Daily Tech Digest - May 25, 2017

Split Tunnel SMTP Exploit Bypasses Email Security Gateways

The so-called Split Tunnel SMTP Exploit works against pretty much any email encryption device—virtual, hosted or in-house—that accepts inbound SMTP and there's very little anyone can do to stop it, according to the company. Attackers can use the exploit to inject any payload that supports MIME encoding including ransomware, macro viruses and password protected ZIP files. The exploit, says Vikas Singla, CEO of Securolytics, takes advantage of the fact that an email encryption appliance has a publicly accessible IP address and is able to receive and transfer emails. Such devices are typically deployed beyond the enterprise firewall and are often used in conjunction with an email security gateway. Singla says that during an engagement at a healthcare customer site Securolytics discovered an attacker could completely bypass the email security gateway by connecting directly to the encryption appliance.


Big Data versus money laundering: Machine learning, applications and regulation in finance

ML is efficient, but opaque: "It works, and it works well, but we do not exactly understand why or how." Although that has been said on deep learning, it applies more broadly for ML as well, and coming from experts in the field it is not something to be dismissed lightly. This may raise some philosophical questions, mostly having to do with the increasing feeling of being sidelined and not being able to keep up with technology, but there are also some very practical implications. As Mathew notes, whatever anti-MLA approach taken, getting results is not enough. It must also comply with a number of guidelines, ensuring for example there are no discriminations against certain groups of the population. The issue of algorithmic transparency is becoming increasingly understood and widely discussed, and there are many examples in which opaque algorithms embody all sorts of bias.


10 ways to protect your Windows computers against ransomware

With the recent WannaCry ransomware infection affecting users on an international scale, the stakes are extremely high for those who rely on technology to protect their data at all costs. This is especially true of critical systems, such as those that provide life-saving care in hospitals, infrastructure used to manage utilities, and information systems used in government services. .... Consideration must also be given to complying with any regulations that may exist specific to your industry. With that said, safeguards are merely that. The risk associated with malware infections is always present, as risk can't be eliminated. But applying multiple security applications as a layered solution provides comprehensive protection on several fronts to minimize the threat of a potential outbreak in accordance with best practices.


The Importance of Teaching Students About Cyber Security

As for teens and pre-teens, it may be a good idea to show them some real examples of Internet sharing gone wrong. Teens like to share what they are doing, who they are with, what they're wearing and many more aspects of their lives on social media. But they usually don't realize that what they post can be viewed by anyone – their teachers, their principal, their families. Even if their accounts are private, kids talk, and word gets around to the adults. And there are ways for strangers to hack right into their accounts and see those posts they thought were private. Even deleting a post is not as sound as it may seem, because once something goes up on the Internet, there are ways to dig it back up even if it's been deleted. Teens need to know that this can greatly affect their reputation now, and in the long run when it comes to getting into college and applying for jobs.


IT still needs the tried-and-true on-premises data center

As regions such as Africa and Asia focus on new data centers, more established data center regions such as the United States are seeing stagnation in new data center builds and more interest in colocation facilities. Over half of enterprise respondents to IDC's annual survey use colocation services. "At this point, a lot of the nonearly adopters are testing the waters of the colocation market," Quinn said. Among the other half of respondents, there's still a lot of uncertainty around colocation adoption. IT leaders still ask a variety of questions, said Quinn: How do we engage colocation providers? Which workloads should we migrate? And how secure is this going to be? Colocation providers must help customers answer these questions prior to the initial engagement, which can be a bit of a handholding process.


WannaCry Ransomware Cyberattack Raises Legal Issues

The firm can consider what specific steps can be taken to avoid or mitigate potential civil actions, including private rights of action or class actions regarding a cyber incident. Many states allow for a private right of action to be filed in order to recover damages. On cybersecurity matters, there has been substantial activity involving class actions. Engaging experienced counsel early after the cyber incident may help the firm recognize potential litigation, and counsel can recommend steps to anticipate and mitigate costly legal actions. Another important question involves whether and when to contact law enforcement. Federal authorities recommend that law enforcement be contacted when ransomware occurs.[6] The facts of each case must be carefully considered by the firm. Law enforcement will likely want to obtain relevant data about the cyber incident that is properly authenticated under chain of custody protocols.


Here's How Windows 10's Rapid Release Works & Looks

Pilot, Microsoft says, is the state of an upgrade's first four months, when enterprises should install it only in small-sized pilot programs. (Consumers running Windows 10 Home are always fed from the Pilot channel, and so are roped into testing the earliest versions.) After about four months, Microsoft -- in discussion, it claims, with software developers, hardware partners and customers -- declares an upgrade as fit for wider business deployment and thus flags it as Broad. In one example, Microsoft suggested multiple deployment "rings," or groups in an enterprise, with across-the-board upgrades beginning as soon as the Broad release was available. For 1709, that would be about four months after the September 2017 launch, or in January 2018. A second group, recommended Microsoft, would begin the upgrade process two weeks later. Your company might postpone that further or break the business into more than two Broad groups.


Understanding the benefits and threats when building an IoT strategy

By having critical infrastructure components, IoT is a potential target for national and industrial espionage, as well as denial of service and other types of attacks. Another major area of concern is privacy with the personal information that will potentially reside within networks, Big Data and the cloud is also a potential target for cyber attacks. IoT is still a technology in development, and that must me taken in consideration when evaluating its security needs and requirement. Many devices are connected to the Internet and sending data and information to the Cloud, and that will definitely increase. With the advent of contextual data sharing and autonomous machine actions, IoT will become the allocation of a virtual presence to a physical object, and these virtual presences will begin to interact and exchange contextual information.


82% of Databases Left Unencrypted in Public Cloud

The problem isn't in cloud providers failing to secure data centers, but in organizations failing to secure applications, content, systems, networks, and users that use the cloud infrastructure. "That is where people are not aware, or not investing the right resources," he continues. Researchers found of the 82% of databases left unencrypted in the public cloud, 31% were accepting inbound connection requests from the internet. More than half (51%) of network traffic in the public cloud is still on the default web port (port 80) for receiving unencrypted traffic. Nearly all (93%) public cloud resources have no outbound firewall rule, says Badhwar. "You need to have control at the network, configuration, and user layers so it's hard for someone to get in, and harder for them to take your data out," Badhwar emphasizes


Identity management the new 'perimeter' for hospital cybersecurity

“Ten or 12 years ago, we looked at what it would have taken to buy an identity platform, and it would have taken six or seven different commercial software packages to cobble together a sufficient platform,” Houston said. “Had we done that, we would have replaced all of them by today, either because they no longer would be on the market or because they would be out of date.” Houston added that the most important capabilities of an identity management platform, whether proprietary like UPMC’s or purchased from a vendor, include the ability to understand who your users are and ultimately run analytics on their activities.  “We link into our human resources system, our physician credentialing system, we know when people come into our employment, when they change positions, when they leave,” Houston said. “Who they are, where they report to, where they are in the organization, we have a lot of understanding of who these people are.



Quote for the day:


"Simplicity is a great virtue but it requires hard work to achieve it and education to appreciate it." -- Edsger W. Dijkstra