Exclusive: Netflix poaches CFO from Activision Blizzard - source

Netflix Inc is expected to announce in the next few days that it has poached media finance veteran Spencer Neumann from Activision Blizzard to be its chief financial officer, a source familiar with the matter told Reuters.

from Reuters: Technology News https://reut.rs/2EYhdqt

Activision Blizzard plans to terminate CFO Neumann

Activision Blizzard Inc on Monday said it intends to terminate Chief Financial Officer Spencer Neumann for reasons unrelated to the video game publisher's financial reporting or disclosure controls and procedures.

from Reuters: Technology News https://reut.rs/2SrJf0E

Incident Response In The Public Eye

Cyberattacks happen constantly. Every day organizations are attackers online whether they realize it or not. Most of these attacks are passing affairs. The mere fact that systems are on to the internet makes them a target of opportunity. For the most part, these attacks are non-events.

Security software, bugs in attack code, and updated applications stop most attacks. With 20 billion+ devices connected to the internet, it’s easy enough for the attack to move on.

But every couple of weeks there is a big enough attack to draw headlines. You’ve seen a steady stream of them over the past few years. 10 million records here, thousands of systems there, and so on.

When we talk about these attacks, for most people, it’s an abstract discussion. It’s hard to visualize an abstract set of data that lives online somewhere.

The recent attack on the Tribune Publishing network is different. This attack had a real world impact. Around the United States, newspapers arrived late and missing significant sections of content.

Timeline

Late Thursday, some systems on Tribune Publishing network were inaccessible. This is not an uncommon experience for anyone working in a large organization.

Technology has brought about many wonders but reliability isn’t typically one of them. When system is inaccessible, it’s not out of the question to first think, “Ugh, this isn’t working. Call IT”.

Support tickets are often the first place cyberattacks show up…in retrospect. All public signs in the Tribune Publishing attack point this way. Once support realized the extent of the issue and that it involved malware, the event—a support request—turned into an incident. This kicks off an incident response (IR) process.

It’s this process that the teams at Tribune Publishing are dealing with now.

Whodunnit?

“Who is behind the attack?” Is the first question on everyone’s mind. It’s human nature—doubly so at a media organization—to want to understand the “who” and “why” as opposed to the “how”.

The reality is that for the incident response process, that’s a question that wastes time. The goal of the incident response process is to limit damage to the organization and to restore systems as fast as possible.

In that context, the response team only needs to roughly classify their attacker. Is the attacker;

1. A low level cybercriminal who is got lucky with an automated attack and has few resources to continue or sustain the attack?
2. A cybercriminal intending on attacking a specific class of organization or systems?
3. A cybercriminal targeting your organization?

Knowing which class of cybercriminal is behind the attack will help dictate the effort required in your response.

For a simple attack, your automated defences should take care of it. Even after an initial infection, a defence in depth strategy will isolate the attack and make recovery straight forward.

If the attack is part of a larger campaign (e.g., WannaCry, NotPeyta, etc.), incident response is more complex but the same principles hold true. The third class of attacker—specifically targeting your organization—is what causes a change in the process. Now you are defending against an adversary who is actively changing their approach. That requires a completely different mindset compared to other responses.

The Process

Incident response processes generally follow six stages;

1. Prepare
2. Identify
3. Contain
4. Eradicate
5. Recover
6. Learn

On paper the process looks simple. Preparation begins with teams gather contact information, tools, and by writing out—or better yet, automating—procedures.

Once an incident has started, teams work to identify affected systems and the type of attack. They then contain the attack to prevent it from spreading. Then work to eradicate any trace of the attack.

Once the attack is over, the work shifts to recovering systems and data to restore functionality. Afterwards, an orderly review is conducted and lessons are shared about what worked and what didn’t.

Easy, right?

Any incident responders reading this post, can take a minute here having enjoyed a good laugh. The next section slams everyone back to the harsh reality of IR.

Reality

The six phases of incident response look great on paper but when you’re faced with implementing them in the real world, things never work out so cleanly.

The majority of a response is spent stuck in a near endless loop. Identifying new areas of compromices to try to contain the attack. Hopefully allowing responders to eradicate any foothold to recover the affected systems.

This is what most organizations struggle with. The time spent preparing is often insufficient because it’s all theoretical. Combined with the rapid pace of change on the network means that teams are struggling to keep up during an active incident.

With an organization like Tribune Publishing, things are even more difficult. By it’s very nature, it’s a 24/7 business with a wide variety of users around the country. This means there are a lot of systems to consider and each hour of downtime has a very real and significant impact on the bottom line.

As the incident progresses, the response team will make critical decision after critical decision. Shutting down various internal services to protect them. Changing network structures to isolate malicious activity. And a host of other challenges will pop up during the incident.

It’s difficult, hard driving work. Made doubly so with the eyes of senior management, customers, and the general public looking on.

Focus

As a CISO or incident response team leader, you need to focus on the IR process, not on attribution. That’s why it’s worrisome to see early attribution during an incident.

In the Tribune Publishing attack, it was publicly reported that the attack came from outside of the United State. This lead to speculation around motivation. It’s likely that statement was based on the malware reportedly found and simple IP address information.

Early in the IR process, evidence like this will be found. It’s easily accessible but also highly unreliable. Malware is often sold in the digital underground and IP addresses are easily spoofed or proxied. The response team knows this but pressure from higher up may demand some form of answer…whether or not it helps resolve the situation.

The team must stay focused on resolving the incident, not spending valuable time and energy getting side tracked. Attribution has its place. It’s definitely not in the middle of the response to an incident.

Practice

The one hard truth of incident response is that nothing can substitute for experience. Given the—hopefully obvious—fact that you don’t actually want to be attacked, this leads to the concept of a game day or an active simulation.

Popular in cloud environments—AWS runs game days at their events—these exercises provide hands on experience. Usually held for the operations team, they are are of critical importance to the security team as well.

Security doesn’t operate in a vacuum, especially during an incident. Working with other teams during an incident is key. Practicing that way is a must. This type of work is a huge effort but one that will pay off significant when an organization is attacked.

Next Steps

Tribune Publishing was hit by a cyberattack with real world impact. This level of visibility is a stark reminder of how challenging these situations can be. The most critical phase of incident response is the first one: preparation.

As a CISO or senior security team member, you need to prepare not only the incident response plan. With a plan in hand, you need to get other teams on board and make it clear to senior management how this process works. Critical to success is making sure that management knows that the priority is recovery…not attribution.

Combine that with a lot of practice and when the next incident hits, you’ll have put your team in a reasonable position to respond and recover quickly.

The post Incident Response In The Public Eye appeared first on .

from Trend Micro Simply Security http://bit.ly/2VjXTZQ

Tesla has over 3,000 Model 3s left in U.S. inventory: Electrek

Tesla Inc had over 3,000 Model 3s left in inventory in the United States as of Sunday, automotive news website Electrek reported on Monday, citing people familiar with the matter.

from Reuters: Technology News https://reut.rs/2Ar2iRP

Tesla has over 3,000 Model 3 vehicles left in U.S. inventory: Electrek

Tesla Inc had over 3,000 Model 3 vehicles left in inventory in the United States as of Sunday, automotive news website Electrek reported on Monday, citing people familiar with the matter.

from Reuters: Technology News https://reut.rs/2Spls1f

The Worst Hacks of 2018: Marriott, Atlanta, Quora, and More

From the Marriott and Facebook meltdowns to state-sponsored assaults, 2018 was an eventful year for cybercrime.

from Security Latest http://bit.ly/2H0KeE3

Better Together with Check Point CloudGuard IaaS and AWS Transit Gateway

As enterprise cloud adoption on AWS accelerates, security remains a top of mind concern for many businesses. Traditional security approaches don’t fit with the dynamic nature of the cloud, leaving business exposed to a host of new threats. Especially now where deployments have a hybrid solution with workloads sitting in AWS as well as in the corporate datacenter, security needs to be rethought from an end to end perspective.

As a result, security teams require a few key capabilities to secure connectivity between workloads across AWS VPCs and from/to on-prem resources: 1. Cloud Perimeter Firewall – customers want to inspect all incoming traffic into the VPCs. 2. Inter-Tenant Inspection – for workloads communicating across VPCs, a security policy needs to be applied and traffic to allow for deep packet inspection 3. Internet Bound Inspection – for workloads communicating to the internet, traffic needs inspection before leaving the IGW. 4. Hybrid Cloud Protection – for workloads that need access on-prem DC, teams need to securely connect their VPC workloads to on-prem resources.

In this blog, we will discuss how the CloudGuard IaaS solution combined with AWS Transit Gateway, builds upon the existing Transit VPC design, and offers end to end protection for enterprise workloads sitting in AWS VPCs or in the corporate datacenter.

Current Security Architecture: Check Point CloudGuard within AWS Transit VPC

The existing Transit VPC design simplifies network management and minimizes the number of connections needed to connect multiple Amazon VPCs and remote networks. Using Check Point CloudGuard together with the Transit VPC, provides comprehensive security for cloud workloads and assets with VPC perimeter security services, seamless security segmentation between VPCs, and automatically established IPsec VPN connectivity between cloud environments. The solution automatically connects spoke VPCs to a central security hub VPC for seamless security inspection, VPN and NAT services.

The post Better Together with Check Point CloudGuard IaaS and AWS Transit Gateway appeared first on Check Point Software Blog.

from Check Point Software Blog http://bit.ly/2ESXW8Z

The Most Dangerous People on the Internet in 2018: Trump, Zuck and More

From Donald Trump to Russian hackers, these are the most dangerous characters we've been watching online in 2018.

from Security Latest http://bit.ly/2VmhdFA

Israel's Bezeq fined for failure to sell wholesale phone service

Bezeq Israel Telecom said on Sunday it received notice of an 11.2 million shekel ($3 million) fine from the country's telecoms regulator for failure to sell wholesale landline phone service to competitors.

from Reuters: Technology News https://reut.rs/2EV3zUj

Cyber attack hits U.S. newspaper distribution

A cyber attack caused major printing and delivery disruptions on Saturday at the Los Angeles Times and other major U.S. newspapers, including ones owned by Tribune Publishing Co such as the Chicago Tribune and Baltimore Sun.

from Reuters: Technology News https://reut.rs/2ETUCdT

U.S. judge dismisses suit versus Google over facial recognition software

A lawsuit filed against Google by consumers who claimed the search engine's photo sharing and storage service violated their privacy was dismissed on Saturday by a U.S. judge who cited a lack of "concrete injuries."

from Reuters: Technology News https://reut.rs/2CEX9XX

China restarts video game approvals after months-long freeze

China on Saturday approved the release of 80 online video games after a freeze on such approvals for most of the year.

from Reuters: Technology News https://reut.rs/2QbnMag

China's Supreme Court to take on intellectual property cases

Intellectual property rights cases can from next month be taken to China's Supreme Court, the government said on Saturday, as the country seeks to strengthen protections in the face of complaints from the United States about the issue.

from Reuters: Technology News https://reut.rs/2EX9DMd

U.S. OneWeb satellite service has not offered stake to Russia

The U.S. satellite startup OneWeb, which plans to create a worldwide internet network using satellites, said on Friday that it had not offered the Russian government a stake in the project.

from Reuters: Technology News https://reut.rs/2AkGVS0

Tesla names close Musk friend Larry Ellison to board

Tesla Inc on Friday named Oracle Corp co-founder Larry Ellison, a shareholder and self-described close friend of Chief Executive Elon Musk, to its board to provide the independent oversight demanded by U.S. regulators after Musk tweeted about taking the electric carmaker private.

from Reuters: Technology News https://reut.rs/2BJ68pf

Securing New Devices

Original release date: December 28, 2018

During the holidays, internet-connected devices also known as Internet of Things (IoT) are often popular gifts—such as smart TVs, watches, toys, phones, and tablets. This technology provides a level of convenience to our lives, but it requires that we share more information than ever. The security of this information, and the security of these devices, is not always guaranteed.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), recommends these important steps you should consider to make your Internet of Things more secure:

Evaluate your security settings. Most devices offer a variety of features that you can tailor to meet your needs and requirements. Enabling certain features to increase convenience or functionality may leave you more at risk. It is important to examine the settings, particularly security settings, and select options that meet your needs without putting you at increased risk. If you install a patch or a new version of software, or if you become aware of something that might affect your device, reevaluate your settings to make sure they are still appropriate. See Good Security Habits for more information.

Ensure you have up-to-date software. When manufacturers become aware of vulnerabilities in their products, they often issue patches to fix the problem. Patches are software updates that fix a particular issue or vulnerability within your device’s software. Make sure to apply relevant patches as soon as possible to protect your devices. See Understanding Patches for more information.

Connect carefully. Once your device is connected to the Internet, it’s also connected to millions of other computers, which could allow attackers access to your device. Consider whether continuous connectivity to the Internet is needed. See Securing Your Home Network for more information.

Use strong passwords. Passwords are a common form of authentication and are often the only barrier between you and your personal information. Some Internet-enabled devices are configured with default passwords to simplify setup. These default passwords are easily found online, so they don't provide any protection. Choose strong passwords to help secure your device. See Choosing and Protecting Passwords for more information.

---

This product is provided subject to this Notification and this Privacy & Use policy.

from US-CERT: The United States Computer Emergency Readiness Team http://bit.ly/2GXcrLZ

Dell returns to market with NYSE listing

Dell Technologies Inc returned to public markets on Friday, nearly six years after the company's founder and Chief Executive Officer Michael Dell took it private in what was then the biggest buyout since the financial crisis of 2008.

from Reuters: Technology News https://reut.rs/2ESZsYI

Citi cuts Q1 iPhone production estimates on weak demand

Citi Research on Friday slashed its first-quarter production estimates for Apple Inc's iPhones and nearly halved expectations on the costliest iPhone XS Max, joining other brokerages in lowering forecast amid reports of weak demand.

from Reuters: Technology News https://reut.rs/2AjAiQb