just dropped in a new plugin, VLC loads it, and because VLC loads plugins, my malicious plugin can generate a synthetic click — which is fully allowed because the system sees its VLC but doesn’t validate that the bundle to make sure it hasn’t been tampered with,” he explained

“And so my synthetic events is able to click and access the users location, webcam, microphone,” he said.

Wardle describe the vulnerability as a “second stage” attack because the bug already requires an attacker — or malware — to have access to the computer. But it’s exactly these kinds of situations where malware on a computer tries to click through on a consent box that Apple is trying to prevent, Wardle said.

He said he informed Apple of the bug last week but the tech giant has yet to release a patch. “This isn’t a remote attack so I don’t think this puts a large number of Mac users immediately at risk,” he said.

An Apple spokesperson did not return a request for comment.

It’s not the first time Wardle has warned Apple of a bug with synthetic clicks. He reported related bugs in 20152017 and 2018. He said it was “clear” that Apple doesn’t take these bugs seriously.

“In this case, literally no-one looked at this code from a security point of view,” he said.

“We have this undocumented whitelisting feature that is paramount to all these new privacy and security features, because if you can generate synthetic events you can generically thwart them of them trivially,” he said.

“It’s important to get this right,” he said.

Article Provided By: techcrunch

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Monitoring, Access Control, Networking, Computer Networking, LVT, Liquid Video Technologies, Greenville South Carolina, Gmail

Google is using Gmail to Track Purchases

Google is using Your Gmail Account to Track Your Purchases

Do you think your email on Gmail is private? If so, you may want to think again, as your Gmail messages are being scanned by Google for purchases, which are then displayed in your Google account.

This week, a user posted on Reddit about how they discovered that their Google Account’s Purchases page contained all of the purchases they have made from Amazon and other online stores even though they do not use Google Pay.

When I saw this, I checked my Google Account Purchases page, located at https://myaccount.google.com/purchases, and saw that it too contained the purchases I made from online services such as Dominos, Steam, 1-800-Flowers.com, Amazon, Adidas, and more.  Like the Reddit user, I do not use Google Pay.

Purchases Page
Purchases Page

The general consensus was that Gmail was analyzing incoming emails for purchase receipts and then extracting that information.

When BleepingComputer contacted Google about this, they confirmed the information was coming from Gmail messages. They also stated that this was being done to help their users find their data and that they do not use any information stored in your emails, including your purchases, to serve you ads.

“To help you easily view and keep track of your purchases, bookings and subscriptions in one place, we’ve created a private destination that can only be seen by you. You can delete this information at any time. We don’t use any information from your Gmail messages to serve you ads, and that includes the email receipts and confirmations shown on the Purchase page. We’re always working to help people understand and manage their data.”

While they may not be using this information to serve you ads, are they using it for something else? Google has not given us a definitive answer on this question.

Deleting purchase data is a pain

While Google told us that you can delete this information at any time, they did not mention how much of a pain it is to do so.

Instead of having a single setting that allows you to control how this data is saved, you need to go into each and every purchase and click on the Remove Purchase button. This will bring you to the original email that the data was pulled from and once this email is trashed, the purchase will be removed from the Purchases page.

Remove Purchase

With my Purchases having data going as far back as 2013 and showing approximately 300 purchases, it would be a big pain to manually delete each and every one.  Even worse, another account that I use for most of my purchasing has thousands of orders, which would take forever to clean up.

When searching for a way to stop Google from pulling purchases out of my Gmail emails, I could not find a setting that would allow me to do so.

CNBC who also covered this story this week, was also unable to find a setting that stopped Gmail from scanning emails and extracting purchase information.

G Suite customers appear to be spared

I use different email accounts depending on the particular purpose and one of these email accounts is through Google’s G Suite service.

When I checked the Purchases page for my G Suite account, I noticed that the page was empty even though it is commonly used to make online purchases. I also asked another person who uses G Suite and they too confirmed their page was empty.

While two people is not a large sample by any means, it could indicate that this data extraction is not occurring for G Suite accounts. I also could not find any settings in the G Suite Admin console that allows me configure these settings.

We have already asked Google if G Suite is excluded from this data extraction, but have not heard back as of yet.

Article Provided By: bleepingcomputer

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Networking, Computer Networking, Access Control, Monitoring, LVT, Liquid Video Technologies, Greenville South Carolina, Network Security

A Way to Improve Network Security

Scientists May Have Identified a New Way to Improve Network Security

With cybersecurity one of the nation’s top security concerns and billions of people affected by breaches last year, government and businesses are spending more time and money defending against it.

Researchers at the U.S. Army Combat Capabilities Development Command’s Army Research Laboratory, the Army’s corporate research laboratory also known as ARL, and Towson University may have identified a new way to improve network security.

Many cybersecurity systems use distributed network intrusion detection that allows a small number of highly trained analysts to monitor several networks at the same time, reducing cost through economies of scale and more efficiently leveraging limited cybersecurity expertise; however, this approach requires data be transmitted from network intrusion detection sensors on the defended network to central analysis severs. Transmitting all of the data captured by sensors requires too much bandwidth, researchers said.

Because of this, most distributed network intrusion detection systems only send alerts or summaries of activities back to the security analyst. With only summaries, cyber-attacks can go undetected because the analyst did not have enough information to understand the network activity, or, alternatively, time may be wasted chasing down false positives.

In research presented at the 10th International Multi-Conference on Complexity, Informatics and Cybernetics March 12-15, 2019, scientists wanted to identify how to compress network traffic as much as possible without losing the ability to detect and investigate malicious activity.

Reducing the amount of traffic transmitted to the central analysis systems

Working on the theory that malicious network activity would manifest its maliciousness early, the researchers developed a tool that would stop transmitting traffic after a given number of messages had been transmitted. The resulting compressed network traffic was analyzed and compared to the analysis performed on the original network traffic.

As suspected, researchers found cyber attacks often do manifest maliciousness early in the transmission process. When the team identified malicious activity later in the transmission process, it was usually not the first occurrence of malicious activity in that network flow.

“This strategy should be effective in reducing the amount of network traffic sent from the sensor to central analyst system,” said Sidney Smith, an ARL researcher and the study’s lead author. “Ultimately, this strategy could be used to increase the reliability and security of Army networks.”

For the next phase, researchers want to integrate this technique with network classification and lossless compression techniques to reduce the amount of traffic that needs to be transmitted to the central analysis systems to less than 10% of the original traffic volume while losing no more than 1% of cyber security alerts.

“The future of intrusion detection is in machine learning and other artificial intelligence techniques,” Smith said. “However, many of these techniques are too resource intensive to run on the remote sensors, and all of them require large amounts of data. A cybersecurity system incorporating our research technique will allow the data most likely to be malicious to be gathered for further analysis.”

Article Provided By: HelpNetSecurity

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Computer Networking, Access Control, LVT, Liquid Video Technologies, Greenville South Carolina, Cybersecurity Law

Thailand Passes Cybersecurity Law

Thailand passes controversial cybersecurity law that could enable government surveillance

Thailand’s government passed a controversial cybersecurity bill today that has been criticized for vagueness and the potential to enable sweeping access to internet user data.

The bill (available in Thai) was amended late last year following criticism over potential data access, but it passed the country’s parliament with 133 positives votes and no rejections, although there were 16 absentees.

There are concerns around a number of clauses, chiefly the potential for the government — which came to power via a military coup in 2014 — to search and seize data and equipment in cases that are deemed issues of national emergency. That could enable internet traffic monitoring and access to private data, including communications, without a court order.

The balance of power beyond enforcement has also been questioned. Critics have highlighted the role of the National Cybersecurity Committee, which is headed by the prime minister and holds considerable weight in carrying out the law. The Committee has been called upon to include representation from the industry and civic groups to give it greater oversight and balance.

Added together, there’s a fear that the law could be weaponized by the government to silence critics. Thailand already has powerful lese majeste laws, which make it illegal to criticize the monarchy and have been used to jail citizens for comments left on social media and websites. The country has also censored websites in the past, including the Daily Mail and, for a nearly six-month period in 2007, YouTube.

“The Asia Internet Coalition is deeply disappointed that Thailand’s National Assembly has voted in favor of a Cybersecurity Law that overemphasizes a loosely-defined national security agenda, instead of its intended objective of guarding against cyber risks,” read a statement from Jeff Paine, managing director of Asia Internet Coalition — an alliance of international tech firms that include Facebook, Google and Apple.

“Protecting online security is a top priority; however, the Law’s ambiguously defined scope, vague language and lack of safeguards raises serious privacy concerns for both individuals and businesses, especially provisions that allow overreaching authority to search and seize data and electronic equipment without proper legal oversight. This would give the regime sweeping powers to monitor online traffic in the name of an emergency or as a preventive measure, potentially compromising private and corporate data,” Paine added.

Reaction to the law has seen a hashtag (#พรบไซเบอร์) trend on Twitter in Thailand, while other groups have spoken out on the potential implications.

Thailand isn’t alone in introducing controversial internet laws. New regulations, passed last summercame into force in near-neighbor Vietnam on January 1 and sparked similar concerns around free speech online.

That Vietnamese law broadly forbids internet users from organizing with, or training, others for anti-state purposes, spreading false information and undermining the nation-state’s achievements or solidarity. It also requires foreign internet companies to operate a local office and store user information on Vietnamese soil. That’s something neither Google nor Facebook  has complied with, despite the Vietnamese government’s recent claim that the former is investigating a local office launch.

Article Provided By: techcrunch

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Access Control, Monitoring, Computer Networking, Networking, LVT, Liquid Video Technologies, Greenville South Carolina, Privacy

New Privacy Features for Mozilla Firefox

New Privacy Features for Mozilla Firefox, Lockwise Is Live

Mozilla announced new features and changes today that aim to increase the privacy of Firefox users by blocking trackers and offering updates to various Firefox security and privacy services.

These changes include enabling Firefox Enhanced Tracking Protection by default for new users, the official launch of their Firefox Lockwise password management service, an updated Firefox Container addon, and a dashboard for the Firefox Monitor data breach service.

These changes are covered in detail below.

Blocking tracking cookies by default

Mozilla has announced that new Firefox users will now block third-party tracking cookies by default.

When users install Firefox for the first time, the browser will be configured to use the Standard setting for the Content Blocking feature. This setting previously only blocked trackers in Private mode, but has now been changed to also automatically block third-party tracking cookies in normal browsing sessions.

Standard Content Blocking setting
Standard Content Blocking setting

There is one caveat to this default blocking. If you look at the image above, you can see that Firefox “allows some trackers so websites function properly”. This means that trackers on some sites are being allowed if blocking them would break the site and gives the site more time to resolve these issues.

For existing Firefox users, you can enable the blocking of third-party cookies by utilizing the Custom Content Blocking setting and selecting to block Trackers and Third-party trackers under the Cookies setting.

Custom Content Blocking Settings
Custom Content Blocking Settings

Mozilla plans on rolling out this default blocking to existing Firefox users in the near future.

Lockwise Desktop officially launches

In the past, Mozilla offered the LockBox iOS and Android apps, which allowed mobile users to log into their Mozilla account and see login credentials saved from Firefox Desktop.

In May, BleepingComputer broke the news that Mozilla was rebranding their LockBox password management service under a new name called Lockwise. As part of this rebranding, Mozilla was also releasing a Firefox Lockwise for Desktop addon that acts as the cornerstone for the Mozilla password management service.

As of today, this addon is now officially released and can be downloaded from the Firefox Lockwise site.

When installed, the Firefox Lockwise addon converts Firefox’s Login and Passwords panel into a full featured password management service where users can view all of their saved login credentials, create new entries, and edit existing ones.

Firefox Lockwise for Desktop
Firefox Lockwise for Desktop

As long as syncing is enabled, all devices that are logged into the same Mozilla account will now be able to access the saved credentials stored in Firefox Lockwise.

This service, though, still needs improvement as mobile users can currently only view login credentials saved from Firefox Desktop and new credentials cannot be created within the Firefox Lockwise mobile apps.

Firefox Lockwise for iOS
Firefox Lockwise for iOS

If Firefox plans on creating premium offerings from this service, which they are currently considering, they need to update their Lockwise apps in order to allow users to create and save new login credentials. Only then can they compete with other password management services.

Firefox Container

Mozilla has also launched an updated Facebook Container addon that will now block Facebook buttons used on sites that you visit.

When sites utilize Facebook scripts to show Like or Share buttons, Facebook can use these scripts to track you when on the site and between sites. The updated Facebook Container addon will block these buttons so that they are no longer able to track you as shown below.

Blocked Facebook button
Blocked Facebook button on Amazon

Firefox Monitor gets a new dashboard

Finally, Mozilla is launching a new dashboard for their Firefox Monitor data breach notification service.

“Today we’re launching a central dashboard to help you track and manage multiple email addresses, whether it’s your personal email accounts or ones for professional use.”

This new centralized dashboard will allow you to quickly view the email addresses being monitor, the data breaches that have exposed your information, and the passwords that have been exposed across all breaches.

Firefox Monitor Dashboard
Firefox Monitor Dashboard

With this dashboard, Firefox Monitor is beginning to grow into a service that feels more complete rather than thrown together as an value added service for their customers.

It also shows how they continue to increase the service offerings in order to eventually offer premium options as a way to generate revenue.

Article Provided By: BleepingComputer

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Computer Networking, Access Control, Monitoring, LVT, Liquid Video Technologies, Greenville South Carolina, Windows 10

Windows 10 Apps Hit by Malicious Ads

Windows 10 Apps Hit by Malicious Ads that Blockers Won’t Stop

Windows 10 users in Germany are reporting that while using their computer, their default browser would suddenly open to malicious and scam advertisements. These advertisements are being shown by malvertising campaigns on the Microsoft Advertising network that are being displayed in ad supported apps.

As a way to monetize free apps, Microsoft offers Windows 10 app developers the ability to use their Microsoft Advertising SDK to display ads in their apps.  For example. Microsoft News and Microsoft Jigsaw utilize Microsoft Advertising to display ads.

German Ads in Microsoft News and Microsoft Jigsaw
German Ads in Microsoft News and Microsoft Jigsaw

Over the weekend, there were numerous reports of Windows 10 users in Germany having their browser open suddenly to sites pushing tech support scams, sweepstakes, surveys, and win a prize wheels. These advertisements would open suddenly while they were using apps like Microsoft News, Microsoft Jigsaw, and other Microsoft Advertising supported apps.

For example, the advertisement below was shown to one user and pretends to be a system scan stating that the computer is infected. If a user goes through the screens, the scam page will ultimately prompt them to download an unwanted system cleaner program.

Tech Support Scam shown by malvertising campaign
Tech Support Scam shown by malvertising campaign

These ads are being caused by scammers purchasing ad campaigns in the Microsoft Advertising network that use JavaScript to automatically launch scam sites in a new window. As these advertisements are being shown in an ad-supported app, Windows 10 will instead launch the new page in the default browser.

Just like a similar malvertising campaign that targeted French users of Microsoft apps in April, this German campaign appears to only be targeting users on residential IP addresses. For example, if you use a VPN to gain access to a German IP address, the malvertising ads will not show.

Ad blockers will not help

As these ads are being displayed because of ad-supported apps,  any ad blockers you have installed in your browsers will not prevent the pages from loading.

This is because the scripts that are normally blocked by ad blockers are being executed in the app and Windows 10 is just launching a web page in your browser.

Instead users will have to rely on security software or built-in browser filtering services such as SmartScreen and Safe Browsing to block known malicious web sites.

ESET blocking a malicious web site
ESET blocking a malicious web site

Another option is to install a HOSTS file that blocks all connections to known advertising networks and malicious sites.

Article Provided By: BleepingComputer

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Access Control, Monitoring, Networking, LVT, Liquid Video Technologies, Greenville South Carolina, Cybercrime

Cybercrime Groups Flourish on Facebook

You might be surprised what you can buy on Facebook, if you know where to look. Researchers with Cisco’s Talos security research team have uncovered a wave of Facebook groups dedicated to making money from a variety of illicit and otherwise sketchy online behaviors, including phishing schemes, trading hacked credentials and spamming. The 74 groups researchers detected boasted a cumulative 385,000 members.

Remarkably, the groups weren’t even really trying to conceal their activities. For example, Talos found posts openly selling credit card numbers with three-digit CVV codes, some with accompanying photos of the card’s owner. According to the research group:

The majority of these groups use fairly obvious group names, including “Spam Professional,” “Spammer & Hacker Professional,” and “Facebook hack (Phishing).” Despite the fairly obvious names, some of these groups have managed to remain on Facebook for up to eight years, and in the process acquire tens of thousands of group members.

Beyond the sale of stolen credentials, Talos documented users selling shell accounts for governments and organizations, promoting their expertise in moving large sums of money and offering to create fake passports and other identifying documents.

The new research isn’t the first time that Facebook users have been busted for dealing in cybercrime. In 2018, Brian Krebs reported 120 groups with a cumulative 300,000-plus members engaged in similar activities, including phishing schemes, spamming, botnets and on-demand DDoS attacks.

As Talos researchers explain in their blog post, “Months later, though the specific groups identified by Krebs had been permanently disabled, Talos discovered a new set of groups, some having names remarkably similar, if not identical, to the groups reported on by Krebs.”

“While some groups were removed immediately, other groups only had specific posts removed,” Talos researcher Jaeson Schultz wrote. “Eventually, through contact with Facebook’s security team, the majority of malicious groups was quickly taken down, however new groups continue to pop up, and some are still active as of the date of publishing.”

Cybercrime groups are yet another example of the game of enforcement whack-a-mole that Facebook continues to play on its massive platform. At the social network’s scale — and without the company dedicating sufficient resources to more comprehensive detection methods — it’s difficult for Facebook to track the kinds of illicit or potentially harmful behaviors that flourish in unmonitored corners of its sprawling platform.

“These groups violated our policies against spam and financial fraud and we removed them,” a Facebook spokesperson told TechCrunch. “We know we need to be more vigilant and we’re investing heavily to fight this type of activity.”

Article Provided By: techcrunch

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Access Control, Networking, Computer Networking, Monitoring, LVT, Liquid Video Technologies, Greenville South Carolina, Cyberattacks

Governments are Targets for Cyberattacks

Why local governments are a hot target for cyberattacks

Recent ransomware and other attacks underscore the value attackers see in the data stored in city and regional government systems. Here’s why they are vulnerable and what they can do to reduce the threat.

Over the course of the past few weeks, a seemingly stepped-up wave of malware and ransomware infections has struck a number of municipalities across the U.S.

  • On April 10, the city of Greenville, North Carolina, had to disconnect most city-owned computers from the Internet due to what officials said was a RobinHood ransomware infection, a duplicitous piece of malware that pretends to raise awareness and funds for the people of Yemen.
  • On April 13, Imperial County, California was hit with Ryuk ransomware, which is designed to target enterprise environments, forcing its website to go dark and causing some city systems to malfunction, including a number of departments’ phone lines.
  • On the same day Imperial County was infected, the city of Stuart, Florida, was hit by Ryuk ransomware, forcing system shut-downs affecting payroll, utilities and other vital functions, including police and fire departments.
  • On April 18, an unspecified piece of malware, likely ransomware, crippled the city’s computer networking in Augusta, Maine.
  • On April 21, the municipally owned airport in Cleveland, Ohio, Cleveland Hopkins International airport, was struck by still-unspecified malware, causing the airport’s flight and baggage information boards to go dark, an outage that lasted at least five days.

Despite what appears to be a recent spurt in municipal ransomware attacks, these infections are nothing new to the nation’s cities. The most high-profile municipal ransomware attack took place over a year ago in March 2018 when the city of Atlanta was crippled by SamSam ransomware. According to Wired magazine, the city of Atlanta ended up spending $2.6 million to respond to that attack, roughly 52 times the amount of the $50,000 or so in ransom demanded by the attackers.

Cyberattacks on municipalities harder to hide

Still, the recent spate of attacks raises the question: Are municipal ransomware infections on the rise? According to some municipal cybersecurity experts, cities have long grappling with malware and ransomware attacks at the same rate as private sector organizations, but are just now becoming more public about it.

“Most of these cities have had issues just like businesses have for years,” Gary Hayslip, former CISO for the City of San Diego, California, and now CISO for security firm Webroot, says. “It’s just more of them are being public about it because governments are requiring it now more.”

It’s increasingly difficult to hide city ransomware infections, particularly given that responding to them often requires funds from municipal coffers. “Typically, you end up having to pull out your cyber insurance and you’ve got to get Mandiant or somebody that you have on call to come on over and help you clean up and then hopefully get your data back,” says Hayslip. “So, you’re not going to keep that kind of stuff quiet.”

Internet-delivered city services present more opportunities for attackers

Cities are getting deeper and deeper into IP-based activities to deliver services as efficiently as possible, giving attackers more opportunity to engage in malicious behavior. “I would say there are a couple of big pressures that I think are relevant to most industries, but state and local governments are also exposed to it. First and foremost is the rapid expansion and availability of technology capabilities,” says Chris Kennedy, former government cybersecurity veteran and currently CISO of cybersecurity firm AttackIQ.

Attackers are also getting more savvy. “There’s a constantly growing threat of exploitation either through investment from state-sponsored actors to the commoditization of very sophisticated attack techniques that are easy to use for inexperienced hackers. Ransomware isn’t new. It’s just how it’s been packaged up and how it’s being leveraged operationally by the hacker community.”

Data stored in city systems an attractive target

Whether attacks on cities are increasing or merely just coming more to light now, it’s clear that they’re attractive targets for attackers. “If you think long-range. state and local governments offer a wealth of information about citizen activity. You can imagine how cyber criminals would want to take advantage of that collection of information for identity theft and things like that,” says Kennedy.

“Most people don’t realize cities have massive amounts of data. It’s amazing the different types of data that they have. I mean it’s just phenomenal. They have everything from permits to people paying their water bills to parking tickets to whatever. People are investing in bonds,” says Hayslip, adding that cities also accept credit cards. “U.S. cities are very, very similar to large multinational businesses.”

Financial constraints put a squeeze on security

Unlike large multinational businesses, however, cities, particularly small cities or towns, face financial constraints that limit just how much they can spend on protecting themselves from breaches, malware infections and other kinds of attacks. “It can be an overwhelming problem if you’re not adequately staffed,” Kennedy says. “When you’re resource-constrained a lot of the operating falls to contractors” and “how well you manage those contractors is often difficult.”

On top of that, cities struggle to keep pace with technology refresh cycles, which are growing shorter each year. “Today the typical refresh cycle is about 18 months and most cities aren’t ready for it. A lot of the larger cities still have mainframes.” Hayslip says. “In a business you can do rip and replace. You can go ahead and say we’re going to be down and we’re going to stand up a parallel data center and we’re going to flip over and rip out all this old stuff and then go on about our business. That’s very hard to do when you have citizens that are riding on the services that you provide and don’t like to have their services interrupted.”

State and local governments need federal cybersecurity assistance

While municipal governments struggle with increased attacks, constrained resources and outdated equipment, there are few easy solutions to the unique problems they face. Hayslip thinks the federal government has a role to play in helping cities with funding shortages. “These municipal governments and state governments are tied to massive amounts of federal networks. They’re all interrelated and tied to each other,” he says.

“There should be a pool available to state and local governments” to provide small governments funds to addresses at least the basics of cybersecurity, such as updated software, firewalls and other cyber hygiene-related needs. “It would reduce the risk on the supply chain side among the municipal, state and federal networks,” according to Hayslip.

Cities that are fortunate enough to have dedicated security staff, which Hayslip says begins when the municipality reaches 300 employees, can also benefit from participating in formal and informal information-sharing efforts. Among the formal options available to cities are the FBI, the Multi-State Information Sharing and Analysis Center (MS-ISAC), which is focused on state, local, tribal and territorial government cybersecurity, as well as resources available from the Department of Homeland Security.

Local governments should share security data

When it comes to local governments, sharing information informally can be as helpful as the more formal efforts. When Hayslip was CISO of San Diego, he had a loose group of peers from other jurisdictions in the area and nine times out of ten when one of them was dealing with a sustained attack, the others were, too. Cybercriminals like to “get the most bang for their buck so they’ll attack a region” where local governments are likely to be interconnected, he says.

On the whole cities appear to be dealing adequately with the ransomware and other malware infections that come their way. “Some of them are really taking it seriously and they’re building. Not just the city of San Diego but Los Angeles is doing very well. The city of Denver is doing very well.” Even the city of Atlanta is a good example of a municipality that might now be ahead of the curve. “I think they they’ve learned their lessons and they’re putting it together,” Hayslip says.

Article Provided By: CSO

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Security, Access Control, Networking, Monitoring, LVT, Liquid Video Technologies, Greenville South Carolina, Cybersecurity, Practices

Cybersecurity Road Maps and Strategies

Companies Must Develop More Precise Cybersecurity Road Maps and Strategies

Given all the years that companies and federal and state governments have been investing aggressively to improve cybersecurity, you might think by now they would have a well-executed cyber architecture and security strategies firmly in place. The sad fact, however, is that many organizations have yet to accomplish this — or they have temporarily but subsequently fail to keep pace with change and now need to recast their work.

Why is enterprise cyber architecture and a solid security strategy so important?

Consider, for example, the security status of a building with 20 exterior doors, of which 19 are locked. Would you be 95% secure? The answer is no. The building would have zero security because most prospective intruders would know enough to find the unlocked door.

The upshot is this: the application of consistent security policies across corporations, now lagging, is essential. And this involves much more than simply securing all software interfaces. Adequate security involves people, process, information and technology, as well as the need to recognize and respond to change, including the adoption of better technologies.

Good Security Includes Cost Efficiencies

Good enterprise architecture also requires the means to align security implementation with enterprise wide strategic objectives and business operations. So costs and efficiencies must be embraced.

Companies, in effect, must think like insurance or credit card companies – i.e., they must analyze known risks and calculate the average cost of threats. Insurance companies set premiums high enough to cover losses on average, but not so high as to make them uncompetitive. Credit card companies spend money to combat fraud, but cap the amount in a bid to balance cost with reward. Similarly, companies need security budgets big enough to cover most, but not all, of their threats. That would be prohibitively expensive and potentially render the business non-competitive.

In short, companies must make intelligent cyber investment bets, bearing in mind a fundamental axiom of security that risk can never be driven to zero.

Risk Tolerance and Budgets Must be in Sync

In many organizations, the tolerance for risk and the budget for security are not in balance because the balance differs in different departments. Businesses must take several steps to plan and implement a sound and balanced enterprise wide cyber architecture and security strategy.

Essential measures include these necessities:

  • Select and follow relevant standards to drive a good cybersecurity posture, such as the NIST Cybersecurity Framework, ISO 27001 or, for select industries, HIPAA. This helps reduce the learning curve and leverages best practices without the need to reinvent the wheel.
  • Make a point of tailoring and customizing the security architecture and cybersecurity risk management process based upon the specific threats and vulnerabilities faced by your organization. The NSA, for example, has developed a model that provides 21 areas in which organizations need to tailor to their specific environment to develop the best possible cybersecurity risk posture.
  • To avoid getting overwhelmed by the sheer volume of attacks, go beyond logging, monitoring and alerting to also focus on proactive threat hunting. Security operations, automation, analytics and incident response must be woven into an integrated platform. And make sure that automation is not merely a “bolt-on” that slows the entire production process.
  •  Increase your cyber visibility by trying to tear things down in search of possible vulnerabilities. This way, you’re not merely relying on the “security hardening work” you have done but are regularly working to improve things. This also makes it easier to find a breach when it occurs.
  • Substantially improve management of third-party risk, which is growing as companies continue to outsource. Current approaches to the problem, such as audits and penetration tests, are helpful but usually provide only a fleeting snapshot of security risk. To proactively mitigate risk, organizations need automated tools to continuously measures and monitor third-party security performance.
  • Welcome the CISO to the C-suite. Because cybersecurity and compliance are serious business issues, it’s imperative that a corporation have a CISO empowered with adequate authority, funding and a clear mission to proactively keep systems and data safe.
  • Lastly, be attuned to advances in cybersecurity that perhaps should be adopted by your organization. One case in point is homomorphic encryption (HE), which is a technique used to work on encrypted data without decrypting it and is in use for select functions by some government entries and corporations to limit the infiltration of secure networks and combat offensive techniques used by nation-states. This could also enable companies, for instance, to encrypt their cloud-based databases and work on them without converting records back to plaintext.

New Technologies like Homomorphic Encryption are Important

So-called fully homomorphic encryption (FHE), which entails almost everything from soup to nuts, has yet to be fully developed. But, as noted, important HE pieces have been put into play and significant advances are being made in the evolution of a technology that stretches back decades.

For many years, HE’s mathematical computations slowed system performance to a crawl. While greater speed is still needed, there has been substantial improvement. Last year, for example, IBM, among the pioneers in HE, rewrote its C++ HE encryption library and claims it now runs up to 75 times faster. And Enveil, a Maryland startup staffed by a former NSA HE team, has broken performance barriers required to produce a commercially viable version of HE, benchmarking millions of times faster than IBM in tests.

In experiments, HE has enabled Google to successfully analyze encrypted data about who clicked on an advertisement in combination with another encrypted multi-company data set with credit card purchase records. As a result, Google was able to provide reports to advertisers summarizing the relationship between the two databases to conclude, for example, that five percent of the people who clicked on an advertised product wound up purchasing it in a store.

While HE will not make sense for all applications today and requires improvement for many uses, it already brings considerable benefit to applications requiring the processing of highly confidential information.  As the technology continues to evolve, HE’s ability to secure data while in use is an example of disruptive innovation that companies need to watch carefully. Sophisticated hackers never stop evolving and improving. This means their prospective victims cannot stop evolving and improving, either.

Article Provided By: RSAConference

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

1 2 3 4 8