Record profit forecast for a resurgent Sony sends shares to nine-year high

TOKYO (Reuters) - Shares in Sony Corp soared to a nine-year high on Wednesday after it forecast record earnings that have vindicated its restructuring efforts and raised expectations of sustained momentum in profitability.

from Reuters: Technology News http://ift.tt/2h35Wen

Mexico's Puebla state implements stricter rules for Uber, Cabify

MEXICO CITY (Reuters) - Lawmakers in the central Mexican state of Puebla approved new rules on Tuesday aimed at better vetting and monitoring rideshare drivers working for companies like Uber and Cabify after the recent murders of two female college students.

from Reuters: Technology News http://ift.tt/2gZbQwU

Account Hijacks Affect Everybody, Even ‘Top Dogs’

Being “cool and smart” was the name of the game when we were at school, and it seems nothing really changes as we get older. With the ‘cool factor’ among IT professionals translating into the adoption of modern IT technology, it’s not surprising to see why today’s businesses are being pushed ever faster towards to the cloud.

But of course there are other good reasons why 70% of companies (Gartner 2016) are already moving their IT infrastructure closer to the stars with cloud services. Whether it be data storage and servers or the increasing use of SaaS products, cloud computing allows businesses much greater agility and enables them to deliver applications at a fraction of the cost and time.

This is the modern world of IT. As budgets continue to be squeezed, the ‘Try Before You Buy’ model that cloud services offer, along with the option to stop a subscription, is often irresistible to economical companies. Integration is also usually instant and requires next to zero down time, if any at all.

However, like the school days, being cool also meant your ‘Top Dog’ status was vulnerable to competitors or enemies. So too is it the case with the use of cloud computing. As a result, it is crucial that those who adopt the latest tools are aware of their weaknesses.

The main security challenges of cloud services are:

They Are Externally Exposed – Cloud services can typically be accessed from any location and any device; all that is required is an internet connection. While easy access can be an advantage for agile companies the result is that services which run in the cloud are also more exposed to breach attempts than those that run on premise services and remain behind the perimeter.

They Only Come With Default Security – Typically cloud services are provided with some basic security in place, security that still allows unrestricted open internet file sharing and the propagation of malware through file sharing.

As a result of these security challenges, there are three main attack vectors that cloud services make vulnerable to organizations; The first is ‘Account Hijacks’, that is gaining unauthorized access to an individual or organization’s email or computer account for malicious purposes. According to a recent Check Point survey, Account Hijacks were the biggest concern amongst customers and partners. The second is ‘Malware Delivery’ and propagation especially through in-app file sharing services, such as Box or One Drive cloud apps, in order to commit a variety of cyber-crimes. And finally ‘Data Leaks’ which so easily occur, either intentionally or unintentionally, due to the seamlessness of sharing information when using cloud services.

Indeed, due to these security challenges of the cloud, the Check Point Incident Response team is seeing cloud services, both SaaS and IaaS, security breaches becoming increasingly common. A recent case saw customers of a North American financial services company transfer funds to a bogus foreign bank account set up by cyber-criminals. Through a phishing attack, the criminals had managed to compromise a company employee’s Office 365 account and send emails to customers posing as an official accounting representative in order to carry out the theft. Several millions of dollars were transferred before the breach was discovered.

But you don’t have to be working in an Incident Response team to notice this problem. On an almost daily basis the news headlines tell a similar story. Last month, Deloitte, one of the world’s largest accountancy firms, was the victim of a cyber-attack that went unnoticed for months and had affected six of their clients. It is strongly believed that the hackers breached an administrator account of Deloitte’s email system, which was stored in the Azure cloud.

Attacks have also reached national government levels. Earlier this year, 90 email accounts of members of the UK Parliament, including the Prime Minister’s, were hacked. The response by the UK government’s digital team was to shut down access to email for all those affected in order to avoid any potential blackmail attempts the hackers could have carried out.

As seen from the above examples though, whether they are financial, informational or reputational, the overall effect on victims of these types of attacks is huge. And what they all have in common is their direct connection with the vulnerabilities of the cloud.

Often the solutions to these security challenges currently available are not good enough. They are cumbersome, create larger cost overheads for IT departments and are usually incomplete and inefficient. Evidence of this, as we have seen, is the high, and increasing, number of breaches occurring worldwide and at every level, even including enterprises that invest heavily in security services and products.

The good news though is that Account Hijacks can be prevented. So just as you were able to be the coolest   kid at the school prom you can also still be the coolest and most modern IT hero in your organization.

In the next article in this series we will be looking at some of the methods used in Account Hijacks.

 

The post Account Hijacks Affect Everybody, Even ‘Top Dogs’ appeared first on Check Point Blog.

from Check Point Blog http://ift.tt/2z2hfKw

Check Point IoT Blog Series: ‘Home, Smart Home’ – But How Secure Is It?

The smart home is often idealized as a domestic paradise — with a kitchen and fridge that can order groceries for you, robot vacuum cleaners, lights and heating you can control from your phone, and web-enabled entertainment in every room. Beneath the surface of this always-on, seamlessly connected image, however, lie significant concerns about privacy and cybersecurity.

These concerns were dramatized in the Season 2 premiere of the cyber-drama ‘Mr. Robot’, which showed a character’s smart home getting hacked: the TV and stereo are switched on and off randomly; the water temperature in the shower goes from boiling to freezing, and the air conditioning is switched to Arctic temperatures, forcing the character to leave. So was this scenario a case of art imitating life? Just how close to reality was it?

Too close to comfort, in fact. Back in 2013, reporters at Forbes described how they were able to get remote control of a smart home, enabling them to manipulate lights and water services. University of Michigan researchers revealed flaws in Samsung’s SmartThings platform that let them set off smoke alarms and unlock doors. Check Point’s research team found vulnerabilities in a streaming TV device that would allow hackers to access it, and then get control of any other home network the device was connected to.

And just recently, Check Point discovered a vulnerability in the LG Smart ThinQ platform that may have allowed hackers to gain control over various home appliances ranging from ovens & refrigerators to a home bot cleaner. See for yourself.

Security First, Not an Afterthought

In many cases, smart home devices and platforms are designed primarily for easy connectivity and convenience, with security coming as an afterthought.

Generally speaking, many of the devices usually have limited processor and memory capacity, which makes securing them difficult. And once a vulnerability gets discovered, any patch that gets issued will probably not be pushed automatically to the device… leaving it open for exploitation.

But even when the device has security features built in, it’s often the user’s responsibility to implement said features. Whether that involves setting up data encryption, changing the passwords, or downloading the latest firmware version, it’s well-established that most users don’t take cyber hygiene seriously enough: a recent survey found that more than 50% of companies using smart devices do not change the default password after purchasing.

One of the newest challenges is  the adoption of ‘digital butler’ devices which can answer questions, help with managing users’ personal diaries and tasks, and control other smart devices in their homes. As the ‘brain’ that controls the smart home, storing important details about their owners, including appointments and financial data, they also become an attractive target for cyber criminals.

These digital butlers, and many other types of IoT devices, have microphones that are always on, listening for the users’ voices. What happens if criminals figure out how to tap in and eavesdrop on what users are doing in their homes? If there’s one thing that we’ve learned in over 20 years in the cyber security sector, it’s this: whenever a new computing device is launched, someone, somewhere, will figure out how to hack into it.

So when it comes to cyber security, the outlook for the smart home is fairly bleak.

Outsmarting your smart homes

The good news is that there are practical measures that you can (and should) take to better secure the smart devices and networks in your home against hacking and digital intrusion attempts.

Here are our five tips:

1. Secure your wireless network

• Make sure that your wireless network is protected by Wi-Fi protected access II (WPA2) and that you use a strong, complex password.
• Give the network a unique name. Don’t make it obvious with your first or last name, or don’t use your phone number as your username or password either – that could be very easy to figure out and hack into.
• Restrict the devices that can access your network, and never make it public.

2. Create two separate Wi-Fi networks

• Use one network for computers, tablets and smartphones which should be used for secure online banking and shopping. The second network should be used for smart devices. Separating these two will better protect your data.

3. Keep your passwords strong

• Make sure that the first thing you do when buying a smart home device is to immediately change the default password that it’s supplied with.
• Change each password to be much more complex, and ensure it’s different than other passwords you’ve used.
• Changing the username of devices is also recommended.

4. Use a firewall to secure your home network

• A firewall allows you to control and restrict incoming connections.
• Smart devices include details about ports, network protocols and the IP address. Enabling a personal firewall will block unwanted traffic to specific ports, keeping you safer.

5. Implement Firmware & Software updates

• Check the manufacturer’s website if there is any firmware or software updates available. If so, apply them. Having an up-to-date software or firmware version will reduce the likelihood of an attack which is based on an old exploit.

The post Check Point IoT Blog Series: ‘Home, Smart Home’ – But How Secure Is It? appeared first on Check Point Blog.

from Check Point Blog http://ift.tt/2hqMntc

Account Hijacks Affect Everybody, Even ‘Top Dogs’

Being “cool and smart” was the name of the game when we were at school, and it seems nothing really changes as we get older. With the ‘cool factor’ among IT professionals translating into the adoption of modern IT technology, it’s not surprising to see why today’s businesses are being pushed ever faster towards to the cloud.

But of course there are other good reasons why 70% of companies (Gartner 2016) are already moving their IT infrastructure closer to the stars with cloud services. Whether it be data storage and servers or the increasing use of SaaS products, cloud computing allows businesses much greater agility and enables them to deliver applications at a fraction of the cost and time.

This is the modern world of IT. As budgets continue to be squeezed, the ‘Try Before You Buy’ model that cloud services offer, along with the option to stop a subscription, is often irresistible to economical companies. Integration is also usually instant and requires next to zero down time, if any at all.

However, like the school days, being cool also meant your ‘Top Dog’ status was vulnerable to competitors or enemies. So too is it the case with the use of cloud computing. As a result, it is crucial that those who adopt the latest tools are aware of their weaknesses.

The main security challenges of cloud services are:

They Are Externally Exposed – Cloud services can typically be accessed from any location and any device; all that is required is an internet connection. While easy access can be an advantage for agile companies the result is that services which run in the cloud are also more exposed to breach attempts than those that run on premise services and remain behind the perimeter.

They Only Come With Default Security – Typically cloud services are provided with some basic security in place, security that still allows unrestricted open internet file sharing and the propagation of malware through file sharing.

As a result of these security challenges, there are three main attack vectors that cloud services make vulnerable to organizations; The first is ‘Account Hijacks’, that is gaining unauthorized access to an individual or organization’s email or computer account for malicious purposes. According to a recent Check Point survey, Account Hijacks were the biggest concern amongst customers and partners. The second is ‘Malware Delivery’ and propagation especially through in-app file sharing services, such as Box or One Drive cloud apps, in order to commit a variety of cyber-crimes. And finally ‘Data Leaks’ which so easily occur, either intentionally or unintentionally, due to the seamlessness of sharing information when using cloud services.

Indeed, due to these security challenges of the cloud, the Check Point Incident Response team is seeing cloud services, both SaaS and IaaS, security breaches becoming increasingly common. A recent case saw customers of a North American financial services company transfer funds to a bogus foreign bank account set up by cyber-criminals. Through a phishing attack, the criminals had managed to compromise a company employee’s Office 365 account and send emails to customers posing as an official accounting representative in order to carry out the theft. Several millions of dollars were transferred before the breach was discovered.

But you don’t have to be working in an Incident Response team to notice this problem. On an almost daily basis the news headlines tell a similar story. Last month, Deloitte, one of the world’s largest accountancy firms, was the victim of a cyber-attack that went unnoticed for months and had affected six of their clients. It is strongly believed that the hackers breached an administrator account of Deloitte’s email system, which was stored in the Azure cloud.

Attacks have also reached national government levels. Earlier this year, 90 email accounts of members of the UK Parliament, including the Prime Minister’s, were hacked. The response by the UK government’s digital team was to shut down access to email for all those affected in order to avoid any potential blackmail attempts the hackers could have carried out.

As seen from the above examples though, whether they are financial, informational or reputational, the overall effect on victims of these types of attacks is huge. And what they all have in common is their direct connection with the vulnerabilities of the cloud.

Often the solutions to these security challenges currently available are not good enough. They are cumbersome, create larger cost overheads for IT departments and are usually incomplete and inefficient. Evidence of this, as we have seen, is the high, and increasing, number of breaches occurring worldwide and at every level, even including enterprises that invest heavily in security services and products.

The good news though is that Account Hijacks can be prevented. So just as you were able to be the coolest   kid at the school prom you can also still be the coolest and most modern IT hero in your organization.

In the next article in this series we will be looking at some of the methods used in Account Hijacks.

 

The post Account Hijacks Affect Everybody, Even ‘Top Dogs’ appeared first on Check Point Blog.

from Check Point Blog http://ift.tt/2z2hfKw

Check Point IoT Blog Series: ‘Home, Smart Home’ – But How Secure Is It?

The smart home is often idealized as a domestic paradise — with a kitchen and fridge that can order groceries for you, robot vacuum cleaners, lights and heating you can control from your phone, and web-enabled entertainment in every room. Beneath the surface of this always-on, seamlessly connected image, however, lie significant concerns about privacy and cybersecurity.

These concerns were dramatized in the Season 2 premiere of the cyber-drama ‘Mr. Robot’, which showed a character’s smart home getting hacked: the TV and stereo are switched on and off randomly; the water temperature in the shower goes from boiling to freezing, and the air conditioning is switched to Arctic temperatures, forcing the character to leave. So was this scenario a case of art imitating life? Just how close to reality was it?

Too close to comfort, in fact. Back in 2013, reporters at Forbes described how they were able to get remote control of a smart home, enabling them to manipulate lights and water services. University of Michigan researchers revealed flaws in Samsung’s SmartThings platform that let them set off smoke alarms and unlock doors. Check Point’s research team found vulnerabilities in a streaming TV device that would allow hackers to access it, and then get control of any other home network the device was connected to.

And just recently, Check Point discovered a vulnerability in the LG Smart ThinQ platform that may have allowed hackers to gain control over various home appliances ranging from ovens & refrigerators to a home bot cleaner. See for yourself.

Security First, Not an Afterthought

In many cases, smart home devices and platforms are designed primarily for easy connectivity and convenience, with security coming as an afterthought.

Generally speaking, many of the devices usually have limited processor and memory capacity, which makes securing them difficult. And once a vulnerability gets discovered, any patch that gets issued will probably not be pushed automatically to the device… leaving it open for exploitation.

But even when the device has security features built in, it’s often the user’s responsibility to implement said features. Whether that involves setting up data encryption, changing the passwords, or downloading the latest firmware version, it’s well-established that most users don’t take cyber hygiene seriously enough: a recent survey found that more than 50% of companies using smart devices do not change the default password after purchasing.

One of the newest challenges is  the adoption of ‘digital butler’ devices which can answer questions, help with managing users’ personal diaries and tasks, and control other smart devices in their homes. As the ‘brain’ that controls the smart home, storing important details about their owners, including appointments and financial data, they also become an attractive target for cyber criminals.

These digital butlers, and many other types of IoT devices, have microphones that are always on, listening for the users’ voices. What happens if criminals figure out how to tap in and eavesdrop on what users are doing in their homes? If there’s one thing that we’ve learned in over 20 years in the cyber security sector, it’s this: whenever a new computing device is launched, someone, somewhere, will figure out how to hack into it.

So when it comes to cyber security, the outlook for the smart home is fairly bleak.

Outsmarting your smart homes

The good news is that there are practical measures that you can (and should) take to better secure the smart devices and networks in your home against hacking and digital intrusion attempts.

Here are our five tips:

1. Secure your wireless network

• Make sure that your wireless network is protected by Wi-Fi protected access II (WPA2) and that you use a strong, complex password.
• Give the network a unique name. Don’t make it obvious with your first or last name, or don’t use your phone number as your username or password either – that could be very easy to figure out and hack into.
• Restrict the devices that can access your network, and never make it public.

2. Create two separate Wi-Fi networks

• Use one network for computers, tablets and smartphones which should be used for secure online banking and shopping. The second network should be used for smart devices. Separating these two will better protect your data.

3. Keep your passwords strong

• Make sure that the first thing you do when buying a smart home device is to immediately change the default password that it’s supplied with.
• Change each password to be much more complex, and ensure it’s different than other passwords you’ve used.
• Changing the username of devices is also recommended.

4. Use a firewall to secure your home network

• A firewall allows you to control and restrict incoming connections.
• Smart devices include details about ports, network protocols and the IP address. Enabling a personal firewall will block unwanted traffic to specific ports, keeping you safer.

5. Implement Firmware & Software updates

• Check the manufacturer’s website if there is any firmware or software updates available. If so, apply them. Having an up-to-date software or firmware version will reduce the likelihood of an attack which is based on an old exploit.

The post Check Point IoT Blog Series: ‘Home, Smart Home’ – But How Secure Is It? appeared first on Check Point Blog.

from Check Point Blog http://ift.tt/2hqMntc

Account Hijacks Affect Everybody, Even ‘Top Dogs’

Being “cool and smart” was the name of the game when we were at school, and it seems nothing really changes as we get older. With the ‘cool factor’ among IT professionals translating into the adoption of modern IT technology, it’s not surprising to see why today’s businesses are being pushed ever faster towards to the cloud.

But of course there are other good reasons why 70% of companies (Gartner 2016) are already moving their IT infrastructure closer to the stars with cloud services. Whether it be data storage and servers or the increasing use of SaaS products, cloud computing allows businesses much greater agility and enables them to deliver applications at a fraction of the cost and time.

This is the modern world of IT. As budgets continue to be squeezed, the ‘Try Before You Buy’ model that cloud services offer, along with the option to stop a subscription, is often irresistible to economical companies. Integration is also usually instant and requires next to zero down time, if any at all.

However, like the school days, being cool also meant your ‘Top Dog’ status was vulnerable to competitors or enemies. So too is it the case with the use of cloud computing. As a result, it is crucial that those who adopt the latest tools are aware of their weaknesses.

The main security challenges of cloud services are:

They Are Externally Exposed – Cloud services can typically be accessed from any location and any device; all that is required is an internet connection. While easy access can be an advantage for agile companies the result is that services which run in the cloud are also more exposed to breach attempts than those that run on premise services and remain behind the perimeter.

They Only Come With Default Security – Typically cloud services are provided with some basic security in place, security that still allows unrestricted open internet file sharing and the propagation of malware through file sharing.

As a result of these security challenges, there are three main attack vectors that cloud services make vulnerable to organizations; The first is ‘Account Hijacks’, that is gaining unauthorized access to an individual or organization’s email or computer account for malicious purposes. According to a recent Check Point survey, Account Hijacks were the biggest concern amongst customers and partners. The second is ‘Malware Delivery’ and propagation especially through in-app file sharing services, such as Box or One Drive cloud apps, in order to commit a variety of cyber-crimes. And finally ‘Data Leaks’ which so easily occur, either intentionally or unintentionally, due to the seamlessness of sharing information when using cloud services.

Indeed, due to these security challenges of the cloud, the Check Point Incident Response team is seeing cloud services, both SaaS and IaaS, security breaches becoming increasingly common. A recent case saw customers of a North American financial services company transfer funds to a bogus foreign bank account set up by cyber-criminals. Through a phishing attack, the criminals had managed to compromise a company employee’s Office 365 account and send emails to customers posing as an official accounting representative in order to carry out the theft. Several millions of dollars were transferred before the breach was discovered.

But you don’t have to be working in an Incident Response team to notice this problem. On an almost daily basis the news headlines tell a similar story. Last month, Deloitte, one of the world’s largest accountancy firms, was the victim of a cyber-attack that went unnoticed for months and had affected six of their clients. It is strongly believed that the hackers breached an administrator account of Deloitte’s email system, which was stored in the Azure cloud.

Attacks have also reached national government levels. Earlier this year, 90 email accounts of members of the UK Parliament, including the Prime Minister’s, were hacked. The response by the UK government’s digital team was to shut down access to email for all those affected in order to avoid any potential blackmail attempts the hackers could have carried out.

As seen from the above examples though, whether they are financial, informational or reputational, the overall effect on victims of these types of attacks is huge. And what they all have in common is their direct connection with the vulnerabilities of the cloud.

Often the solutions to these security challenges currently available are not good enough. They are cumbersome, create larger cost overheads for IT departments and are usually incomplete and inefficient. Evidence of this, as we have seen, is the high, and increasing, number of breaches occurring worldwide and at every level, even including enterprises that invest heavily in security services and products.

The good news though is that Account Hijacks can be prevented. So just as you were able to be the coolest   kid at the school prom you can also still be the coolest and most modern IT hero in your organization.

In the next article in this series we will be looking at some of the methods used in Account Hijacks.

 

The post Account Hijacks Affect Everybody, Even ‘Top Dogs’ appeared first on Check Point Blog.

from Check Point Blog http://ift.tt/2z2hfKw

Check Point IoT Blog Series: ‘Home, Smart Home’ – But How Secure Is It?

The smart home is often idealized as a domestic paradise — with a kitchen and fridge that can order groceries for you, robot vacuum cleaners, lights and heating you can control from your phone, and web-enabled entertainment in every room. Beneath the surface of this always-on, seamlessly connected image, however, lie significant concerns about privacy and cybersecurity.

These concerns were dramatized in the Season 2 premiere of the cyber-drama ‘Mr. Robot’, which showed a character’s smart home getting hacked: the TV and stereo are switched on and off randomly; the water temperature in the shower goes from boiling to freezing, and the air conditioning is switched to Arctic temperatures, forcing the character to leave. So was this scenario a case of art imitating life? Just how close to reality was it?

Too close to comfort, in fact. Back in 2013, reporters at Forbes described how they were able to get remote control of a smart home, enabling them to manipulate lights and water services. University of Michigan researchers revealed flaws in Samsung’s SmartThings platform that let them set off smoke alarms and unlock doors. Check Point’s research team found vulnerabilities in a streaming TV device that would allow hackers to access it, and then get control of any other home network the device was connected to.

And just recently, Check Point discovered a vulnerability in the LG Smart ThinQ platform that may have allowed hackers to gain control over various home appliances ranging from ovens & refrigerators to a home bot cleaner. See for yourself.

Security First, Not an Afterthought

In many cases, smart home devices and platforms are designed primarily for easy connectivity and convenience, with security coming as an afterthought.

Generally speaking, many of the devices usually have limited processor and memory capacity, which makes securing them difficult. And once a vulnerability gets discovered, any patch that gets issued will probably not be pushed automatically to the device… leaving it open for exploitation.

But even when the device has security features built in, it’s often the user’s responsibility to implement said features. Whether that involves setting up data encryption, changing the passwords, or downloading the latest firmware version, it’s well-established that most users don’t take cyber hygiene seriously enough: a recent survey found that more than 50% of companies using smart devices do not change the default password after purchasing.

One of the newest challenges is  the adoption of ‘digital butler’ devices which can answer questions, help with managing users’ personal diaries and tasks, and control other smart devices in their homes. As the ‘brain’ that controls the smart home, storing important details about their owners, including appointments and financial data, they also become an attractive target for cyber criminals.

These digital butlers, and many other types of IoT devices, have microphones that are always on, listening for the users’ voices. What happens if criminals figure out how to tap in and eavesdrop on what users are doing in their homes? If there’s one thing that we’ve learned in over 20 years in the cyber security sector, it’s this: whenever a new computing device is launched, someone, somewhere, will figure out how to hack into it.

So when it comes to cyber security, the outlook for the smart home is fairly bleak.

Outsmarting your smart homes

The good news is that there are practical measures that you can (and should) take to better secure the smart devices and networks in your home against hacking and digital intrusion attempts.

Here are our five tips:

1. Secure your wireless network

• Make sure that your wireless network is protected by Wi-Fi protected access II (WPA2) and that you use a strong, complex password.
• Give the network a unique name. Don’t make it obvious with your first or last name, or don’t use your phone number as your username or password either – that could be very easy to figure out and hack into.
• Restrict the devices that can access your network, and never make it public.

2. Create two separate Wi-Fi networks

• Use one network for computers, tablets and smartphones which should be used for secure online banking and shopping. The second network should be used for smart devices. Separating these two will better protect your data.

3. Keep your passwords strong

• Make sure that the first thing you do when buying a smart home device is to immediately change the default password that it’s supplied with.
• Change each password to be much more complex, and ensure it’s different than other passwords you’ve used.
• Changing the username of devices is also recommended.

4. Use a firewall to secure your home network

• A firewall allows you to control and restrict incoming connections.
• Smart devices include details about ports, network protocols and the IP address. Enabling a personal firewall will block unwanted traffic to specific ports, keeping you safer.

5. Implement Firmware & Software updates

• Check the manufacturer’s website if there is any firmware or software updates available. If so, apply them. Having an up-to-date software or firmware version will reduce the likelihood of an attack which is based on an old exploit.

The post Check Point IoT Blog Series: ‘Home, Smart Home’ – But How Secure Is It? appeared first on Check Point Blog.

from Check Point Blog http://ift.tt/2hqMntc

Account Hijacks Affect Everybody, Even ‘Top Dogs’

Being “cool and smart” was the name of the game when we were at school, and it seems nothing really changes as we get older. With the ‘cool factor’ among IT professionals translating into the adoption of modern IT technology, it’s not surprising to see why today’s businesses are being pushed ever faster towards to the cloud.

But of course there are other good reasons why 70% of companies (Gartner 2016) are already moving their IT infrastructure closer to the stars with cloud services. Whether it be data storage and servers or the increasing use of SaaS products, cloud computing allows businesses much greater agility and enables them to deliver applications at a fraction of the cost and time.

This is the modern world of IT. As budgets continue to be squeezed, the ‘Try Before You Buy’ model that cloud services offer, along with the option to stop a subscription, is often irresistible to economical companies. Integration is also usually instant and requires next to zero down time, if any at all.

However, like the school days, being cool also meant your ‘Top Dog’ status was vulnerable to competitors or enemies. So too is it the case with the use of cloud computing. As a result, it is crucial that those who adopt the latest tools are aware of their weaknesses.

The main security challenges of cloud services are:

They Are Externally Exposed – Cloud services can typically be accessed from any location and any device; all that is required is an internet connection. While easy access can be an advantage for agile companies the result is that services which run in the cloud are also more exposed to breach attempts than those that run on premise services and remain behind the perimeter.

They Only Come With Default Security – Typically cloud services are provided with some basic security in place, security that still allows unrestricted open internet file sharing and the propagation of malware through file sharing.

As a result of these security challenges, there are three main attack vectors that cloud services make vulnerable to organizations; The first is ‘Account Hijacks’, that is gaining unauthorized access to an individual or organization’s email or computer account for malicious purposes. According to a recent Check Point survey, Account Hijacks were the biggest concern amongst customers and partners. The second is ‘Malware Delivery’ and propagation especially through in-app file sharing services, such as Box or One Drive cloud apps, in order to commit a variety of cyber-crimes. And finally ‘Data Leaks’ which so easily occur, either intentionally or unintentionally, due to the seamlessness of sharing information when using cloud services.

Indeed, due to these security challenges of the cloud, the Check Point Incident Response team is seeing cloud services, both SaaS and IaaS, security breaches becoming increasingly common. A recent case saw customers of a North American financial services company transfer funds to a bogus foreign bank account set up by cyber-criminals. Through a phishing attack, the criminals had managed to compromise a company employee’s Office 365 account and send emails to customers posing as an official accounting representative in order to carry out the theft. Several millions of dollars were transferred before the breach was discovered.

But you don’t have to be working in an Incident Response team to notice this problem. On an almost daily basis the news headlines tell a similar story. Last month, Deloitte, one of the world’s largest accountancy firms, was the victim of a cyber-attack that went unnoticed for months and had affected six of their clients. It is strongly believed that the hackers breached an administrator account of Deloitte’s email system, which was stored in the Azure cloud.

Attacks have also reached national government levels. Earlier this year, 90 email accounts of members of the UK Parliament, including the Prime Minister’s, were hacked. The response by the UK government’s digital team was to shut down access to email for all those affected in order to avoid any potential blackmail attempts the hackers could have carried out.

As seen from the above examples though, whether they are financial, informational or reputational, the overall effect on victims of these types of attacks is huge. And what they all have in common is their direct connection with the vulnerabilities of the cloud.

Often the solutions to these security challenges currently available are not good enough. They are cumbersome, create larger cost overheads for IT departments and are usually incomplete and inefficient. Evidence of this, as we have seen, is the high, and increasing, number of breaches occurring worldwide and at every level, even including enterprises that invest heavily in security services and products.

The good news though is that Account Hijacks can be prevented. So just as you were able to be the coolest   kid at the school prom you can also still be the coolest and most modern IT hero in your organization.

In the next article in this series we will be looking at some of the methods used in Account Hijacks.

 

The post Account Hijacks Affect Everybody, Even ‘Top Dogs’ appeared first on Check Point Blog.

from Check Point Blog http://ift.tt/2z2hfKw

Sony shares soar to nine-year high after forecast of record profit

TOKYO (Reuters) - Shares in Sony Corp soared as much as 11.6 percent to a nine-year high on Wednesday after the Japanese electronics and entertainment firm forecast its best ever annual profit.

from Reuters: Technology News http://ift.tt/2z5dzWh

Check Point IoT Blog Series: ‘Home, Smart Home’ – But How Secure Is It?

The smart home is often idealized as a domestic paradise — with a kitchen and fridge that can order groceries for you, robot vacuum cleaners, lights and heating you can control from your phone, and web-enabled entertainment in every room. Beneath the surface of this always-on, seamlessly connected image, however, lie significant concerns about privacy and cybersecurity.

These concerns were dramatized in the Season 2 premiere of the cyber-drama ‘Mr. Robot’, which showed a character’s smart home getting hacked: the TV and stereo are switched on and off randomly; the water temperature in the shower goes from boiling to freezing, and the air conditioning is switched to Arctic temperatures, forcing the character to leave. So was this scenario a case of art imitating life? Just how close to reality was it?

Too close to comfort, in fact. Back in 2013, reporters at Forbes described how they were able to get remote control of a smart home, enabling them to manipulate lights and water services. University of Michigan researchers revealed flaws in Samsung’s SmartThings platform that let them set off smoke alarms and unlock doors. Check Point’s research team found vulnerabilities in a streaming TV device that would allow hackers to access it, and then get control of any other home network the device was connected to.

And just recently, Check Point discovered a vulnerability in the LG Smart ThinQ platform that may have allowed hackers to gain control over various home appliances ranging from ovens & refrigerators to a home bot cleaner. See for yourself.

Security First, Not an Afterthought

In many cases, smart home devices and platforms are designed primarily for easy connectivity and convenience, with security coming as an afterthought.

Generally speaking, many of the devices usually have limited processor and memory capacity, which makes securing them difficult. And once a vulnerability gets discovered, any patch that gets issued will probably not be pushed automatically to the device… leaving it open for exploitation.

But even when the device has security features built in, it’s often the user’s responsibility to implement said features. Whether that involves setting up data encryption, changing the passwords, or downloading the latest firmware version, it’s well-established that most users don’t take cyber hygiene seriously enough: a recent survey found that more than 50% of companies using smart devices do not change the default password after purchasing.

One of the newest challenges is  the adoption of ‘digital butler’ devices which can answer questions, help with managing users’ personal diaries and tasks, and control other smart devices in their homes. As the ‘brain’ that controls the smart home, storing important details about their owners, including appointments and financial data, they also become an attractive target for cyber criminals.

These digital butlers, and many other types of IoT devices, have microphones that are always on, listening for the users’ voices. What happens if criminals figure out how to tap in and eavesdrop on what users are doing in their homes? If there’s one thing that we’ve learned in over 20 years in the cyber security sector, it’s this: whenever a new computing device is launched, someone, somewhere, will figure out how to hack into it.

So when it comes to cyber security, the outlook for the smart home is fairly bleak.

Outsmarting your smart homes

The good news is that there are practical measures that you can (and should) take to better secure the smart devices and networks in your home against hacking and digital intrusion attempts.

Here are our five tips:

1. Secure your wireless network

• Make sure that your wireless network is protected by Wi-Fi protected access II (WPA2) and that you use a strong, complex password.
• Give the network a unique name. Don’t make it obvious with your first or last name, or don’t use your phone number as your username or password either – that could be very easy to figure out and hack into.
• Restrict the devices that can access your network, and never make it public.

2. Create two separate Wi-Fi networks

• Use one network for computers, tablets and smartphones which should be used for secure online banking and shopping. The second network should be used for smart devices. Separating these two will better protect your data.

3. Keep your passwords strong

• Make sure that the first thing you do when buying a smart home device is to immediately change the default password that it’s supplied with.
• Change each password to be much more complex, and ensure it’s different than other passwords you’ve used.
• Changing the username of devices is also recommended.

4. Use a firewall to secure your home network

• A firewall allows you to control and restrict incoming connections.
• Smart devices include details about ports, network protocols and the IP address. Enabling a personal firewall will block unwanted traffic to specific ports, keeping you safer.

5. Implement Firmware & Software updates

• Check the manufacturer’s website if there is any firmware or software updates available. If so, apply them. Having an up-to-date software or firmware version will reduce the likelihood of an attack which is based on an old exploit.

The post Check Point IoT Blog Series: ‘Home, Smart Home’ – But How Secure Is It? appeared first on Check Point Blog.

from Check Point Blog http://ift.tt/2hqMntc

Account Hijacks Affect Everybody, Even ‘Top Dogs’

Being “cool and smart” was the name of the game when we were at school, and it seems nothing really changes as we get older. With the ‘cool factor’ among IT professionals translating into the adoption of modern IT technology, it’s not surprising to see why today’s businesses are being pushed ever faster towards to the cloud.

But of course there are other good reasons why 70% of companies (Gartner 2016) are already moving their IT infrastructure closer to the stars with cloud services. Whether it be data storage and servers or the increasing use of SaaS products, cloud computing allows businesses much greater agility and enables them to deliver applications at a fraction of the cost and time.

This is the modern world of IT. As budgets continue to be squeezed, the ‘Try Before You Buy’ model that cloud services offer, along with the option to stop a subscription, is often irresistible to economical companies. Integration is also usually instant and requires next to zero down time, if any at all.

However, like the school days, being cool also meant your ‘Top Dog’ status was vulnerable to competitors or enemies. So too is it the case with the use of cloud computing. As a result, it is crucial that those who adopt the latest tools are aware of their weaknesses.

The main security challenges of cloud services are:

They Are Externally Exposed – Cloud services can typically be accessed from any location and any device; all that is required is an internet connection. While easy access can be an advantage for agile companies the result is that services which run in the cloud are also more exposed to breach attempts than those that run on premise services and remain behind the perimeter.

They Only Come With Default Security – Typically cloud services are provided with some basic security in place, security that still allows unrestricted open internet file sharing and the propagation of malware through file sharing.

As a result of these security challenges, there are three main attack vectors that cloud services make vulnerable to organizations; The first is ‘Account Hijacks’, that is gaining unauthorized access to an individual or organization’s email or computer account for malicious purposes. According to a recent Check Point survey, Account Hijacks were the biggest concern amongst customers and partners. The second is ‘Malware Delivery’ and propagation especially through in-app file sharing services, such as Box or One Drive cloud apps, in order to commit a variety of cyber-crimes. And finally ‘Data Leaks’ which so easily occur, either intentionally or unintentionally, due to the seamlessness of sharing information when using cloud services.

Indeed, due to these security challenges of the cloud, the Check Point Incident Response team is seeing cloud services, both SaaS and IaaS, security breaches becoming increasingly common. A recent case saw customers of a North American financial services company transfer funds to a bogus foreign bank account set up by cyber-criminals. Through a phishing attack, the criminals had managed to compromise a company employee’s Office 365 account and send emails to customers posing as an official accounting representative in order to carry out the theft. Several millions of dollars were transferred before the breach was discovered.

But you don’t have to be working in an Incident Response team to notice this problem. On an almost daily basis the news headlines tell a similar story. Last month, Deloitte, one of the world’s largest accountancy firms, was the victim of a cyber-attack that went unnoticed for months and had affected six of their clients. It is strongly believed that the hackers breached an administrator account of Deloitte’s email system, which was stored in the Azure cloud.

Attacks have also reached national government levels. Earlier this year, 90 email accounts of members of the UK Parliament, including the Prime Minister’s, were hacked. The response by the UK government’s digital team was to shut down access to email for all those affected in order to avoid any potential blackmail attempts the hackers could have carried out.

As seen from the above examples though, whether they are financial, informational or reputational, the overall effect on victims of these types of attacks is huge. And what they all have in common is their direct connection with the vulnerabilities of the cloud.

Often the solutions to these security challenges currently available are not good enough. They are cumbersome, create larger cost overheads for IT departments and are usually incomplete and inefficient. Evidence of this, as we have seen, is the high, and increasing, number of breaches occurring worldwide and at every level, even including enterprises that invest heavily in security services and products.

The good news though is that Account Hijacks can be prevented. So just as you were able to be the coolest   kid at the school prom you can also still be the coolest and most modern IT hero in your organization.

In the next article in this series we will be looking at some of the methods used in Account Hijacks.

 

The post Account Hijacks Affect Everybody, Even ‘Top Dogs’ appeared first on Check Point Blog.

from Check Point Blog http://ift.tt/2z2hfKw

Brazil OKs amended bill on car-hailing apps after Uber lobbying

BRASILIA (Reuters) - Brazil's Senate approved a weaker version of a hotly disputed bill to regulate car-hailing services like Uber Technologies Inc [UBER.UL] on Tuesday after the U.S. company's chief executive warned it could make its business unworkable in the country.

from Reuters: Technology News http://ift.tt/2h0mKme

Brazil Senate approves amended bill regulating car-hailing apps

BRASILIA (Reuters) - Brazil's Senate approved by 46-10 votes a hotly debated bill on Tuesday that regulates car-hailing apps like Uber and amended the legislation to remove some clauses that would undermine their business.

from Reuters: Technology News http://ift.tt/2xHHe6e

U.S. senators hammer Facebook for power over elections

WASHINGTON (Reuters) - U.S. senators on Tuesday pressed Facebook Inc's chief lawyer on why the company did not catch 2016 election ads bought using Russian rubles, why its investigation of them took so long and how much it knows about its 5 million advertisers.

from Reuters: Technology News http://ift.tt/2A5FCET

Brazil debates weaker bill on car-hailing apps after Uber lobbying

BRASILIA (Reuters) - Brazil's Senate discussed amendments that would water down a hotly disputed bill to regulate car-hailing services like Uber Technologies Inc [UBER.UL] on Tuesday after the chief executive of the U.S. company warned it could make its business unworkable in the country.

from Reuters: Technology News http://ift.tt/2htLGiV

Game publisher EA's holiday-quarter sales forecast misses estimates

(Reuters) - Electronic Arts Inc's revenue forecast for the holiday quarter narrowly missed estimates on Tuesday as the game developer gears to face tough competition from rivals such as Activision.

from Reuters: Technology News http://ift.tt/2zW6E0v

Apple Releases Multiple Security Updates

Original release date: October 31, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

• Cloud for Windows 7.1
• iOS 11.1
• iTunes 12.7.1 for Windows
• macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan
• Safari 11.1
• tvOS 11.1
• watchOS 4.1

---

This product is provided subject to this Notification and this Privacy & Use policy.

from US-CERT: The United States Computer Emergency Readiness Team http://ift.tt/2hrAC5R

WordPress Releases Security Update

Original release date: October 31, 2017

WordPress versions prior to 4.8.3 are affected by a vulnerability. A remote attacker could exploit this vulnerability to obtain sensitive information.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.8.3.

---

This product is provided subject to this Notification and this Privacy & Use policy.

from US-CERT: The United States Computer Emergency Readiness Team http://ift.tt/2zlBH9Q

Videogame publisher EA's holiday-quarter sales forecast misses estimates

(Reuters) - Electronic Arts Inc's revenue forecast for the keenly watched holiday quarter narrowly missed estimates on Tuesday amid expectations of tough competition from other games that are likely to release around the same time.

from Reuters: Technology News http://ift.tt/2A3opfp

Uber CEO says company's future in Brazil in the balance

BRASILIA (Reuters) - The chief executive of Uber Technologies Inc, Dara Khosrowshahi, said on Tuesday that his company's future in Brazil depends on government decisions, as the Brazilian Senate prepared to vote on regulating car hailing apps.

from Reuters: Technology News http://ift.tt/2z7kFeN

Check Point IoT Blog Series: ‘Home, Smart Home’ – But How Secure Is It?

The smart home is often idealized as a domestic paradise — with a kitchen and fridge that can order groceries for you, robot vacuum cleaners, lights and heating you can control from your phone, and web-enabled entertainment in every room. Beneath the surface of this always-on, seamlessly connected image, however, lie significant concerns about privacy and cybersecurity.

These concerns were dramatized in the Season 2 premiere of the cyber-drama ‘Mr. Robot’, which showed a character’s smart home getting hacked: the TV and stereo are switched on and off randomly; the water temperature in the shower goes from boiling to freezing, and the air conditioning is switched to Arctic temperatures, forcing the character to leave. So was this scenario a case of art imitating life? Just how close to reality was it?

Too close to comfort, in fact. Back in 2013, reporters at Forbes described how they were able to get remote control of a smart home, enabling them to manipulate lights and water services. University of Michigan researchers revealed flaws in Samsung’s SmartThings platform that let them set off smoke alarms and unlock doors. Check Point’s research team found vulnerabilities in a streaming TV device that would allow hackers to access it, and then get control of any other home network the device was connected to.

And just recently, Check Point discovered a vulnerability in the LG Smart ThinQ platform that may have allowed hackers to gain control over various home appliances ranging from ovens & refrigerators to a home bot cleaner. See for yourself.

Security First, Not an Afterthought

In many cases, smart home devices and platforms are designed primarily for easy connectivity and convenience, with security coming as an afterthought.

Generally speaking, many of the devices usually have limited processor and memory capacity, which makes securing them difficult. And once a vulnerability gets discovered, any patch that gets issued will probably not be pushed automatically to the device… leaving it open for exploitation.

But even when the device has security features built in, it’s often the user’s responsibility to implement said features. Whether that involves setting up data encryption, changing the passwords, or downloading the latest firmware version, it’s well-established that most users don’t take cyber hygiene seriously enough: a recent survey found that more than 50% of companies using smart devices do not change the default password after purchasing.

One of the newest challenges is  the adoption of ‘digital butler’ devices which can answer questions, help with managing users’ personal diaries and tasks, and control other smart devices in their homes. As the ‘brain’ that controls the smart home, storing important details about their owners, including appointments and financial data, they also become an attractive target for cyber criminals.

These digital butlers, and many other types of IoT devices, have microphones that are always on, listening for the users’ voices. What happens if criminals figure out how to tap in and eavesdrop on what users are doing in their homes? If there’s one thing that we’ve learned in over 20 years in the cyber security sector, it’s this: whenever a new computing device is launched, someone, somewhere, will figure out how to hack into it.

So when it comes to cyber security, the outlook for the smart home is fairly bleak.

Outsmarting your smart homes

The good news is that there are practical measures that you can (and should) take to better secure the smart devices and networks in your home against hacking and digital intrusion attempts.

Here are our five tips:

1. Secure your wireless network

• Make sure that your wireless network is protected by Wi-Fi protected access II (WPA2) and that you use a strong, complex password.
• Give the network a unique name. Don’t make it obvious with your first or last name, or don’t use your phone number as your username or password either – that could be very easy to figure out and hack into.
• Restrict the devices that can access your network, and never make it public.

2. Create two separate Wi-Fi networks

• Use one network for computers, tablets and smartphones which should be used for secure online banking and shopping. The second network should be used for smart devices. Separating these two will better protect your data.

3. Keep your passwords strong

• Make sure that the first thing you do when buying a smart home device is to immediately change the default password that it’s supplied with.
• Change each password to be much more complex, and ensure it’s different than other passwords you’ve used.
• Changing the username of devices is also recommended.

4. Use a firewall to secure your home network

• A firewall allows you to control and restrict incoming connections.
• Smart devices include details about ports, network protocols and the IP address. Enabling a personal firewall will block unwanted traffic to specific ports, keeping you safer.

5. Implement Firmware & Software updates

• Check the manufacturer’s website if there is any firmware or software updates available. If so, apply them. Having an up-to-date software or firmware version will reduce the likelihood of an attack which is based on an old exploit.

The post Check Point IoT Blog Series: ‘Home, Smart Home’ – But How Secure Is It? appeared first on Check Point Blog.

from Check Point Blog http://ift.tt/2hqMntc

Hilton to pay $700,000 over credit card data breaches

NEW YORK (Reuters) - Hilton Worldwide Holdings Inc agreed to pay $700,000 and bolster security to resolve probes into two data breaches that exposed more than 363,000 credit card numbers, the attorneys general of New York and Vermont announced on Tuesday.

from Reuters: Technology News http://ift.tt/2h07wgY

Swedish prosecutors drop 2016 probe into Fingerprint Cards

STOCKHOLM (Reuters) - The Swedish Economic Crime Authority said on Tuesday it had discontinued an investigation launched in December 2016 into market abuse involving Fingerprint Cards.

from Reuters: Technology News http://ift.tt/2z1pMxq

Imagination investors approve sale to China-backed fund

LONDON (Reuters) - Imagination Technologies shareholders approved a 550 million pound ($730 million) cash takeover by China-backed Canyon Bridge on Tuesday, a day after the buyout firm's founder was charged by U.S. authorities with insider trading.

from Reuters: Technology News http://ift.tt/2gZxzEU