IoT lottery: finding a perfectly secure connected device

http://cyberparse.co.uk/2017/11/27/iot-lottery-finding-a-perfectly-secure-connected-device/ https://i0.wp.com/cyberparse.co.uk/wp-content/uploads/2016/04/security-binary-pd-898757.jpg?fit=3888%2C2592

Black Friday and Cyber Monday are great for shopping.Vendors flood the market with all kinds of goods, including lots of exciting connected devices that promise to make our life easier, happier and more comfortable.Being enthusiastic shoppers just like many other people around the world, at Kaspersky Lab we are, however paranoid enough to look at any Internet of Things (IoT)-device with some concern, even when the price is favorable.All because there is little fun in buying a coffeemaker that would give up your home or corporate Wi-Fi password to an anonymous hacker, or a baby-monitor that could livestream your family moments to someone you most definitely don’t want it livestreamed to. It is no secret that the current state of security of the IoT is far from perfect, and in buying one of those devices you are potentially buying a digital backdoor to your house.So, while preparing for IoT-shopping this year, we asked ourselves: what are our chances of buying a perfectly secure connected device? To find the answer, we conducted a small experiment: we randomly took several different connected devices and reviewed their security set up.It would be an exaggeration to say that we conducted a deep investigation.This exercise was more about what you’d be able to see at first glance if you had a clue about how these things should and shouldn’t work.As a result we found some rather worrying security issues and a few, less serious, but unnecessary ones. We looked at the following devices: a smart battery charger, an app-controlled toy car, an app-controlled smart set of scales, a smart vacuum cleaner, a smart iron, an IP camera, a smart watch, and a smart home hub. Smart Charger The first device we checked was the smart charger that attracted us with its built-in Wi-Fi connectivity. You may ask yourself: who would need a remotely controlled battery charger, especially when you need to manually set the battery to charge? Nevertheless, it exists and it allows you not only to charge the battery, but to manage the way you charge it. Like a boss. The device we tested charges and restores most types of batteries with a nominal voltage from 3 to 12 volts.It has a Wi-Fi module, which allows the device owner to connect remotely to control the charging process, to change the charging settings and to check how much electricity the battery is storing at any time. Once turned on, the device switches by default to ‘access point’ mode.The user should then connect to the device and open the management interface web page.The connection between the charger and the device you use to access the management panel uses the outdated and vulnerable WEP algorithm instead of WPA2. However it is password protected. Having said that, the predefined password is ‘11111’ and it is actually written in the official documentation that comes with the device and is searchable online. However, you can change the password to a more secure one. Having said that, the length of the password is limited, for some reason, to five symbols.Based on the information available here, it would take four minutes to crack such a password.In addition to that the web interface of the device itself has no password protection at all.It is available as is, once it is connected to your home Wi-Fi network. Who would attack a smart charger anyway, you may well ask, and you would probably be right as there are likely few black hat hackers in the world who would want to do that.Especially when it requires the attacker to be within range of the Wi-Fi signal or have access to your Wi-Fi router (which, by the way, is a much bigger problem). On the other hand, the ability to interfere with how the battery is charging, or randomly switching the parameters could be considered as worth a try by a wicked person.The probability of real damage, like setting fire to the battery or just ruining it is heavily dependent on the type of battery, however the attack can be performed just for lulz. Just because they can. To sum up: most likely when using this device, you won’t be in constant danger of a devastating remote cyberattack. However, if your battery eventually catches fire while charging, it could be a sign that you have a hacker in your neighborhood, and you have to change the password for the device. Or it could be the work of a remote hacker, which probably means that your Wi-Fi router needs a firmware update or a password change. Smart App-Controlled Wireless Spy Vehicle While some people are looking for useful IoT features, other seek entertainment and fun.After all, who didn’t dream of their own spying toolset when they were young? Well, a Smart App-Controlled Wireless Spy Vehicle would have seemed a dream come true. This smart device is actually a spy camera on wheels, connected via Wi-Fi and managed via an application.The spy vehicle, sold in toy stores, has Wi-Fi as the only connection interface.For management there are two official applications, for iOS and Android. We assumed that there could be a weakness in the Wi-Fi connections – and we turned out to be right. The device is able to execute the following commands:

Move across the area (with multiple riding modes, it is possible to control speed and direction) View an image from the navigation camera during movement, for ease of navigation View an image from the main camera, which can also be rotated in different directions (there is even a night vision mode) Record photos and videos that are stored in the phone’s memory Play audio remotely via a built-in speaker

Once connected to a phone, it becomes a Wi-Fi access point without password requirements.In other words, any person connected to it can send remote commands to the vehicle – you’d just need to know which commands to send.And if you – being a bit concerned about the lack of password protection in a child’s toy that has spying capabilities – decided to set one up, you’d find there was no opportunity to do so.And if you have basic network sniffing software on your laptop, and decided you’d like to see what the vehicle was currently filming, you’d be able to intercept the traffic between the vehicle and the controlling device. That said, a remote attack is not possible with this device, and an offensive third-party would have to be within the range of the toy’s Wi-Fi signal which should be enabled.But on the other hand, nothing prevents an attacker from listening to your traffic in a passive mode and catching the moment when the device is used.So if you have seen someone with a Wi-Fi antenna near your house recently, chances are they’re curious about your private life, and have the means to look into it. Smart Robo Vacuum Cleaner. With camera Speaking of other devices with cameras that are around you, we spent some time trying to figure out why a smart vacuum cleaner would need to have a web-cam – is it for the macro filming of dust? Or to explore the exciting under-bed world? Joking aside, this function was made specifically for the cleaning enthusiast: if you find it exciting to control the vacuum cleaner manually while checking exactly what it’s doing, this is the gadget for you. Just keep in mind that it is not quite secure. The device is managed via a specific application – you can control the cleaner’s movement, get video live-streaming while it’s cleaning, take pictures, etc.The video will disappear after streaming, while photos are stored in the application. There are two ways to connect to the device via Wi-Fi:

With the cleaner as access point.If you don’t have a Wi-Fi network in your home, the device will provide the connection itself. You simply connect to the cleaner via the mobile application – and off you go! The cleaner can also work as a Wi-Fi adapter, connected to an existing access point.After connecting to the cleaner-as-access-point you can then connect the device to your home Wi-Fi network for better connection and operation radius.

As the device is managed via a mobile phone application, the user should first go through some kind of authorization.Interestingly enough, for this they only need to enter a weak default password – and that’s it.Thus, an attacker just needs to connect to cleaner’s access point, type in the default password to authorize themselves in the application for pairing the mobile phone and the cleaner.After the pairing is completed, they can control the device.Also, after connection to a local network, the robot vacuum cleaner will be visible in the local network and available via a telnet protocol to anyone who is also connected to this network. Yes, the connection is password protected, which can be changed by the owner of the device (but really, who does that?!), and no, there is no brute force protection in place. Also the traffic between the app and the device is encrypted, but the key is hard-coded into the app. We are still examining the device, and the following statement should be taken with a big grain of salt, but potentially a third-party could download the app from Google Play, find the key and use it in a Man-in-the-Middle attack against the protocol. And, of course, like any other Android-app controlled connected device, the robot vacuum cleaner is a subject to attack via rooting malware: upon gaining super user rights, it can access the information coming from the cleaner’s camera and its controls.During the research, we also noticed that the device itself runs on a very old version of Linux OS, which potentially makes it subject to a range of other attacks through unpatched vulnerabilities.This, however, is the subject of ongoing research. Smart Camera IP cameras are the devices targeted most often by IoT-hackers. History shows that, besides the obvious unauthorized surveillance, this kind of device can be used for devastating DDoS-attacks. Not surprisingly, today almost any vendor producing such cameras is in the cross-hairs of hackers. In 2015, our attempt to evaluate the state of security of consumer IoT took a look at baby monitor; this year we’ve focused on a rather different kind of camera: the ones used for outside surveillance – for example the ones you’ve put up in your yard to make sure neighbors don’t steal apples from your trees. Originally, the device and its relatives from the same vendor were insecure due to a lack of vendor attention to the problem.But the issue of camera protection changed dramatically around 2016 after reports of unauthorized access to cameras became publicly known through a number of publications like here or here. Previously, all the cameras sold by this vendor were supplied with a factory default account and default password ‘12345’. Of course, users tended not to change the password.In 2016, the picture changed radically when the vendor became an industry pioneer in security issues, and started to supply cameras in ‘not activated’ mode.Thus, there was no access to the camera before activation.Activation required the creation of a password and some network settings. Moreover, the password was validated in terms of basic complexity requirements (length, variety of characters, numbers and special characters).Activation of the camera could be performed from any PC with access to the camera over the local network. Since this reform, updating the firmware on a camera with a default password leads to the camera demanding a password change and warning the user about security issues every time they connect.The password requirements are quite solid: Additionally, protection from password brute forcing has been implemented: Moreover, the vendor added a new security feature to the firmware in 2016.This involves protection against brute forcing, by automatically blocking access for an IP address after five to seven attempts to enter the wrong password.The lock is automatically removed after 30 minutes.The feature, which is enabled by default, significantly increases the level of security. Nevertheless, not everything is perfect in the camera.For instance, the exchange of data with the cloud is performed via HTTP, with the camera’s serial number as its ID.This obviously makes Man-in-the-Middle attacks more realistic. In addition to a standard WEB interface for such devices, there is a specialized tool for camera configuration, which can search for cameras on the network, display data on the cameras, and perform basic settings including activation, password changes, and the implementation of password resets for network settings. When triggering the device search the PC sends a single Ethernet frame. The camera’s response is not encrypted, and contains model information such as the firmware, date reset and network settings.Since this data is transmitted in a non-encrypted way and the request does not have authorization, this one Ethernet package can detect all cameras on the network and obtain detailed information about them.The algorithm has one more weakness: when forming a response, time delays are not considered.As a consequence, it is easy to organize a DDoS attack in the network, sending such requests to all cameras within the presented Ethernet network . Apart from the described specific protocol, cameras support a standard SSDP protocol for sending notifications, and this allows any software or hardware to automatically detect the cameras.This SSDP data also contains information about the model and serial number of the camera. One more attack vector lies in the remote password reset, which is supported by a technical support service.Anyone with access to the camera’s network can select a camera through the specialized tool for camera configuration and request the reset procedure.As a result, a small file containing the serial number of the camera is created.The file is sent to the technical support service, which then either refuses the request or sends a special code to enter a new password.Interestingly enough, the service doesn’t even try to check whether the user is the owner of the camera – outdoor surveillance assumes that the camera is located out of reach, and it is almost impossible to identify remotely the author of the request.In this scenario, an insider cybercriminal attack is the most probable vector. To sum up: luckily this is not the worst camera we’ve ever seen when it comes to cybersecurity; however, some unnecessary issues are still there to be exploited by an offensive user. Smart Bathroom Scales Remember that picture from the internet, where hacked smart scales threaten to post their owner’s weight online if they don’t pay a ransom? Well, joking aside we’ve proved this may be possible! This is a smart device, interacting with a smartphone app via Bluetooth, but it is also equipped with a Wi-Fi module.This connectivity provides the owner with a number of additional features, from weight monitoring on a private website secured by a password to body analysis and integration with various healthcare apps.Interestingly enough, the only Wi-Fi-enabled feature is the receiving of weather updates. We decided to test the possibility of arbitrary updates\software installation on the specified device in LAN using ARP spoofing and the implementation of Man-in-the-Middle attacks. Here’s what we found. The mobile phone interacts with the main server via HTTPS, in a series of queries.The scales themselves are connected to the mobile phone via Bluetooth.The process of pairing is simple: you request connection via the application, and then turn the scales’ Bluetooth connection on.Given the very limited time for this stage, it is very unlikely that someone will be able to pair the devices without the user’s knowledge. Among other things, the device transmits via Bluetooth various user data – mail, indication of weight, etc.The device receives updates via the application.The latter sends the current version of updates and a number of other parameters to the server – the server, in turn, passes to the application a link to the downloaded file and its checksum. However the updates are provided as is, on the HTTP channel, without encryption, and the updates themselves are also not encrypted.Thus, if you are able to listen to the network to which the device is connected you would be able to spoof the server response or the update itself. This enabled us to, firstly, ‘roll back’ the version of the updates, and then install a modified version that does not match the one retrieved from the server.In this scenario, the further development of attacks is possible, like installing arbitrary software on the device. The good news is that this device has no camera, so even if any other severe vulnerabilities are found, you are safe.Besides that, who would want to spend time on hacking smart scales? Well, the concern is a valid one.First of all, see the picture at the beginning of this text, and secondly: as we already mentioned above, sometimes hackers do things just because they can, because certain things are just fun to crack. Smart Iron Fun to crack – that is something you can definitely say about a smart iron.The very existence of such a device made us very curious.The list of things you could potentially do should a severe vulnerability be found and exploited looked promising. However, the reality turned out to be rather less amusing.Spoiler: based on our research it is impossible to set fire to the house by hacking the iron. However, there are some other rather interesting issues with this device.

The iron has a Bluetooth connection that enables a number of remote management options through a mobile app. We assumed that communication with the server would be insecure, allowing someone to take control of the device and its sensitive data, as manufacturers would not be paying enough attention to the protection of this channel, believing that a smart iron would be of little value to an attacker. Once it is connected to the user’s mobile phone, the iron is managed via the application, which exists in versions for both iOS and Android. The app allows you to:

View the orientation of the iron (whether it is lying flat, standing, or hanging by its cable) Disable (but – sadly – not enable) the iron Activate ‘safe mode’ (in which iron does not react to a mechanical switch on.To turn the iron on when it is in that mode you need to turn off safe mode in the app).

In terms of on/off safety the iron automatically switches off if it is stationary for five seconds in a ‘lying’ position, or for eight minutes in a ‘standing’ position. The iron can also be controlled via the internet.For this, it is necessary to have a gateway near the device, like a separate smartphone or tablet with internet access and a special app. Given all that, we decided to take a closer look at the applications for the device.There are three of them – one for iOS and two for Android.The first Android app is for when you manage the device via Bluetooth and are standing nearby, and the other one is for the gateway, which serves as an online door to your iron when you are not at home.The iOS app is for Bluetooth management.Speaking about the security of all applications, it is worth mentioning that the vendor’s code is not obfuscated at all. When viewing online traffic, we found out that the Android Bluetooth application uses HTTPS, which is a sensible solution.The corresponding app for iOS does not and neither does the gateway app for Android. We decided to test the traffic for the iOS application. Example of phishing attack via the application Once it is enabled, the application offers the user the chance to register, and then sends the data without encryption via HTTP.This gives us a very simple attack vector based on the interception of traffic between the mobile application and the vendor’s server within the local network. As already mentioned, the phone also communicates with the iron using BLE.The BLE traffic is also not encrypted.After deeper investigation of the applications, we were able to control the iron by creating specific commands just from looking into what is transmitted between the devices. So, if you were a hacker, what could you do with all this knowledge? First of all if you would be able to capture the user’s credentials, to pass the authorization stage in an official application and to switch off the iron or set it to ‘safe mode’.It is important to note here that these applications are used for all of the vendor’s smart devices, and there are quite a few.This significantly enlarges the attack surface. No need to worry if you miss the chance to intercept the authentication data.Given that the data exchange between the app and the device is not encrypted, you would be able to intercept a token transmitted from the server to the application and then create your own commands to the iron. As a result, within the local network an attacker can perform:

Identity theft (steal personal email address, username, password) Extortion (take advantage of the ignorance of the user to enable ‘safe mode’ so that the user could not mechanically turn on the iron, and to demand money for disabling ‘safe mode’)

Of course both these vectors are highly unlikely to be extensively performed in the wild, but they are still possible. Just imagine how embarrassing it would be if your private information was compromised, not as a result of an attack by a sophisticated hackers, but because of the poor security of your smart iron. Smart home hub The biggest problem with the vast majority of connected devices currently available is that most of them work with your smartphone as a separate, independent device, and are not integrated into a larger smart ecosystem.The problem is partly solved by so called smart hubs – nodes that unite in one place the data exchange between multiple separate smart devices.Although prior art in finding a secure smart hub, conducted by multiple other researchers, leaves little room for hope, we tried anyway and took a fancy smart hub with a touch screen and the ability to work with different IoT-protocols.It is universally compatible, works with ZigBee и ZWave home automation standards, and very easy to handle: according to the manufacturer, it can be set up within three minutes, using the touchscreen. In addition the hub serves as a wireless Wi-Fi router. Given all the features this multi-purpose device has, being a router, range extender, access point or wireless bridge, we decided to check one of the most common and most dangerous risks related to unauthorized external access to the router.Because, if successful, it would possibly lead to full control of a user’s smart home, including all connected devices. And, no surprise, our research has shown there is such a possibility. To check our assumption we created a local network, by connecting a PC, the device and one more router to each other.All network devices received their IP addresses, and we successfully scanned available ports. Our initial research has shown that, by default, there are two opened ports over WAN.The first one, port 80, is one of the most commonly used and assigned to protocol HTTP.It is the port from which a computer sends and receives web client-based communication and messages from a web server, and which is used to send and receive HTML pages or data.If opened, it means that any user can connect to port 80 and thus have access to the user’s device via the HTTP protocol. The second one, port 22 for contacting SSH (Secure Shell) servers is used for remote control of the device.Attackers can gain access to a device if they obtain or successfully brute force a root password. Usually it’s not an easy task to do. However, in our research we explored another interesting risky thing with the smart hub that makes this much easier. While analyzing the router, we discovered it might have problems with a very common threat risk – weak password generation.In the router system we found ELF (Executable and Linkable Format) file ‘rname’ with a list of names.By looking at this list and the password displayed on the screen, it became clear that device’s password is generated based on the names from this file and, thus, it doesn’t take long for brute force cracking. After a hard reset, the source line for passwords remained, with slightly changed symbols. However, the main password base remained the same, and that still leaves a chance to generate a password. In addition, we found that for device access a root account is constantly used.Thus, offensive users will know the login and a base part of the password, which will significantly facilitate a hacker attack. In case the device has a public IP address and the ports described above are opened, the router can be available for external access from the internet. Or, in other case, if a provider or an ISP (Internet Service Provider) improperly configures the visibility of neighboring hosts of the local network, these devices will be available to the entire local network within the same ISP. In all, we weren’t surprised; just like most any other smart hubs on the market, this one provides a really vast attack surface for an intruder.And this surface covers not only the device itself, but the network it works on.And here are the conclusions which the results of our experiment have brought us to. Conclusions Based on what we’ve seen while doing this exercise, the vendors of many IoT-devices developing their products assume that:

They won’t be attacked due to limited device functionality and a lack of serious consequences in the case of a successful attack. The appropriate level of security for an IoT-device is when there is no easy way to communicate with the wider internet and the attacker needs to have access to the local network the device is connected to.

We have to say that these assumptions are reasonable, but only until the moment when a vulnerable router or multifunctional smart hub, like the one described above, appears in the network to which all other devices are connected.From that moment, all the other devices, no matter how severe or trivial their security issues, are exposed to interference.It is easy to imagine a house, apartment or office populated with all these devices simultaneously, and also easy to imagine what a nightmare it would be if someone tried each of described threat vectors. So in answer to the question we asked ourselves at the beginning of this experiment, we can say that, based on our results at least, it is still hard to find a perfectly secure IoT-device. On the other hand, no matter which device you purchase, most likely it won’t carry really severe security issues, but again, only until you connect them to a vulnerable router or smart hub.

Keeping that and the ongoing high sales holiday season in mind we’d like to share the following advice on how to choose IoT devices:

When choosing what part of your life you’re going to make a little bit smarter, consider the security risks.Think twice if you really need a camera-equipped robo vacuum cleaner or a smart iron, which can potentially spill some of your personal data to an unknown third-party. Before buying an IoT device, search the internet for news of any vulnerability.The Internet of Things is a very hot topic now, and a lot of researchers are doing a great job of finding security issues in products of this kind: from baby monitors to app controlled rifles.It is likely that the device you are going to purchase has already been examined by security researchers and it is possible to find out whether the issues found in the device have been patched. It is not always a great idea to buy the most recent products released on the market.Along with the standard bugs you get in new products, recently-launched devices might contain security issues that haven’t yet been discovered by security researchers.The best choice is to buy products that have already experienced several software updates. To overcome challenges of smart devices’ cybersecurity, Kaspersky Lab has released a beta version of its solution for the ‘smart’ home and the Internet of Things – the Kaspersky IoT Scanner.This free application for the Android platform scans the home Wi-Fi network, informing the user about devices connected to it and their level of security.

When it comes to the vendors of IoT-devices, the advice is simple: collaborate with the security vendors and community when developing new devices and improving old ones. P.S. 1 out of 8 There was one random device in our research, which showed strong enough security for us at least not to be worried about private data leakage or any other devastating consequences.It was a smart watch. Like most other similar devices, these watches require an app to pair them with the smartphone and use.From that moment, most of data exchange between the device and the smartphone, the app and the vendors’ cloud service are reliably encrypted and, without a really deep dive into encryption protocol features or the vendor’s cloud services it is really hard to do anything malicious with the device. For the pairing the owner should use the pin code displayed on the clock for successful authorization.The pin is randomly generated and is not transmitted from the clock.After entering the pin code in the app, the phone and clock create the key for encryption, and all subsequent communication is encrypted.Thus, in the case of BLE traffic interception an attacker will have to decrypt it as well.For this, an attacker will need to intercept traffic at the stage of generating the encryption key. It is apparently impossible to get user data (steps, heart rate etc.) directly from the device.Data synchronization from the clock on the phone is encrypted and, in the same form is sent to the server.Thus, data on the phone is not decrypted, so the encryption algorithm and the key are unknown.

From our perspective this is an example of a really responsible approach to the product, because, by default the vendor of this device could also easily limit their security efforts to assuming that no one will try to hack their watches, as, even if successful, nothing serious happens.This is probably true: it is hard to imagine a hacker who would pursue an opportunity to steal information about how many steps you made or how fast your heart beats at any given moment of the day. Nevertheless, the vendor did their best to eliminate even that small possibility.And this is good, because cybersecurity is not all those boring and costly procedures which you have to implement because some hackers found some errors in your products, we think cybersecurity is an important and valuable feature of an IoT-product, just like its usability, design and list of useful functions. We are sure that as soon as IoT-vendors understand this fact clearly, the whole connected ecosystem will become much more secure than it is now.

The 10 Most Pirated Movies

http://cyberparse.co.uk/2017/01/24/the-10-most-pirated-movies-2/ https://i0.wp.com/cyberparse.co.uk/wp-content/uploads/2016/04/security-binary-pd-898757.jpg?fit=3888%2C2592

Click To View Slideshow»

Two more Oscar hopefuls are on the pirate lists this week.

TorrentFreak’s most pirated movies list is always a good gauge of popular movies as well as the zeitgeist.

Two new DVD screener copies making the rounds of Hollywood are on this week’s list; A Monster Calls and Hacksaw Ridge join the top 10 most pirated. That means the end of the line, for now, of Keeping up with the Joneses and, shockingly, Rogue One: A Star Wars Story. Meanwhile, Jack Reacher: No Way Out shot back to the No. 1 slot. Check out the gallery to see the complete top 10.

If you’ve seen any movies on this list (and we won’t ask how), we’d love to hear what you think of them. Particularly for films that have gotten very mixed reviews.

The 10 Most Pirated Movies

http://cyberparse.co.uk/2017/01/24/the-10-most-pirated-movies-2/ https://i0.wp.com/cyberparse.co.uk/wp-content/uploads/2016/04/security-binary-pd-898757.jpg?fit=3888%2C2592

Click To View Slideshow»

Two more Oscar hopefuls are on the pirate lists this week.

TorrentFreak’s most pirated movies list is always a good gauge of popular movies as well as the zeitgeist.

Two new DVD screener copies making the rounds of Hollywood are on this week’s list; A Monster Calls and Hacksaw Ridge join the top 10 most pirated. That means the end of the line, for now, of Keeping up with the Joneses and, shockingly, Rogue One: A Star Wars Story. Meanwhile, Jack Reacher: No Way Out shot back to the No. 1 slot. Check out the gallery to see the complete top 10.

If you’ve seen any movies on this list (and we won’t ask how), we’d love to hear what you think of them. Particularly for films that have gotten very mixed reviews.

Source Ars Technica » Law & Disorder

HummingBad malware returns in new, more annoying variant

http://cyberparse.co.uk/2017/01/24/hummingbad-malware-returns-in-new-more-annoying-variant/ https://i0.wp.com/cyberparse.co.uk/wp-content/uploads/2016/04/security-binary-pd-898757.jpg?fit=3888%2C2592

Is it a bird? Is it a plane? No, it’s a HUMMINGWHALE The HummingBad malware first discovered in February 2016 is making a return visit to the charts. The original was cleaned up, but not before the malware’s authors Yingmob racked up around US$300,000 per month at its peak.

Check Point Software Technologies says it’s spotted the return version, which it’s dubbed HummingWhale, adding the authors have added better ad fraud capabilities to the code. HummingWhale is tricky: if a user notices and closes its process, it then drops itself into a virtual machine to make it harder to detect. HummingWhale raised Check Point’s red flags when apps published under the names of “fake Chinese developers” showed dubious startup behaviours: “It registered several events on boot, such as TIME_TICK, SCREEN_OFF and INSTALL_REFERRER which [were] dubious in that context.” The dodgy apps also carried an encrypted 1.3 MB file, the main payload, which presents as if its an image (it’s called group.png), but is an executable <code.>apk file. “This .apk operates as a dropper, used to download and execute additional apps, similar to the tactics employed by previous versions of HummingBad. However, this dropper went much further. It uses an Android plugin called DroidPlugin, originally developed by Qihoo 360, to upload fraudulent apps on a virtual machine.” When a user is infected, the command and control sends the user fake ads and apps to the user. The app, running in a virtual machine, generates a fake referrer ID that hits ads to generate the ‘net scum’s revenue. Check Point notes the HummingWhale can get apps running without having to get elevated permissions, and disguises its malice to get onto Google Play. Unlike the original HummingBad, it runs without having to root the victim’s phone, and its use of virtual machines means it can install lots of fraudulent apps without overloading the target. “HummingWhale also tries to raise its reputation in Google Play using fraudulent ratings and comments, similar to the Gooligan and CallJam malware before it”, the post concludes. Check Point says it spotted HummingWhale in more than 20 apps, which have since been removed from Google Play. ® Sponsored: Customer Identity and Access Management

Source it-security feed from realwire

WatchGuard Takes Aim At Sophos With New Threat Detection And Response Solution

http://cyberparse.co.uk/2017/01/24/watchguard-takes-aim-at-sophos-with-new-threat-detection-and-response-solution/ https://i0.wp.com/cyberparse.co.uk/wp-content/uploads/2016/04/security-binary-pd-898757.jpg?fit=3888%2C2592

WatchGuard Technologies is bringing together its network and endpoint security portfolios with the launch of a new Threat Detection and Response solution, following on the heels of competitor Sophos.

The new Threat Detection and Response (TDR) solution, launched last week and announced on Tuesday, is an add-on subscription to the Seattle, Wash.–based company’s flagship Firebox appliance as part of the company’s Total Security Suite package.The cloud-based service adds threat detection capabilities on the endpoint, which connect back into the network for remediation.

WatchGuard has traditionally focused primarily on network security, but CTO Corey Nachreiner said the TDR launch shows the company recognizes the importance of a “holistic view” when it comes to security. He said companies need to embrace integrated network, endpoint, mobile and identity-based access solutions for more comprehensive security.

[Related: The 10 Coolest Network Security Products Of 2016]

“Traditional perimeter security is not enough,” Nachreiner said. “Endpoint is what we were missing before and that is really the point of adding TDR to our product suite.”

The TDR solution includes ThreatSync, which combines feeds from the company’s Firebox appliances, endpoint sensors and threat intelligence feeds for threat detection and policy enforcement.It also includes a Host Ransomware Prevention module.

The launch comes at a time when other security vendors, including those also serving the small, medium and distributed enterprise markets, have pushed to offer both network and endpoint security as part of the same portfolio. Nachreiner said WatchGuard will differentiate itself by providing what he said is enterprise-grade technology through partnerships with enterprise security vendors, simplicity of management, UTM performance, threat visibility across both network and endpoint and allowing for the easy update of new services at no extra cost.

Sophos has also moved to unite its network and endpoint security lines, starting in November 2015 by bringing together intelligence from its next-generation firewall and UTM solutions with its next-generation endpoint technologies.It has since added to the number of products connected, including encryption. Nachreiner said WatchGuard’s offering is different from Sophos because of the threat correlation it offers.

“We believe our correlation is much deeper than Sophos.And, by the way, we plan to make it even deeper,” Nachreiner said.

The launch also comes as security threats facing small and medium businesses continue to accelerate, with SMBs facing tighter budgets and a shortage of staff but ultimately facing the same growing threats as their enterprise peers. Nachreiner said SMBs need the capabilities to detect attacks, but don’t have the time to interact with multiple dashboards, leading them to look for a single set of solutions.

Source The Register - Security

The 10 Most Pirated Movies

http://cyberparse.co.uk/2017/01/24/the-10-most-pirated-movies-2/ https://i0.wp.com/cyberparse.co.uk/wp-content/uploads/2016/04/security-binary-pd-898757.jpg?fit=3888%2C2592

Click To View Slideshow»

Two more Oscar hopefuls are on the pirate lists this week.

TorrentFreak’s most pirated movies list is always a good gauge of popular movies as well as the zeitgeist.

Two new DVD screener copies making the rounds of Hollywood are on this week’s list; A Monster Calls and Hacksaw Ridge join the top 10 most pirated. That means the end of the line, for now, of Keeping up with the Joneses and, shockingly, Rogue One: A Star Wars Story. Meanwhile, Jack Reacher: No Way Out shot back to the No. 1 slot. Check out the gallery to see the complete top 10.

If you’ve seen any movies on this list (and we won’t ask how), we’d love to hear what you think of them. Particularly for films that have gotten very mixed reviews.

Source InfoWorld Security

Furby Rickroll demo: what fresh hell is this?

http://cyberparse.co.uk/2017/01/24/furby-rickroll-demo-what-fresh-hell-is-this/ https://i0.wp.com/cyberparse.co.uk/wp-content/uploads/2016/04/security-binary-pd-898757.jpg?fit=3888%2C2592

Toy-makers, please quit this rubbish, you’re NO GOOD at security Here’s your future botnet, world: connected kids toys that will Rickroll their owners while hosing big servers and guessing the nuclear codes. Hacker Jake Davis, once known as “Topiary” of LulzSec, has pulled apart the Bluetooth variant that toy-maker Hasbro uses to update its “Furby” dolls with new content.

The video below the fold is equal parts cute and scary, but as you can see from Davis’ GitHub repo, he’s well along the path to reverse-engineering Hasbro’s Bluetooth. “Furby can be interacted with stand-alone or while connected to the Android / iOS App ‘Furby Connect World’, which takes full control of Furby’s movement and speech and sends updates it pulls from Hasbro’s servers at Amazon AWS.” He’s already documented a decent amount of what goes on in a Furby’s “brain” (two microcontrollers, a GeneralPlus chip that seems to handle movement, and a Nordic Semiconductor chip that runs Bluetooth Low Energy comms). Youtube Video His documentation list covers Furby Bluetooth; the two chips’ commands and responses; Furby’s action sequences; the app update mechanism; a list of possible names for Furby; and the DLC files that bring new content and firmware upgrades into Furbies’ brains. With all that, you won’t be surprised that he’s also worked out how to flash a custom DLC, which is why Davis thought of botnets:

A Furby that can be updated from “the app” is a Furby whose eyes will flash red and whose mouth will constantly sing Never Gonna Give You Up — Jake Davis (@DoubleJake) January 23, 2017 In his GitHub post, Davis notes that no Furbies were harmed in the making of the hack: he didn’t want to peel it open, partly because a Furby isn’t cheap. Here’s a nice detail: if Davis’ documentation is correct, the Furby Connect World app doesn’t bother with niceties like HTTPS for its startup connection: “When first starting up, the Furby Connect World connects to a server http://fluff-gameupdates.s3.amazonaws.com/ and downloads in-game content, like the 3D models, background music and other sounds”. Later, stuff gets encrypted – but Davis notes, with a suitable proxy, that wasn’t a problem. Since Davis still has a few items on his to-do list, including working the structure of the DLC files, there’s still plenty of fun to be had for tinkerers. ® Sponsored: Customer Identity and Access Management

Source it-security feed from realwire

IBM Acquires Agile 3, Makers Of A Security Dashboard For Business Leaders

http://cyberparse.co.uk/2017/01/23/ibm-acquires-agile-3-makers-of-a-security-dashboard-for-business-leaders-2/ https://i0.wp.com/cyberparse.co.uk/wp-content/uploads/2016/04/security-binary-pd-898757.jpg?fit=3888%2C2592

IBM has continued its acquisition spree into the new year, advancing its security posture Monday by agreeing to buy San Francisco-based Agile 3 Solutions.

The startup, founded by an IBM veteran, has a software portfolio aimed at senior business executives, helping them understand and mitigate the risks of data breaches to their organizations.

IBM Security, headquartered in Cambridge, Mass., also announced its intent to acquire Ravy Technologies, which OEMs dashboards used in the Agile 3 product line.

[Related: IBM CFO Tells Investors Goals Of Cognitive Transformation Are In Sight]

Financial details of the deal weren’t disclosed.

Agile 3, founded in 2009, offers a suite of products that help business leaders make decisions about security threats facing their companies through intuitive visualizations and analytics.

The software design is heavily influenced by service-oriented architecture principles.

Agile 3’s founder, Raghu Varadan, had been IBM’s chief architect for its SOA Center of Excellence, and was responsible for implementing service-oriented architecture solutions for the IBM Global Business Services division’s largest customers.

Once the acquisition is completed in the coming weeks, Agile 3’s technology will be brought to market through IBM Data Security Services.

The solution will also be integrated into IBM Guardium, Big Blue’s data protection product.

Jazz Padda, managing director of Too Many Clouds, a U.K.-based IBM SoftLayer partner, told CRN that IBM’s latest acquisition is another sign that “security is a massive, massive issue right now, especially in cloud-based computing environments.”

Distributors and resellers are clamoring to see their partner vendors advance their cyber-security capabilities, Padda said.

“Company data, especially customer data, is what keeps companies running,” Padda said.

But “the majority of organizations do not know enough about their own data and the importance of it.”

“We will be talking to our contacts at IBM to see how we can take the new product on their books to our partners and their customers,” Padda told CRN.

Source CRN

IBM Acquires Agile 3, Makers Of A Security Dashboard For Business Leaders

http://cyberparse.co.uk/2017/01/23/ibm-acquires-agile-3-makers-of-a-security-dashboard-for-business-leaders-2/ https://i0.wp.com/cyberparse.co.uk/wp-content/uploads/2016/04/security-binary-pd-898757.jpg?fit=3888%2C2592

IBM has continued its acquisition spree into the new year, advancing its security posture Monday by agreeing to buy San Francisco-based Agile 3 Solutions.

The startup, founded by an IBM veteran, has a software portfolio aimed at senior business executives, helping them understand and mitigate the risks of data breaches to their organizations.

IBM Security, headquartered in Cambridge, Mass., also announced its intent to acquire Ravy Technologies, which OEMs dashboards used in the Agile 3 product line.

[Related: IBM CFO Tells Investors Goals Of Cognitive Transformation Are In Sight]

Financial details of the deal weren’t disclosed.

Agile 3, founded in 2009, offers a suite of products that help business leaders make decisions about security threats facing their companies through intuitive visualizations and analytics.

The software design is heavily influenced by service-oriented architecture principles.

Agile 3’s founder, Raghu Varadan, had been IBM’s chief architect for its SOA Center of Excellence, and was responsible for implementing service-oriented architecture solutions for the IBM Global Business Services division’s largest customers.

Once the acquisition is completed in the coming weeks, Agile 3’s technology will be brought to market through IBM Data Security Services.

The solution will also be integrated into IBM Guardium, Big Blue’s data protection product.

Jazz Padda, managing director of Too Many Clouds, a U.K.-based IBM SoftLayer partner, told CRN that IBM’s latest acquisition is another sign that “security is a massive, massive issue right now, especially in cloud-based computing environments.”

Distributors and resellers are clamoring to see their partner vendors advance their cyber-security capabilities, Padda said.

“Company data, especially customer data, is what keeps companies running,” Padda said.

But “the majority of organizations do not know enough about their own data and the importance of it.”

“We will be talking to our contacts at IBM to see how we can take the new product on their books to our partners and their customers,” Padda told CRN.

Source CRN

IBM Acquires Agile 3, Makers Of A Security Dashboard For Business Leaders

http://cyberparse.co.uk/2017/01/23/ibm-acquires-agile-3-makers-of-a-security-dashboard-for-business-leaders-2/ https://i0.wp.com/cyberparse.co.uk/wp-content/uploads/2016/04/security-binary-pd-898757.jpg?fit=3888%2C2592

IBM has continued its acquisition spree into the new year, advancing its security posture Monday by agreeing to buy San Francisco-based Agile 3 Solutions.

The startup, founded by an IBM veteran, has a software portfolio aimed at senior business executives, helping them understand and mitigate the risks of data breaches to their organizations.

IBM Security, headquartered in Cambridge, Mass., also announced its intent to acquire Ravy Technologies, which OEMs dashboards used in the Agile 3 product line.

[Related: IBM CFO Tells Investors Goals Of Cognitive Transformation Are In Sight]

Financial details of the deal weren’t disclosed.

Agile 3, founded in 2009, offers a suite of products that help business leaders make decisions about security threats facing their companies through intuitive visualizations and analytics.

The software design is heavily influenced by service-oriented architecture principles.

Agile 3’s founder, Raghu Varadan, had been IBM’s chief architect for its SOA Center of Excellence, and was responsible for implementing service-oriented architecture solutions for the IBM Global Business Services division’s largest customers.

Once the acquisition is completed in the coming weeks, Agile 3’s technology will be brought to market through IBM Data Security Services.

The solution will also be integrated into IBM Guardium, Big Blue’s data protection product.

Jazz Padda, managing director of Too Many Clouds, a U.K.-based IBM SoftLayer partner, told CRN that IBM’s latest acquisition is another sign that “security is a massive, massive issue right now, especially in cloud-based computing environments.”

Distributors and resellers are clamoring to see their partner vendors advance their cyber-security capabilities, Padda said.

“Company data, especially customer data, is what keeps companies running,” Padda said.

But “the majority of organizations do not know enough about their own data and the importance of it.”

“We will be talking to our contacts at IBM to see how we can take the new product on their books to our partners and their customers,” Padda told CRN.

Source CRN

Machine Learning In Cybersecurity Warrants A Silver Shotgun Shell Approach

http://cyberparse.co.uk/2017/01/23/machine-learning-in-cybersecurity-warrants-a-silver-shotgun-shell-approach-2/ https://i0.wp.com/cyberparse.co.uk/wp-content/uploads/2016/04/security-binary-pd-898757.jpg?fit=3888%2C2592

When protecting physical or virtual endpoints, it’s vital to have more than one layer of defense against malware.

Cybersecurity is arguably the most rapidly evolving industry, driven by the digitalization of services, our dependency on Internet-connected devices, and the proliferation of malware and hacking attempts in search for data and financial gain. More than 600 million malware samples currently stalk the Internet, and that’s just the tip of the iceberg in terms of cyber threats. Advanced persistent threats, zero-day vulnerabilities and cyber espionage cannot be identified and stopped by traditional signature-based detection mechanisms.

Behavior-based detection and machine learning are just a few technologies in the arsenal of some security companies, with the latter considered by some as the best line of defense. What is Machine Learning?The simplest definition is that it’s a set of algorithms that can learn by themselves.

Although we’re far from achieving anything remotely similar to human-level capabilities – or even consciousness – these algorithms are pretty handy when properly trained to perform a specific repetitive task. Unlike humans, who tire easily, a machine learning algorithm doesn’t complain and can go through far more data in a short amount of time. The concept has been around for decades, starting with Arthur Samuel in 1959, and at its core is the drive to overcome static programming instructions by enabling an algorithm to make predictions and decisions based on input data.

Consequently, the training data used by the machine learning algorithm to create a model is what makes the algorithm output statistically correct.

The expression “garbage in, garbage out” has been widely used to express poor-quality input that produces incorrect or faulty output in machine learning algorithms. Is There a Single Machine Learning Algorithm?While the term is loosely used across all fields, machine learning is not an algorithm per se, but a field of study.

The various types of algorithms take different approaches towards solving some really specific problems, but it’s all just statistics-based math and probabilities.

Decision trees, neural networks, deep learning, genetic algorithms and Bayesian networks are just a few approaches towards developing machine learning algorithms that can solve specific problems. Breaking down machine learning into the types of problems and tasks they try to solve revolves around the methods used to solve problems. Supervised learning is one such method, involving training the algorithm to learn a general rule based on examples of inputs and desired outputs. Unsupervised learning and reinforcement learning are also commonly used in cybersecurity to enable the algorithm to discover for itself hidden patterns in data, or dynamically interact with malware samples to achieve a goal (e.g. malware detection) based on feedback in the form of penalties and rewards. Is Machine Learning Enough for Cybersecurity?Some security companies argue that machine learning technologies are enough to identify and detect all types of attacks on companies and organizations. Regardless of how well trained an algorithm is, though, there is a chance it will “miss” some malware samples or behaviors.

Even among a large set of machine learning algorithms, each trained to identify a specific malware strand or a specific behavior, chances are that one of them could miss something. This silver shotgun shell approach towards security-centric machine learning algorithms is definitely the best implementation, as more task-oriented algorithms are not only more accurate and reliable, but also more efficient.

But the misconception that that’s all cybersecurity should be about is misguided. When protecting physical or virtual endpoints, it’s vital to have more layers of defense against malware.

Behavior-based detection that monitors processes and applications throughout their entire execution lifetime, web filtering and application control are vital in covering all possible attack vectors that could compromise a system. Liviu Arsene is a senior e-threat analyst for Bitdefender, with a strong background in security and technology. Reporting on global trends and developments in computer security, he writes about malware outbreaks and security incidents while coordinating with technical and … View Full Bio

More Insights

Source Dark Reading: Threat Intelligence

Machine Learning In Cybersecurity Warrants A Silver Shotgun Shell Approach

http://cyberparse.co.uk/2017/01/23/machine-learning-in-cybersecurity-warrants-a-silver-shotgun-shell-approach-2/ https://i0.wp.com/cyberparse.co.uk/wp-content/uploads/2016/04/security-binary-pd-898757.jpg?fit=3888%2C2592

When protecting physical or virtual endpoints, it’s vital to have more than one layer of defense against malware.

Cybersecurity is arguably the most rapidly evolving industry, driven by the digitalization of services, our dependency on Internet-connected devices, and the proliferation of malware and hacking attempts in search for data and financial gain. More than 600 million malware samples currently stalk the Internet, and that’s just the tip of the iceberg in terms of cyber threats. Advanced persistent threats, zero-day vulnerabilities and cyber espionage cannot be identified and stopped by traditional signature-based detection mechanisms.

Behavior-based detection and machine learning are just a few technologies in the arsenal of some security companies, with the latter considered by some as the best line of defense. What is Machine Learning?The simplest definition is that it’s a set of algorithms that can learn by themselves.

Although we’re far from achieving anything remotely similar to human-level capabilities – or even consciousness – these algorithms are pretty handy when properly trained to perform a specific repetitive task. Unlike humans, who tire easily, a machine learning algorithm doesn’t complain and can go through far more data in a short amount of time. The concept has been around for decades, starting with Arthur Samuel in 1959, and at its core is the drive to overcome static programming instructions by enabling an algorithm to make predictions and decisions based on input data.

Consequently, the training data used by the machine learning algorithm to create a model is what makes the algorithm output statistically correct.

The expression “garbage in, garbage out” has been widely used to express poor-quality input that produces incorrect or faulty output in machine learning algorithms. Is There a Single Machine Learning Algorithm?While the term is loosely used across all fields, machine learning is not an algorithm per se, but a field of study.

The various types of algorithms take different approaches towards solving some really specific problems, but it’s all just statistics-based math and probabilities.

Decision trees, neural networks, deep learning, genetic algorithms and Bayesian networks are just a few approaches towards developing machine learning algorithms that can solve specific problems. Breaking down machine learning into the types of problems and tasks they try to solve revolves around the methods used to solve problems. Supervised learning is one such method, involving training the algorithm to learn a general rule based on examples of inputs and desired outputs. Unsupervised learning and reinforcement learning are also commonly used in cybersecurity to enable the algorithm to discover for itself hidden patterns in data, or dynamically interact with malware samples to achieve a goal (e.g. malware detection) based on feedback in the form of penalties and rewards. Is Machine Learning Enough for Cybersecurity?Some security companies argue that machine learning technologies are enough to identify and detect all types of attacks on companies and organizations. Regardless of how well trained an algorithm is, though, there is a chance it will “miss” some malware samples or behaviors.

Even among a large set of machine learning algorithms, each trained to identify a specific malware strand or a specific behavior, chances are that one of them could miss something. This silver shotgun shell approach towards security-centric machine learning algorithms is definitely the best implementation, as more task-oriented algorithms are not only more accurate and reliable, but also more efficient.

But the misconception that that’s all cybersecurity should be about is misguided. When protecting physical or virtual endpoints, it’s vital to have more layers of defense against malware.

Behavior-based detection that monitors processes and applications throughout their entire execution lifetime, web filtering and application control are vital in covering all possible attack vectors that could compromise a system. Liviu Arsene is a senior e-threat analyst for Bitdefender, with a strong background in security and technology. Reporting on global trends and developments in computer security, he writes about malware outbreaks and security incidents while coordinating with technical and … View Full Bio

More Insights

Source Dark Reading: Threat Intelligence

Machine Learning In Cybersecurity Warrants A Silver Shotgun Shell Approach

http://cyberparse.co.uk/2017/01/23/machine-learning-in-cybersecurity-warrants-a-silver-shotgun-shell-approach-2/ https://i0.wp.com/cyberparse.co.uk/wp-content/uploads/2016/04/security-binary-pd-898757.jpg?fit=3888%2C2592

When protecting physical or virtual endpoints, it’s vital to have more than one layer of defense against malware.

Cybersecurity is arguably the most rapidly evolving industry, driven by the digitalization of services, our dependency on Internet-connected devices, and the proliferation of malware and hacking attempts in search for data and financial gain. More than 600 million malware samples currently stalk the Internet, and that’s just the tip of the iceberg in terms of cyber threats. Advanced persistent threats, zero-day vulnerabilities and cyber espionage cannot be identified and stopped by traditional signature-based detection mechanisms.

Behavior-based detection and machine learning are just a few technologies in the arsenal of some security companies, with the latter considered by some as the best line of defense. What is Machine Learning?The simplest definition is that it’s a set of algorithms that can learn by themselves.

Although we’re far from achieving anything remotely similar to human-level capabilities – or even consciousness – these algorithms are pretty handy when properly trained to perform a specific repetitive task. Unlike humans, who tire easily, a machine learning algorithm doesn’t complain and can go through far more data in a short amount of time. The concept has been around for decades, starting with Arthur Samuel in 1959, and at its core is the drive to overcome static programming instructions by enabling an algorithm to make predictions and decisions based on input data.

Consequently, the training data used by the machine learning algorithm to create a model is what makes the algorithm output statistically correct.

The expression “garbage in, garbage out” has been widely used to express poor-quality input that produces incorrect or faulty output in machine learning algorithms. Is There a Single Machine Learning Algorithm?While the term is loosely used across all fields, machine learning is not an algorithm per se, but a field of study.

The various types of algorithms take different approaches towards solving some really specific problems, but it’s all just statistics-based math and probabilities.

Decision trees, neural networks, deep learning, genetic algorithms and Bayesian networks are just a few approaches towards developing machine learning algorithms that can solve specific problems. Breaking down machine learning into the types of problems and tasks they try to solve revolves around the methods used to solve problems. Supervised learning is one such method, involving training the algorithm to learn a general rule based on examples of inputs and desired outputs. Unsupervised learning and reinforcement learning are also commonly used in cybersecurity to enable the algorithm to discover for itself hidden patterns in data, or dynamically interact with malware samples to achieve a goal (e.g. malware detection) based on feedback in the form of penalties and rewards. Is Machine Learning Enough for Cybersecurity?Some security companies argue that machine learning technologies are enough to identify and detect all types of attacks on companies and organizations. Regardless of how well trained an algorithm is, though, there is a chance it will “miss” some malware samples or behaviors.

Even among a large set of machine learning algorithms, each trained to identify a specific malware strand or a specific behavior, chances are that one of them could miss something. This silver shotgun shell approach towards security-centric machine learning algorithms is definitely the best implementation, as more task-oriented algorithms are not only more accurate and reliable, but also more efficient.

But the misconception that that’s all cybersecurity should be about is misguided. When protecting physical or virtual endpoints, it’s vital to have more layers of defense against malware.

Behavior-based detection that monitors processes and applications throughout their entire execution lifetime, web filtering and application control are vital in covering all possible attack vectors that could compromise a system. Liviu Arsene is a senior e-threat analyst for Bitdefender, with a strong background in security and technology. Reporting on global trends and developments in computer security, he writes about malware outbreaks and security incidents while coordinating with technical and … View Full Bio

More Insights

Source Dark Reading: Threat Intelligence

Machine Learning In Cybersecurity Warrants A Silver Shotgun Shell Approach

http://cyberparse.co.uk/2017/01/23/machine-learning-in-cybersecurity-warrants-a-silver-shotgun-shell-approach-2/ https://i0.wp.com/cyberparse.co.uk/wp-content/uploads/2016/04/security-binary-pd-898757.jpg?fit=3888%2C2592

When protecting physical or virtual endpoints, it’s vital to have more than one layer of defense against malware.

Cybersecurity is arguably the most rapidly evolving industry, driven by the digitalization of services, our dependency on Internet-connected devices, and the proliferation of malware and hacking attempts in search for data and financial gain. More than 600 million malware samples currently stalk the Internet, and that’s just the tip of the iceberg in terms of cyber threats. Advanced persistent threats, zero-day vulnerabilities and cyber espionage cannot be identified and stopped by traditional signature-based detection mechanisms.

Behavior-based detection and machine learning are just a few technologies in the arsenal of some security companies, with the latter considered by some as the best line of defense. What is Machine Learning?The simplest definition is that it’s a set of algorithms that can learn by themselves.

Although we’re far from achieving anything remotely similar to human-level capabilities – or even consciousness – these algorithms are pretty handy when properly trained to perform a specific repetitive task. Unlike humans, who tire easily, a machine learning algorithm doesn’t complain and can go through far more data in a short amount of time. The concept has been around for decades, starting with Arthur Samuel in 1959, and at its core is the drive to overcome static programming instructions by enabling an algorithm to make predictions and decisions based on input data.

Consequently, the training data used by the machine learning algorithm to create a model is what makes the algorithm output statistically correct.

The expression “garbage in, garbage out” has been widely used to express poor-quality input that produces incorrect or faulty output in machine learning algorithms. Is There a Single Machine Learning Algorithm?While the term is loosely used across all fields, machine learning is not an algorithm per se, but a field of study.

The various types of algorithms take different approaches towards solving some really specific problems, but it’s all just statistics-based math and probabilities.

Decision trees, neural networks, deep learning, genetic algorithms and Bayesian networks are just a few approaches towards developing machine learning algorithms that can solve specific problems. Breaking down machine learning into the types of problems and tasks they try to solve revolves around the methods used to solve problems. Supervised learning is one such method, involving training the algorithm to learn a general rule based on examples of inputs and desired outputs. Unsupervised learning and reinforcement learning are also commonly used in cybersecurity to enable the algorithm to discover for itself hidden patterns in data, or dynamically interact with malware samples to achieve a goal (e.g. malware detection) based on feedback in the form of penalties and rewards. Is Machine Learning Enough for Cybersecurity?Some security companies argue that machine learning technologies are enough to identify and detect all types of attacks on companies and organizations. Regardless of how well trained an algorithm is, though, there is a chance it will “miss” some malware samples or behaviors.

Even among a large set of machine learning algorithms, each trained to identify a specific malware strand or a specific behavior, chances are that one of them could miss something. This silver shotgun shell approach towards security-centric machine learning algorithms is definitely the best implementation, as more task-oriented algorithms are not only more accurate and reliable, but also more efficient.

But the misconception that that’s all cybersecurity should be about is misguided. When protecting physical or virtual endpoints, it’s vital to have more layers of defense against malware.

Behavior-based detection that monitors processes and applications throughout their entire execution lifetime, web filtering and application control are vital in covering all possible attack vectors that could compromise a system. Liviu Arsene is a senior e-threat analyst for Bitdefender, with a strong background in security and technology. Reporting on global trends and developments in computer security, he writes about malware outbreaks and security incidents while coordinating with technical and … View Full Bio

More Insights

Source Dark Reading: Threat Intelligence

The Cyber Threat Landscape for Law Firms Seminar – Ascertus Brings Together Security Experts and Legal Software Suppliers

http://cyberparse.co.uk/2017/01/23/the-cyber-threat-landscape-for-law-firms-seminar-ascertus-brings-together-security-experts-and-legal-software-suppliers/ https://i0.wp.com/cyberparse.co.uk/wp-content/uploads/2016/04/security-binary-pd-898757.jpg?fit=3888%2C2592

London, U.K., 23 January 2017 – Ascertus Limited is bringing together security experts and three prominent legal software suppliers, including Mimecast, iManage and DocuSign, to discuss one of the most burning issues for the legal industry in 2017 – cyber security. This free to attend seminar is scheduled for 8:30 – 13:00 on 23 February 2017 at the new Central London offices of Bird & Bird.The keynote address will be delivered by Rob Dartnall, Cyber Intelligence Director, Security Alliance, an intelligence-driven cyber security consultancy with global reach. Rob has recently authored a white paper entitled, ‘The Cyber Threat Landscape for Law Firms’, a copy of which will be provided to all attendees. His address will be followed by insightful presentations from Mimecast, iManage Inc., DocuSign and others. The special guest presenter is Jenny Radcliffe aka ‘The People Hacker’ who will talk about her own experiences as an ethical Social Engineer; discussing the tricks, tactics and methods she uses to illustrate how ‘people’ are the weak link in organisations. In her highly entertaining presentation, Jenny will also provide some tips and guidance on how to ‘wake up the workforce’ to this danger. The full agenda can be viewed here: http://www.ascertus.com/Event/The_Cyber_Threat_Landscape_for_Law_Firms_Seminar “With the pace at which technology is advancing alongside the skill set and dogged resolve of cyber criminals, it isn’t far-fetched to believe that a security breach is almost a certainty for most organisations,” said Roy Russell, CEO of Ascertus Limited. “Law firms are especially vulnerable due to the nature of their business. Rather than only focus on breach prevention, loss mitigation is potentially a sounder business approach. It requires all facets of security to come together – i.e. technology, people and processes. At this seminar, attendees will hear from experts and leave with actionable understanding of how they can manage the cyber security challenges faced by their organisations.” The seminar is aimed at individuals responsible for IT, security, data privacy, operations and strategy in law firms and corporate legal departments. To register for the seminar, visit: https://www.eventbrite.co.uk/e/the-cyber-threat-landscape-for-law-firms-tickets-31348272527. About Ascertus LimitedAscertus provides information and document lifecycle management consultancy, software solutions and IT support services to law firms and corporate legal departments. Based in Central London, the company offers a full range of professional services – from consultancy, business analysis and project management; to software implementation, training, documentation and technical support – delivering bespoke email, contract and document management solutions in on-premises and privately hosted environments. The company has successfully delivered and managed some of the largest iManage Work installations at customer sites in the UK. For more information, visit: www.ascertus.com. Media contact:TagusPRVidushi [email protected]+44 7958474632

eProseed to support 11th MENA Regulatory Summit

http://cyberparse.co.uk/2017/01/23/eproseed-to-support-11th-mena-regulatory-summit/ https://i0.wp.com/cyberparse.co.uk/wp-content/uploads/2016/04/security-binary-pd-898757.jpg?fit=3888%2C2592

eProseed will participate as a Supporting Partner in the 11th MENA Regulatory Summit on February 5th & 6th in Dubai, United Arab Emirates. The summit will cover the main topical challenges faced by the regulatory authorities and the GRC community, a debate in which eProseed has a pivotal role to play as the publisher of FSIP, a comprehensive financial supervision solution dedicated to Central Banks, Financial Regulators and Supervisory Authorities.

The 11th MENA Regulatory Summit will take place in Dubai, UAE, in association with the Dubai Financial Services Authority (DFSA) and under the patronage of H.E. Sultan bin Saeed Al Mansouri, the UAE Minister of Economy. Formerly known as the GCC Regulators’ Summit, the event has been renamed in an effort to ensure the utmost involvement of the governance, risk and compliance (GRC) community across the MENA (Middle East and North Africa) region, and to expand the dialogue to neighboring countries that share the same topical risk challenges and regulatory outlook.

eProseed logo

“With increasing demands from many international regulatory bodies, financial supervisory authorities are required to monitor the compliance of their financial institutions against numerous new national and international requirements. In the MENA region, the recent macroeconomic developments have also triggered an unprecedented demand for collection of high precision data at high frequency from all financial institutions to support a better risk based supervision”, comments Geoffroy de Lamalle, Chief Executive Officer of eProseed.

MENA: an increasing role in global compliance and combating financial crime The 11th MENA Regulatory Summit will be attended and supported by regional and international regulators, financial services professionals, law practitioners, advisors and market players. The participants will highlight the recent macroeconomic developments in the MENA region including the US election, Brexit aftermath, regional regulatory responses to the financial crisis, the digital revolution in financial services, block chain technology, and crowd funding.

The speakers will set the landscape for international anti-financial crime trends, FATF perspective on terrorist financing and emergent types of financial crimes, and the dangers of withdrawal of correspondent banking relationships. Panelists will also discuss trade-based money laundering and trade finance activities, compliance culture, business conduct, business ethics, and compliance conflicts.

eProseed, the Solution Provider for Financial Supervision Leveraging the proven expertise in developing and implementing end-to-end business solutions based on Oracle’s world-class software technology stack and a close collaboration with major Financial Institutions and Regulators, eProseed has developed eProseed Financial Supervision Insight Platform (FSIP), an end-to-end financial supervision solution dedicated to Central Banks, Financial Regulators and Supervisory Authorities.

“In essence, eProseed FSIP is a comprehensive, highly agile, and plug-and-play financial supervision solution, enabling efficient and pro-active collection of high precision data at high frequency from all financial institutions, as well as automating and integrating all regulatory and supervisory functions in one single software solution”, says Geoffroy de Lamalle.

About eProseed eProseed is an ICT services provider and a software publisher. Honored with 8 Oracle ACE Directors and 14 Oracle Excellence Awards in the last 7 years, eProseed is an Oracle Platinum Partner with in-depth expertise in Oracle Database, Oracle Fusion Middleware and Oracle Engineered Systems.

eProseed’s portfolio of business applications and business accelerators is built on state-of-the-art, reliable technologies and sound knowledge of today’s challenges, developed and maintained with the highest standards in mind. Comprehensive training and support are provided by eProseed’s experts for both applications and underlying technologies.

Headquartered in Luxembourg, in the heart of Europe, eProseed has offices in Beirut (LB), Brussels (BE), Dubai (AE), London (UK), New York (USA), Porto (PT), Riyadh (SAU), Sydney (AU), and Utrecht (NL).

***

Contact Alexandra Toma Email: [email protected] Phone: +40 767 670 566 www.eproseed.com

Source it-security feed from realwire

DOJ: Microsoft isn’t harmed when it can’t tell users what data we want

http://cyberparse.co.uk/2017/01/23/doj-microsoft-isnt-harmed-when-it-cant-tell-users-what-data-we-want/ https://i0.wp.com/cyberparse.co.uk/wp-content/uploads/2016/04/security-binary-pd-898757.jpg?fit=3888%2C2592

EnlargeStephen Brashear / Getty Images News reader comments 10 Share this story A federal judge in Seattle is set to hear arguments Monday morning from the Department of Justice as to why he should halt Microsoft’s efforts to allow it to tell users, in most cases, when the government demands customer information. In recent years, Microsoft has been rather outspoken against what it views as overbroad government surveillance and has taken the government to court as needed.This case, known as Microsoft v.Department of Justice, marks yet another instance of those challenges.  As of now, Microsoft says, when the government presents it with legal demands for user data held in online storage, those court orders often come with a gag order that has no end date—which it claims is a breach of the First and Fourth Amendments.The company compares this policy to older government attempts to access purely analog information (such as paper documents in a file cabinet), where the “government had to give notice when it sought private information and communications, except in the rarest of circumstances.” As the company continued: “The government, however, has exploited the transition to cloud computing as a means of expanding its power to conduct secret investigations.” Microsoft filed one last brief before the hearing late Sunday evening, saying that under Supreme Court precedent, it had “special circumstances” to challenge the government. In April 2016, Microsoft sued the DOJ, asking a judge to declare unconstitutional the specific portion of federal law that deals with delayed notice, known as 18 USC 2705(b). Numerous large tech companies have sided with Microsoft in this case, including Apple, Google, Dropbox, Amazon, Salesforce, among others. As Microsoft wrote in its 2016 complaint:

There may be exceptional circumstances when the government’s interest in investigating criminal conduct justifies an order temporarily barring a provider from notifying a customer that the government has obtained the customer’s private communications and data.But Section 2705(b) sweeps too broadly.That antiquated law (passed decades before cloud computing existed) allows courts to impose prior restraints on speech about government conduct—the very core of expressive activity the First Amendment is intended to protect—even if other approaches could achieve the government’s objectives without burdening the right to speak freely.The statute sets no limits on the duration of secrecy orders, and it permits prior restraints any time a court has “reason to believe” adverse consequences would occur if the government were not allowed to operate in secret.

Three months after Microsoft sued, the DOJ responded with a motion to dismiss, asking the judge to toss the entire case, largely on the grounds that Microsoft does not have standing to bring such a claim.The DOJ further noted that Microsoft has not suffered any “concrete injury” by not being allowed to disclose further to its customers. Under current law, the DOJ argues, Microsoft can’t bring a “Fourth Amendment claim on behalf of others.” Friends in high places In July 2016, the company notably beat back the government in a separate case at the 2nd US Circuit Court of Appeals—the court found that the company does not have to turn over the contents of an Outlook.com user’s inbox to American investigators because that user’s data is held abroad, in Ireland. (The DOJ has subsequently filed an en banc appeal to a full panel of appellate judges, who have not yet decided if they will hear the case.) The Seattle case has drawn widespread interest from numerous outside companies and organizations, ranging from Apple, to the American Civil Liberties Union, to the Society of Professional Journalists, to even Alaska Airlines. Those groups largely say in their amici curae (friend of the court) filings that there will be a chilling effect on “reporter-source communications caused by fears of widespread unaccountable surveillance; these fears cannot be dispelled or remedied while the gag orders remain in place.” The companies, meanwhile, note that companies will be less likely to use American cloud-based services like Microsoft’s if that data is potentially subject to less-transparent government surveillance. US District Court Judge James L. Robart will hold oral arguments at 10am Pacific Time on Monday at the federal courthouse in downtown Seattle.

Source CRN