Doug Vitale Tech Blog

May – June 2016 News Archive

Fear your on-premises security, not the cloud

Dark Reading, 29 June 2016 – Contrary to popular perception, cyber attackers rarely rely on malware after an initial intrusion to carry out their data exfiltration, surveillance, and other malicious campaigns on target networks. Instead, a majority of them leverage legitimate IT tools and the native capabilities of the platform they are exploiting to move about undetected on a victim network, security vendor LightCyber found in a new study. As a result, organizations that are heavily focused on identifying and weeding out malware on their networks often completely miss active attacks. [More]

Bart ransomware effective without sophisticated encryption

CSO Online, 27 June 2016 – A new ransomware program making the rounds uses a simple, yet effective technique to make user files inaccessible: locking them in password-protected ZIP archives. The new threat is called Bart and shares some similarities — in the ransom note in particular — with Locky, a much more widespread ransomware program. It is distributed through spam emails that masquerade as photos. The emails have ZIP attachments that contain JavaScript files. [More]

Widespread Ransomware Attack Targets Office 365 Users

Info Security Mag, 27 June 2016 – A nasty ransomware is at the heart of a widespread attack on Microsoft 365 users. The virus, called Cerber, is spread through email and, like other ransomware, encrypts users’ files and demands payment in order to unlock them. It plays an audio file informing the user that the computer’s files have been encrypted, while a warning message was displayed on screen. The ransom is set at 1.24 bitcoins or about $500. [More]

New NASA network poised to bring Internet to entire solar system

Gizmag, 23 June 2016 – NASA has made significant progress toward establishing a more reliable, and potentially solar-system-spanning communication system with the installation of a new breed of data network aboard the International Space Station (ISS). As its name suggests, the Delay/Disruption Tolerant Networking (DTN) service allows for the storage of partial pieces of information in the nodes along a communication path, which will allow for faster and more stable transmissions. [More]

Google adds streamlined two-factor authorization

SC Mag, 22 June 2016 – Google has made it easier for consumers to implement and make use of its two-factor authorization (2FA) system by adding a clickable prompt button that replaces the currently used texted six-digit code that is used to unlock an account. Google has been pushing for its users to implement 2FA as an added security measure. [More]

Fear your on-premises security, not the cloud

InfoWorld, 17 June 2016 – The alternative to using the cloud is to leave the applications pretty much unprotected on premises. On-premises systems — not cloud-based workloads — have been the favorite target of hackers in the last several years. Why? Because collectively, organizations have been doing a pretty good job of securing applications as they migrate to the cloud, incorporating the newest technologies and placing a sound layer of security around them. [More]

Cost of a data breach: $4 million. Benefits of responding quickly: Priceless

NetworkWorld, 15 June 2016 – The bad news is that data breaches are becoming ever more common. The worse news is that the cost they represent for companies is going through the roof. Those are two conclusions from a study released Wednesday by IBM Security and the Ponemon Institute, which found that the average cost of a data breach has grown to US $4 million. [More]

Report finds millions of firewall ports left open unnecessarily

SC Mag, 9 June 2016 – According to a research paper by Rapid7, titled National Exposure Index: Inferring Internet Security Posture by Country through Port Scanning, around 15 million ports offer unencrypted Telnet nodes, 11.2 million appearing to offer direct access to relational databases, and 4.5 million apparent printer services. Around 4.7 million systems expose one of the most commonly attacked ports used by Microsoft systems, 445/TCP. The research also found that SSH (secure shell) adoption over telnet (cleartext shell) is gaining ground over telnet, with over 50 percent of regions offering more SSH servers than telnet servers. 

Beware fake white hats peddling bugs

InfoWorld, 8 June 2016 – When someone uncovers a vulnerability in an organization’s network, the ethical action is to notify them of the problem and provide the necessary information to help them address the issues. The wrong thing to do is demand some kind of a payment before disclosing any details. Yet IBM X-Force researchers have investigated more than 30 incidents over the past year where attackers did exactly that. These intruders broke into enterprise networks, stole files or collected information, then sent a message to the victim organization offering to reveal the website vulnerabilities they exploited for a set fee. It’s not a nominal amount, either, as the attackers have demanded payments in excess of $30,000. [More]

Petya ransomware is now double the trouble

CIO, 13 May 2016 – The Petya ransomware now bundles a second file-encrypting program for cases where it cannot replace a computer’s master boot record to encrypt its file table. Petya is an unusual ransomware threat that first popped up on security researchers’ radar in March. Instead of encrypting a user’s files directly, it encrypts the master file table (MFT) used by NTFS disk partitions to hold information about file names, sizes and location on the physical disk. [More]

Lenovo patches serious flaw in pre-installed support tool

CIO, 6 May 2016 – Lenovo has fixed a vulnerability in its Lenovo Solution Center support tool that could allow attackers to execute code with system privileges and take over computers. The Lenovo Solution Center (LSC) is an application that comes pre-installed on many Lenovo laptops and desktops. It allows users to check their system’s virus and firewall status, update their software, perform backups, check battery health, get registration and warranty information and run hardware tests. [More]

Think that printer in the corner isn’t a threat?

CSO, 3 May 2016 – A printer is a legitimate attack surface. Many companies don’t bother to update the firmware on older models, or don’t include every model in a security audit (such as the one in the CEO’s office everyone forgot about), or the organization assumes a hacker won’t bother with an Epson or HP that is barely even connected to Wi-Fi. Interestingly enough, because a printer is so innocuous and seemingly harmless, that’s the exact reason it poses a threat. Sometimes, the best attack vector for an attacker is the one no one bothers to think about. However, a recent IDC survey found that 35 percent of all security breaches in offices were traced back to an unsecured printer or multi-function device. [More]

IPv6 is the Future of the Internet

LinkedIn, 2 May 2016 – The future of the Internet depends on the continued growth of a solid and healthy underlying global network infrastructure supporting the demand for the next generation of the Internet using IPv6 (Internet Protocol version 6) as its communication protocol. In the era of Internet of Things (IoT), without the extensive global adoption and successful deployment of IPv6 as the primary version of the Internet Protocol (IP), not only the future deployment and growth of IoT is impossible, but the future of the Internet itself is at stake. [More]

Written by Doug Vitale

July 8, 2016 at 6:22 PM

%d bloggers like this: