California lawmakers send strict 'net neutrality' laws to governor

California lawmakers sent to the governor's desk for final approval strict "net neutrality" laws on internet providers that would defy sweeping Federal Communications Commission rules seen as a boon for the companies.

from Reuters: Technology News https://ift.tt/2N8bl1B

Apple self-driving car rear ended during road testing

An Apple Inc self-driving car was rear-ended while merging onto an expressway near the company's Silicon Valley headquarters this month, the company said in an accident report posted on Friday that confirmed the iPhone maker is still in the race to build autonomous vehicles.

from Reuters: Technology News https://ift.tt/2N7ZMYf

Apple self-driving car in accident: California DMV filing

An Apple Inc self-driving car was involved in an accident in California, the technology company said in a filing to the state's Department of Motor Vehicles that confirmed speculation that it has begun testing such vehicles on the road.

from Reuters: Technology News https://ift.tt/2LKwUkd

Apple's self-driving car involved in accident: California DMV

An Apple Inc self-driving car was involved in an accident last week, according to the state of California Department of Motor Vehicles (DMV).

from Reuters: Technology News https://ift.tt/2N8sLLE

Ontario to include Tesla in rebate program after court decision

Ontario will include some Tesla Inc car owners under its rebate plan as the province winds down an incentive program for electric cars, the ministry of transportation said on Friday.

from Reuters: Technology News https://ift.tt/2or3JJv

Trade deal with U.S. expected to spur Mexican e-commerce

Mexico's fledgling e-commerce market could get a lift from a trade agreement with the Trump administration that doubles the value of goods that can be imported tax-free from the United States, online businesses and experts said.

from Reuters: Technology News https://ift.tt/2PmTT6O

China's Meituan Dianping sets HK IPO valuation at up to $55 billion: sources

SINGAPORE/HONG KONG (Reuters/IFR) - China's Meituan Dianping, an online food delivery-to-ticketing services platform, has set an indicative price range of HK$60 to HK$72 per share for its initial public offering (IPO) in Hong Kong, valuing itself at up to $55 billion, three people with direct knowledge of the matter said.

from Reuters: Technology News https://ift.tt/2wwie2s

Senate cancels postal service hearing; Trump's Amazon crusade delayed

A Senate hearing about reforming the U.S. Postal Service that could have scrutinized what Amazon.com Inc and others pay for package delivery has been delayed, three sources familiar with the matter told Reuters, moving back President Donald Trump's effort to hike the world's largest online retailer's rates.

from Reuters: Technology News https://ift.tt/2orfu2E

BEC is Big Business for Hackers: What makes these attacks so hard to prevent?

For years, one of the most lucrative ways for hackers to generate profits was through ransomware attacks. These instances involve the use of strong encryption to lock victims out of their files and data – attackers then sell the decryption key in exchange for an untraceable Bitcoin ransom payment.

Now, however, another highly profitable attack style is emerging, particularly within the enterprise sector.

Business Email Compromise, or BEC, is creating considerable opportunities for cybercriminals to make money off of their malicious activity, and the sophistication and urgency of these infiltrations make them particularly difficult to guard against.

The rise of BEC

Although organizations are now becoming increasingly aware of the BEC attack approach, this strategy has actually been generating income for hackers for years now. Trend Micro researchers reported that, in 2016, attackers generated an average of $140,000 in losses by launching BEC attacks on businesses across the globe.

In the past, BEC was known as a “man-in-the-email” scam, in which hackers leverage legitimate-looking emails to support bogus wire transfers from enterprise victims. As Trend Micro researchers pointed out, these attacks can come in an array of different styles, including fraudulent invoices, attacks on the company CEO, account compromise or impersonation, and even traditional data theft.

Judging by the level of profit hackers have been able to generate, supported by the successful attacks they’ve been able to pull off, chances are good that BEC will only continue its rise in the near future.

How big of a business is BEC?

Whereas hackers caused an average of $140,000 in business losses two years ago, cybercriminals who leverage BEC schemes have been able to increase their potential for profit since then.

In July 2018, the FBI’s Internet Crime Complaint Center reported a 136 percent rise in losses related to BEC attacks, specifically between December 2016 and May 2018. Overall, this means 

hackers have raked in a total of $12.5 billion in company BEC losses, spanning both international and domestic attacks. The sheer amount of loss – and profit on the side of hackers – is $3 billion higher than the prediction Trend Micro researchers made in our Paradigm Shifts: Security Predictions for 2018 report.

Fueling BEC: What makes these attacks difficult to guard against?

An increase in successful attacks translates to a rise in profits on the part of hackers, and a larger number of affected business victims. Due to this environment landscape, it’s imperative that enterprise decision-makers and IT stakeholders not only understand that these attacks are taking place, but that they also boost their awareness of the challenges in protection. In this way, businesses can take proactive action to better protect their email systems, critical data, finances and other assets.

Let’s examine a few of the factors that contribute to the difficulties in protecting against BEC attacks:

Sophisticated use of social engineering

In the instances of BEC, hackers don’t just craft a catch-all email with common language and hope it dupes their target. Instead, they take their time to complete sophisticated social engineering. In this way, they are able to use an attack style that will boost their chances of the target opening and responding to the message.

Specially-crafted email

Thanks to the robust social engineering involved, cybercriminals can create incredibly legitimate-looking emails that include targets’ names, and can even appear to be from others within the organization. For example, an accountant may receive a fraudulent email request for a wire transfer from the company CEO, which includes a spoofed version of the CEO’s email address and even the CEO’s own email signature. Accordingly, he or she will be more likely to send the funds, because the email appears very real.

Lack of malicious links or attachments

While hackers’ background and foundational effort is in-depth and sophisticated, the process of delivery is surprisingly simple. BEC attacks rely on a convincing email with a strong message, meaning that the normal red flags used to identify a potential attack are lacking.

“Because these scams do not have any malicious links or attachments, they can evade traditional solutions,” Trend Micro pointed out.

Sense of urgency in the message

In addition to leveraging social engineering to include legitimate names, addresses and other details to fool victims, hackers also include a strong sense of urgency in BEC messages to encourage a successful attack. Many messages analyzed by Trend Micro researchers were found to include powerful language like “urgent,” “payment,” “transfer,” “request,” and other words that can support the overall message.

“The sense of urgency, a request for action, or a financial implication used in BEC schemes tricks targets into falling for the trap,” Trend Micro explained. “For instance, a cybercriminal contacts either the employees and/or executives of the company and pose as either third-party suppliers, representatives of law firms or even chief executive officers (CEOs), manipulating the targeted employee/executive into secretly handling the transfer of funds.”

Business Email Compromise attacks involve social engineering and strong language.

Array of different styles to appeal to different victims

In addition, the fact that attackers have established a wide variety of different attack styles means they can utilize the one that will be most successful with their target, based on their social engineering research. For instance, a hacker who wants to attack a company CEO could pose as a third-party vendor requiring payment for an overdue invoice. An attacker looking to launch an attack on a company that may not commonly use outside vendors, and thus may not fall for that approach, could pose as an internal HR employee needing personally identifiable data.

With so many different styles available, hackers have a veritable playbook to choose from and can craft the most legitimate message which will support the chances of successful fraud and attack.

Further leveraging a compromised account: Continuing the cycle

Finally, and unfortunately, the BEC cycle doesn’t have to end after a fraudulent wire transfer has been made by the victim. Once an account has been compromised, it can be leveraged to support further BEC schemes, sending phishing or other BEC messages to others within the compromised account address book.

Hackers are also positioning victims as “money mules,” according to the FBI IC3’s report. These are victims, recruited through romance or blackmail scams, that hackers use to open new accounts to leverage for BEC. While these accounts may only remain open for a short time, they provide additional, malicious opportunities for attackers.

Security experts don’t believe BEC attacks will diminish anytime in the near future. In addition to user awareness, enterprises should leverage advanced security solutions to prevent BEC intrusions. Technology from Trend Micro, which utilizes advanced strategies like artificial intelligence to detect email impersonators and machine learning to strengthen overall security, can be beneficial assets.

To find out more about how to guard against BEC within your enterprise, connect with the experts at Trend Micro today.

The post BEC is Big Business for Hackers: What makes these attacks so hard to prevent? appeared first on .

from Trend Micro Simply Security https://ift.tt/2PSnGWj

This Week in Security News: Air Canada and Cryptojacking

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, Air Canada reported a data breach that exposed passport details for more than 20,000 customers on their mobile app. Also, Trend Micro’s Midyear Security Roundup reported an increase in cryptojacking and a decrease in ransomware attacks.

Read on:

Cybercriminals Changing Tactics as Seen in First Half Report

Trend Micro has seen a shift from large ransomware spam campaigns to more targeted attacks using ransomware as the tool to disrupt critical business operations.

The Urpage Connection to Bahamut, Confucius and Patchwork

In the process of monitoring changes in the threat landscape, we get a clearer insight into the way threat actors work behind the schemes. 

Microsoft Windows zero-day vulnerability disclosed through Twitter

Microsoft has quickly reacted to the disclosure of a previously unknown zero-day vulnerability in the Windows operating system.

Addressing Challenges in Hybrid Cloud Security

Hybrid environments can come with risks and challenges, especially for organizations adopting DevOps.

Air Canada Reveals Mobile Data Breach, Passport Numbers Potentially Exposed

Air Canada reported a data breach involving the airline’s mobile app which may have led to the exposure of passport details for 20,000 customers.

Banks in Peru Hit by Phishing Attack Using Bitcoin Advertisements as Lure

Using phishing emails intended to lure victims via clickable links, phishing attempts were also seen in other countries, including Thailand, Malaysia, Indonesia, the USA, and more.

Tech Industry Pursues a Federal Privacy Law, on Its Own Terms

Tech giants are lobbying government officials to outline a federal privacy law that would overrule the recent California law.

Unseen Threats, Imminent Losses

A review of the first half of 2018 shows a threat landscape that not only has familiar features, but also has morphing and uncharted facets: Ever-present threats grew while emerging ones used stealth.

Exclusive: Iran-Based Political Influence Operation – Bigger, Persistent, Global

An Iranian influence operation targeting internet users worldwide is bigger than previously identified, encompassing a network of anonymous websites and social media accounts in 11 different languages.

Supply Chain Attack Operation Red Signature Targets South Korean Organizations

Together with our colleagues at IssueMakersLab, Trend Micro uncovered Operation Red Signature, an information theft-driven supply chain attack targeting organizations in South Korea.

T-Mobile was Hit by a Data Breach Affecting Around 2 Million Customers

Hackers gained access to personal information from roughly 2 million T-Mobile customers, including the name, billing zip code, phone number, email address, account number and account type of users.

Did the results from Trend Micro’s 2018 security report roundup surprise you? Why or why not? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Air Canada and Cryptojacking appeared first on .

from Trend Micro Simply Security https://ift.tt/2MDFaYl

China to launch nationwide inspections of ride-hailing companies

China will conduct comprehensive inspections on all ride-hailing service companies, the transport ministry said on Friday, after a driver from dominant firm Didi Chuxing murdered a 20-year-old passenger this month.

from Reuters: Technology News https://ift.tt/2LJVgKP

China to conduct nationwide inspection on ride-hailing companies

China will conduct comprehensive inspections on all ride-hailing service companies, the transportation ministry said on Friday, after a driver from the dominant ride-hailing firm, Didi Chuxing, murdered a 20-year-old passenger.

from Reuters: Technology News https://ift.tt/2wrGa7S

Medtech firms get personal with digital twins

Armed with a mouse and computer screen instead of a scalpel and operating theater, cardiologist Benjamin Meder carefully places the electrodes of a pacemaker in a beating, digital heart.

from Reuters: Technology News https://ift.tt/2PTUNZW

Architect-ed for Automation: AWS Transit VPCs with Check Point CloudGuard

There are a number of reasons why organizations are drawn to AWS for their public cloud needs; increased business agility, improved process efficiencies and lower networking costs to name a few. And, if the latest AWS quarterly earnings are any indication, this trend shows no sign of slowing down any time soon.

 

Check Point has been partnering with AWS for many years, jointly helping customers securely migrate workloads and data into AWS virtual private clouds (VPCs). Transforming ones datacenter from a hardware-centric to an application-centric or software-defined model ushers in tremendous benefits, but if not done properly, can also bring about some rather undesirable consequences, especially from a cyber security perspective.

 

The same cyber-security strategy defending our premises-based networks should also be part of our cloud strategy. However, that’s easier said than done since our physical networks and appliances don’t touch nor were they built for the elastic and dynamic nature of the cloud.  Thus, we developed our CloudGuard cloud security solution to seamlessly extend the same industry-leading threat prevention capabilities to AWS in a package purpose-built for cloud environments. In doing so, we ensure customers don’t lose any of the benefits of the cloud model while maintaining a strong security posture.

 

Another significant milestone in the development of our CloudGuard solution for AWS is the recent availability of our automated Security Transit VPC.

 

As an organizations cloud footprint expands to include multiple geographically disperse virtual private clouds (VPCs), AWS created an elegant method for effectively managing it all; the Transit VPC. Transit VPCs simplify network management by serving as global network transit centers, thus minimizing the number of connections needed to connect multiple Amazon VPCs and remote networks. This construct allows you to create as many virtual networks as needed and design different options for connecting the networks to each other.

 

Integrating our CloudGuard advanced cloud security solution into the Transit VPC provides a logical way to protect cloud workloads and traffic across an organizations entire AWS infrastructure. In this design, Transit VPCs act as central connection brokers – or “hubs” in a typical “hub & spoke” model – where all traffic to and from VPC “spokes” traverse through these central broker hubs.

 

With our CloudGuard security solution, Security Transit VPCs can now be deployed to provide central “scrubbing” or security zones for a vast array of use cases across public (or hybrid) cloud environments. What’s more, only CloudGuard provides all this with optimal costs & performance along with complete automation and agility at scale!

 

How it works :

Our approach leverages the powerful automation of AWS CloudFormation templates to automatically deploy CloudGuard-powered Security hubs and auto-configure VPC route-tables. It also includes a Check Point process running on a customers’ AWS management server that monitors for changes to deployed VPCs. The result is any customer VPC (newly created or existing) now automatically steers all its traffic via AWS managed VPN to a designated Security Transit VPC hub.

 

The solution provides a best-of-breed approach to building advanced security services into AWS while supporting the dynamic nature of the cloud. Specifically, this no-compromise solution delivers:

• Simplicity: fast, automated deployments
• Orchestration: CloudFormation templates as well as API integration via Check Point management
• Agility: Supports a variety of customer use cases with limitless scale
• Award-winning comprehensive security services inherent to the transit function

 

For additional information on our CloudGuard for AWS solution, please visit the product page or try it out on the AWS marketplace.

The post Architect-ed for Automation: AWS Transit VPCs with Check Point CloudGuard appeared first on Check Point Software Blog.

from Check Point Software Blog https://ift.tt/2NxlFNr

German 5G auction roaming proposal keeps barriers high for new entrants

German mobile phone operators will not be required to allow national roaming when they roll-out 5G services, the country's network agency said in a document, which could make it harder for new entrants to take on the incumbent providers.

from Reuters: Technology News https://ift.tt/2wsXBoI