News from 'Help Net Security'

Syndicate content
Daily information security news with a focus on enterprise security.
Updated: 16 hours 6 min ago

How security pros look at encryption backdoors

9 hours 29 min ago
The majority of IT security professionals believe encryption backdoors are ineffective and potentially dangerous, with 91 percent saying cybercriminals could take advantage of government-mandated encryption backdoors. 72 percent of the respondents do not believe encryption backdoors would make their nations safer from terrorists, according to a Venafi survey of 296 IT security pros, conducted at Black Hat USA 2017. “Giving the government backdoors to encryption destroys our security and makes communications more vulnerable,” said Kevin … More →
Categories: Cyber India

NotPetya aftermath: Companies lost hundreds of millions

Fri, 18/Aug/2017 - 00:31
The infamous NotPetya ransomware attack, which started in Ukraine on June 27 but later spread to many international businesses, has resulted in huge monetary losses for the victims. Even those who paid the ransom couldn’t recover swiftly, as it was discovered that the NotPetya attackers weren’t capable of providing decryption keys. In fact, it is now largely accepted that the attack was not performed to acquire money, but to disrupt operations worldwide. Now that the … More →
Categories: Cyber India

How to spot malicious mobile apps

Thu, 17/Aug/2017 - 18:55
The pervasiveness of smartphones has resulted in an onslaught of mobile apps, and it’s pretty safe to say that, by now, there is an app for every imaginable purpose. Unfortunately, among the many helpful ones are also many malicious apps – no app market is safe from them. Fortunately, there are ways to spot such apps. RiskIQ researchers have been monitoring over 120 mobile app stores around the world, and based on their findings, they … More →
Categories: Cyber India

The human point: Gaining visibility into the context behind user actions

Thu, 17/Aug/2017 - 18:45
In this podcast recorded at Black Hat USA 2017, Dr. Richard Ford, Chief Scientist at Forcepoint, talks about the security industry’s need of a paradigm shift toward examining user behavior and intent. Here’s a transcript of the podcast for your convenience. Hello, my name is Dr. Richard Ford, I’m the Chief Scientist over at Forcepoint. In that job, I’m responsible for a variety of different things, but one of the things I’m most excited about … More →
Categories: Cyber India

DevOps skills gap: Do you have the necessary skills to succeed?

Thu, 17/Aug/2017 - 18:25
New research shows that software developers are not receiving the training they need to be successful as DevOps becomes the prevalent approach to building and operating digital products and services. In today’s application-centric economy that gap could have real impact on the productivity of businesses in every industry, as well as on the security and quality of the software that underpins the digital economy. Education and DevOps The 2017 DevSecOps Global Skills Survey by DevOps.com … More →
Categories: Cyber India

Google Chrome remote code execution flaw detailed, PoC released

Thu, 17/Aug/2017 - 18:00
Vulnerability broker Beyond Security has released details about and Proof of Concept code for a remote code execution bug affecting Google Chrome. “The [type confusion] vulnerability results from incorrect optimization by the turbofan compiler, which causes confusion between access to an object array and a value array, and therefore allows to access objects as if they were values by reading them as if they were values (thus receiving their in memory address) or vice-versa to … More →
Categories: Cyber India

Three megatrends that will drive digital business into the next decade

Thu, 17/Aug/2017 - 17:30
Gartner revealed three distinct megatrends that will enable businesses to survive and thrive in the digital economy over the next five to 10 years. Artificial intelligence (AI) everywhere, transparently immersive experiences and digital platforms are the trends that will provide intelligence, create new experiences and offer platforms that allow organizations to connect with new business ecosystems. Hype Cycle for Emerging Technologies, 2017. Note: PaaS = platform as a service; UAVs = unmanned aerial vehicles Hype … More →
Categories: Cyber India

EV ransomware is targeting WordPress sites

Thu, 17/Aug/2017 - 01:47
WordPress security outfit Wordfence has flagged several attempts by attackers to upload ransomware that provides them with the ability to encrypt a WordPress website’s files. They dubbed the malware “EV ransomware”, due to the .ev extension that is added to the encrypted files. About EV ransomware The ransomware is uploaded once the attacker manages to compromise a WordPress website. The attacker starts the encryption process from an interface, after choosing a complex key and pressing … More →
Categories: Cyber India

DOJ wants to know who visited anti-Trump website

Wed, 16/Aug/2017 - 23:12
The US Department of Justice wants DreamHost to hand over IP addresses of some 1.3 million visitors to disruptj20.org, a website that helped organize political protests during President Trump’s inauguration. The company has decided to challenge the request in court. According to a blog post by the LA-based web hosting provider, the DOJ first requested information about the website and its owner, but is now asking DreamHost to provide a glut of data, including the … More →
Categories: Cyber India

Uber to get privacy audit every two years

Wed, 16/Aug/2017 - 21:05
Uber has agreed to implement a comprehensive privacy program and obtain regular, independent audits to settle Federal Trade Commission charges that they deceived consumers by failing to monitor employee access to consumer personal information and by failing to reasonably secure sensitive consumer data stored in the cloud. The complaint In the wake of news reports alleging Uber employees were improperly accessing consumer data, the company issued a statement in November 2014 that it had a … More →
Categories: Cyber India

US, China and the UK are top regions affected by IoT security threats

Wed, 16/Aug/2017 - 18:25
In the Internet of Things (IoT) ecosystem today, cyberattacks are becoming more diverse and sophisticated with cybercriminals taking over home network routers to launch attacks on smart home devices. Trend Micro’s recent report shows more than 1.8 million cyberattacks have been conducted through home network routers in the past six months. Eight percent of these attacks were outbound attacks where hackers were able to access a home device, then remotely execute malware to obtain confidential … More →
Categories: Cyber India

Worldwide information security spending will grow 7% in 2017

Wed, 16/Aug/2017 - 18:00
Worldwide spending on information security products and services will reach $86.4 billion in 2017, an increase of 7 percent over 2016, with spending expected to grow to $93 billion in 2018, according to the latest forecast from Gartner. Within the infrastructure protection segment, Gartner forecasts fast growth in the security testing market (albeit from a small base) due to continued data breaches and growing demands for application security testing as part of DevOps. Spending on … More →
Categories: Cyber India

Medical devices and the Internet of Things: Defending against cyber threats

Wed, 16/Aug/2017 - 17:30
More than one-third (35.6 percent) of surveyed professionals in the Internet of Things-connected medical device ecosystem say their organizations have experienced a cybersecurity incident in the past year, according to Deloitte. Identifying and mitigating the risks of fielded and legacy connected devices presents the industry’s biggest cybersecurity challenge according to respondents (30.1 percent). “It’s not surprising that managing cyber risks of existing IoT medical devices is the top concern facing manufacturers, providers, and regulators,” said … More →
Categories: Cyber India

AI is key to speeding up threat detection and response

Mon, 14/Aug/2017 - 22:45
Time is the most important factor in detecting network breaches and, consequently, in containing cyber incidents and mitigating the cost of a breach. “Security event investigations can last hours, and a full analysis of an advanced threat can take days, weeks or even months. Even large security operations center (SOC) teams with more than 10 skilled analysts find it difficult to detect, confirm, remediate, and verify security incidents in minutes and hours,” says Chris Morales, … More →
Categories: Cyber India

Enterprise security culture: Why you need it, and how to create it

Mon, 14/Aug/2017 - 19:30
Security awareness is a term that most information security professionals are familiar with – security culture a little less so. “Security awareness training is based on a behavioural theory that was debunked decades ago,” says Kai Roer, co-founder of European security startup CLTRe. “The Rational Economic Theory says that if you know the best action to take when given a choice, you will always make the better – and rational – choice. But unfortunately for … More →
Categories: Cyber India

Motivation roulette: Is pseudo-ransomware a term?

Mon, 14/Aug/2017 - 19:00
It used to be so simple. Attack campaigns were relatively simple to determine, for example when we detailed the recent Shamoon campaign it was clear that this was intended to disrupt the victim. In this case the target was clearly Saudi Arabia, and the use of a wiper component indicated the objective of the perpetrators of the attack. Equally the use of ransomware was just as clear, its use was intended to get paid. What … More →
Categories: Cyber India

STIX and TAXII: Sharing cyber threat intelligence

Mon, 14/Aug/2017 - 18:30
In this podcast recorded at Black Hat USA 2017, Allan Thomson, CTO at LookingGlass Cyber Solutions, talks about STIX and TAXII. STIX (Structured Threat Information Expression) is a language for describing cyber threat information so that it can be analyzed and/or exchanged. STIX makes it possible to explicitly characterize a cyber adversary’s motivations, capabilities, and activities, and in doing so, determine how to best defend against them. TAXII (Trusted Automated Exchange of Indicator Information) defines … More →
Categories: Cyber India

Google wants iOS Gmail users to think twice about following suspicious links

Mon, 14/Aug/2017 - 07:57
Google has announced the rollout of new anti-phishing checks for the iOS Gmail app: in less than two weeks, all users will be confronted with two warnings if they attempt to follow a suspicious link from within the app. The first one is a pop-up, warning generally about untrusted nature of the site they are attempting to visit: If they choose to dismiss the warning and proceed, another warning will provide more specific information about … More →
Categories: Cyber India

Week in review: DNA-based malicious code injection, password power rankings

Mon, 14/Aug/2017 - 07:16
Here’s an overview of some of last week’s most interesting news, podcasts and articles: New Cerber ransomware variant steals Bitcoin wallets, passwords Here’s a new reason to fear ransomware more than ever before: a new variant of Cerber has been modified to steal Bitcoin wallets and passwords before encrypting victims’ files and demanding ransom. Obscuring malicious Facebook links using the Open Graph Protocol Most users click on links popping up in their Facebook News Feed … More →
Categories: Cyber India

Researchers pull off DNA-based malicious code injection attack

Fri, 11/Aug/2017 - 19:00
Researchers have demonstrated that it’s possible to create synthetic DNA strands containing malicious computer code that, if sequenced and analyzed, could compromise a computer. The main goal of their research was to test open-source bioinformatics software commonly used by researchers to analyze DNA data for security flaws, and to prove, unequivocally, that the security of these tools should be improved before attackers have the chance to exploit the vulnerabilities. “Many of these [software] are written … More →
Categories: Cyber India