web Archives - IT Security Guru

Nearly a third of cyber security professionals admit to ‘squatting’ on their competitors’ domains

The Gurus — Tue, 01 Aug 2017 10:36:42 +0000

DomainTools, the leader in domain name and DNS-based cyber threat intelligence, today announced the results of a survey which found that nearly a third (28%) of cyber security professionals have bought domain names to deflect business away from competitors.
Cybersquatting, like most cybercrime, is done for profit and is designed to steal legitimate internet traffic meant for corporate homepages. Over a third (37%) of respondents said that they had been a target of this, and were aware of other domain names that tried to siphon revenue, tarnish their brand and/or copy their website. When asked how much they would be willing to spend to take down a website that was using their company name, 43% said that ‘the sky’s the limit’.
Tim Helming, Director of Product Management at DomainTools said “It is somewhat ironic that over 40% of the cyber security professionals we spoke to are willing to spend over £10,000 to stop anyone else using a domain to affect their business, considering nearly a third of them are registering domains in order for the purpose of targeting their competitors. These results also show how important domains are to a company’s brand, security and bottom line.”
Helming advises that for companies who are worried about being a target to keep an eye on cyber squatters and to register as many domains as possible. “For some brands, it is not practical to register all of the possible combinations of their brands, domains, and add-on terms such as ‘store.’ It can easily run to the tens of thousands of domains, if not over a hundred thousand for a company with multiple product names. The best advice is to register as many relevant domains in the major TLDs as possible (major being com, net, org, .co.uk, biz, us, info, .de) and to keep an aggressive search out for squatting domains.”
Cybersquatting takes advantage of human error, either bad spellers or typing mistakes. Helming suggests that there are certain patterns you can look out for to be able to avoid these websites. “In general, there are certain patterns that tend to be red flags. For example, we don’t see luxury brands using domain names that begin with words such as ‘cheap’ or ‘discount.’ Similarly, they generally do not add numbers, as in ‘123(brand).com’ either. Many such domains exist, but they are being controlled by entities that have nothing to do with the brands themselves and are not likely to give the shopper a satisfying experience. It is also important to know that looks can be deceiving–many illegitimate sites look virtually identical to the real thing. This is where looking closely at the URL can be a real difference-maker for staying safe.”

The post Nearly a third of cyber security professionals admit to ‘squatting’ on their competitors’ domains appeared first on IT Security Guru.

AppRiver: How sophisticated is ransomware on the Dark Web now?

The Gurus — Tue, 31 May 2016 11:59:55 +0000

Join AppRiver’s experts Troy Gill, Fred Touchette and Jon French for another close-up on the findings of their Global Security Report. This week, we’re analysing the ransomware that’s available through the Dark Web.
Ransomware has become very sophisticated through the use of different forms of communication, payment and browsing tools that allow criminals to remain off-grid and to carrry on their illegal activities undisturbed.
Tune in and join AppRiver as we share with you their expertise, gleaned from their unique position as heads of a global security operation. To find out more about their research and work, visit their website or give them a follow on twitter.

The post AppRiver: How sophisticated is ransomware on the Dark Web now? appeared first on IT Security Guru.

Has there been an increase in traffic this year?

The Gurus — Tue, 24 May 2016 09:13:00 +0000

The IT Security Guru has been lucky enough to be able to share a series of videos from the security specialists at AppRiver, award winning e-mail and web security solutions providers.
The videos will break down the findings from AppRiver’s Global Security Report, a quarterly study published by the company that explains the latest trends and threat actors they’ve seen as they carry out their work, securing millions of inboxes around the world.
This video explains what trends we can observe in traffic and what the security impacts are for netizens.
Tune in and join AppRiver as we share with you their expertise, gleaned from their unique position as heads of a global security operation. To find out more about their research and work, visit their website or give them a follow on twitter.

The post Has there been an increase in traffic this year? appeared first on IT Security Guru.

AppRiver: What is the Distributed Spam Distraction (DSD) technique?

The Gurus — Mon, 16 May 2016 09:19:27 +0000

Join AppRiver’s experts for another close-up on the findings of their Global Security Report. This week, we’re analysing what the Distributed Spam Distraction Technique actually is and how it’s developed over recent years.
A cyber criminal basically uses stolen details to incur fraudulent charges – however the e-mail confirmation can’t be hidden from the person being scammed. SO they will send this victim thousands of e-mails, which are very difficult to block, in order to blind them to the confirmation email.
Tune in and join AppRiver as we share with you their expertise, gleaned from their unique position as heads of a global security operation. To find out more about their research and work, visit their website or give them a follow on twitter.

The post AppRiver: What is the Distributed Spam Distraction (DSD) technique? appeared first on IT Security Guru.

What were some of the phishing campaigns seen in the first quarter?

The Gurus — Mon, 09 May 2016 11:31:33 +0000

The IT Security Guru has been lucky enough to be able to share a series of videos from the security specialists at AppRiver, award winning e-mail and web security solutions providers.
The videos will break down the findings from AppRiver’s Global Security Report, a quarterly study published by the company that explains the latest trends and threat actors they’ve seen as they carry out their work, securing millions of inboxes around the world.
This first video explains what the latest techniques are in phishing and how scammers have been duping consumers, who are ever-more savvy to scams yet somehow continuing to fall from them.
Tune in and join AppRiver as we share with you their expertise, gleaned from their unique position as heads of a global security operation. To find out more about their research and work, visit their website or give them a follow on twitter.

The post What were some of the phishing campaigns seen in the first quarter? appeared first on IT Security Guru.

US government updates secure email guide for first time in a decade

The Gurus — Mon, 04 Apr 2016 10:56:56 +0000

The US government’s technology agency has updated its secure email guide for the first time in a decade and put it out for a month of public comment. The National Institute of Standards and Technology (NIST) guide [PDF] is 81 pages long and provides a surprisingly useful rundown on what to do to get your email secure. Its top-line point: email can be made sufficiently secure for important and confidential communications, but it will require adding multiple aspects to your networks and ensuring they work together.

Original Source: The Register
View the full story here

The post US government updates secure email guide for first time in a decade appeared first on IT Security Guru.

Almost half of Endpoint Systems Compromised in the last 12 months, finds SANS Insititute

The Gurus — Thu, 17 Mar 2016 15:49:52 +0000

Cyber attackers are still riding the wave of success by attacking those surfing the web through their endpoint systems.
All the valuable data – logins, access credentials and more – are still being regularly accessed by hackers, SANS has found in their 3rd endpoint security survey.
After quizzing 829 IT professionals, they’ve concluded that there’s a clear need for a more proactive approach to detecting threats and compromises. 44% of respondents said their endpoint systems had been compromised ovethe last 2 years, with a brave 15% admitting they didn’t know how many threats were detected through actively hunting for them.
Over 1 in 4 respondents said it was a third party that notified them of the breach, rather than it being detected initially by the company under attack. So does someone, or something, need to get its act together? Or are the hackers one step ahead of the security community?
Well we know that hackers are always looking for new methods and we know that they have several methods at their disposal – with new phishing methods, new exploit kits and like cropping up left right and centre. What’s more, methods that have been used consistently for decades (quite literally a lifetime in computing terms), such as DDoS attacks, have been found to evolve and change in nature to evade security measures, as found by companies such as Corero in their analyses.
Many experts have in the past cited a lack of network visibility as the core factor undermining their security posture. However it depends who you ask and what experiences they’ve had in the past – ask the CISO of a company that was badly phished and they’ll say their end users are the weak point, as hackers target their lack of awareness in order to get in. Ask someone who’s had an APT lurking on their system for 12 months that then blew up and they’ll say it’s a visibility problem.
What SANS has found is that 41% of respondents said they were unable to acquire information about unauthorised sesnsitive data that they need to detect threats. Furthermore 74% of those surveyed said that they want results from endpoint quesries in an hour or less – 38% want that data in 5 minutes or less!
As is so often with apprehending crime and fraud, it appears that SPEED is of the essence, with the ability to act quickly beng essential to prevent further damage and expense.

The post Almost half of Endpoint Systems Compromised in the last 12 months, finds SANS Insititute appeared first on IT Security Guru.

More than 50% of malvertisements hosted on news and entertainment sites

The Gurus — Thu, 30 Jul 2015 10:25:58 +0000

Bromium Threat Report Identifies Security Risks of Popular Websites and Software
News and entertainment websites unknowingly host more than 50 percent of malvertisments; Flash exploits increase 60 percent and ransomware increases 80 percent since 2014
Bromium®, Inc., the pioneer of threat isolation to prevent data breaches, today announced the publication of “Endpoint Exploitation Trends 1H 2015,” a Bromium Labs research report that analyzes the ongoing security risk of popular websites and software. The report highlights that more than 50 percent of malvertising is unknowingly hosted on news and entertainment websites, Flash exploits have increased 60 percent in the past six months and the growth of ransomware families has doubled each year since 2013.
“For the last couple years, Internet Explorer was the source of the most exploits, but before that it was Java, and now it is Flash; what we are witnessing is that security risk is a constant, but it is only the name that changes,” said Rahul Kashyap, SVP and chief security architect, Bromium. “Hackers continue to innovate new exploits, new evasion techniques and even new forms of malware – recently ransomware – preying on the most popular websites and commonly used software.”
Key findings from “Endpoint Exploitation Trends 1H 2015” include:

News and Entertainment Websites Hotbed for Malvertising — More than 58 percent of malvertisments (online advertisements with hidden malware) were delivered through news websites (32 percent) and entertainment websites (26 percent); notable websites unknowingly hosting malvertising included cbsnews.com, nbcsports.com, weather.com, boston.com and viralnova.com.
Attackers Targeting Flash — During the first six months of 2015, Flash experienced eight exploits, an increase of 60 percent since 2014, when there were five exploits. Most active exploit kits are now serving Flash exploits, potentially impacting a large number of Internet users, given the ubiquity of Adobe Flash.
Continuous Growth of Ransomware — In the first six months of 2015, nine new ransomware families emerged: CoinVault, TeslaCrypt, Cryptofortress, PClock, AlphaCrypt, El-Polocker, CoinVault 2.0, Locker and TOX; this is an 80 percent increase from 2014 and represents a significant growth in ransomware since 2013, when there were only two ransomware families: Cryptolocker and Cryptowall. Ransomware continues to grow, as cybercriminals realize it is a lucrative form of attack.
Malware Evasion Avoids Detection — Bromium Labs analyzed malware evasion technology and found it is rapidly evolving to bypass even the latest detection techniques deployed by organizations, including antivirus, host intrusion prevention systems (HIPS), honeypots, behavioral analysis, network filters and network intrusion detection systems (NIDS).

Download “Endpoint Exploitation Trends 1H 2015” – www.bromium.com/sites/default/files/rpt-threat-report-1h2015-us-en.pdf

The post More than 50% of malvertisements hosted on news and entertainment sites appeared first on IT Security Guru.

Planned Parenthood reports second website hack in a week

The Gurus — Thu, 30 Jul 2015 09:04:42 +0000

Planned Parenthood said electronic traffic to its websites was snarled by computer hackers on Wednesday in the second cyber attack mounted against the healthcare organization this week amid a controversy over alleged sales of aborted fetal tissue.
Websites operated by Planned Parenthood and its political branch, Planned Parenthood Action, were clogged by a wide-scale “distributed denial-of-service,” or DDoS, attack, the organization said.
In such attacks, a web server is deliberately flooded with massive amounts of data to block access from legitimate users.
Service was restored shortly after the attack, but the group opted to keep its websites offline for the remainder of the day “to ensure that we are fully protected,” Dawn Laguens, executive vice president of the Planned Parenthood Federation of America, said in a statement.
Visitors to Planned Parenthood sites, which serve some 200,000 people a day seeking information on reproductive health, birth control, sexually transmitted diseases, parenting, abortion and other topics, were being redirected to its Facebook pages for the time being, Laguens said.
The cyber attack, she said, “only shows how far opponents of safe and legal abortion will go.”
It was the second time in as many days Planned Parenthood’s websites were reported to have been breached by hackers.
The group said on Tuesday it had notified the FBI that “extremists who oppose Planned Parenthood’s mission and services” had launched an attack on its information systems.

view the full story here

The post Planned Parenthood reports second website hack in a week appeared first on IT Security Guru.

Bug hunter reveals Apple iTunes, Mac app store receipt deceit

The Gurus — Wed, 29 Jul 2015 09:27:25 +0000

Vulnerability Lab founder Benjamin Kunz Mejri says he’s found a security bug in Apple’s Mac and iOS app stores that could be exploited to inject malicious JavaScript code into victims’ web browsers.
Mejri reported the “application-side input validation web vulnerability” to Apple in early June, and went public with details of the flaw on Monday this week after conversations with Apple’s security team petered out.
“After we received no serious reply, we released the data,” Mejri told El Reg in an email. Apple did not respond to a request for comment, and it’s not clear if the vulnerability has been addressed.
In a nuthsell, the bug works like this: you change the name of your iThing to include JavaScript code, then download or purchase an app from either the Mac or iTunes stores. Apple’s systems generate an invoice, and email it to you and make a copy available online from your store account.
That JavaScript code stashed in your device name will be embedded in the invoice, so opening it in a browser will execute it, allowing it to attempt to do bad things like hijack your Apple account. Sellers and Apple staff viewing a copy of the invoice will also get attacked.

view the full story here

The post Bug hunter reveals Apple iTunes, Mac app store receipt deceit appeared first on IT Security Guru.