fbpx
Apple Presentation, Apple Security Protections Can Easily Be Bypassed, Liquid Video Technologies, Greenville South Carolina

Apple Security Protections Are Easily Bypassed

Apple MacOS Security Protections Can Easily Bypassed with ‘Synthetic’ Clicks, Researcher Finds

A security researcher has disclosed a new flaw that undermines a core macOS security feature designed to prevent apps — or malware — from accessing a user’s private data, webcam or microphone without their explicit permission.

The privacy protections, recently expanded in macOS Mojave, were meant to make it more difficult for malicious apps to get access to a user’s private information — like their contacts, calendar, location and messages — unless the user clicks ‘allow’ on a popup box. The protections are also meant to prevent apps from switching on a Mac’s webcam and microphone without consent. Apple’s Craig Federighi touted the security features as “one of the reasons people choose Apple” at last year’s WWDC developer conference.

But the protections weren’t very good. Those ‘allow’ boxes can be subverted with a maliciously manufactured click.

It was previously possible to create artificial or “synthetic” clicks by using macOS’ in-built automation feature AppleScript, or by using mouse keys, which let users — and malware — control the mouse cursor using the numeric pad on the keyboard. After fixing these bugs in previous macOS versions, Apple’s current defense is to block all synthetic clicks, requiring the user to physically click on a button.

But Patrick Wardle, a former NSA hacker who’s now chief research officer at Digita Security, said he’s found another way to bypass these protections with relative ease.

Wardle, who revealed the zero-day flaw at his conference Objective By The Sea in Monaco on Sunday, said the bug stems from an undocumented whitelist of approved macOS apps that are allowed to create synthetic clicks to prevent them from breaking.

Typically apps are signed with a digital certificate to prove that the app is genuine and hasn’t been tampered with. If the app has been modified to include malware, the certificate usually flags an error and the operating system won’t run the app. But a bug in Apple’s code meant that that macOS was only checking if a certificate exists and wasn’t properly verifying the authenticity of the whitelisted app.

“The only thing Apple is doing is validating that the application is signed by who they think it is,” he said. Because macOS wasn’t checking to see if the application had been modified or manipulated, a manipulated version of a whitelisted app could be exploited to trigger a synthetic click.

One of those approved apps is VLC, a popular and highly customizable open-source video player that allows plugins and other extensions. Wardle said it was possible to use VLC as a delivery vehicle for a malicious plugin to create a synthetic click on a consent prompt without the user’s permission.

“For VLC, I just dropped in a new plugin, VLC loads it, and because VLC loads plugins, my malicious plugin can generate a synthetic click — which is fully allowed because the system sees its VLC but doesn’t validate that the bundle to make sure it hasn’t been tampered with,” he explained

“And so my synthetic events is able to click and access the users location, webcam, microphone,” he said.

Wardle describe the vulnerability as a “second stage” attack because the bug already requires an attacker — or malware — to have access to the computer. But it’s exactly these kinds of situations where malware on a computer tries to click through on a consent box that Apple is trying to prevent, Wardle said.

He said he informed Apple of the bug last week but the tech giant has yet to release a patch. “This isn’t a remote attack so I don’t think this puts a large number of Mac users immediately at risk,” he said.

An Apple spokesperson did not return a request for comment.

It’s not the first time Wardle has warned Apple of a bug with synthetic clicks. He reported related bugs in 20152017 and 2018. He said it was “clear” that Apple doesn’t take these bugs seriously.

“In this case, literally no-one looked at this code from a security point of view,” he said.

“We have this undocumented whitelisting feature that is paramount to all these new privacy and security features, because if you can generate synthetic events you can generically thwart them of them trivially,” he said.

“It’s important to get this right,” he said.

Article Provided By: techcrunch

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Scientists Identified a Way to Improve Network Security, Liquid Video Technologies, Greenville South Carolina

Scientists Identified a Way to Improve Network Security

Scientists May Have Identified a New Way to Improve Network Security

With cybersecurity one of the nation’s top security concerns and billions of people affected by breaches last year, government and businesses are spending more time and money defending against it.

Researchers at the U.S. Army Combat Capabilities Development Command’s Army Research Laboratory, the Army’s corporate research laboratory also known as ARL, and Towson University may have identified a new way to improve network security.

Many cybersecurity systems use distributed network intrusion detection that allows a small number of highly trained analysts to monitor several networks at the same time, reducing cost through economies of scale and more efficiently leveraging limited cybersecurity expertise; however, this approach requires data be transmitted from network intrusion detection sensors on the defended network to central analysis severs. Transmitting all of the data captured by sensors requires too much bandwidth, researchers said.

Because of this, most distributed network intrusion detection systems only send alerts or summaries of activities back to the security analyst. With only summaries, cyber-attacks can go undetected because the analyst did not have enough information to understand the network activity, or, alternatively, time may be wasted chasing down false positives.

In research presented at the 10th International Multi-Conference on Complexity, Informatics and Cybernetics March 12-15, 2019, scientists wanted to identify how to compress network traffic as much as possible without losing the ability to detect and investigate malicious activity.

Reducing the amount of traffic transmitted to the central analysis systems

Working on the theory that malicious network activity would manifest its maliciousness early, the researchers developed a tool that would stop transmitting traffic after a given number of messages had been transmitted. The resulting compressed network traffic was analyzed and compared to the analysis performed on the original network traffic.

As suspected, researchers found cyber attacks often do manifest maliciousness early in the transmission process. When the team identified malicious activity later in the transmission process, it was usually not the first occurrence of malicious activity in that network flow.

“This strategy should be effective in reducing the amount of network traffic sent from the sensor to central analyst system,” said Sidney Smith, an ARL researcher and the study’s lead author. “Ultimately, this strategy could be used to increase the reliability and security of Army networks.”

For the next phase, researchers want to integrate this technique with network classification and lossless compression techniques to reduce the amount of traffic that needs to be transmitted to the central analysis systems to less than 10% of the original traffic volume while losing no more than 1% of cyber security alerts.

“The future of intrusion detection is in machine learning and other artificial intelligence techniques,” Smith said. “However, many of these techniques are too resource intensive to run on the remote sensors, and all of them require large amounts of data. A cybersecurity system incorporating our research technique will allow the data most likely to be malicious to be gathered for further analysis.”

Article Provided By: HelpNetSecurity

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Windows 10 Apps Hit by Malicious Ads that Blockers Won't Stop, Liquid Video Technologies, Greenville South Carolina

Windows 10 Apps Hit by Malicious Ads

Windows 10 Apps Hit by Malicious Ads that Blockers Won’t Stop

Windows 10 users in Germany are reporting that while using their computer, their default browser would suddenly open to malicious and scam advertisements. These advertisements are being shown by malvertising campaigns on the Microsoft Advertising network that are being displayed in ad supported apps.

As a way to monetize free apps, Microsoft offers Windows 10 app developers the ability to use their Microsoft Advertising SDK to display ads in their apps.  For example. Microsoft News and Microsoft Jigsaw utilize Microsoft Advertising to display ads.

German Ads in Microsoft News and Microsoft Jigsaw
German Ads in Microsoft News and Microsoft Jigsaw

Over the weekend, there were numerous reports of Windows 10 users in Germany having their browser open suddenly to sites pushing tech support scams, sweepstakes, surveys, and win a prize wheels. These advertisements would open suddenly while they were using apps like Microsoft News, Microsoft Jigsaw, and other Microsoft Advertising supported apps.

For example, the advertisement below was shown to one user and pretends to be a system scan stating that the computer is infected. If a user goes through the screens, the scam page will ultimately prompt them to download an unwanted system cleaner program.

Tech Support Scam shown by malvertising campaign
Tech Support Scam shown by malvertising campaign

These ads are being caused by scammers purchasing ad campaigns in the Microsoft Advertising network that use JavaScript to automatically launch scam sites in a new window. As these advertisements are being shown in an ad-supported app, Windows 10 will instead launch the new page in the default browser.

Just like a similar malvertising campaign that targeted French users of Microsoft apps in April, this German campaign appears to only be targeting users on residential IP addresses. For example, if you use a VPN to gain access to a German IP address, the malvertising ads will not show.

Ad blockers will not help

As these ads are being displayed because of ad-supported apps,  any ad blockers you have installed in your browsers will not prevent the pages from loading.

This is because the scripts that are normally blocked by ad blockers are being executed in the app and Windows 10 is just launching a web page in your browser.

Instead users will have to rely on security software or built-in browser filtering services such as SmartScreen and Safe Browsing to block known malicious web sites.

ESET blocking a malicious web site
ESET blocking a malicious web site

Another option is to install a HOSTS file that blocks all connections to known advertising networks and malicious sites.

Article Provided By: BleepingComputer

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Women Sorts Books in Public Library, Cyberattack, Liquid Video Technologies

Cyberattack hits Augusta

Cyberattack hits Augusta municipal operations; City Center closed

Officials say a nasty, intentionally deployed virus shut down public safety computers and made the city’s entire network unusable, but the phone system and public safety radio system were not affected.

AUGUSTA — A malicious computer virus that targeted — and squarely hit — the city early Thursday morning forced the closure of Augusta City Center.

The virus froze the city’s computer network and rapidly spread to laptops and other devices.

Augusta City Center, on July 12, 2016. Kennebec Journal photo by Joe Phelan

Officials said Thursday afternoon they had located the virus are working on a fix, and no data was taken in the apparent cyberattack. Once they confirm the virus has been removed from the network and all devices associated with it, they plan to restore the city’s servers and get the system up and running again.

Because so many municipal functions there rely on computers — and restoring servers and fixing the damage done is expected to be a cumbersome process — Augusta City Center will remain closed until at least Monday, while the network and servers are restored.

Fred Kahl, director of the information technology department for both the city and schools, said a piece of malicious software somehow got into the city’s computer network, spread rapidly and damaged servers. He said it appears it was a targeted attack. But he also said no data, such as personal information about residents, was taken in the incident.

“Nothing got out, no names or anything like that. It just became inaccessible,” Kahl said late Thursday afternoon about data stored on city servers.”Nothing went anywhere, guaranteed.”

The virus, which officials said was inflicted upon the city’s servers intentionally, also shut down computers used by public safety dispatchers — but not the city’s phone system or the public safety radio system used by dispatchers and police, fire and ambulance staff members in the field to communicate. Dispatchers, who don’t have access to their usual computer-aided dispatching system, tracked calls and the activity and whereabouts of police officers, firefighters and ambulance crews manually.

“It’s not a threat to public safety,” Ralph St. Pierre, finance director and assistant city manager, said Thursday morning from the closed city center. “Dispatch is still answering. The phones are still working.”

What isn’t working is anything that relies on the computer network at Augusta City Center, including municipal financial systems, billing, automobile excise tax records, assessor’s records or general assistance.

All those systems became inaccessible when the city’s network was hit by a virus around 3:20 a.m. Thursday, which froze up the network.

“All our servers are locked up,” St. Pierre said. “This was a particularly bad (virus). This one exploded, it got all the data, all the servers, they froze rock solid, and you can’t pierce it. It’s pretty widespread and impactful.”

He clarified that while the city’s servers and data have been frozen and are inaccessible, it is not believed city data has been breached.

“It was not a breaching of the data. It was a locking down of the data,” St. Pierre said. “This was intentional.”

Professor Henry Felch, program coordinator of the University of Maine at Augusta’s cybersecurity program, which he said is the largest such program in the state, speculated it could have been an inside job, perhaps by a disgruntled current or former employee or someone else with knowledge of and access to the city network.

“If someone did want to do something to bring Augusta to a screeching halt for a couple of days, it could be an act of revenge, or it could be someone is making a statement,” Felch said. “Usually a virus is more widespread than just one locality, if the goal is to infect a lot of computers. This sounds like it was directed toward Augusta. It was a very targeted attack.”

He said the city should involve state police, because what occurred appears to be a crime. He said it appeared the malicious software was intended more to destroy data than to capture data.

St. Pierre said the city’s data is intact, and all its backup systems are fine, meaning the city can start restoring servers. He said restoration work will include contacting software providers so they can reinstall their software. He said it could take until as late as Tuesday to have the network up and running and reopen city center.

Kahl said officials know when the attack was initiated, around 3:20 a.m. Thursday, but he believes the city might never know with 100 percent certainty how the software got into city servers.

He said the city did not pay a ransom payment, as some Maine municipalities and even the Lincoln County Sheriff’s Office have done previously, to have the software removed.

City Manager William Bridgeo said city information technology staff members all were working on the problem, and an outside software consulting firm from Portland also had specialists working on the problem in Augusta.

St. Pierre said officials stopped the virus before it spread to School Department files or servers, which are connected to the same network, and they have been shut off from the network to protect them. He said the city’s email server is at the school department and is still up and running, so city staff members with smartphones can still respond to email.

To make sure all devices that might have been infected with the virus were cleared of it, about 15 Augusta police workers, most of them officers, underwent about a half-hour of training from Kahl and then set out to check every city facility — or anywhere else an infected laptop or other device might be — to see if they had the virus on them. The 10 or so devices that were infected were taken to Kahl’s office so the virus could be removed.

A sign tells patrons about computer system problems on Thursday at Lithgow Public Library in Augusta. Kennebec Journal photo by Joe Phelan

City Center, where nearly all functions rely to some extent on computer access, is expected to remain closed at least through Friday. Other city facilities never closed and are expected to remain open. St. Pierre said Hatch Hill was open and manually billing customers, the library was open, and the Buker Community Center — including youth programming there — was open and running but couldn’t take new registrations, and public works employees were working.

The Augusta Civic Center also was affected by the virus, since its computers are integrated into the city network, but officials said they were still able to access its ticket-selling firm and could sell tickets to events for cash, but not credit cards, on Thursday.

At Lithgow Public Library, the virus’ effect was — in some ways — to send the library back to its past, one based around books, not computers. Its computers were down and unable to access the internet, but people still could read books there. And, according to Julie Olson, assistant director and adult services librarian, they still could check out books and other materials. The public library’s usual circulation system was down, but they were able to use a backup system.

“For our patrons, the biggest impact was we don’t have internet,” Olson said. “We’ve got no computer access at all, they’re all connected to the city’s server, so we can’t access anything. But you can check out books, return books and renew books. We just can’t do the other parts.”

Bridgeo said the city buys “cyber liability” insurance through Maine Municipal Association, and as part of that, about a month ago it had an assessment done of the security of the city’s network. He said he just read a report on the findings of that assessment about a week ago and found that Augusta “got pretty high grades for how we stand.”

Felch said municipalities could be tempting targets for cyberattacks because of all the data they have, or because some of them have control over water treatment systems and other crucial resources. He said the best thing municipalities can do is emphasize training and awareness among staff on how to avoid allowing cyberattacks to be successful. But he said if the malicious software came from inside, via someone with access to the network, there might be nothing the city could do.

He said the city might want to look at its network defenses to see if such attacks could be detected faster.

Felch said the state needs to provide resources to help municipalities fend off cyberattacks.

“What happened to Augusta could probably happen to other municipalities around here, because it’s easy to do and it’s easy to get something started,” he said. “Maine has a lot of smaller municipalities, which makes it a target for someone who may want to practice, and hone the skills they might need to attack a larger city in the future. I think state government needs to do more to help these small municipalities be able to provide protection.”

Augusta police Chief Jared Mills agreed the cyberattack does not pose a threat to public safety. He said the only real effect was not being able to enter information directly into a computer. He said dispatchers were recording things manually and clerks were working to help dispatchers with that task.

Mills said there is “no threat to public safety. This is exactly how we completed reports when I started 20 years ago. Everything was handwritten and our response time then was the same as it is today.”

Felch, an Augusta resident who was turned away Thursday from City Center when he went there to get a new permit to use the Hatch Hill landfill, though at the time he didn’t know why, said students and faculty of UMA’s cybersecurity program would be willing to help Augusta and other municipalities protect themselves.

Article Provided By: centralmaine

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Cyber Security, Phishing Scam, Security Data Breach, IT Support, Liquid Video Technologies, Greenville , South Carolina

New Phishing scam called ‘The Hotlist’

New Phishing scam called ‘The Hotlist’ now targets the Instagram users

  • The new Phishing scam operates in a similar manner as the recent ‘The Nasty List’ scam.
  • The Phishing scam begins with Instagram users receiving a message regarding a list of their ‘hot’ photos on Instagram.

A new phishing scam called ‘The Hotlist’ has been found targeting Instagram users lately. This new scam operates in a similar manner as the recent ‘The Nasty List’ scam.

How does it work – The scam begins with Instagram users receiving a message regarding a list of their ‘hot’ photos on Instagram. The message reads something like, “I just saw a few of your photos on the @The_HotList_95 and they are already upvoted to #26!”.

Once the recipients visit the message sender’s account, then they are displayed with a post that says ‘Everyone Is On Here Look’ and includes a description along with a link that reads ‘Check what position you’re in!’.

If users click on the link, then they are taken to a fake Instagram login page that is used by scammers to steal login credentials. The link typically ends with .me domain, Bleeping Computer reported.

What are the impacts – The Phishing scam is being used to steal Instagram account details of users. Once the scammers grab the login credentials, they can use them later to send further phishing messages to other Instagram users.

How to stay safe – Users can avoid falling victim to such Instagram phishing scams by:

  • Not entering their login credentials if they are on a page that does not belong to the Instagram website;
  • Verifying the profile of the sender/source before sharing any personal information;
  • Ignoring message from an unknown source that asks you to share sensitive details as it can be a phishing scam.

Article Provided By: CYWARE

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Leaking Bucket- Liquid Video Technologies

Unsecured Databases Leak 60 Million Records

Unsecured Databases Leak 60 Million Records of Scraped LinkedIn Data

Eight unsecured databases were found leaking approximately 60 million records of LinkedIn user information. While most of the information is publicly available, the databases contain the email addresses of the LinkedIn users.

Approximately two weeks ago, I was contacted by security researcher Sanyam Jain of the GDI foundation about something strange that he was seeing. Jain told BleepingComputer that he kept seeing unsecured databases containing the same LinkedIn data appearing and disappearing from the Internet under different IP addresses.

“According to my analysis the data has been removed every day and loaded on another IP. After some time the database becomes either inaccessible or I can no longer connect to the particular IP, which makes me think it was secured. It is very strange.”

Between all eight databases, there was a combined total of approximately 60 million records that contained what appeared to be scraped public information of LinkedIn users. The total size of all of the 8 DBs is 229 GB, with each database ranging between 25 GB to 32 GB.

Example Database
Example Database

As a test, Jain pulled my record from one of the databases and sent it to me for review. The data contained in this record included my LinkedIn profile information, including IDs, profile URLs, work history, education history, location, listed skills, other social profiles, and the last time the profile was updated.

Included in the profile was also my email address that I used when registering my LinkedIn account. It is not known how they gained access to this information as I have always had the LinkedIn privacy setting configured to not publicly display my email address.

Profile information for my record
Profile information for my record

After reviewing the data that was sent to me, I found all of the information to be accurate.

In addition to the above public information, each profile also contains what appears to be internal values that describe the type of LinkedIn subscription the user has and whether they utilize a particular email provider. These values are labeled “isProfessional”, “isPersonal”, “isGmail”, “isHotmail”, and “isOutlook”.

Internal Values
Internal Values

While we not able to determine who the database belonged to, we were able to contact Amazon who is hosting the databases for assistance in getting them secured. As of Monday, the databases were secured and are no longer accessible via the Internet.

LinkedIn states it’s not their database

After seeing that the database contained a user’s email addresses and what appeared to be possible internal values, BleepingComputer contacted LinkedIn to see if the database belonged to them.

After they reviewed my sample record, Paul Rockwell, head of Trust & Safety at LinkedIn, told us that this database does not belong to them, but they are aware of third-party databases containing scraped LinkedIn data.

“We are aware of claims of a scraped LinkedIn database. Our investigation indicates that a third-party company exposed a set of data aggregated from LinkedIn public profiles as well as other, non-LinkedIn sources. We have no indication that LinkedIn has been breached.”

When we followed up with questions as to why the databases would contain my email, we were told that in some cases an email address could be public and were provided a link to a privacy page that allows you to configure who can see a profile’s email address.

LinkedIn Email Privacy Settings
LinkedIn Email Privacy Settings

My settings only allow 1st degree connections to see my email address, so unless the scraper is posing as this type of connection, it is still not known how my email address was included in the database.

Article Provided By: BleepingComputer

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Drones Stealing Sensitive Data

Drones Stealing Sensitive Data

DHS warns of Chinese-made drones stealing sensitive data

  • Drones contain components that can steal sensitive data and share on a server accessed beyond the company itself.
  • An industry analysis has revealed that nearly 80% of the drones used in the US and Canada are from DJI, which is headquartered in Shenzhen, China.

The US Department of Homeland Security warns that Chinese-made drones might be sharing sensitive flight data to its manufacturers on a server accessible to the Chinese government.

Contents of the alert

The US Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has warned that drones are a “potential risk to an organization’s information” and that it contains components that can steal sensitive data and share on a server accessed beyond the company itself.

“Those concerns apply with equal force to certain Chinese-made (unmanned aircraft systems)-connected devices capable of collecting and transferring potentially revealing data about their operations and the individuals and entities operating them, as China imposes unusually stringent obligations on its citizens to support national intelligence activities,” the alert read, CNN reported.

Which drone manufacturers are suspect?

The alert did not specify any manufacturer. However, industry analysis has revealed that nearly 80% of the drones used in the US and Canada are from DJI, which is headquartered in Shenzhen, China.

Key takeaway

Users are warned to be cautious while purchasing drones from China and to take security measures like turning off the device’s internet connection and removing secure digital cards to avoid data theft.

 

By:  Ryan Stewart

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Next Generation Endpoint Security

Next Generation Endpoint Security

Getting Past the Hype of Next Generation Endpoint Security

We’ve heard the same story for years. Antivirus software is not effective in stopping cyber-attacks, as hackers have adapted their techniques to evade signature-based detections. Even next-generation antivirus, which applies techniques such as machine learning and behavioral analytics, is no more effective at protecting an organization than its older sibling. But why? The simple answer is that nearly all AV and NGAV solutions focus their primary value on the prevention of malicious files – an attack vector that is slowly but surely disappearing in favor of file-less capabilities and the subversion of users and trusted applications.

Worse than their hyper-focus on the irrelevant, they continue to rely on historical attack analysis as a basis for future detections which leaves them unable to make high fidelity preventions and detections in real-time. They lack the visibility and threat intelligence necessary to understand an attacker’s tactics and techniques, which means these so-called NGAV solutions lack the confidence in their ability to identify malicious activity. The evidence of this is when they introduce unnecessary latency with cloud and human analysis, which do not function at the speed required to defend against modern threats.

So where does that leave companies in their search for better protection?

A modern endpoint protection strategy must include prevention, detection, and response capabilities. Effective automation of threat intelligence for prevention, along with robust detection and response means security analysts can spend their time improving defenses instead of repeatedly reacting to incidents caused by the same lack of real-time capabilities and unnecessary latency.

The convergence of Endpoint Detection and Response (EDR) into the Endpoint Protection Platform (EPP) can replace core AV/NGAV capabilities, but can also improve protection against the following:

  • Malware variants, including malware-based ransomware
  • Obfuscated malware, unknown malware, and zero-day attacks
  • Malicious scripts that leverage PowerShell, Visual Basic, Perl, Python, and Java/JAR
  • Memory-resident attacks and other malware-less attacks
  • Malicious use of good software

Of the hundred plus endpoint security vendors, Endgame’s endpoint protection platform and single autonomous agent simplifies antivirus replacement through:

  • Earliest Prevention – Protection against exploits, malware, file-less attacks, and ransomware
  • Fastest Detection and Response – Stops all attacks at the earliest stages of the MITRE ATT&CK™ matrix
  • Automated Threat Hunting – Built in discovery, deployment, and dissolvable agent

Endgame’s Artemis, the first intelligent security assistant, elevates and accelerates operators and analysts by responding to plain English questions and commands.  With Artemis, analysts can prioritize, triage, and remediate alerts in minutes across hundreds of thousands of endpoints that would have otherwise taken hours or days with traditional tools.

In an extremely crowded market, endpoint security tools must provide a simple, cost-effective replacement for antivirus while increasing value. With Endgame, your organization can quickly prevent malware and modern attacks across the entire MITRE ATT&CK framework with a single, autonomous agent.

 

Next Generation Endpoint Security  By: Matt Alderman

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Cyber-Crime Gang Busted

Cyber-Crime Gang Busted

GozNym cyber-crime gang which stole millions busted

 

An international crime gang which used malware to steal $100m (£77m) from more than 40,000 victims has been dismantled.

A complex police operation conducted investigations in the US, Bulgaria, Germany, Georgia, Moldova, and Ukraine.

The gang infected computers with GozNym malware, which captured online banking details to access bank accounts.

The gang was put together from criminals who advertised their skills on online forums.

The details of the operation were revealed at the headquarters of the European police agency Europol in The Hague.

It said that the investigation was unprecedented, especially in terms of cross-border co-operation.

Cyber-crime service

Ten members of the network have been charged in Pittsburgh, US on a range of offenses, including stealing money and laundering those funds using the US and foreign bank accounts.

Five Russian nationals remain on the run, including one who developed the GozNym malware and oversaw its development and management, including leasing it to other cyber-criminals.

Various other gang members now face prosecution in other countries, including:

  • The leader of the network, along with his technical assistant, faces charges in Georgia
  • Another member, whose role was to take over different bank accounts, has been extradited to the US from Bulgaria to face trial
  • A gang member who encrypted GozNym malware to make sure it was not detected on networks faces prosecution in Moldova
  • Two more face charges in Germany for money-laundering

Among the victims were small businesses, law firms, international corporations, and non-profit organizations.

Cyber-Crime Gang Busted

Europol said it was a great example of cross-border co-operation | Image copyright Getty IMAGES

One of the things that the operation has highlighted is how common the selling of nefarious cyber-skills has become, says Prof Alan Woodward, a computer scientist from University of Surrey.

“The developers of this malware advertised their ‘product’ so that other criminals could use their service to conduct banking fraud.

“What is known as ‘crime as a service’ has been a growing feature in recent years, allowing organized crime gangs to switch from their traditional haunts of drugs to much more lucrative cyber-crime.”

What is GozNym?

It is a hybrid of two other pieces of malware, Nymaim, and Gozi.

The first of these is what is known as a “dropper”, software that is designed to sneak other malware on to a device and install it. Up until 2015, Nymaim was used primarily to get ransomware on to devices.

Gozi has been around since 2007. Over the years it has resurfaced with new techniques, all aimed at stealing financial information. It was used in concerted attacks on US banks.

Combining the two created what one expert called a “double-headed monster”.

Presentational grey line

Analysis: Anna Holligan, BBC Hague correspondent

Cyber-Crime Gang Busted

Scott Brady said the case represented a “milestone” in the fight against international cybercrime

 

Unsuspecting citizens thought they were clicking a simple link – instead, they gave hackers access to their most intimate details.

US attorney for the Western District of Pennsylvania, Scott Brady stood alongside prosecutors and cyber-crime fighters from five other nations inside Europol’s high-security headquarters, to announce the takedown of what he described as a “global conspiracy”.

The suspected ringleader used GozNym malware and contracted different cyber-crime services – hard to detect bulletproof hosting platforms, money mules and spammers – to control more than 41,000 computers and enable cyber-thieves to steal and whitewash an estimated $100m from victims’ bank accounts.

Gang members in four countries have been charged – a coup for cyber-crime fighters who say the discovery of this sophisticated scam demonstrates the borderless nature of cyber-crime and need for cross border co-operation to detect and disrupt these networks.

 

By: Jane Wakefield

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like liquidvideotechnologies.com to discuss developing your Home SecuritySystem, Networking, Access ControlFire, IT consultant or PCI Compliance, please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

Mid-April Security Alerts

Mid-April Security Alerts

Cisco Issues 31 Mid-April Security Alerts

Among them, two are critical and six are of high importance.

A busy month for Cisco router owners got busier yesterday when the networking giant introduced 31 new advisories and alerts. These announcements came on top of 11 high- and medium-impact vulnerabilities announced earlier in the month.

Of the 31 alerts, 23 are of medium impact, six are of high impact, and two are of critical impact to the organization and its security team.

Most of the medium-impact alerts are for cross-site scripting vulnerabilities, denial-of-service vulnerabilities, or vulnerabilities affecting unauthorized users and access. These were found on devices ranging from LAN controllers to wireless network access points to Cisco’s new Umbrella security framework.

The two critical alerts are for two very different vulnerabilities. In one, a vulnerability in Cisco IOS and IOS XE could allow an attacker to reload the system on a device (potentially replacing the legitimate system with one containing malicious code), or remotely execute code at a privilege level above the level of the user being spoofed to gain access.

This vulnerability is found in the Cisco Cluster Management Protocol (CMP) and was discovered when the documents in the infamous Vault 7 disclosurewere analyzed. That’s bad news because those documents have been available to hackers around the world for more than two years. And the news gets worse: Researchers at Cisco Talos have published a blog post showing this vulnerability has been exploited in the wild as part of a DNS hijacking campaign dubbed “Sea Turtle.”

Cisco already has released a software patch for this critical vulnerability, which has no operational workaround for successful remediation.

The second critical vulnerability could allow a remote attacker to gain access to applications running on a sysadmin virtual machine (VM) that is operating on Cisco ASR 9000 series Aggregation Services Routers. This vulnerability, Cisco says, was found during internal testing and has not yet been used in the wild. The source of the vulnerability – insufficient isolation of the management interface from internal applications – has been fixed in a pair of Cisco IOS XR software releases and does not, therefore, warrant a separate update, Cisco says.

Between the medium and critical vulnerabilities are six high-importance vulnerabilities that affect systems including telepresence video servers, wireless LAN controllers (three separate vulnerabilities), Aironet wireless access points, and the SNMP service.

 

Cisco ranks the severity of vulnerabilities using the Common Vulnerability Scoring System (CVSS) Version 3. Vulnerabilities with a CVSS score of 9.0 to 10.0 are critical, those in the range of 7.0 to 8.9 are high, and a score of 4.0 to 6.9 warrants a medium label. Anything ranking below medium is given an informational alert only.

 

Liquid Video Technologies Logo, Security, Video Surveillance, Greenville South Carolina

 

If you would like to discuss how Liquid Video Technologies can help you secure your data or would like to discuss your next Home Security System, Networking, Access ControlFire, IT consultant or PCI Compliance, needs.  Please do not hesitate to call us at 864-859-9848 or you can email us at deveren@liquidvideotechnologies.com.

1 2 3