Daily Tech Digest - April 10, 2019

The report notes that phishing attacks have become the most widespread email threat to organisations around the world, with attacks keeping pace with security controls, evolving to evade detection. “For most organisations, phishing is the number one email security threat, outranking both malware and ransomware,” the report said, highlighting the finding that one in every 99 emails is a phishing attack. “Cloud-based email, despite all of its benefits, has unfortunately launched a new era of phishing attacks,” said Yoav Nathaniel, lead security analyst at Avanan. “The nature of the cloud provides more vectors for hackers and gives them broader access to critical data when a phishing attack is successful. “Organisations are in desperate need for more information on phishing attacks and how to combat these attacks. We conducted this research to help inform organisations and shed light on how to keep sophisticated attacks out of their environment,” he said. In their analysis of emails sent to Office 365, Avanan researchers scanned every email after the default security, enabling them to see the phishing attacks that were caught as well as those that were missed.

What is a password spraying attack and how does it work?

It can be a dictionary attack where you have these common passwords that people might use. What can also be used are credentials obtained through compromised websites because many people repeat passwords across multiple sites. Usually, it's a dictionary-type [attack], but taking passwords from sites that have been compromised is also a method that would be used. It [also] depends on how targeted the attack is. If they're going after a specific person, they might try to use all of the usernames associated with a given email and try all of the passwords that may have been taken from compromised sites. [They may] also try those usernames they have against a dictionary cyberattack [of common passwords] as well. It really depends on the motive of the hacker. it would be difficult to judge an attacker's level of sophistication based on whether they use a password spraying attack or not. You'd have to look at what other mechanisms were used as part of the broader attack. Are there other things that would occur?

The Citizen’s Perspective on the Use of AI in Government

Citizens generally feel positive about government use of AI, but the level of support varies widely by use case, and many remain hesitant. Citizens expressed a positive net perception of all 13 potential use cases covered in the survey, except decision making in the justice system. (See Exhibit 1.) For example, 51% of respondents disagreed with using AI to determine innocence or guilt in a criminal trial, and 46% disagreed with its use for making parole decisions. While AI can in theory reduce subjectivity in such decisions, there are still legitimate concerns about the potential for algorithmic error or bias. Furthermore, algorithms cannot truly understand the extenuating circumstances and contextual information that many people believe should be weighed as part of these decisions. The level of support is high, however, for using AI in many core government decision-making processes, such as tax and welfare administration, fraud and noncompliance monitoring, and, to a lesser extent, immigration and visa processing. Strong support emerged for less sensitive decisions such as traffic and transport optimization.

The real challenge to achieving 5G: the networks

The real challenge to achieving 5G: the networks
What are the 5G network challenges? The overriding one is producing a network core that is fully virtualized. Currently most networks are populated with equipment that has a dedicated single purpose function (e.g., switch, router, NIC, RAN). This doesn’t work well when you want to be able to change and provision new services, network connections, and software solutions. The carriers have been moving towards Network Function Virtualization (NFV) for several years. But 5G has made it imperative. Why? Services such as network slicing, NB IoT, quality-of-service offerings, intelligence at the edge, multiple radio networks/connections, etc. all require NFV. To make NFV real, operators are installing equipment that is powered not by custom fixe- function processors, but by multi-purpose programmable servers that in many ways are similar to standard application servers in use at enterprises and in the cloud. They are fully programmable and able to run applications locally as is required for new service offerings. They are fully programmable and able to run applications locally as is required for new service offerings.

Tens of thousands of cars were left exposed to thieves due to a hardcoded password

The vulnerability, tracked as CVE-2019-9493, impacts the MyCar telematics system sold by Quebec-based Automobility Distribution. ... MyCar is one of the more advanced vehicle telematics systems, providing a wealth of useful controls. According to the MyCar website, users can use the MyCar mobile apps "to pre-warm your car's cabin in the winter, pre-cool it in the summer, lock and unlock your doors, arm and disarm your vehicle's security system, open your trunk, and even find your car in a parking lot." For these reasons, the hardcoded credentials left inside the two MyCar mobile apps were a huge security flaw. According to a security alert sent out on Monday by the Carnegie Mellon University CERT Coordination Center, before the updates, any threat actor could have extracted these hardcoded credentials from the app's source code and they could have been used "in place of a user's username and password to communicate with the server endpoint for a target user's account," granting full control over any connected cars --such as locating, unlocking, and starting any connected cars.

The role of the CIO in moving from a product company to a solutions and services provider

The role of the CIO in moving from products to solutions and services image
CIOs “have three different areas of responsibility,” according to Sanghrajka. The first surrounds how CIOs (CTOs or IT leaders) can provide technology to run operations efficiently. “That is number one,” he says. The second is about enabling technology to help businesses engage with the customer better, whether it’s employees, external customers or external partners. “How do you enable a system of engagement and create stickiness, which are factors that drive revenue growth,” asks Sanghrajka? “The first factor drives efficiency and the second factor drives revenue growth and customer loyalty,” he continues. The third concerns the actual role of the CIO. They need to become more strategically focused and play a more important role in helping their business transform from a product company to a solutions and services company. “An example of that is moving from a DVD business to a streaming service,” explains Sanghrajka. To embrace this, the role of the CIO is constantly changing.

NSS Labs CTO Jason Brvenik talks security testing challenges

There is so little transparency between what the user expects and what the product delivers, and the only way to know if something's being effective is to actually try it and the only people trying to beat defenses are the attackers right now. It's about transparency and accountability, allowing the enterprise to at least know the bounds of how much trust they should put in the capabilities being fielded, and how much opportunity they have to close that gap, and to protect their users, to protect their employees, and protect their shareholders. That's a key element -- it's necessary in the industry. It's nontrivial. It's somewhat sobering that I have a very small team that I call the 'Offensive Research' team that does the net new security testing capabilities, and we've yet to meet a product that we couldn't get past. What does that tell you? Of course, no product is perfect. We can't solve all problems in the industry. We can certainly try to make it much more difficult for somebody to steal from you and take your data.

Juniper opens SD-WAN service for the cloud

Juniper opens SD-WAN service for the cloud
The service brings with it Juniper’s Contrail Service Orchestration package, which secures, automates, and runs the service life cycle across NFX Series Network Services Platforms, EX Series Ethernet Switches, SRX Series next-generation firewalls, and MX Series 5G Universal Routing Platforms. Ultimately it lets customers manage and set up SD-WANs all from a single portal. The package is also a service orchestrator for the vSRX Virtual Firewall and vMX Virtual Router, available in public cloud marketplaces such as Amazon Web Services (AWS) and Microsoft Azure, Juniper said. The SD-WAN offering also includes integration with cloud security provider ZScaler. Contrail Service Orchestration offers organizations visibility across SD-WAN, as well as branch wired and now wireless infrastructure. Monitoring and intelligent analytics offer real-time insight into network operations, allowing administrators to preempt looming threats and degradations, as well as pinpoint issues for faster recovery.

Recent Progress in Software Security 

Perhaps the most promising advance in software security involves using runtime controls that are embedded in the execution environment. This technique is sometimes called runtime application self-protection (RASP). Through the integration of behavioral and even machine-learning controls into and around an executable, a programmed protection environment emerges—one that can compensate for code weaknesses. RASP controls, cloud development, and DevOps are all tightly woven in most software development organizations. All three aim to increase delivered code’s speed and flexibility. However, a somewhat open question is whether these three initiatives result in more secure code. Certainly, RASP will reduce the risk of any application good or bad, but it’s unclear whether programmers write better code in the presence of RASP. Nevertheless, runtime software controls will continue to influence software security, especially in the context of new self-learning methods. Machine-learning techniques have advanced to the point at which observed behaviors can serve as training data to label new variants of software exploits.

Attackers Shift to Malware-Based Cryptominers

Attackers Shift to Malware-Based Cryptominers
"Since the browser is merely an application on a device, it cannot generate the same computing power as infecting the actual device," DeBeck writes. "As a result, this type of cryptojacking takes much longer to generate each coin, which may be incentivizing threat actors to refocus on malware infections to speed things up." Another incentive for the move to malware-based mining may be the halt to the Coinhive project. Coinhive's JavaScript code mined the privacy-focused currency monero. It frequently turned up on hacked websites because it could be incorporated by anyone into a website. The project proved controversial because hackers inserted it into websites without permission. The code was freely available to install, but Coinhive took a 30 percent share of mining rewards even if it was on a hacked site, which some maintained was unethical. "With Coinhive gone, threat actors would have to go to other script providers," DeBeck writes. "While there are many other providers of the same sort of scripts, the removal of Coinhive could affect the overall ability of the technically unskilled to create web-based cryptojacking attacks."

Quote for the day:

"New capabilities emerge just by virtue of having smart people with access to state-of-the-art technology." -- Robert E. Kahn

No comments:

Post a Comment