news Archives - IT Security Guru

Saks Fifth Avenue Leaves Personal Information of Thousands of Customers Exposed Online

The Gurus — Mon, 20 Mar 2017 11:21:01 +0000

Luxury retailer Saks Fifth Avenue reportedly left the personal information of tens of thousands of its customers exposed in plain text on its online shopping site. BuzzFeed News reports that customers’ e-mail addresses and phone numbers were, up until recently, visible on Saks’ retail website “in plain text online”.
The Saks website is maintained by the digital division of Hudson’s Bay Company, its parent company and owner of multiple department store chains such as Lord & Taylor and Gilt.
View full story
ORIGINAL SOURCE: IBTimes

The post Saks Fifth Avenue Leaves Personal Information of Thousands of Customers Exposed Online appeared first on IT Security Guru.

Amazon Applies Its AI Tools to Cyber Security

The Gurus — Mon, 20 Mar 2017 11:18:27 +0000

Amazon also is adding cyber-security to its AI resume. TechCrunch is reporting that Amazon has acquired AI-based cyber-security company Harvest.ai. According to its website, Harvest.ai uses AI-based algorithms to identify the most important documents and intellectual property of a business, then combines user behavior analytics with data loss prevention techniques to protect them from cyber attacks.
View full story
ORIGINAL SOURCE: Yahoo! News

The post Amazon Applies Its AI Tools to Cyber Security appeared first on IT Security Guru.

Social engineering – the most popular hacking method

The Gurus — Mon, 11 Apr 2016 10:56:18 +0000

Csaba Krasznay, Product Manager of Shell Control Box, Balabit (www.balabit.com)
Hackers may have many challenges, but it seems gaining access to a corporate network using social engineering techniques is not one of them.
Social engineering – a technique whereby an individual is tricked into revealing personal or log-in information – is nothing new, but its evolution in recent years is shocking. Recently, the biggest and costliest data breaches (such as OPM or Ashley Madison) were typically caused by targeted Advanced Persistent Threat (APT) attacks which in most cases relied on an initial step that offers a better success rate than brute force: that is, social engineering. It has become an evergreen hacking method – finding a trusting human to divulge sought-after information is easier than finding and exploiting vulnerabilities on a network or corporate system.
The are many reasons for this: there is hardly any financial investment needed, no major coding skills are required, and it is very easy to remotely manage the ‘project’. Hackers can easily rely on a trusting employee to give them the information they need in order to gain access. For an outsider, it is the path of least resistance. In fact, our own recent survey with IT professionals has revealed that outsiders gaining insider access through social engineering techniques such as phishing, is considered the most popular route in for hackers.
From a hacker’s point of view, it is so easy to target a group of employees you can guarantee that even the very best and most secure IT systems will have at least one bona fide user who falls down – and once this happens the most difficult part of the hack is done. Once the door is opened, and outside hackers have become insiders, even the lowest access can be further escalated until they gain privileged access and therefore could cause a significant data breach.
In social engineering, the key to the success is gaining the confidence of the user. Offering a recruitment plan in an email such as the RSA breach in 2011 that cost the company $66 million recovering from the attack, or presenting a fake breaking news opportunity to an eager journalist of Associated Press about explosions at the White House, are just two examples of the creative lengths that hackers can go to, to exploit human nature. They play on human psychology and natural traits inherent in most of us, or try to establish a connection with the user through information which may be freely available on social media or the corporate website.
Know your Enemy: how to identify the misused accounts
Once hackers have gained access past an organisation’s perimeter they could potentially misuse the account of a legitimate user and the damage caused could be devastating. Organisations today need to know their enemy by identifying who is behind their user accounts, and whether it is a legitimate user or a masked hacker. This should be the fundamental priority in every kind of organisation’s IT security strategy. Although traditional access control tools and anti-malware solutions are necessary, these only protect companies’ sensitive assets while hackers are outside of the network.
User Behaviour Analytics tools are able to provide baseline profiling about real employees, that are unique like fingerprints, and can easily detect the abnormal behaviour of user accounts and alert the security team or block user activities until further notice. Such monitoring can highlight any anomalies in users’ behaviour that are worth investigating and not only alert suspicious activities but can also immediately respond to harmful events and block further activities.
Today it is not enough to just defend against outside attackers, organisations also need to identify any unusual behaviour of their own users, as it has become crucial to know who is actually behind an insider account. It is important that staff are constantly reminded of the raging cyber war and to be vigilant in their daily actions – if they receive an email from the CEO for example when he doesn’t normally send emails, that should ring a few alarm bells. Perhaps it’s all just a matter of keep your friends close, but your enemies closer…

The post Social engineering – the most popular hacking method appeared first on IT Security Guru.

Malwarebytes Reports Compromised WordPress sites Serving Malwares to Users

The Gurus — Mon, 30 Nov 2015 10:22:10 +0000

Security researchers from Malwarebytes have noticed several compromised WordPress sites have been targeted by a malicious malware campaign. The sites are serving malwares to those who visit sites based on the popular CMS. Attackers using the malware are able to change and customise the malicious content to reflect their needs and intentions. Visitors to the compromised sites will be infected as they run scripts from the site.
The attackers are utilising the now notorious Angler exploit kit through HTML and JavaScript. Originally spotted in 2013, the kit is still a highly useful and effective tool for hackers the world over.
SOURCE: SecTechno
FULL ARTICLE: http://www.sectechno.com/several-compromised-wordpress-sites-serving-malwares-2/?utm_source=feedburner

The post Malwarebytes Reports Compromised WordPress sites Serving Malwares to Users appeared first on IT Security Guru.

ITSG News: Top Stories of the day

The Gurus — Tue, 06 Oct 2015 10:29:44 +0000

In today’s news: A digest of some of the big current issues in IT security.
South Korea blames the North for hacking the subway system of Seoul and planting malicious code on employees’ computers.
Car hacking findings take deeper turn as companies announce research from the last year.
Nuclear powers at major risk of hacking, Chatham House report claims.
More on these stories and others at www.itsecurityguru.org
@IT_SecGuru

The post ITSG News: Top Stories of the day appeared first on IT Security Guru.

Forbes and Realtor.com Serving up Adware

The Gurus — Wed, 23 Sep 2015 11:34:01 +0000

Malvertising is making the headlines once more, this time with popular websites Forbes.com and Realtor.com serving up malicious malware.
FireEye researchers have reported that eight Forbes URLs attached to news stories between 2012 and 2015 were included in the attack, whilst Malware bytes is reporting that people browsing Realtor.com website over the last few days may have been exposed to a malvertising campaign.
Both attacks are similar to previously reported attacks that hit sites including ebay.com last month, where visitors can become infected WITHOUT clicking on any bogus ads.
The attackers were able to get the ads onto websites though advertisers and real time bidding networks that both failed to check their security integrity, with visitors who encountered the ads bounced onto both the Neutrino and Angler exploit kits. The Angler exploit kit in particular has an exploit rate of about 40% of all visitors who encounter it.
Forbes has since reported that the malicious adware has been shut down.
Forbes.com is one of the most popular news sites in the world, whilst Realtor.com receives an estimated 28 million visits per month and is ranked third in its category online.
More IT security news at www.itsecurityguru.org
@IT_SecGuru

The post Forbes and Realtor.com Serving up Adware appeared first on IT Security Guru.

More than 50% of malvertisements hosted on news and entertainment sites

The Gurus — Thu, 30 Jul 2015 10:25:58 +0000

Bromium Threat Report Identifies Security Risks of Popular Websites and Software
News and entertainment websites unknowingly host more than 50 percent of malvertisments; Flash exploits increase 60 percent and ransomware increases 80 percent since 2014
Bromium®, Inc., the pioneer of threat isolation to prevent data breaches, today announced the publication of “Endpoint Exploitation Trends 1H 2015,” a Bromium Labs research report that analyzes the ongoing security risk of popular websites and software. The report highlights that more than 50 percent of malvertising is unknowingly hosted on news and entertainment websites, Flash exploits have increased 60 percent in the past six months and the growth of ransomware families has doubled each year since 2013.
“For the last couple years, Internet Explorer was the source of the most exploits, but before that it was Java, and now it is Flash; what we are witnessing is that security risk is a constant, but it is only the name that changes,” said Rahul Kashyap, SVP and chief security architect, Bromium. “Hackers continue to innovate new exploits, new evasion techniques and even new forms of malware – recently ransomware – preying on the most popular websites and commonly used software.”
Key findings from “Endpoint Exploitation Trends 1H 2015” include:

News and Entertainment Websites Hotbed for Malvertising — More than 58 percent of malvertisments (online advertisements with hidden malware) were delivered through news websites (32 percent) and entertainment websites (26 percent); notable websites unknowingly hosting malvertising included cbsnews.com, nbcsports.com, weather.com, boston.com and viralnova.com.
Attackers Targeting Flash — During the first six months of 2015, Flash experienced eight exploits, an increase of 60 percent since 2014, when there were five exploits. Most active exploit kits are now serving Flash exploits, potentially impacting a large number of Internet users, given the ubiquity of Adobe Flash.
Continuous Growth of Ransomware — In the first six months of 2015, nine new ransomware families emerged: CoinVault, TeslaCrypt, Cryptofortress, PClock, AlphaCrypt, El-Polocker, CoinVault 2.0, Locker and TOX; this is an 80 percent increase from 2014 and represents a significant growth in ransomware since 2013, when there were only two ransomware families: Cryptolocker and Cryptowall. Ransomware continues to grow, as cybercriminals realize it is a lucrative form of attack.
Malware Evasion Avoids Detection — Bromium Labs analyzed malware evasion technology and found it is rapidly evolving to bypass even the latest detection techniques deployed by organizations, including antivirus, host intrusion prevention systems (HIPS), honeypots, behavioral analysis, network filters and network intrusion detection systems (NIDS).

Download “Endpoint Exploitation Trends 1H 2015” – www.bromium.com/sites/default/files/rpt-threat-report-1h2015-us-en.pdf

The post More than 50% of malvertisements hosted on news and entertainment sites appeared first on IT Security Guru.

Jonathan French on the OPM Breach

The Gurus — Tue, 28 Jul 2015 15:36:16 +0000

Jonathan French, security Analyst at AppRiver, explains to us just how the OPM breach actually happened, as well as how advanced it was and what the attacker(s) incentives were.
For more information, check out AppRiver’s blog: www.blog.appriver.com
@IT_SecGuru

The post Jonathan French on the OPM Breach appeared first on IT Security Guru.

ITSG News – Routers Enslaved by DDoS Attackers

The Gurus — Mon, 06 Jul 2015 09:25:35 +0000

Attackers are reportedly carrying out DDoS attacks by using version one of the routing information protocol.
More on this story and others at www.itsecurityguru.org
@IT_SecGuru

The post ITSG News – Routers Enslaved by DDoS Attackers appeared first on IT Security Guru.

ITSG News – SCADA Credentials Available Online

The Gurus — Mon, 29 Jun 2015 11:43:34 +0000

The post ITSG News – SCADA Credentials Available Online appeared first on IT Security Guru.