The internet can be a scary place. Threats come in many forms, lurking in practically any corner. Worse, yesterday’s prevailing advice for staying safe online -- avoid dodgy websites, don’t traffic in stolen or illegal goods, interact only with people you know -- no longer holds. Phishing emails from supposed family members, spyware piggybacking on legitimate apps, well-known sites hijacked with malicious code -- digital safety clearly needs new rules to meet today's evolving threatscape.

Considering how much of our digital lives occurs online -- communications, financial transactions, entertainment, work, education, to name a few -- adopting even a few safe browsing practices can lead to broad benefits. And this includes how we deal with email messages as well, given how popular email is as a delivery mechanism for online attacks using exploit kits and malware.

To read this article in full, please click here

The waves of cyberattacks that have rocked Saudi Arabia over the past few months are linked to the earlier Shamoon attacks. However, the initial 2012 attack was the work of a single group, whereas the latest attacks have been carried out by different groups of varying skills and expertise, all following instructions provided by one malicious actor, McAfee researchers have found.

Researchers at McAfee Strategic Intelligence believe the 2012 Shamoon attacks against Saudi Arabia’s state-run oil company Saudi Aramco and Qatari natural gas company RasGas, the attacks last November against Saudi organizations, and these latest attacks are all the work of hacker groups supported and coordinated by a single actor, and not the efforts of multiple gangs operating independently, said McAfee principal engineer Christiaan Beek and McAfee chief scientist Raj Samani. 

To read this article in full, please click here

The internet never forgets, which means data that should have been deleted doesn't always stay deleted. Call it "zombie data," and unless your organization has a complete understanding of how your cloud providers handle file deletion requests, it can come back to haunt you.

Ever since the PC revolution, the concept of data deletion has been a bit misunderstood. After all, dragging a file to the Recycle Bin simply removed the pointer to the file, freeing up disk space to write new data. Until then, the original data remained on the disk, rediscoverable using readily accessible data recovery tools. Even when new data was written to that disk space, parts of the file often lingered, and the original file could be reconstructed from the fragments.

To read this article in full, please click here

After the Shadow Brokers group opened up its archive of exploits allegedly stolen from the United States National Security Agency, security experts found a nasty surprise waiting for Solaris administrators.

The Register reported that the dumped Shadow Broker files reference two programs, EXTREMEPARR and EBBISLAND, that would let attackers obtain root access remotely over the network on Solaris boxes running versions 6 to 10 on x86 and SPARC architectures.

To read this article in full, please click here

Certificate authorities (CAs) have given themselves a black eye lately, making it hard for users to trust them. Google stopped trusting Symantec after discovering the CA had mis-issued thousands of certificates over several years, and researchers found that phishing sites were using PayPal-labeled certificates issued by Linux Foundation’s Let’s Encrypt CA. Even with these missteps, the CAs play a critical role in establishing trust on the internet.

To read this article in full, please click here

Attackers prefer to reuse code and tools for as long as they keep working. In that tradition, researchers have found evidence suggesting a cyberespionage group is still successfully using tools and infrastructure that was first deployed in attacks 20 years ago.

The Moonlight Maze refers to the wave of attacks that targeted U.S. military and government networks, universities, and research institutions back in the mid-to-late 1990s. While the Moonlight Maze disappeared from the radar after the FBI and Department of Defense investigation became public in 1999, there were whispers within the security community that the cyberespionage group never entirely went away. Turla, a Russian-speaking attack group that's also known as Venomous Bear, Uroburos, and Snake, was floated as a possibility, but until recently, all links were guesswork and speculation.

To read this article in full, please click here

Google knows that if enterprises are going to move their critical services to its cloud, then it has to offer something that AWS doesn’t. At Google Cloud Next, the company’s leadership made the case that Google Cloud was the most secure cloud.

At the conference this week, Google unveiled tools that would let IT teams provide granular access to applications, better manage encryption keys, and enforce stronger authentication mechanisms for applications running on Google Cloud. While Google is just playing catch-up to Amazon with the Key Management System for GCP, it is stepping into uncharted territory with Data Leak Prevention API by giving administrators tools that go beyond the infrastructure to protect individual applications. Google is tackling the identity access management challenge differently from Amazon, and it will be up to enterprises to decide which approach they prefer.

To read this article in full, please click here

It doesn’t matter what you do online: The internet knows a ton about you, and that information is a mouse click away.

Search any people finder site—Spokeo, PeekYou, Whitepages, to name a few—and odds are you’ll find a page listing your full name, date of birth, names of family members, current address, and phone number. Depending on the site's aggressiveness, it may offer (for a low membership fee or the price of registering an account) additional details such as past addresses, social media profiles, marital status, employment history, education, court cases such as bankruptcies, hobbies, and even a photo of where you live.

Forget the National Security Agency. Aggregator sites such as Intelius, Radaris, and PeopleFinder have data warehouses full of information about you, accessible to people without your permission, and used for purposes you know nothing about. While these sites ostensibly provide background checks and other public services, they also simplify identity theft, stalking, and doxxing (exposing personal information online to encourage harassment), which is both creepy and downright dangerous.

To read this article in full, please click here

Open source is a wonderful thing. A significant chunk of today’s enterprise IT and personal technology depends on open source software. But even while open source software is widely used in networking, operating systems, and virtualization, enterprise security platforms still tend to be proprietary and vendor-locked. Fortunately, that’s changing. 

If you haven’t been looking to open source to help address your security needs, it’s a shame—you’re missing out on a growing number of freely available tools for protecting your networks, hosts, and data. The best part is, many of these tools come from active projects backed by well-known sources you can trust, such as leading security companies and major cloud operators. And many have been tested in the biggest and most challenging environments you can imagine. 

To read this article in full, please click here

Sony. Anthem. The Office of Personnel Management. Target. Yahoo. The past two years have seen one mega-breach after another—and 2017 promises to be the most catastrophic year yet.

Security experts have long warned that most organizations don’t even know they’ve been breached. Attackers rely on stealth to learn about the network, find valuable information and systems, and steal what they want. Only recently have organizations improved their detection efforts and started investing the time, capital, and people needed to uncover vulnerabilities. When they do, the results are often alarming.

“I think we are going to find more, not less, breaches in 2017,” says Ray Rothrock, CEO of RedSeal, a security analytics firm.

To read this article in full, please click here

The high-water line in information security gets higher each year. Just as we think we’ve finally figured out how to defend against attacks, then attackers come up with something new and we are right back to trying to figure out what to do next.

For example, ransomware has surged in the last year. Although that kind of malware has been around for years, the current model of encrypting user files to hold data hostage came about just recently. Infections quadrupled in 2016, with the FBI estimating an average of 4,000 attacks a day. A recent IBM survey of 600 business leaders in the United States found that one in two had experienced a ransomware attack in the workplace, and that companies paid the ransom 70 percent of the time. As a result, criminals are on track to make nearly $1 billion this year from ransomware, IBM X-Force said.

To read this article in full, please click here

Technology development seems to gallop a little faster each year. But there's always one laggard: encryption. Why the deliberate pace? Because a single, small mistake can cut off communications or shut down businesses.

Yet there are times when you take stock—only to discover the encryption landscape seems to have transformed overnight. Now is that time. Although the changes have been incremental over several years, the net effect is dramatic.

Some of those changes began shortly after Edward Snowden's disclosures of the U.S. government’s extensive surveillance apparatus. Others are the natural result of cryptographic ideas reaching the marketplace, says Brent Waters, an associate professor at the University of Texas at Austin and the recipient of the Association for Computing Machinery’s 2015 Grace Murray Hopper Award.

To read this article in full, please click here

The Nmap Project just released the Holiday Edition of its open source cross-platform security scanner and network mapper, with several important improvements and bug fixes.

New features in Nmap 7.40 include Npcap 0.78r5, for adding driver signing updates to work with Windows 10 Anniversary Update; faster brute-force authentication cracking; and new scripts for Nmap Script Engine, the project’s maintainer Fyodor wrote on the Nmap mailing list.

The de facto standard network mapping and port scanning tool, Nmap (Network Mapper) Security Scanner is widely used by IT and security administrators for network mapping, port-scanning, and network vulnerability testing. Administrators can run Nmap against the network to find open ports, determine what hosts are available on the network, identify what services those hosts are offering, and detect any network information leaked, such as the type of packet filters and firewalls in use.

To read this article in full, please click here

Working with cryptographic libraries is hard, and a single implementation mistake can result in serious security problems. To help developers check their code for implementation errors and find weaknesses in cryptographic software libraries, Google has released a test suite as part of Project Wycheproof.

"In cryptography, subtle mistakes can have catastrophic consequences, and mistakes in open source cryptographic software libraries repeat too often and remain undiscovered for too long," Google security engineers Daniel Bleichenbacher and Thai Duong, wrote in a post announcing the project on the Google Security blog.

To read this article in full, please click here